[Free] 2018(May) EnsurePass Testinsides Microsoft 70-411 Dumps with VCE and PDF 141-150

Ensurepass.com : Ensure you pass the IT Exams
2018 May Microsoft Official New Released 70-411
100% Free Download! 100% Pass Guaranteed!

Administering Windows Server 2012

Question No: 141 – (Topic 2)

Your network contains an Active Directory domain named adatum.com.

You need to audit changes to the files in the SYSVOL shares on all of the domain controllers. The solution must minimize the amount of SYSVOL replication traffic caused by the audit.

Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)

  1. Audit Policy\Audit system events

  2. Advanced Audit Policy Configuration\DS Access

  3. Advanced Audit Policy Configuration\Global Object Access Auditing

  4. Audit Policy\Audit object access

  5. Audit Policy\Audit directory service access

  6. Advanced Audit Policy Configuration\Object Access

Answer: D,F

Question No: 142 – (Topic 2)

Your network has a router named Router1 that provides access to the Internet. You have a server named Server1 that runs Windows Server 2012 R2. Server1 to use Router1 as the default gateway.

A new router named Router2 is added to the network. Router2 provides access to the Internet. The IP address of the internal interface on Router2 is 10.1.14.2S4.

You need to configure Server1 to use Router2 to connect to the Internet if Router1 fails. What should you do on Server1?

  1. Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 1.

  2. Add 10.1.14.254 as a gateway and set the metric to 1.

  3. Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 500.

  4. Add 10.1.14.254 as a gateway and set the metric to 500.

    Answer: C Explanation:

    To configure the Automatic Metric feature:

    1. In Control Panel, double-click Network Connections.

    2. Right-click a network interface, and then click Properties.

    3. Click Internet Protocol (TCP/IP), and then click Properties.

    4. On the General tab, click Advanced.

    5. To specify a metric, on the IP Settings tab, click to clear the Automatic metric check box, and then enter the metric that you want in the Interface Metric field.

      To manually add routes for IPv4

      Open the Command Prompt window by clicking the Start button Picture of the Start button. In the search box, type Command Prompt, and then, in the list of results, click Command Prompt.

      At the command prompt, type route -p add [destination] [mask lt;netmaskgt;] [gateway] [metric lt;metricgt;] [if lt;interfacegt;].

      Question No: 143 – (Topic 2)

      Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1.

      The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.

      You need to identify whether the members of the Protected Users group will be prevented from authenticating by using NTLM.

      Which cmdlet should you use?

      1. Get-ADGroupMember

      2. Get-ADDomainControllerPasswordReplicationPolicy

      3. Get-ADDomainControllerPasswordReplicationPolicyUsage

      4. Get-ADDomain

      5. Get-ADOptionalFeature

      6. Get-ADAccountAuthorizationGroup

      7. Get-ADAuthenticationPolicySilo

      8. Get-ADAuthenticatonPolicy

Answer: D

Explanation: If the domain functional level is Windows Server 2012 R2, members of the (Protected Users) group can no longer authenticate by using NTLM authentication. So we

need to check the domain functional level with Get-ADDomain. https://technet.microsoft.com/en-us/library/Dn518179.aspx

Question No: 144 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. All domain controllers in the domain are configured as shown in the following table.

Ensurepass 2018 PDF and VCE

You deploy a new domain controller named DC3 that runs Windows Server 2012 R2.

You discover that you cannot create Password Settings objects (PSOs) by using Active Directory Administrative Center.

You need to ensure that you can create PSOs from Active Directory Administrative Center. What should you do?

  1. Transfer the PDC emulator operations master role.

  2. Upgrade DC1.

  3. Raise the functional level of the domain.

  4. Transfer the infrastructure master operations master role.

Answer: C

Question No: 145 – (Topic 2)

Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series.

Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.

You have a GPO named GPO1 that is linked to the domain. You need to configure GPO1 to apply settings to Group1 only. You need to configure GPO1 to apply settings to Group1 only. What should you use?

  1. Dcgpofix

  2. Get-GPOReport

  3. Gpfixup

  4. Gpresult

  5. Gpedit. msc

  6. Import-GPO

  7. Restore-GPO

  8. Set-GPInheritance

  9. Set-GPLink

  10. Set-GPPermission

  11. Gpupdate

  12. Add-ADGroupMember

Answer: C

Question No: 146 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains two servers. The servers are configured as shown in the following table.

Ensurepass 2018 PDF and VCE

All client computers run Windows 8 Enterprise.

You plan to deploy Network Access Protection (NAP) by using IPSec enforcement.

A Group Policy object (GPO) named GPO1 is configured to deploy a trusted server group to all of the client computers.

You need to ensure that the client computers can discover HRA servers automatically.

Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

  1. On all of the client computers, configure the EnableDiscovery registry key.

  2. In a GPO, modify the Request Policy setting for the NAP Client Configuration.

  3. On Server2, configure the EnableDiscovery registry key.

  4. On DC1, create an alias (CNAME) record.

  5. On DC1, create a service location (SRV) record.

Answer: A,B,E Explanation:

Requirements for HRA automatic discovery

The following requirements must be met in order to configure trusted server groups on NAP client computers using HRA automatic discovery:

Client computers must be running Windows Vista庐 with Service Pack 1 (SP1) or Windows XP with Service Pack 3 (SP3).

The HRA server must be configured with a Secure Sockets Layer (SSL) certificate. The EnableDiscovery registry key must be configured on NAP client computers.

DNS SRV records must be configured.

The trusted server group configuration in either local policy or Group Policy must be cleared.

http: //technet. microsoft. com/en-us/library/dd296901. aspx

Question No: 147 – (Topic 2)

Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1.

The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.

You need to identify whether deleted objects can be recovered from the Active Directory Recycle Bin.

Which cmdlet should you use?

  1. Get-ADGroupMember

  2. Get-ADDomainControllerPasswordReplicationPolicy

  3. Get-ADDomainControllerPasswordReplicationPolicyUsage

  4. Get-ADDomain

  5. Get-ADOptionalFeature

  6. Get-ADAccountAuthorizationGroup

Answer: E

Explanation: The Get-ADOptionalFeature cmdlet gets an optional feature or performs a search to retrieve multiple optional features from an Active Directory.

Example: Get-ADOptionalFeature #39;Recycle Bin Feature#39;

Get the optional feature with the name #39;Recycle Bin Feature#39;.

Reference: Get-ADOptionalFeature https://technet.microsoft.com/en-us/library/ee617218.aspx

Question No: 148 HOTSPOT – (Topic 2)

Your network contains an Active Directory domain named contoso.com. All client computers are configured as DHCP clients.

You link a Group Policy object (GPO) named GPO1 to an organizational unit (OU) that contains all of the client computer accounts.

You need to ensure that Network Access Protection (NAP) compliance is evaluated on all of the client computers.

Which two settings should you configure in GPO1?

To answer, select the appropriate two settings in the answer area.

Ensurepass 2018 PDF and VCE

Answer:

Ensurepass 2018 PDF and VCE

Question No: 149 HOTSPOT – (Topic 2)

Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1.

Your company implements DirectAccess.

A user named User1 works at a customer#39;s office. The customer#39;s office contains a server named Server1.

When User1 attempts to connect to Server1, User1 connects to Server1 in adatum.com. You need to provide User1 with the ability to connect to Server1 in the customer#39;s office.

Which Group Policy option should you configure? To answer, select the appropriate option in the answer area.

Ensurepass 2018 PDF and VCE

Answer:

Ensurepass 2018 PDF and VCE

Explanation:

Ensurepass 2018 PDF and VCE

Specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon.

If the user clicks the Disconnect option, NCA removes the DirectAccess rules from the Name Resolution Policy Table (NRPT) and the DirectAccess client computer uses whatever normal name resolution is available to the client computer in its current network configuration, including sending all DNS queries to the local intranet or Internet DNS servers. Note that NCA does not remove the existing IPsec tunnels and users can still access intranet resources across the DirectAccess server by specifying IPv6 addresses rather than names.

The ability to disconnect allows users to specify single-label, unqualified names (such as 鈥淧RINTSVR鈥? for local resources when connected to a different intranet and for temporary access to intranet resources when network location detection has not correctly determined that the DirectAccess client computer is connected to its own intranet.

To restore the DirectAccess rules to the NRPT and resume normal DirectAccess functionality, the user clicks Connect.

Note: If the DirectAccess client computer is on the intranet and has correctly determined its network location, the Disconnect option has no effect because the rules for DirectAccess are already removed from the NRPT.

If this setting is not configured, users do not have Connect or Disconnect options.

Question No: 150 HOTSPOT – (Topic 2)

Your company has four offices. The offices are located in Montreal, Seattle, Sydney, and New York.

The network contains an Active Directory domain named contoso.com. The domain contains a server named Server2 that runs Windows Server 2012 R2. Server2 has the DHCP Server server role installed.

All client computers obtain their IPv4 and IPv6 addresses from DHCP.

You need to ensure that Network Access Protection (NAP) enforcement for DHCP applies to all of the client computers except for the client computers in the New York office.

Which two nodes should you configure? To answer, select the appropriate two nodes in the answer area.

Ensurepass 2018 PDF and VCE

Answer:

Ensurepass 2018 PDF and VCE

100% Ensurepass Free Download!
Download Free Demo:70-411 Demo PDF
100% Ensurepass Free Guaranteed!
70-411 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.