Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(121-130)!

QUESTION 121
you are employee as a network administrator at abc.com. ABC.com has an active directory domain named ABC.com All servers on the abc.com network have Windows Server 2012 R2 installed and all workstations have windows 8 enterprise installed. ABC.com has established a remote Active directory site that only host workstations.The Computer accounts for these workstations have been placed in an organizational unit (OU),named ABCADRemote,which has a group policy object(GPO) associated with it. You are in the process of configuration Branchcahce for the remote Active directory site. You have Already turned Branchcache on. Which of the following actions should you take next_?

A.    You Should consider having the set Branchcache HostedServer Cache mode setting configured
B.    You Should consider having the set Branchcache Hostedclient Cache mode settting configured
C.    You Should consider having the set Branchcache distributed cache mode setting configured
D.    You should consider having the set BranchCache disabled cache mode settings configured

Answer: C

QUESTION 122
You are employed as a network administrator at ABC.com. ABC.com has an active directory domain named ABC.com. ALL servers on the ABC.com network have Windows Server 2012 R2. ABC.com has a server,named server 1, which runs the windows deployment services server role.
You make use of windows server backup to back up server 1. Subsequent to a disk array on server 1 becoming corrupt,you swap the disk array with new hardware.
You now need to recover server1 in the shortest time conceivable.
Which of the following actions should you take?

A.    you should consider making use of the Windows Server 2012 R2 installation media to start server1
B.    you should consider restoring server1 from a snapshot backup
C.    you should consider restoring server 1 from an incremental backup
D.    you should consider restoring server 1 from a differential backup

Answer: A

QUESTION 123
You are employed as a senior network administrator at ABC.com. ABC.com has an active directory domain named ABC.com. all servers on the abc.com network windows server2012 installed.
You are currently running a training exercise for junior network administrators.
You are discussing the PKISync.ps1 tool.
Which of the following is true with regards to The PKISync.ps1?

A.    it adds a certificate template to the CA
B.    it asssists administrators in diagnosing replication problems between windows domain controllers
C.    it is used to display information about the digital certificates that are installed on a directAccess client,
DirectAcces server,or intranet resource
D.    it copies objects in the source forest to the target forest.

Answer: D

QUESTION 124
You are employed as a network administrator ABC.com.
ABC.com has an active directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2012 R2 installed. ABC.com has a server named server1 which is configured as a DHCP server.
You have created a superscope on server1.
Which of the following describes reason for creating a superscope?(choose all that apply.)

A.    To support DHCP clients on a single physical network segment where multiple logical ip networks are used.
B.    To allow for the sending of network traffic to a group of endpoints destination hosts.
C.    To support remote DHCP clients located on the far side of DHCP and BOOTP relay agents.
D.    To provide fault tolerance

Answer: AC
Explanation:
http://technet.microsoft.com/en-us/library/cc757614(v=ws.10).aspx

QUESTION 125
You are employed as a network administrator at ABC.com. ABC.com has an active directory domain named ABC.com all servers including domain controllers on the ABC.com network have Windows Server 2012 R2 installed. ABC.com has its headquarters in London and an office in paris. The London Office has a domain controller named server1,which is configured as a writeable domain controller that servers as a Global catalog server and a DNS server. Server1 is configured to host an Active Directory-integrated zone for ABC.com
The Paris office has a Read-Only domain controller (RODC) named server2 which servers as a Global catalog server. After installing the DNS server role on server2, you want to make sure that the ABC.com zone is replicated to server2 via active directory replication.
Which of the following actions should you take?

A.    You should consider making use of Active Directory Sites and Services to Configured replication
B.    You should consider making use of replmon.exe to configure replication.
C.    You should consider making use of repadmin.exe to configure replication
D.    You should consider making use of Active Directory Schema To configure replication

Answer: A

QUESTION 126
You are employed as a network administrator at ABC.com. ABC.com has an Active Directory domain named. Abc.com all servers on the ABC.com network have Windows Server 2012 R2.
You are running a training exercise for junior network administrators.
You are currently discussing DHCP failover architecture.
You have informed the trainees that DHCP servers can be deployed as fail over partners in either hot standby mode or load sharing mode.
Which of the following is TRUE with regards to hot standby mode? (Choose all that apply)

A.    It is when two servers function in a fail over relationship where an active server is responsible for
leasing IP address and configuration data to all clients in a scope or subnet
B.    It when two servers in a fail over relationship server IP addresses and options to clients on a given
subnet at the same time
C.    It is best suited to deployments where a data center server acts as a standby backup server to a
server at a remote site
D.    It is best suited deployments where both servers in a fail over relationship are located at the same
physical site

Answer: AC
Explanation:
http://blogs.technet.com/b/teamdhcp/archive/2012/09/03/dhcp-failove r-hot-standby-mode.aspx

QUESTION 127
You are emloyed as a network administrator at ABC.com Abc.com has an Active directory domain named ABC.com all servers on the ABC.com network have Windows Server 2012 R2. The ABC.com domain has two Active Directory sites configured.
You want to make use of change notification configure replication between these Active Directory Sites.You have opened DEFAULTIPSITELINK Properties to configure the necessary attribute.
Which of the following is the attribute that needs to be configured?

A.    The revisiobn attribute
B.    The Options attribute
C.    The schedule attribute
D.    The proxyAddresses attribute

Answer: B

QUESTION 128
You are employed as a network administrator at ABC.com. ABC.com has an Active Directory domain named ABC.com all servers on the ABC.com network have Windows Server 2012 R2 installed. ABC.com has a server named SERVER1 which has been configured to run the HYPER-V server role Server1 is configures to host multiple vitrual mahines. When ABC.com acquires a server with a better hardware configuration to SERVER1 you are instructed to relocate the vitrual machines to the new server with as little interruptions as possible.
Which of the following actions should you take ? (Choose all that apply.)

A.    You should consider exporting the vitrual machines from Server1.
B.    You should consider running a snapshot backup of the SERVER1.
C.    You should consider importing the vitrual machine from Server1 to the new server.
D.    You shoul consider restoring the snapshot backup on the hard drives of the new server.

Answer: AC

QUESTION 129
You are employed as a network administrator at consoto.com. Contoso.com has in an Active Directory domain named contoso.com. All Servers on the contoso.com network have Windows Server 2012 R2 installed. A contoso.com server ,named Server1,hosts the Active Directory Certificate Services Server role and utilizes a hardware security module(HSM) to safeguard its private key.
You have beed instructed to backup the Active Directory Certificate Services (ADCS) database,log files,and private key regularly.
You should not use a utility supplied by the hardware security module (HSM) creator.
Which of the following actions should you take?

A.    You should consider scheduling an incremental backup
B.    You Should consider making use of the certutil.exe command.
C.    You should consider schedulling a differential backup
D.    You should consider schedulling a copy backup

Answer: B
Explanation:
A. ADCS needs to be backup up using certutil
B. -Backup, -backupdb, -backupKey: You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.
C. ADCS needs to be backup up using certutil
D. ADCS needs to be backup up using certutil
http://technet.microsoft.com/library/cc732443.aspx
http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backup http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupDB http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupKey http://blogs.technet.com/b/pki/archive/2010/04/20/disaster-recovery-procedures-for-theactive- directorycertificate-services-adcs.aspx
 clip_image001[36]
QUESTION 130
You are employed as a senior network administrator at contoso.com contoso.com has an active directory domain named contoso.com. All servers on the contoso.com network have Windows Server 2012 R2 installed.
You are currently running at training exercise for junior network administrators.
You are discussing the DNSSEC NRPT rule properly.
Which of the following describes the purpose of this rule property?

A.    It is used to indicate the namespace to which the policy applies.
B.    It is used to indicate whether the DNS client should check for DNSSEC validation in the response.
C.    It is used to indicate DNSSEC must be used to protect DNS traffic for queries belonging to the namespace.
D.    It is used to whether DNS connections over DNSSEC will use encryption

Answer: B
Explanation:
A. NRPT is a table that contains rules you can configure to specify DNS settings or special behavior for names or namespaces
B. The DNS client’s behavior is controlled by a policy(GPO) that determines whether the client should check for validation results for names within a given namespace.
C.
D. DNS does not provide any mechanism for the encryption of DNS queries and responses.
http://technet.microsoft.com/en-us/library/ee649241(v=ws.10).aspx http://technet.microsoft.com/en-us/library/ee683904(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/ee649205(v=ws.10).aspx

clip_image001[38]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(111-120)!

QUESTION 111
You manage an environment that has many servers. The servers run Windows Server 2012 R2 and use iSCSI storage. Administrators report that it is difficult to locate available iSCSI resources on the network. You need to ensure that the administrators can locate iSCSI resources on the network by using a central repository. Which feature should you deploy?

A.    The iSCSI Target Server role service
B.    The iSNS Server service feature
C.    The Windows Standards-Based Storage Management feature
D.    The iSCSI Target Storage Provider feature

Answer: B
Explanation:
A. iSNS facilitates automated discovery, management, and configuration of iSCSI and Fibre Channel devices (using iFCP gateways) on a TCP/IP network.
C. Windows Server 2012 R2 enables storage management that is comprehensive and fully scriptable, and administrators can manage it remotely
D. iSCSI Target Server enables you to network boot multiple computers from a single operating system image that is stored in a centralized location
http://technet.microsoft.com/en-us/library/cc772568.aspx
http://technet.microsoft.com/en-us/library/hh831751.aspx
http://technet.microsoft.com/en-us/library/dn305893.aspx

QUESTION 112
Your network contains an Active Directory domain named contoso.com. The network contains a file server named Server1 that runs Windows Server 2012 R2. You create a folder named Folder1. You share Folder1 as Share1. The NTFS permissions on Folder1 are shown in the Folder1 exhibit. (Click the Exhibit button.)
 clip_image002[6]
The Everyone group has the Full control Share permission to Folder1. You configure a central access policy as shown in the Central Access Policy exhibit. (Click the Exhibit button.)
 clip_image002[8]
Members of the IT group report that they cannot modify the files in Folder1. You need to ensure that the IT group members can modify the files in Folder1. The solution must use central access policies to control the permissions. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    On the Classification tab of Folder1, set the classification to Information Technology.
B.    On the Security tab of Folder1, add a conditional expression to the existing permission entry for
the IT group.
C.    On Share1, assign the Change Share permission to the IT group.
D.    On the Security tab of Folder1, remove the permission entry for the IT group.
E.    On the Security tab of Folder1, assign the Modify permission to the Authenticated Users group.

