★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-411 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/70-411-dumps.html


Q1. Your network contains two servers named Server1 and Server2 that run windows Server 2012 R2. Server1 and 5erver2 have the Windows Server Update Services server role installed. 

Server1 synchronizes from Microsoft Update. Server2 is a Windows Server Update Services (WSUS) replica of Server1. 

You need to configure replica downstream servers to send Server1 summary information about the computer update status. 

What should you do? 

A. From Server1, configure Reporting Rollup. 

B. From Server2, configure Reporting Rollup. 

C. From Server2, configure Email Notifications. 

D. From Server1, configure Email Notifications. 

Answer:

Explanation: 

WSUS Reporting Rollup Sample Tool 

This tool uses the WSUS application programming interface (API) to demonstrate centralized monitoring and reporting for WSUS. It creates a single report of update and computer status from the WSUS servers into your WSUS environment. The sample package also contains sample source files to customize or extend the tool functionality of the tool to meet specific needs. The WSUS Reporting Rollup Sample Tool and files are provided AS IS. No product support is available for this tool or sample files. For more information read the readme file. 

Reference: http: //technet. microsoft. com/en-us/windowsserver/bb466192. aspx 


Q2. Your network contains an Active Directory domain named adatum.com. 

A network administrator creates a Group Policy central store. 

After the central store is created, you discover that when you create new Group Policy objects (GPOs), the GPOs do not contain any Administrative Templates. 

You need to ensure that the Administrative Templates appear in new GPOs. 

What should you do? 

A. Add your user account to the Group Policy Creator Owners group. 

B. Configure all domain controllers as global catalog servers. 

C. Copy files from %Windir%\Policydefinitions to the central store. 

D. Modify the Delegation settings of the new GPOs. 

Answer:

Explanation: 

To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain. 


Q3. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. You plan to use fine-grained password policies to customize the password policy settings ofcontoso.com. 

You need to identify to which Active Directory object types you can directly apply the fine-grained password policies. 

Which two object types should you identify? (Each correct answer presents part of the solution. Choose two.) 

A. Users 

B. Global groups 

C. computers 

D. Universal groups 

E. Domain local groups 

Answer: A,B 

Explanation: 

First off, your domain functional level must be at Windows Server 2008. Second, Fine-grained password policies ONLY apply to user objects, and global security groups. Linking them to universal or domain local groups is ineffective. I know what you’re thinking, what about OU’s? Nope, Fine-grained password policy cannot be applied to an organizational unit (OU) directly. The third thing to keep in mind is, by default only members of the Domain Admins group can set fine-grained password policies. However, you can delegate this ability to other users if needed. 

Fine-grained password policies apply only to user objects (or inetOrgPerson objects if they are used instead of user objects) and global security groups. 

You can apply Password Settings objects (PSOs) to users or global security groups: 

References: 

http: //technet. microsoft. com/en-us/library/cc731589%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/cc731589%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/cc770848%28v=ws. 10%29. aspx 

http: //www. brandonlawson. com/active-directory/creating-fine-grained-password-policies/ 


Q4. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. 

A local account named Admin1 is a member of the Administrators group on Server1. 

You need to generate an audit event whenever Admin1 is denied access to a file or folder. 

What should you run? 

A. auditpol.exe /set /userradmin1 /failure: enable 

B. auditpol.exe /set /user: admin1 /category: "detailed tracking" /failure: enable 

C. auditpol.exe /resourcesacl /set /type: file /user: admin1 /failure 

D. auditpol.exe /resourcesacl /set /type: key /user: admin1 /failure /access: ga 

Answer:

Explanation: 

http: //technet. microsoft. com/en-us/library/ff625687. aspx 

To set a global resource SACL to audit successful and failed attempts by a user to perform 

generic read and write functions on files or folders: 

auditpol /resourceSACL /set /type: File /user: MYDOMAINmyuser /success /failure /access: 

FRFW 

http: //technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx 

Syntax 

auditpol /resourceSACL 

[/set /type: <resource> [/success] [/failure] /user: <user> [/access: <access flags>]] 

[/remove /type: <resource> /user: <user> [/type: <resource>]] 

[/clear [/type: <resource>]] 

[/view [/user: <user>] [/type: <resource>]] 

References: 

http: //technet. microsoft. com/en-us/library/ff625687%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/ff625687%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/ff625687. aspx 

http: //technet. microsoft. com/en-us/library/ff625687%28v=ws. 10%29. aspx 


Q5. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. 

An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1. 

You make a change to GPO1. 

You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort. 

Which tool should you use? 

