Exam Code: 70-411
Exam Name: Administering Windows Server 2012 R2 Exam
Your network contains an Active Directory domain named contoso.com. The domain contains a RADIUS server named Server1 that runs Windows Server 2012 R2.
You add a VPN server named Server2 to the network. On Server1, you create several network policies.
You need to configure Server1 to accept authentication requests from Server2.
Which tool should you use on Server1?
C. Remote Access Management Console
D. Routing and Remote Access
There are two configurations need to be done in Server1. First is to create a RADIUS client, and second, create a network policy. The network policy has been created. So we need to use New-NpsRadiusClient to create a RADIUS client.
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
On Server1, you create a network policy named Policy1.
You need to configure Policy1 to ensure that users are added to a VLAN.
Which attributes should you add to Policy1?
A. Tunnel-Tag, Tunnel-Password, Tunnel-Medium-Type, and Tunnel-Preference
B. Tunnel-Tag, Tunnel-Server-Auth-ID, Tunnel-Preference, and Tunnel-Pvt-Group-ID
C. Tunnel-Type, Tunnel-Tag, Tunnel-Medium-Type, and Tunnel-Pvt-Group-ID
D. Tunnel-Type, Tunnel-Password, Tunnel-Server-Auth-ID, and Tunnel-Pvt-Group-ID
VLAN attributes used in network policy
When you use network hardware, such as routers, switches, and access controllers that support virtual local area networks (VLANs), you can configure Network Policy Server (NPS) network policy to instruct the access servers to place members of Active Directory® groups on VLANs.
Before configuring network policy in NPS for VLANs, create groups of users in Active Directory Domain Services (AD DS) that you want to assign to specific VLANs. Then when you run the New Network Policy wizard, add the Active Directory group as a condition of the network policy.
You can create a separate network policy for each group that you want to assign to a VLAN. For more information, see Create a Group for a Network Policy. When you configure network policy for use with VLANs, you must configure the RADIUS standard attributes Tunnel-Medium-Type, Tunnel-Pvt-Group-ID, and Tunnel-Type. Some hardware vendors also require the use of the RADIUS standard attribute Tunnel-Tag.
To configure these attributes in a network policy, use the New Network Policy wizard to create a network policy. You can add the attributes to the network policy settings while running the wizard or after you have successfully created a policy with the wizard.
Tunnel-Medium-Type. Select a value appropriate to the previous selections you made while running the New Network Policy wizard. For example, if the network policy you are configuring is a wireless policy, in Attribute Value, select 802 (Includes all 802 media plus Ethernet canonical format).
Tunnel-Pvt-Group-ID. Enter the integer that represents the VLAN number to which group members will be assigned. For example, if you want to create a Sales VLAN for your sales team by assigning team members to VLAN 4, type the number 4.
Tunnel-Type. Select the value Virtual LANs (VLAN).
Tunnel-Tag. Some hardware devices do not require this attribute. If your hardware device requires this attribute, obtain this value from your hardware documentation.
You are a network administrator of an Active Directory domain named contoso.com.
You have a server named Server1 that runs Windows Server 2012 R2.
Server1 has the DHCP Server server role and the Network Policy Server role service installed.
You enable Network Access Protection (NAP) on all of the DHCP scopes on Server1.
You need to create a DHCP policy that willApply to all of the NAP non-compliant DHCP clients. Which criteria should you specify when you create the DHCP policy?
A. The relay agent information
B. The client identifier
C. The vendor class
D. The user class
To configure a NAP-enabled DHCP server
– On the DHCP server, click Start, click Run, in Open, type dhcpmgmt.smc, and then press ENTER.
– In the DHCP console, open <servername>\IPv4.
– Right-click the name of the DHCP scope that you will use for NAP client computers, and then click Properties.
– On the Network Access Protection tab, under Network Access Protection Settings, choose – Enable for this scope, verify that Use default Network Access Protection profile is selected, and then click OK. In the DHCP console tree, under the DHCP scope that you have selected, right-click Scope Options, and then click Configure Options.
– On the Advanced tab, verify that Default User Class is selected next to User class.
– Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by compliant NAP client computers, and then click Add.
– Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each router to be used by compliant NAP client computers, and then click Add.
– Select the 015 DNS Domain Name check box, and in String value, under Data entry, type your organization’s domain name (for example, woodgrovebank.local), and then click Apply. This domain is a full-access network assigned to compliant NAP clients.
– On the Advanced tab, next to User class, choose Default Network Access Protection Class.
– Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by noncompliant NAP client computers, and then click Add. This can be the same default gateway that is used by compliant NAP clients.
– Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each DNS server to be used by noncompliant NAP client computers, and then click Add. These can be the same DNS servers used by compliant NAP clients.
– Select the 015 DNS Domain Name check box, and in String value, under Data entry, type a name to identify the restricted domain (for example, restricted.woodgrovebank.local), and then click OK. This domain is a restricted-access network assigned to noncompliant NAP clients.
– Click OK to close the Scope Options dialog box.
– Close the DHCP console.
Your network contains an Active Directory domain named contoso.com. The network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed.
You plan to deploy additional servers that have the Network Policy and Access Services server role installed.
You must standardize as many settings on the new servers as possible.
You need to identify which settings can be standardized by using the Network Policy Server (NPS) templates.
Which three settings should you identify? (Each answer presents part of the solution.
A. IP filters
B. shared secrets
C. health policies
D. network policies
E. connection request policies
You are the network administrator for a midsize computer company.
You have a single Active Directory forest, and your DNS servers are configured as Active Directory Integrated zones. When you look at the DNS records in Active Directory, you notice that there are many records for computers that do not exist on your domain.
You want to make sure only domain computers register with your DNS servers.
What should you do to resolve this issue?
A. Set dynamic updates to None.
B. Set dynamic updates to Nonsecure And Secure.
C. Set dynamic updates to Domain Users Only.
D. Set dynamic updates to Secure Only.
A system administrator is trying to determine which file system to use for a server that will become a Windows Server 2012 R2 file server and domain controller. The company has the following requirements:
The file system must allow for file-level security from within Windows 2012 Server.
The file system must make efficient use of space on large partitions.
The domain controller SYSVOL must be stored on the partition
Which of the following file systems meets these requirements?
You need to create a new user account using the command prompt.
Which command would you use?
You are hired as a consultant to the ABC Company. The owner of the company complains that she continues to have Desktop wallpaper that she did not choose. When you speak with the IT team, you find out that a former employee created 20 GPOs and they have not been able to figure out which GPO is changing the owner’s Desktop wallpaper.
How can you resolve this issue?
A. Run the RSoP utility against all forest computer accounts
B. Run the RSoP utility against the owner’s computer account
C. Run the RSoP utility against the owner’s user account
D. Run the RSoP utility against all domain computer accounts.
You need to enable three of your domain controllers as global catalog servers.
Where would you configure the domain controllers as global catalogs?
A. Forest, NTDS settings
B. Domain, NTDS settings
C. Site, NTDS settings
D. Server, NTDS settings
You are the network administrator for your organization.
Your company uses a Windows Server 2012 R2 Enterprise certification authority to issue certificates.
You need to start using key archival.
What should you do?
A. Implement a distribution CRL.
B. Install the smart card key retrieval.
C. Implement a Group Policy object (GPO) that enables the Online Certificate Status Protocol (OCSP) responder.
D. Archive the private key on the server.
If you want to pass Microsoft 70-411 exam successfully, donot missing to read latest lead2pass Microsoft 70-411 dumps.
If you can master all lead2pass questions you will able to pass 100% guaranteed.