Answer: AE
Explanation:
Central access policies for files enable organizations to centrally deploy and manage authorization policies that include conditional expressions that use user groups, user claims, device claims, and resource properties. (Claims are assertions about the attributes of the object with which they are associated). For example, to access high-business-impact (HBI) data, a user must be a full-time employee, obtain access from a managed device, and log on with a smart card. These policies are defined and hosted in Active Directory Domain Services (AD DS). http://technet.microsoft.com/en-us/library/hh846167.aspx
 clip_image001[20]

clip_image001[22]

clip_image001[24]

QUESTION 113
You have a server named File1 that runs Windows Server 2012 R2. Fuel has the File Server role service installed. You plan to back up all shared folders by using Microsoft Online Backup. You download and install the Microsoft Online Backup Service Agent on File1. You need to ensure that you use Windows Server Backup to back up data to Microsoft Online Backup. What should you do?

A.    From Computer Management, add the File1 computer account to the Backup Operators group.
B.    From Windows Server Backup, run the Register Server Wizard.
C.    From a command prompt, run wbadmin.exe enable backup.
D.    From the Services console, modify the Log On settings of the Microsoft Online Backup Service Agent.

Answer: B
Explanation:
A. Enables you to back up and restore your operating system, volumes, files, folders, and applications from a command prompt.
B. To register a server for use with Windows Azure Backup you must run the register server wizard
http://technet.microsoft.com/en-us/library/hh831677.aspx

QUESTION 114
Your network contains an Active Directory domain named contoso.com. You are creating a custom Windows Recovery Environment (Windows RE) image. You need to ensure that when a server starts from the custom Windows RE image, a drive is mapped automatically to a network share. What should you modify in the image?

A.    startnet.cmd
B.    Xsl-mApp1ngs.xml
C.    Win.ini
D.    smb.types.ps1xml

Answer: A
Explanation:
The best way to define what to start is using starnet.cmd
http://technet.microsoft.com/en-us/library/cc766521(v=ws.10).aspx
 clip_image001[26]

QUESTION 115
You have a file server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. You need to ensure that users can access previous versions of files that are shared on Server1 by using the Previous Versions tab. Which tool should you use?

A.    Diskpart
B.    Wbadmin
C.    Vssadmin
D.    Storrept

Answer: C
Explanation:
A. Enables you to back up and restore your operating system, volumes, files, folders, and applications from a command prompt.
B. DiskPart is a text-mode command interpreter that enables you to manage objects (disks, partitions, volumes, or virtual hard disks) by using scripts or direct input from a command prompt. C. The storrept command is installed with File Server Resource Manager and includes
subcommands for creating and managing storage reports and storage report tasks, as well as for configuring general administrative options for File Server Resource Manager.
D. Displays current volume shadow copy backups and all installed shadow copy writers and providers. To view the command syntax for any of the commands in the following table, click the command name.
http://technet.microsoft.com/en-us/library/cc754015(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc770877(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc753567(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc754968.aspx
 clip_image001[28]

QUESTION 116
Your company has a main office and a branch office. The main office contains a file server named Server1. Server1 has the BranchCache for Network Files role service installed. The branch office contains a server named Server2. Server2 is configured as a BranchCache hosted cache server. You need to preload the data from the file shares on Server1 to the cache on Server2. You generate hashes for the file shares on Server1. Which cmdlet should you run next?

A.    Add-BCDataCacheExtension
B.    Set-BCCache
C.    Publish-BCFileContent
D.    Export-BCCachePackage

Answer: D
Explanation:
A. increases the amount of cache storage space that is available on a hosted cache server by adding a new cache file.
B. Modifies the cache file configuration.
C. Generates hashes, also called content information, for files in shared folders on a file server that have BranchCache enabled and the BranchCache for Network Files role service installed.
D. Exports a cache package
http://technet.microsoft.com/en-us/library/hh848405.aspx
http://technet.microsoft.com/en-us/library/hh848413.aspx
http://technet.microsoft.com/en-us/library/hh848412.aspx
http://technet.microsoft.com/en-us/library/hh848409.aspx
http://technet.microsoft.com/fr-fr/library/jj572970.aspx
 clip_image001[30]

QUESTION 117
Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Both servers have the DHCP Server server role installed. Server1 is located in the main office site. Server2 is located in the branch office site. Server1 provides IPv4 addresses to the client computers in the main office site. Server2 provides IPv4 addresses to the client computers in the branch office site. You need to ensure that if either Server1 or Server2 are offline, the client computers can still obtain IPv4 addresses.
The solution must meet the following requirements:
– The storage location of the DHCP databases must not be a single point of failure.
– Server1 must provide IPv4 addresses to the client computers in the branch office site only if Server2 is offline.
– Server2 must provide IPv4 addresses to the client computers in the main office site only if Server1 is offline.
Which configuration should you use?

A.    load sharing mode failover partners
B.    a failover cluster
C.    hot standby mode failover partners
D.    a Network Load Balancing (NLB) cluster

Answer: C
Explanation:
 clip_image001[32]
http://blogs.technet.com/b/teamdhcp/archive/2012/09/03/dhcp-failover-hot-standby-mode.aspx
http://blogs.technet.com/b/teamdhcp/archive/2012/09/03/dhcp-failover-hot-standby-mode.aspx

QUESTION 118
Your company has a main office and a branch office. The main office is located in Detroit. The branch office is located in Seattle. The network contains an Active Directory domain named adatum.com. Client computers run either Windows 7 Enterprise or Windows 8 Enterprise. The main office contains 1,000 client computers and 50 servers. The branch office contains 20 client computers. All computer accounts for the branch office are located in an organizational unit (OU) named SeattleComputers. A Group Policy object (GPO) named GPO1 is linked to the SeattleComputers OU. You need to configure BranchCache for the branch office.
 clip_image002[10]
Answer:
 clip_image002[12]

QUESTION 119
You have a server named Server 1 that runs Windows Server 2012 R2. Server1 has five network adapters. Three of the network adapters are connected to a network named LAN1. The two other network adapters are connected to a network named LAN2. You create a network adapter team named Team1 from two of the adapters connected to LAN1. You create a network adapter team named Team2 from the two adapters connected to LAN2. A company policy states that all server IP addresses must be assigned by using a reserved address in DHCP. You need to identify how many DHCP reservations you must create for Server1. How many reservations should you identify?

A.    2
B.    3
C.    5
D.    7

Answer: B
Explanation:
3 adapter on LAN 1
2 adapters on LAN 2
2 adapters on LAN 1 used in a team, so that’s 3 – 2 leaving 1. 2 adapaters on LAN 2 used in a team, so that’s 2 – 2 leaving 0. 1 team on LAN 1 + 1 team on LAN 2 + remaining adapter on LAN 1 = 3.

QUESTION 120
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the IP Address Management (IPAM) Server feature installed. IPAM is configured currently for Group Policy-based provisioning. You need to change the IPAM provisioning method on Server1. What should you do?

A.    Run the ipamgc.exe command.
B.    Run the Set-IPAMConfiguration cmdlet.
C.    Reinstall the IP Address Management (IPAM) Server feature.
D.    Delete IPAM Group Policy objects (GPOs) from the domain.

Answer: C
Explanation:
You cannot change the provisioning method after completing the initial setup.

clip_image001[34]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(101-110)!

QUESTION 101
You have a server named Server1 that runs Windows Server 2012 R2. Windows Server 2012 R2 is installed on volume C. You need to ensure that Safe Mode with Command Prompt loads the next time Server1 restarts. Which tool should you use?

A.    The Restart-Server cmdlet
B.    The Bootcfg command
C.    The Restart-Computer cmdlet
D.    The Bcdedit command

Answer: D
Explanation:
A. Restart-Server is not a CMDLET
B. modifies the Boot.ini file
C. Restarts computer
D. Boot Configuration Data (BCD) files provide a store that is used to describe boot applications and boot application settings.
http://support.microsoft.com/kb/317521
http://technet.microsoft.com/en-us/library/hh849837.aspx
http://technet.microsoft.com/en-us/library/cc731662(v=ws.10).aspx
 clip_image001
You can see with msconfig tool that boot options have changed as follows:
NOTE: Alternate Shell may be used
 clip_image001[6]
After reboot you should remove the safeboot option using bcdedit:
– bcdedit /deletevalue safeboot

QUESTION 102
You have a server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. Shadows copies are enabled on all volumes. You need to delete a specific shadow copy. The solution must minimize server downtime. Which tool should you use?

A.    Vssadmin
B.    Diskpart
C.    Wbadmin
D.    Shadow

Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc788026(v=ws.10).aspx
 clip_image001[8]
QUESTION 103
Your network contains two Web servers named Server1 and Server2. Server1 and Server2 are nodes in a Network Load Balancing (NLB) cluster. You configure the nodes to use the port rule shown in the exhibit. (Click the Exhibit button.)
 clip_image001[10]
You need to configure the NLB cluster to meet the following requirements:
– HTTPS connections must be directed to Server1 if Server1 is available.
– HTTP connections must be load balanced between the two nodes.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

A.    From the host properties of Server1, set the Handling priority of the existing port rule to 2.
B.    From the host properties of Server1, set the Handling priority of the existing port rule to 1.
C.    From the host properties of Server2, set the Priority (Unique host ID) value to 1.
D.    Create a port rule for TCP port 80. Set the Filtering mode to Multiple host and set the Affinity to None.
E.    From the host properties of Server2, set the Handling priority of the existing port rule to 2.
F.    Create an additional port rule for TCP port 443. Set the Filtering mode to Multiple host and set the Affinity
to Single.

Answer: BDE
Explanation:
Handling priority: When Single host filtering mode is being used, this parameter specifies the local host’s priority for handling the networking traffic for the associated port rule. The host with the highest handling priority (lowest numerical value) for this rule among the current members of the cluster will handle all of the traffic for this rule. The allowed values range from 1, the highest priority, to the maximum number of hosts allowed (32). This value must be unique for all hosts in the cluster.
E (not C): Lower priority (2) for Server 2.
D: HTTP is port 80.
Multiple hosts. This parameter specifies that multiple hosts in the cluster handle network traffic for the associated port rule. This filtering mode provides scaled performance in addition to fault tolerance by distributing the network load among multiple hosts. You can specify that the load be equally distributed among the hosts or that each host handle a specified load weight. Reference:
Network Load Balancing parameters

QUESTION 104
Your network contains two Active Directory forests named contoso.com and litwareinc.com. A two- way forest trusts exists between the forest. Selective authentication is enabled on the trust. The contoso.com forest contains a server named Server1. You need to ensure that users in litwareinc.com can access resources on Server1. What should you do?

A.    Install Active Directory Rights Management Services on a domain controller in contoso.com.
B.    Modify the permission on the Server1 computer account.
C.    Install Active Directory Rights Management Services on a domain controller in litwareinc.com.
D.    Configure SID filtering on the trust.

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc772808(v=ws.10).aspx
 clip_image001[12]

QUESTION 105
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. You add two additional nodes to Cluster1. You have a folder named Folder1 on Server1 that contains application data. You plan to provide continuously available access to Folder1. You need to ensure that all of the nodes in Cluster1 can actively respond to the client requests for Folder1. What should you configure?

A.    Affinity-None
B.    Affinity-Single
C.    The cluster quorum settings
D.    The failover settings
E.    A file server for general use
F.    The Handling priority
G.    The host priority
H.    Live migration
I.    The possible owner
J.    The preferred owner
K.    Quick migration
L.    the Scale-Out File Server

Answer: L
Explanation:
http://technet.microsoft.com/en-us/library/hh831349.aspx
Scale-Out File Server for application data (Scale-Out File Server) This clustered file server is introduced in Windows Server 2012 R2 and lets you store server application data, such as Hyper-V virtual machine files, on file shares, and obtain a similar level of reliability, availability, manageability, and high performance that you would expect from a storage area network. All file shares are online on all nodes simultaneously. File shares associated with this type of clustered file server are called scale-out file shares. This is sometimes referred to as active-active.
 clip_image001[14]
QUESTION 106
Information and details provided in a question apply only to that question. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured as nodes in an NLB cluster named Cluster1. Cluster1 hosts a secure web application named WebApp1. WebApp1 saves user state information locally on each node. You need to ensure that when users connect to WebApp1, their session state is maintained. What should you configure?

A.    Affinity-None
B.    Affinity-Single
C.    The cluster quorum settings
D.    The failover settings
E.    A file server for general use
F.    The Handling priority
G.    The host priority
H.    Live migration
I.    The possible owner
J.    The preferred owner
K.    Quick migration
L.    the Scale-Out File Server

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/bb687542.aspx
 clip_image001[16]

QUESTION 107
Your network contains an Active Directory domain named contoso.com. A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS). After the proof of concept was complete, the Active Directory Rights Management Services server role was removed. You attempt to deploy AD RMS. During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service Connection Point (SCP) was found. You need to remove the existing AD RMS SCP. Which tool should you use?

A.    ADSI Edit
B.    Active Directory Users and Computers
C.    Active Directory Domains and Trusts
D.    Active Directory Sites and Services
E.    Services
F.    Authorization Manager
G.    TPM Management
H.    Certification Authority

Answer: AD

QUESTION 108
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. The functional level of the forest is Windows Server 2003. You have a domain outside the forest named adatum.com. You need to configure an access solution to meet the following requirements:
– Users in adatum.com must be able to access resources in contoso.com.
– Users in adatum.com must be prevented from accessing resources in fabrikam.com.
– Users in both contoso.com and fabrikam.com must be prevented from accessing resources in adatum.com.
What should you create?

A.    a one-way realm trust from contoso.com to adatum.com
B.    a one-way realm trust from adatum.com to contoso.com
C.    a one-way external trust from contoso.com to adatum.com
D.    a one-way external trust from adatum.com to contoso.com

Answer: C

QUESTION 109
Your network contains an Active Directory domain named contoso.com. All file servers in the domain run Windows Server 2012 R2. The computer accounts of the file servers are in an organizational unit (OU) named OU1. A Group Policy object (GPO) named GPO1 is linked to OU1. You plan to modify the NTFS permissions for many folders on the file servers by using central access policies. You need to identify any users who will be denied access to resources that they can cu
rrently access once the new permissions are implemented. In which order should you Perform the five actions?
 clip_image002
Answer:
 clip_image002[4]
Explanation:
I hate steps like this because you can create a rule first and then the policy, or you can create the policy and create the rule during the creation of the policy. Either way I’m going to go with creating the policy first, and then the rule.

QUESTION 110
You have a file server named Server1 that runs Windows Server 2012 R2. Data Deduplication is enabled on drive D of Server1. You need to exclude D:\Folder1 from Data Deduplication. What should you configure?

A.    Disk Management in Computer Management
B.    File and Storage Services in Server Manager
C.    the classification rules in File Server Resource Manager (FSRM)
D.    the properties of D:\Folder1

Answer: B
Explanation:
B. Data deduplication exclusion on a Volume are set from File & Storage Services, Server Manager or PowerShell
http://technet.microsoft.com/en-us/library/hh831434.aspx

clip_image001[18]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(371-380)!

QUESTION 371
Hotspot Question
Your network contains an Active Director domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2.
You have two user accounts named User1 and User2. User1 and User2 are the members of a group named Group1. User1 has the Department value set to Accounting, user2 has the Department value set to Marketing. Both users have the Employee Type value set to Contract Employee.
You create the auditing entry as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[20]
To answer, complete each statement according to the information presented in the exhibit.
Each correct selection is worth one point.
 clip_image001[68]
Answer:
 clip_image001[70]

QUESTION 372
Hotspot Question
You have a server named Server1 that runs Windows Server 2012 R2.
You configure Network Access Protection (NAP) on Server1.
Your company implements a new security policy stating that all client computers must have the latest updates installed. The company informs all employees that they have two weeks to update their computer accordingly.
You need to ensure that if the client computers have automatic updating disabled, they are provided with full access to the network until a specific date and time.
Which two nodes should you configure?
To answer, select the appropriate two nodes in the answer area.
 clip_image001[72]
Answer:
 clip_image001[74]

QUESTION 373
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server server role installed.
You need to allow connections that use 802.1x.
What should you create?

A.    A network policy that uses Microsoft Protected EAP (PEAP) authentication
B.    A network policy that uses EAP-MSCHAP v2 authentication
C.    A connection request policy that uses EAP-MSCHAP v2 authentication
D.    A connection request policy that uses MS-CHAP v2 authentication

Answer: C

QUESTION 374
Drag and Drop Question
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed.
All of the VPN servers on your network use Server1 for RADIUS authentication.
You create a security group named Group1.
You need to configure Network Policy and Access Services (NPAS) to meet the following requirements:
– Ensure that only the members of Group1 can establish a VPN connection to the VPN servers.
– Allow only the members of Group1 to establish a VPN connection to the VPN servers if the members are using client computers that run Windows 8 or later.
Which type of policy should you create for each requirement?
To answer, drag the appropriate policy types to the correct requirements. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 clip_image002[22]
Answer:
 clip_image002[24]

QUESTION 375
Hotspot Question
Your company has four offices. The offices are located in Montreal, Seattle, Sydney, and New York.
The network contains an Active Directory domain named contoso.com. The domain contains a server named Server2 that runs Windows Server 2012 R2. Server2 has the DHCP Server server role installed.
All client computers obtain their IPv4 and IPv6 addresses from DHCP.
You need to ensure that Network Access Protection (NAP) enforcement for DHCP applies to all of the client computers except for the client computers in the New York office.
Which two nodes should you configure?
To answer, select the appropriate two nodes in the answer area.
 clip_image002[26]
Answer:
 clip_image002[28]

QUESTION 376
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
On Server1, you create a network policy named Policy1.
You need to configure Policy1 to ensure that users are added to a VLAN.
Which attributes should you add to Policy1?

A.    Tunnel-Tag, Tunnel-Password, Tunnel-Medium-Type, and Tunnel-Preference
B.    Tunnel-Tag, Tunnel-Server-Auth-ID, Tunnel-Preference, and Tunnel-Pvt-Group-ID
C.    Tunnel-Type, Tunnel-Tag, Tunnel-Medium-Type, and Tunnel-Pvt-Group-ID
D.    Tunnel-Type, Tunnel-Password, Tunnel-Server-Auth-ID, and Tunnel-Pvt-Group-ID

Answer: C

QUESTION 377
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed.
You need to enable trace logging for Network Policy Server (NPS) on Server1.
Which tool should you use?

A.    The tracert.exe command
B.    The Network Policy Server console
C.    The Server Manager console
D.    The netsh.exe command

Answer: D
Explanation:
You can use log files on servers running Network Policy Server (NPS) and NAP client computers to help troubleshoot NAP problems. Log files can provide the detailed information required for troubleshooting complex problems.
You can capture detailed information in log files on servers running NPS by enabling remote access tracing. The Remote Access service does not need to be installed or running to use remote access tracing. When you enable tracing on a server running NPS, several log files are created in %windir%\tracing.
The following log files contain helpful information about NAP:
IASNAP.LOG: Contains detailed information about NAP processes, NPS authentication, and NPS authorization.
IASSAM.LOG: Contains detailed information about user authentication and authorization.
Membership in the local Administrators group, or equivalent, is the minimum required to enable tracing. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups
(http://go.microsoft.com/fwlink/?LinkId=83477).
To create tracing log files on a server running NPS
Open a command line as an administrator.
Type netshras set tr * en.
Reproduce the scenario that you are troubleshooting.
Type netshras set tr * dis.
Close the command prompt window.
http://technet.microsoft.com/en-us/library/dd348461%28v=ws.10%29.aspx

QUESTION 378
Hotspot Question
Your network contains an Active Directory domain named contoso.com. All client computers are configured as DHCP clients.
You link a Group Policy object (GPO) named GPO1 to an organizational unit (OU) that contains all of the client computer accounts.
You need to ensure that Network Access Protection (NAP) compliance is evaluated on all of the client computers.
Which two settings should you configure in GPO1?
To answer, select the appropriate two settings in the answer area.
 clip_image001[76]
Answer:
clip_image001[78] 

QUESTION 379
Your network contains a Network Policy Server (NPS) server named Server1. The network contains a server named SQL1 that has Microsoft SQL Server 2008 R2 installed. All servers run Windows Server 2012 R2.
You configure NPS on Server1 to log c.
You need to ensure that the accounting data is captured if SQL1 fails. The solution must minimize cost.
What should you do?

A.    Implement Failover Clustering.
B.    Implement database mirroring.
C.    Run the Accounting Configuration Wizard.
D.    Modify the SQL Server Logging properties.

Answer: C

QUESTION 380
Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run Windows Server 2008, Windows Server 2008 R2 Windows Server 2012, and Windows Server 2012 R2.
A domain controller named DC1 runs Windows Server 2012 R2. DC1 is backed up daily.
During routine maintenance, you delete a group named Group1.
You need to recover Group1 and identify the names of the users who were members of Group1 prior to its deletion. You want to achieve this goal by using the minimum amount of administrative effort.
What should you do first?

A.    Perform an authoritative restore of Group1.
B.    Mount the most recent Active Directory backup.
C.    Use the Recycle Bin to restore Group1.
D.    Reactivate the tombstone of Group1.

Answer: A
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(361-370)!

QUESTION 361
You have a failover cluster that contains five nodes. All of the nodes run Windows Server 2012 R2. All of the nodes have BitLocker Drive Encryption (BitLocker) enabled.
You enable BitLocker on a Cluster Shared Volume (CSV).
You need to ensure that all of the cluster nodes can access the CSV.
Which cmdlet should you run next?

A.    Unblock-Tpm
B.    Add-BitLockerKeyProtector
C.    Remove-BitLockerKeyProtector
D.    Enable BitLockerAutoUnlock

Answer: B

QUESTION 362
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Deployment Services server role installed.
Server1 contains two boot images and four install images.
You need to ensure that when a computer starts from PXE, the available operating system images appear in a specific order.
What should you do?

A.    Modify the properties of the boot images.
B.    Create a new image group.
C.    Modify the properties of the install images.
D.    Modify the PXE Response Policy.

Answer: C

QUESTION 363
Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012 R2. The forest contains a single domain.
You create a Password Settings object (PSO) named PSO1.
You need to delegate the rights to apply PSO1 to the Active Directory objects in an organizational unit named OU1.
What should you do?

A.    From Active Directory Users and Computers, run the Delegation of Control Wizard.
B.    From Active Directory Administrative Center, modify the security settings of PSO1.
C.    From Group Policy Management, create a Group Policy object (GPO) and link the GPO to OU1.
D.    From Active Directory Administrative Center, modify the security settings of OU1.

Answer: B

QUESTION 364
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Network Policy Server server role installed. The domain contains a server named Server2 that is configured for RADIUS accounting.
Server1 is configured as a VPN server and is configured to forward authentication requests to Server2.
You need to ensure that only Server2 contains event information about authentication requests from connections to Server1.
Which two nodes should you configure from the Network Policy Server console?
To answer, select the appropriate two nodes in the answer area.
 clip_image001[54]
Answer:
 clip_image001[56]

QUESTION 365
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 P.2. Server1 has the Network Policy and Access Services server role installed.
Your company’s security policy requires that certificate-based authentication must be used by some network services.
You need to identify which Network Policy Server (NPS) authentication methods comply with the security policy.
Which two authentication methods should you identify? (Each correct answer presents part of the solution. Choose two.)

A.    MS-CHAP
B.    PEAP-MS-CHAP v2
C.    Chap
D.    EAP-TLS
E.    MS-CHAP v2

Answer: BD
Explanation:
PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and uses server- side public key certificates to authenticate the server. When you use EAP with a strong EAP type, such as TLS with smart cards or TLS with certificates, both the client and the server use certificates to verify their identities to each other.

QUESTION 366
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
An organizational unit (OU) named 0U1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in 0U1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort.
Which tool should you use?

A.    Server Manager
B.    Active Directory Users and Computers
C.    The Gpupdate command
D.    Group Policy Management Console (GPMC)

Answer: D
Explanation:
Starting with Windows Server 2012 and Windows 8, you can now remotely refresh Group Policy settings for all computers in an OU from one central location through the Group Policy Management Console (GPMC). Or you can use the Invoke- GPUpdatecmdlet to refresh Group Policy for a set of computers, not limited to the OU structure, for example, if the computers are located in the default computers container.
 clip_image001[58]
 
 clip_image001[60]

clip_image001[62]
http://technet.microsoft.com/en-us//library/jj134201.aspx http://blogs.technet.com/b/grouppolicy/archive/2012/11/27/group-policy-in-windows-server-2012-using-remote-gpupdate.aspx

QUESTION 367
Your company has a main office and a branch office.
The main office contains a server that hosts a Distributed File System (DFS) replicated folder.
You plan to implement a new DFS server in the branch office.
You need to recommend a solution that minimizes the amount of network bandwidth used to perform the initial synchronization of the folder to the branch office.
You recommend using the Export-DfsrClone and Import-DfsrClonecmdlets.
Which additional command or cmdlet should you include in the recommendation?

A.    Robocopy.exe
B.    Synchost.exe
C.    Export-BcCachePackage
D.    Sync-DfsReplicationGroup

Answer: D

QUESTION 368
You have a cluster named Cluster1 that contains two nodes. Both nodes run Windows Server 2012 R2. Cluster1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2.
You configure a custom service on VM1 named Service1.
You need to ensure that VM1 will be moved to a different node if Service1 fails.
Which cmdlet should you run on Cluster1?

A.    Add-ClusterVmMonitoredItem
B.    Add-ClusterGenericServiceRole
C.    Set-ClusterResourceDependency
D.    Enable VmResourceMetering

Answer: A

QUESTION 69
Hotspot Question
You have a server named Servers that runs Windows Server 2012 R2. Servers has the Windows Deployment Services server role installed.
Server5 contains several custom images of Windows 8.
You need to ensure that when 32-bit client computers start by using PXE, the computers automatically install an image named Image 1.
What should you configure?
To answer, select the appropriate tab in the answer area.
 clip_image001[64]
Answer:
 clip_image001[66]

QUESTION 370
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The network contains several group Managed Service Accounts that are used by four member servers.
You need to ensure that if a group Managed Service Account resets a password of a domain user account, an audit entry is created.
You create a Group Policy object (GPO) named GPO1.
What should you do next?

A.    In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User Account Management. Link GPO1 to the Domain Controllers organizational unit (OU).
B.    In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User Account Management. Move the member servers to a new organizational unit (OU). Link GPO1 to the new OU.
C.    In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive Privilege Use. Link GPO1 to the Domain Controllers organizational unit (OU).
D.    In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive Privilege Use. Move the member servers to a new organizational unit (OU). Link GPO1 to the new OU.

Answer: A
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(351-360)!

QUESTION 351
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. All servers run Windows Server 2012 R2.
You need to collect the error events from all of the servers on Server1. The solution must ensure that when new servers are added to the domain, their error events are collected automatically on Server1.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)

A.    On Server1, create a collector initiated subscription.
B.    On Server1, create a source computer initiated subscription.
C.    From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.
D.    From a Group Policy object (GPO), configure the Configure forwarder resource usage setting.

Answer: BC

QUESTION 352
Your company has a main office and two branch offices. The main office is located in Seattle. The two branch offices are located in Montreal and Miami. Each office is configured as an Active Directory site.
The network contains an Active Directory domain named contoso.com. Network traffic is not routed between the Montreal office and the Miami office.
You implement a Distributed File System (DFS) namespace named \\contoso.com\public. The namespace contains a folder named Folder1. Folder1 has a folder target in each office.
You need to configure DFS to ensure that users in the branch offices only receive referrals to the target in their respective office or to the target in the main office.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)

A.    Set the Ordering method of \\contoso.com\public to Random order.
B.    Set the Advanced properties of the folder target in the Seattle office to Last among all targets.
C.    Set the Advanced properties of the folder target in the Seattle office to First among targets of equal cost.
D.    Set the Ordering method of \\contoso.com\public to Exclude targets outside of the client’s site.
E.    Set the Advanced properties of the folder target in the Seattle office to Last among targets of equal cost.
F.    Set the Ordering method of \\contoso.com\public to Lowest cost.

Answer: CD
Explanation:
Exclude targets outside of the client’s site In this method, the referral contains only the targets that are in the same site as the client. These same-site targets are listed in random order. If no same-site targets exist, the client does not receive a referral and cannot access that portion of the namespace. Note: Targets that have target priority set to “First among all targets” or “Last among all targets” are still listed in the referral, even if the ordering method is set to Exclude targets outside of the client’s site .
Note 2: Set the Ordering Method for Targets in Referrals A referral is an ordered list of targets that a client computer receives from a domain controller or namespace server when the user accesses a namespace root or folder with targets. After the client receives the referral, the client attempts to access the first target in the list. If the target is not available, the client attempts to access the next target.

QUESTION 353
You have a server named Server 1.
You enable BitLocker Drive Encryption (BitLocker) on Server 1.
You need to change the password for the Trusted Platform Module (TPM) chip.
What should you run on Server1?

A.    Manage-bde.exe
B.    Set-TpmOwnerAuth
C.    bdehdcfg.exe
D.    tpmvscmgr.exe

Answer: B
Explanation:
The Set-TpmOwnerAuthcmdlet changes the current owner authorization value of the Trusted Platform Module (TPM) to a new value. You can specify the current owner authorization value or specify a file that contains the current owner authorization value. If you do not specify an owner authorization value, the cmdlet attempts to read the value from the registry.
Use the ConvertTo-TpmOwnerAuthcmdlet to create an owner authorization value. You can specify a new owner authorization value or specify a file that contains the new value.

QUESTION 354
You have a file server that has the File Server Resource Manager role service installed.
You open the File Server Resource Manager console as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[14]
You need to ensure that all of the folders in Folder1 have a 100-MB quota limit.
What should you do?

A.    Run the Update FsrmQuotacmdlet.
B.    Run the Update-FsrmAutoQuotacmdlet.
C.    Create a new quota for Folder1.
D.    Modify the quota properties of Folder1.

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/jj900582.aspx

QUESTION 355
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server2, Server3, and Server4.
Server2 and Server4 host a Distributed File System (DFS) namespace named Namespace1.
You open the DFS Management console as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[16]
To answer, complete each statement according to the information presented in the exhibit.
Each correct selection is worth one point.
 clip_image001[36]
Answer:
 clip_image001[38]

QUESTION 356
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
You create an organizational unit (OU) named OU1 and a Group Policy object (GPO) named GPO1. You link GPO1 to OU1.
You move several file servers that store sensitive company documents to OU1. Each file server contains more than 40 shared folders.
You need to audit all of the failed attempts to access the files on the file servers in OU1. The solution must minimize administrative effort.
Which two audit policies should you configure in GPO1?
To answer, select the appropriate two objects in the answer area.
 clip_image001[40]
Answer:
 clip_image001[42]

QUESTION 357
Your network contains an Active Directory domain named contoso.com. The domain contains five servers. The servers are configured as shown in the following table.
 clip_image001[44]
All desktop computers in contoso.com run Windows 8 and are configured to use BitLocker Drive Encryption (BitLocker) on all local disk drives.
You need to deploy the Network Unlock feature. The solution must minimize the number of features and server roles installed on the network.
To which server should you deploy the feature?

A.    Server1
B.    Server2
C.    Server3
D.    Server4
E.    Server5

Answer: E

QUESTION 358
Hotspot Question
Your network contains 25 Web servers that run Windows Server 2012 R2.
You need to configure auditing policies that meet the following requirements:
– Generate an event each time a new process is created.
– Generate an event each time a user attempts to access a file share.
Which two auditing policies should you configure?
To answer, select the appropriate two auditing policies in the answer area.
 clip_image001[46]
Answer:
clip_image001[48] 

QUESTION 359
Your network contains an Active Directory domain named contoso.com. The domain contains a virtual machine named Server1 that runs Windows Server 2012 R2.
Server1 has a dynamically expanding virtual hard disk that is mounted to drive E.
You need to ensure that you can enable BitLocker Drive Encryption (BitLocker) on drive E.
Which command should you run?

A.    manage-bde -protectors -add c: -startup e:
B.    manage-bde -lock e:
C.    manage-bde -protectors -add e: -startupkey c:
D.    manage-bde -on e:

Answer: D
Explanation:
Manage-bde: on
Encrypts the drive and turns on BitLocker.
Example:
The following example illustrates using the -on command to turn on BitLocker for drive C and add a recovery password to the drive.
manage-bde -on C: -recoverypassword

QUESTION 360
Hotspot Question
You have a file server named Server1 that runs Windows Server 2012 R2.
A user named User1 is assigned the modify NTFS permission to a folder named C:\shares and all of the subfolders of C:\shares.
On Server1, you open File Server Resource Manager as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[18]
To answer, complete each statement according to the information presented in the exhibit.
Each correct selection is worth one point.
 clip_image001[50]
Answer:
 clip_image001[52]
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(341-350)!

QUESTION 341
Your network contains an Active Directory domain named contoso.com. The domain contains three servers. The servers are configured as shown in the following table.
 clip_image001[18]
You need to ensure that end-to-end encryption is used between clients and Server2 when the clients connect to the network by using DirectAccess.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)

A.    From the Remote Access Management Console, reload the configuration.
B.    Add Server2 to a security group in Active Directory.
C.    Restart the IPSec Policy Agent service on Server2.
D.    From the Remote Access Management Console, modify the Infrastructure Servers settings.
E.    From the Remote Access Management Console, modify the Application Servers settings.

Answer: BE
Explanation:
When selecting application servers that require end-to-end encryption and authentication, it is important to note that:
** The selected end-to-end application servers must be members of one or more AD DS security groups.
* The selected end-to-end application servers must run Windows Server 2008 or later.
* The selected end-to-end application servers must be accessible via IPv6 (Native or ISATAP, not NAT64).
* The selected end-to-end application servers can be used with smart cards for an additional level of authorization.

QUESTION 342
Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8.1.
The network contains a shared folder named FinancialData that contains five files.
You need to ensure that the FinancialData folder and its contents are copied to all of the client computers.
Which two Group Policy preferences should you configure? (Each correct answer presents part of the solution. Choose two.)

A.    Shortcuts
B.    Network Shares
C.    Environment
D.    Folders
E.    Files

Answer: DE

QUESTION 343
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
You implement DirectAccess.
You need to view the properties of the DirectAccess connection.
Which connection properties should you view?
To answer, select the appropriate connection properties in the answer area.
 clip_image001[20]
Answer:
 clip_image002
Explanation:
http://technet.microsoft.com/en-us/library/jj613767.aspx
 clip_image002[4]

QUESTION 344
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8.1 Enterprise and Microsoft Office 2013.
You implement a Group Policy central store.
You need to modify the default Microsoft Office 2013 Save As location for all client computers. The solution must minimize administrative effort.
What should you configure in a Group Policy object (GPO)?

A.    The Group Policy preferences
B.    An application control policy
C.    The Administrative Templates
D.    The Software Installation settings

Answer: A

QUESTION 345
Your network contains an Active Directory domain named contoso.com. The domain contains a server named NPS1 that has the Network Policy Server server role installed. All servers run Windows Server 2012 R2.
You install the Remote Access server role on 10 servers.
You need to ensure that all of the Remote Access servers use the same network policies.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)

A.    Configure each Remote Access server to use the Routing and Remote Access service (RRAS) to authenticate connection requests.
B.    On NPS1, create a remote RADIUS server group. Add all of the Remote Access servers to the remote RADIUS server group.
C.    On NPS1, create a new connection request policy and add a Tunnel-Type and a Service-Type condition.
D.    Configure each Remote Access server to use a RADIUS server named NPS1.
E.    On NPS1, create a RADIUS client template and use the template to create RADIUS clients.

Answer: BC
Explanation:
When you configure a remote RADIUS server group in NPS and you configure a connection request policy with the group, you are designating the location where NPS is to forward connection requests.
Note: When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the domain where the user or computer account is located.

QUESTION 346
Your network contains a server named Server1 that has the Network Policy and Access Services server role installed.
All of the network access servers forward connection requests to Server1.
You create a new network policy on Server1.
You need to ensure that the new policy applies only to connection requests from the
192.168.0.0/24 subnet.
What should you do?

A.    Set the Client IP4 Address condition to 192.168.0.0/24.
B.    Set the Client IP4 Address condition to 192.168.0.
C.    Set the Called Station ID constraint to 192.168.0.0/24.
D.    Set the Called Station ID constraint to 192.168.0.

Answer: B
Explanation:
Called Station ID condition specifies the network access server telephone number dialed by access client.
Client IPv4 Address condition specifies the Internet Protocol (IP) version 4 address of the RADIUS client that forwarded the connection request to the NPS server.

QUESTION 347
Hotspot Question
Your network contains an Active Directory named contoso.com.
You have users named User1 and user2.
The Network Access Permission for User1 is set to Control access through NPS Network Policy. The Network Access Permission for User2 is set to Allow access.
A policy named Policy1 is shown in the Policy1 exhibit. (Click the Exhibit button.)
 clip_image001[22]
A policy named Policy2 is shown in the Policy2 exhibit. (Click the Exhibit button.)
 clip_image001[24]
A policy named Policy3 is shown in the Policy3 exhibit. (Click the Exhibit button.)
 clip_image001[26]
For each of the following statements, select Yes if the statement is true. Otherwise, select No. Each correct selection is worth one point.
 clip_image001[28]

Answer:
 clip_image001[30]

QUESTION 348
Drag and Drop Question
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server.
You need to log all DHCP clients that have windows Firewall disabled.
Which three actions should you perform in sequence? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
 clip_image002[6]
Answer:
 clip_image002[8]

QUESTION 349
Drag and Drop Question
You have a WIM file that contains an image of Windows Server 2012 R2.
Recently, a technician applied a Microsoft Standalone Update Package (MSU) to the image.
You need to remove the MSU package from the image.
Which three actions should you perform in sequence?
To answer, move the appropriate three actions from the list of actions to the answer area and arrange them in the correct order.
 clip_image002[10]
Answer:
 clip_image002[12]

QUESTION 350
Hotspot Question
Your company has two offices. The offices are located in Montreal and Seattle.
The network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2. Server1 is located in the Seattle office. Server2 is located in the Montreal office. Both servers run Windows Server 2012 R2 and have the Windows Server Update Services (WSUS) server role installed.
You need to configure Server2 to download updates that are approved on Server1 only.
What cmdlet should you run?
To answer, select the appropriate options in the answer area.
 clip_image001[32]
Answer:

clip_image001[34]
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(331-340)!

QUESTION 331
Your network contains an Active Directory domain named adatum.com.
A network administrator creates a Group Policy central store.
After the central store is created, you discover that when you create new Group Policy objects (GPOs), the GPOs do not contain any Administrative Templates.
You need to ensure that the Administrative Templates appear in new GPOs.
What should you do?

A.    Add your user account to the Group Policy Creator Owners group.
B.    Configure all domain controllers as global catalog servers.
C.    Copy files from %Windir%\Policydefimtions to the central store.
D.    Modify the Delegation settings of the new GPOs.

Answer: C

QUESTION 332
Your network contains two Active Directory forests named contoso.com and dev.contoso.com. The contoso.com forest contains a domain controller named DC1. The dev.contoso.com forest contains a domain controller named DC2. Each domain contains an organizational unit (OU) named OU1.
Dev.contoso.com has a Group Policy object (GPO) named GPO1. GPO1 contains 200 settings, including several settings that have network paths. GPO1 is linked to OU1.
You need to copy GPO1 from dev.contoso.com to contoso.com.
What should you do first on DC2?

A.    From the Group Policy Management console, right-click GPO1 and select Copy.
B.    Run the mtedit.exe command and specify the /Domaintcontoso.com /DC:DC 1 parameter.
C.    Run the Save-NetGpocmdlet.
D.    Run the Backup-Gpocmdlet.

Answer: D

QUESTION 333
You manage a server that runs Windows Server 2012 R2. The server has the Windows Deployment Services server role installed.
You have a desktop computer that has the following configuration:
– Computer name: Computer1
– Operating system: Windows 8
– MAC address: 20-CF-30-65-D0-87
– GUID: 979708BF-C04B-4525-9FE0-C4150BB6C618
You need to configure a pre-staged device for Computer1 in the Windows Deployment Services console.
Which two values should you assign to the device ID? (Each correct answer presents a complete solution. Choose two.)

A.    20CF3065D08700000000000000000000
B.    979708BFC04B45259FE0C4150BB6C618
C.    979708BF-C04B-452S-9FE0-C4150BB6C618
D.    0000000000000000000020CF306SD087
E.    00000000-0000-0000-0000-C41S0BB6C618

Answer: CD
Explanation:
* To add or remove pre-staged client to/from AD DS, specify the name of the computer or the device ID, which is a GUID, media access control (MAC) address, or Dynamic Host Configuration Protocol (DHCP) identifier associated with the computer.
* Example: Remove a device by using its ID from a specified domain This command removes the pre-staged device that has the specified ID. The cmdlet searches the domain named TSQA.Contoso.com for the device.
Windows PowerShell
PS C:\> Remove-WdsClient -DeviceID “5a7a1def-2e1f-4a7b-a792-ae5275b6ef92” -Domain -DomainName “TSQA.Contoso.com”

QUESTION 334
Hotspot Question
You have a server named Server4 that runs Windows Server 2012 R2. Server4 has the Windows Deployment Services server role installed.
Server4 is configured as shown in the exhibit. (Click the Exhibit button.)
 clip_image002
To answer, complete each statement according to the information presented in the exhibit.
Each correct selection is worth one point.
 clip_image001
Answer:
 clip_image001[4]

QUESTION 335
Hotspot Question
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
You need to audit successful and failed attempts to read data from USB drives on the servers.
Which two objects should you configure?
To answer, select the appropriate two objects in the answer area.
 clip_image001[6]
Answer:
 clip_image001[8]

QUESTION 336
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2. Both servers have the DFS Replication role service installed.
You need to configure the DFS Replication environment to meet the following requirements:
– Increase the quota limit of the staging folder.
– Configure the staging folder cleanup process to provide the highest amount of free space possible.
Which cmdlets should you use to meet each requirement?
To answer, select the appropriate options in the answer area.
 clip_image001[10]
Answer:
 clip_image001[12]

QUESTION 337
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DL1.
You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder1.
You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages.
What should you do?

A.    From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share – Advanced option.
B.    From the File Server Resource Manager console, modify the Access-Denied Assistance settings.
C.    From the File Server Resource Manager console, modify the Email Notifications settings.
D.    From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share -Applications option.

Answer: C
Explanation:
Configure the email notification settings You must configure the email notification settings on each file server that will send the access-denied assistance messages.
Open File Server Resource Manager. In Server Manager, click Tools, and then click File Server Resource Manager.
Right-click File Server Resource Manager (Local), and then click Configure Options.
Click the Email Notifications tab.
Configure the following settings:
Click Send Test E-mail to ensure that the email notifications are configured correctly.
Click OK.

QUESTION 338
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
You need to configure Server1 to meet the following requirements:
– Ensure that old files in a folder named Folder1 are archived automatically to a folder named Archive1.
– Ensure that all storage reports are saved to a network share.
Which two nodes should you configure?
To answer, select the appropriate two nodes in the answer area.
 clip_image001[14]
Answer:
 clip_image001[16]

QUESTION 339
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1.
You create a global group named RODC_Admins.
You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on R0DC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects.
What should you do?

A.    From Active Directory Site and Services, configure the Security settings of the RODC1 server object.
B.    From Windows PowerShell, run the Set-ADAccountControlcmdlet.
C.    From a command prompt, run the dsmgmt local roles command.
D.    From Active Directory Users and Computers, configure the Member Of settings of the RODC1 account.

Answer: C
Explanation:
RODC: using the dsmgmt.exe utility to manage local administrators One of the benefits of of RODC is that you can add local administrators who do not have full access to the domain administration. This gives them the abiltiy to manage the server but not add or change active directory objects unless those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt.

QUESTION 340
Your network contains an Active Directory domain named contoso.com.
You need to install and configure the Web Application Proxy role service.
What should you do?

A.    Install the Active Directory Federation Services server role and the Remote Access server role on different servers.
B.    Install the Active Directory Federation Services server role and the Remote Access server role on the same server.
C.    Install the Web Server (IIS) server role and the Application Server server role on the same server.
D.    Install the Web Server (IIS) server role and the Application Server server role on different servers.

Answer: A
Explanation:
AD FS is required to provide authentication and authorization services to Web Application Proxy and to store the Web Application Proxy configuration. Remote Access is the role containing the Web Application Proxy role service. (http://technet.microsoft.com/en-us/library/dn383650.aspx)
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(91-100)!

QUESTION 91
Your network contains an Active Directory domain named contoso.com. The domain contains two Active Directory sites named Site1 and Site2. You need to configure the replication between the sites to occur by using change notification. Which attribute should you modify?
 clip_image001[90]
Answer:
 clip_image001[92]

QUESTION 92
Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 clip_image002[22]
DC1 hosts an Active Directory-integrated zone for contoso.com. You add the DNS Server server role to DC2. You discover that the contoso.com DNS zone fails to replicate to DC2. You verify that the domain, schema, and configuration naming contexts replicate from DC1 to DC2. You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication. Which tool should you use?

A.    Dnslint
B.    A DNS Manager
C.    Active Directory Users and Computers
D.    Dnscmd
Answer: A
Explanation:
Note: If you see question about AD Replication, First preference is AD sites and services, then
Repadmin and then DNSLINT.

QUESTION 93
Your network contains an Active Directory forest named adatum.com. The forest contains a single domain. The domain contains four servers. The servers are configured as shown in the following table.
 clip_image001[94]
You need to update the schema to support a domain controller that will run Windows Server 2012 R2. On which server should you run adprep.exe?

A.    Server1
B.    DC3
C.    DC2
D.    DC1

Answer: B
Explanation:
C. DC3 is the only server that could be assumed to be 64bit
http://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx#BKMK_WS2012
 clip_image001[96]
QUESTION 94
Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012 R2. You plan to implement a new Active Directory forest. The new forest will be used for testing and will be isolated from the production network. In the test network, you deploy a server named Server1 that runs Windows Server 2012 R2. You need to configure Server1 as a new domain controller in a new forest named contoso.test. The solution must meet the following.
 clip_image002[24]
 clip_image002[26]
Select two options below.

A.    There is no need to set the Forest Functional Level.
B.    Set Forest Functional Level to Windows 2003.
C.    Set Forest Functional Level to Windows 2008
D.    Set Forest Functional Level to Windows 2008 R2.
E.    Set Forest Functional Level to Windows 2012.
F.    There is no need to set the Domain Functional Level.
G.    Set Domain Functional Level to Windows 2003.
H.    Set Domain Functional Level to Windows 2008
I.    Set Domain Functional Level to Windows 2008 R2.
J.    Set Domain Functional Level to Windows 2012.

Answer: BG
Explanation:
When you deploy AD DS, set the domain and forest functional levels to the highest value that your environment can support. This way, you can use as many AD DS features as possible. For example, if you are sure that you will never add domain controllers that run Windows Server 2003 to the domain or forest, select the Windows Server 2008 functional level during the deployment process. However, if you might retain or add domain controllers that run Windows Server 2003, select the Windows Server 2003 functional level. When you deploy a new forest, you are prompted to set the forest functional level and then set the domain functional level. You cannot set the domain functional level to a value that is lower than the forest functional level. Reference: Understanding Active Directory Domain Services (AD DS) Functional Levels
REWORDED
Very smartly reworded that you need to configure server 1 as new DC in a new forest named contoso.test and “also do name resolution”. In the answer you will have to select Windows 2003 as domain and forest functional level and you should also check “Domain name system(DNS) server….
This is not in any dumps
* When you deploy AD DS, set the domain and forest functional levels to the highest value that your environment can support. This way, you can use as many AD DS features as possible. For example, if you are sure that you will never add domain controllers that run Windows Server 2003 to the domain or forest, select the Windows Server 2008 functional level during the deployment process. However, if you might retain or add domain controllers that run Windows Server 2003, select the Windows Server 2003 functional level. When you deploy a new forest, you are prompted to set the forest functional level and then set the domain functional level. You cannot set the domain functional level to a value that is lower than the forest functional level.
http://technet.microsoft.com/en-us/library/understanding-active-directory- functionallevels(v=ws.10).aspx

QUESTION 95
Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2. You have a Password Settings object (PSOs) named PSO1. You need to view the settings of PSO1. Which tool should you use?

A.    Get-ADDomainControllerPasswordReplicationPolicy
B.    Get-ADDefaultDomainPasswordPolicy
C.    Server Manager
D.    Get-ADFineGrainedPasswordPolicy

Answer: D
Explanation:
A. Gets the members of the allowed list or denied list of a read-only domain controller’s password replication policy
B. Gets the default password policy for an Active Directory domain.
C. PSO’s managed from AD AC or Powershell Only
D. Gets one or more Active Directory fine grained password policies.
http://technet.microsoft.com/en-us/library/ee617207.aspx
http://technet.microsoft.com/en-us/library/ee617244.aspx
http://technet.microsoft.com/en-us/library/ee617231.aspx

QUESTION 96
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the IP Address Management (IPAM) Server feature installed. You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1 and Server2. You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2. To which group on Server2 should you add Tech1? To answer, select the appropriate group in the answer area.
 clip_image001[98]
Answer:
 clip_image001[100]
Explanation:
http://www.microsoft.com/en-us/download/dlx/ThankYou.aspx?id=29012
 clip_image002[28]
Both WinRMRemoteWMIUsers_ and Remote Management Users have the exact same description. As such, I tested connecting with server manager remotely with a non-administrative account. I tried before adding to either group and got this error:
 clip_image001[102]
I then added to Remote Management Users and got this error:
 clip_image001[104]
Note that this is due to access to the event log only.
Next I removed from Remote Management Users and added to WinRMRemoteWMIUsers_ and got this error:
 clip_image001[106]
The error is exactly the same and the explanation is due to event log. In summary, Either one of these answers is correct, however since the document explicitly says use the “WinRMRemoteWMIUsers_” group, then that’s what we got to do.

QUESTION 97
You have a server named Server2 that runs Windows Server 2012 R2. You have storage provisioned on Server2 as shown in the exhibit. (Click the Exhibit button.) You need to configure the storage so that it appears in Windows Explorer as a drive letter on Server1. Which three actions should you perform in sequence? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
 clip_image002[30]
Answer:
 clip_image002[32]
QUESTION 98
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 Both servers have the IP Address Management (IPAM) Server feature installed. You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1 and Server2. You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2. To which group on Server2 should you add Tech1.

A.    IPAM MSM Administrators
B.    IPAM Administrators
C.    winRMRemoteWMIUsers_
D.    Remote Management Users

Answer: C
Explanation:
A. IPAM MSM Administrators can’t access remotely
B. IPAM Administrators can’t access remotely
C. If you are accessing the IPAM server remotely using Server Manager IPAM client RSAT, then you must be a member of the WinRMRemoteWMIUsers group on the IPAM server, in addition to being a member of the appropriate IPAM security group (or local Administrators group).
http://msdn.microsoft.com/en-us/library/windows/desktop/aa384295(v=vs.85).aspx http://www.microsoft.com/en-us/download/details.aspx?id=29012

QUESTION 99
Your network contains two Active Directory forests named contoso.com and adatum.com. Both forests contain multiple domains. All domain controllers run Windows Server 2012 R2. Contoso.com has a one-way forest trust to adatum.com. A domain named paris.eu.contoso.com hosts several legacy applications that use NTLM authentication. Users in a domain named london.europe.adatum.com report that it takes a long time to be authenticated when they attempt to access the legacy applications hosted in paris.eu.contoso.com. You need to reduce how long it takes for the london.europe.adatum.com users to be authenticated in paris.eu.contoso.com. What should you do?

A.    Create a shortcut trust.
B.    Create an external trust between the forest root domains.
C.    Disable SID filtering on the existing trust.
D.    Create an external trust.

Answer: A
Explanation:
A. Shortcut trusts are one-way or two-way, transitive trusts that can be used when administrators need to optimize the authentication process. Authentication requests must first travel a trust path between domain trees, and in a complex forest this can take time, which can be reduced with shortcut trusts.
B. Use external trusts to provide access to resources located on a Windows NT 4.0 domain or a domain located in a separate forest that is not joined by a forest trust.
C. Filters users or SIDs from one domain
D. Use external trusts to provide access to resources located on a Windows NT 4.0 domain or a domain located in a separate forest that is not joined by a forest trust
http://technet.microsoft.com/en-us/library/cc737939(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc775736(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc772633(v=ws.10).aspx
 clip_image001[108]
QUESTION 100
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. You are creating a central access rule named TestFinance that will be used to audit members of the Authenticated Users group for access failure to shared folders in the finance department. You need to ensure that access requests are unaffected when the rule is published.
What should you do?

A.    Add a User condition to the current permissions entry for the Authenticated Users principal.
B.    Set the Permissions to Use the following permissions as proposed permissions.
C.    Add a Resource condition to the current permissions entry for the Authenticated Users principal.
D.    Set the Permissions to Use following permissions as current permissions.

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/jj134043.aspx

clip_image001[110]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(81-90)!

QUESTION 81
Your network contains an Active Directory domain named contoso.com. A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS). After the proof of concept was complete, the Active Directory Rights Management Services server role was removed. You attempt to deploy AD RMS. During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service Connection Point (SCP) was found. You need to remove the existing AD RMS SCP. Which tool should you use?

A.    Authorization Manager
B.    TPM Management
C.    Active Directory Sites and Services
D.    Services

Answer: C

QUESTION 82
Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[60]
DC1 hosts an Active Directory-integrated zone for contoso.com. You add the DNS Server server role to DC2. You discover that the contoso.com DNS zone fails to replicate to DC2. You verify that the domain, schema, and configuration naming contexts replicate from DC1 to DC2. You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication. Which tool should you use?

A.    Ntdsutil
B.    Repadmin
C.    Dnslint
D.    Active Directory Domains and Trusts

Answer: B
Explanation:
If you see question about AD Replication, First preference is AD sites and services, then
Repadmin and then DNSLINT.

QUESTION 83
You have a server named Server1 that runs Windows Server 2012 R2. Windows Server 2012 R2 is installed on volume C. You need to ensure that Safe Mode with Networking loads the next time Server1 restarts. Which tool should you use?

A.    The Msconfig command
B.    The Restart-Server cmdlet
C.    The Restart-Computer cmdlet
D.    The Bootcfg command

Answer: A
Explanation:
A. Use system config to configure boot options
B. Not a valid cmdlet
C. Restarts (“reboots”) the operating system on local and remote computers. No boot options
D. modifies the Boot.ini file no option for safe mode/networking for win8/2012
http://technet.microsoft.com/en-us/library/hh849837.aspx
http://support.microsoft.com/kb/317521
http://technet.microsoft.com/en-us/library/cc725967.aspx
 clip_image001[62]

QUESTION 84
You have a file server named FS1 that runs Windows Server 8. Data Deduplication is enabled on FS1. You need to configure Data Deduplication to run at a normal priority from 20:00 to 06:00 daily. What should you configure?

A.    File and Storage Services in Server Manager
B.    The Data Deduplication process in Task Manager
C.    Disk Management in Computer Management
D.    The properties of drive C

Answer: A
Explanation:
A. In Windows Server 2012 R2, deduplication can be enabled locally or remotely by using Windows PowerShell or Server Manager.
http://technet.microsoft.com/en-us/library/hh831700.aspx
 clip_image001[64]

QUESTION 85
Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8 Enterprise. You have a remote site that only contains client computers. All of the client computer accounts are located in an organizational unit (CU) named Remote1. A Group Policy object (GPO) named GPO1 is linked to the Remote1 CU. You need to configure BranchCache for the remote site. Which two settings should you configure in GPO1? To answer, select the two appropriate settings in the answer area.
 clip_image001[66]
Answer:
 clip_image001[68]

QUESTION 86
Your company has a main office and a branch office. An Active Directory site exists for each office. The network contains an Active Directory forest named contoso.com. The contoso.com domain contains three member servers named Server1, Server2, and Server3. All servers run Windows Server 2012 R2. In the main office, you configure Server1 as a file server that uses BranchCache. In the branch office, you configure Server2 and Server3 as BranchCache hosted cache servers. You are creating a Group Policy for the branch office site. In the branch office, you need to configure the client computers that run Windows B to use Server2 and Server3 as BranchCache.
 clip_image001[70]
Answer:
 clip_image001[72]

QUESTION 87
Your network contains two Active Directory forests named contoso.com and fabrikam.com. A two- way forest trust exists between the forests. The contoso.com forest contains an enterprise certification authority (CA) named CAl. You implement cross-forest certificate enrollment between the contoso.com forest and the fabrikam.com forest. On CA1, you create a new certificate template named Template1. You need to ensure that users in the fabrikam.com forest can request certificates that are based on Template1. Which tool should you use?

A.    Sync-ADObject
B.    Pkiview.msc
C.    CertificateServices.ps1
D.    Certutil
E.    PKISync.ps1

Answer: E
Explanation:
A. Replicates a single object between any two domain controllers that have partitions in common. B. Monitoring and troubleshooting the health of all certification authorities (CAs) in a public key infrastructure (PKI) are essential administrative tasks facilitated by the Enterprise PKI snap-in.
D. use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.
E. PKISync.ps1 copies objects in the source forest to the target forest
http://technet.microsoft.com/en-us/library/hh852296.aspx
http://technet.microsoft.com/en-us/library/cc732261(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/ff955845(v=ws.10).aspx
 clip_image001[76]
 clip_image001[78]
QUESTION 88
Your network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA). The domain contains a server named Server1 that runs Windows Server 2012 R2. You install the Active Directory Federation Services server role on Server1. You plan to configure Server1 as an Active Directory Federation Services (AD FS) server. The Federation Service name will be set to adfs1.contoso.com. You need to identify which type of certificate template you must use to request a certificate for AD FS.
 clip_image001[80]
Answer:
 clip_image001[82]

QUESTION 89
Your network contains an Active Directory domain named contoso.com. A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS). After the proof of concept was complete, the Active Directory Rights Management Services server role was removed. You attempt to deploy AD RMS. During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service Connection Point (SCP) was found. You need to remove the existing AD RMS SCP.

A.    Certification Authority
B.    Authorization Manager
C.    ADSI Edit
D.    Active Directory Domains and Trusts

Answer: C
 clip_image001[84]

QUESTION 90
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as an enterprise certification authority (CA). You need to ensure that all of the users in the domain are issued a certificate that can be used for the following purposes:
– Email security
– Client authentication
– Encrypting File System (EFS)
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    From a Group Policy, configure the Certificate Services Client – Auto-Enrollment settings.
B.    From a Group Policy, configure the Certificate Services Client – Certificate Enrollment Policy settings.
C.    Modify the properties of the User certificate template, and then publish the template.
D.    Duplicate the User certificate template, and then publish the template.
E.    From a Group Policy, configure the Automatic Certificate Request Settings settings.

Answer: AD
Explanation:
The default user template supports all of the requirements EXCEPT auto enroll as shown below:
 clip_image001[86]
However a duplicated template from users has the ability to autoenroll:
 clip_image001[88]
The Automatic Certificate Request Settings GPO setting is only available to Computer, not user.
http://technet.microsoft.com/en-us/library/dd851772.aspx

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(71-80)!

QUESTION 71
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. You configure File Services and DHCP as clustered resources for Cluster1. Server1 is the active node for both clustered resources. You need to ensure that if two consecutive heartbeat messages are missed between Server1 and Server2, Server2 will begin responding to DHCP requests. The solution must ensure that Server1 remains the active node for the File Services clustered resource for up to five missed heartbeat messages. What should you configure?

A.    Affinity-None
B.    Affinity-Single
C.    The cluster quorum settings
D.    The failover settings
E.    A file server for general use
F.    The Handling priority
G.    The host priority
H.    Live migration
I.    The possible owner
J.    The preferred owner
K.    Quick migration
L.    the Scale-Out File Server

Answer: D
Explanation:
A. The number of heartbeats that can be missed before failover occurs is known as the heartbeat threshold
http://technet.microsoft.com/en-us/library/dn265972.aspx
http://technet.microsoft.com/en-us/library/dd197562(v=ws.10).aspx http://blogs.msdn.com/b/clustering/archive/2012/11/21/10370765.aspx

QUESTION 72
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows Server 2012 R2. You configure a new failover cluster named Cluster1. Server1 and Server2 are nodes in Cluster1. You need to configure the disk that will be used as a witness disk for Cluster1. How should you configure the witness disk?
To answer, drag the appropriate configurations to the correct location or locations. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 clip_image001[40]
Answer:
 clip_image002

QUESTION 73
Your network contains an Active Directory forest named contoso.com that contains a single domain. The forest contains three sites named Site1, Site2, and Site3. Domain controllers run either Windows Server 2008 R2 or Windows Server 2012 R2. Each site contains two domain controllers. Site1 and Site2 contain a global catalog server. You need to create a new site link between Site1 and Site2. The solution must ensure that the site link supports the replication of all the naming contexts. From which node should you create the site link?
To answer, select the appropriate node in the answer area.
 clip_image002[14]
Answer:
 clip_image002[16]

QUESTION 74
Your network contains an Active Directory domain named adatum.com. All servers run Windows Server 2012 R2. All domain controllers have the DNS Server server role installed. You have a domain controller named DC1. On DC1, you create an Active Directory-integrated zone named adatum.com and you sign the zone by using DNSSEC. You deploy a new read-only domain controller (RODC) named R0DC1. You need to ensure that the contoso.com zone replicates to R0DC1. What should you configure on DC1?
To answer, select the appropriate tab in the answer area.
 clip_image001[42]
Answer:
 clip_image001[44]

QUESTION 75
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has a single volume that is encrypted by using BitLocker Drive Encryption (BitLocker). BitLocker is configured to save encryption keys to a Trusted Platform Module (TPM). Server1 is configured to perform a daily system image backup. The motherboard on Server1 is upgraded. After the upgrade, Windows Server 2012 R2 on Server1 fails to start. You need to start the operating system on Server1 as soon as possible.
What should you do?
Start Server1 from the installation media. Run startrec.exe. Move the disk to a server that has a model of the old motherboard. Start the server from the installation media. Run bcdboot.exe. Move the disk to a server that has a model of the old motherboard. Start the server. Run tpm.msc. Start Server1 from the installation media. Perform a system image recovery.

A.    Start Server1 from the installation media. Run startrec.exe.
B.    Move the disk to a server that has a model of the old motherboard.
Start the server from the installation media.
Run bcdboot.exe.
C.    Move the disk to a server that has a model of the old motherboard.
Start the server. Run tpm.msc.
D.    Start Server1 from the installation media. Perform a system image recovery.

Answer: D
Explanation:
Encryption keys are lost. Nothing mentioned about password/keys recovery. My point is that the only way is to restore the server from a backup.
http://social.technet.microsoft.com/Forums/windows/en-US/6b34b4da-b1e2-4038- 8d6d192f973cadea/usingsystem-image-with-a-bitlocker-system-drive

QUESTION 76
You have a test server named Server1 that is configured to dual-boot between Windows Server 2008 R2 and Windows Server 2012 R2. You start Server1 and you discover that the boot entry for Windows Server 2008 R2 no longer appears on the boot menu. You start Windows Server 2012 R2 on Server1 and you discover the disk configurations shown in the following table.
 clip_image001[46]
You need to restore the Windows Server 2008 R2 boot entry on Server1. What should you do?

A.    Run bootrec.exe and specify the /scanos parameter.
B.    Run bcdedit.exe and specify the /create store parameter.
C.    Run bootcfg.exe and specify the /copy parameter.
D.    Run bootrec.exe and specify the /rebuildbcd parameter.

Answer: D

QUESTION 77
You have 3 server named LON-DC1 that runs Windows Server 2012 R2. An iSCSI virtual disk named VirtualiSCSIl.vhd exists on LON-DC1 as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[18]
You create a new iSCSI virtual disk named VirtualiSCSI2.vhd by using the existing itgt iSCSI target. VirtualiSCSIl.vhd is removed from LON-DC1. You need to assign VirtualiSCSI2.vhd a logical unit value of 0. What should you do?

A.    Modify the properties of the VirtualiSCSI2.vhd iSCSI virtual disk.
B.    Run the Add-IscsiVirtualDiskTargetMapping cmdlet and specify the -Lun parameter.
C.    Run the iscsicli command and specify the reportluns parameter.
D.    Run the iscsicpl command and specify the virtualdisklun parameter.

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/jj612800(v=wps.620).aspx
 clip_image001[48]
QUESTION 78
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains three Active Directory sites named SiteA, SiteB, and SiteC. The sites contain four domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[50]
An IP site link exits between each site. You discover that the users in SiteC are authenticated by the domain controllers in SiteA and SiteB. You need to ensure that the SiteC users are authenticated by the domain controllers in SiteB, unless all of the domain controllers in SiteB are unavailable. What should you do?

A.    Create a site link bridge.
B.    Create additional connection objects for DC3 and DC4.
C.    Create additional connection objects for DC1 and DC2.
D.    Increase the cost of the site link between SiteA and SiteC.

Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/dd277430.aspx#XSLTsection126121120120
 clip_image001[52]
QUESTION 79
You have a file server named Server1 that runs Windows Server 2012 R2. The folders on Server1 are configured as shown in the following table.
 clip_image001[56]
A new corporate policy states that backups must use Windows Azure Online Backup whenever possible. You need to identify which technology you must use to back up Server1. The solution must use Windows Azure Online Backup whenever possible. What should you identify? To answer, drag the appropriate backup type to the correct location or locations. Each backup type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 clip_image002[20]
Answer:
 clip_image002[6]

QUESTION 80
You have a server named File1 that runs Windows Server 2012 R2. File1 has the File Server role service installed. You plan to back up all shared folders by using Windows Azure Online Backup. You download and install the Windows Azure Online Backup Service Agent on File1. You need to ensure that you use Windows Server Backup to back up data to Windows Azure Online Backup. What should you do?

A.    From Computer Management, add the File1 computer account to the Backup Operators group.
B.    From the Services console, modify the Log On settings of the Windows Azure Online Backup Service Agent.
C.    From Windows Server Backup, run the Register Server Wizard.
D.    From a command prompt, run wbadmin.exe enable backup.

Answer: C
Explanation:
http://blogs.technet.com/b/windowsserver/archive/2012/03/28/microsoft-online- backupservice.aspx

clip_image001[58]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

1 332 333 334 335 336 386