A. The Secedit command 

B. The Invoke-GpUpdate cmdlet 

C. Group Policy Object Editor 

D. Server Manager 

Answer:

Explanation: 

Invoke-GPUpdate 

Schedule a remote Group Policy refresh (gpupdate) on the specified computer. Applies To: Windows Server 2012 R2 

The Invoke-GPUpdate cmdlet refreshes Group Policy settings, including security settings that are set on remote computers by scheduling the running of the Gpupdate command on a remote computer. You can combine this cmdlet in a scripted fashion to schedule the Gpupdate command on a group of computers. The refresh can be scheduled to immediately start a refresh of policy settings or wait for a specified period of time, up to a maximum of 31 days. To avoid putting a load on the network, the refresh times will be offset by a random delay. 

Note: Group Policy is a complicated infrastructure that enables you to apply policy settings to remotely configure a computer and user experience within a domain. When the Resultant Set of Policy settings does not conform to your expectations, a best practice is to first verify that the computer or user has received the latest policy settings. In previous versions of Windows, this was accomplished by having the user run GPUpdate.exe on their computer. With Windows Server 2012 R2 and Windows 8, you can remotely refresh Group Policy settings for all computers in an organizational unit (OU) from one central location by using the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdate Windows PowerShell cmdlet to refresh Group Policy for a set of computers, including computers that are not within the OU structure—for example, if the computers are located in the default computers container. The remote Group Policy refresh updates all Group Policy settings, including security settings that are set on a group of remote computers, by using the functionality that is added to the context menu for an OU in the Group Policy Management Console (GPMC). When you select an OU to remotely refresh the Group Policy settings on all the computers in that OU, the following operations happen: 

. An Active Directory query returns a list of all computers that belong to that OU. 

. For each computer that belongs to the selected OU, a WMI call retrieves the list of signed in users. 

. A remote scheduled task is created to run GPUpdate.exe /force for each signed in user and once for the computer Group Policy refresh. The task is scheduled to run with a random delay of up to 10 minutes to decrease the load on the network traffic. This random delay cannot be configured when you use the GPMC, but you can configure the random delay for the scheduled task or set the scheduled task to run immediately when you use the Invoke-GPUpdate cmdlet. 

Reference: Force a Remote Group Policy Refresh (GPUpdate) 


Q6. You have Windows Server 2012 R2 installation media that contains a file named Install.wim. You need to identify the permissions of the mounted images in Install.wim. 

What should you do? 

A. Run dism.exe and specify the /get-mountedwiminfo parameter. 

B. Run imagex.exe and specify the /verify parameter. 

C. Run imagex.exe and specify the /ref parameter. 

D. Run dism.exe and specify the/get-imageinfo parameter. 

Answer:

Explanation: 

/Get-MountedWimInfo Lists the images that are currently mounted and information about the mounted image such as read/write permissions, mount location, mounted file path, and mounted image index. 

References: 

 http: //technet. microsoft. com/en-us/library/cc749447(v=ws. 10). aspx 

http: //technet. microsoft. com/en-us/library/dd744382(v=ws. 10). aspx 

http: //technet. microsoft. com/en-us/library/hh825224. aspx 


Q7. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains the users shown in the following table. 

You have a Network Policy Server (NPS) server that has the network policies shown in the following table. 

User1, User2, and User3 plan to connect to the network by using a VPN. You need to identify which network policy will apply to each user. 

What should you identify? 

To answer, select the appropriate policy for each user in the answer area. 

Answer: 


Q8. HOTSPOT 

Your company has four offices. The offices are located in Montreal, Seattle, Sydney, and New York. 

The network contains an Active Directory domain named contoso.com. The domain contains a server named Server2 that runs Windows Server 2012 R2. Server2 has the DHCP Server server role installed. 

All client computers obtain their IPv4 and IPv6 addresses from DHCP. 

You need to ensure that Network Access Protection (NAP) enforcement for DHCP applies to all of the client computers except for the client computers in the New York office. 

Which two nodes should you configure? To answer, select the appropriate two nodes in the answer area.

 

Answer: 


Q9. Your network contains a Hyper-V host named Hyperv1. Hyperv1 runs Windows Server 2012 R2. 

Hyperv1 hosts four virtual machines named VM1, VM2, VM3, and VM4. AH of the virtual machines run Windows Server 2008 R2. 

You need to view the amount of memory resources and processor resources that VM4 currently uses. 

Which tool should you use on Hyperv1? 

A. Windows System Resource Manager (WSRM) 

B. Task Manager 

C. Hyper-V Manager 

D. Resource Monitor 

Answer:

Explanation: 

Hyper-V Performance Monitoring Tool Know which resource is consuming more CPU. Find out if CPUs are running at full capacity or if they are being underutilized. Metrics tracked include Total CPU utilization, Guest CPU utilization, Hypervisor CPU utilization, idle CPU utilization, etc. 

WSRM is deprecated starting with Windows Server 2012 


Q10. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. 

You log on to Server1 by using a user account named User2. 

From the Remote Access Management Console, you run the Getting Started Wizard and you receive a warning message as shown in the exhibit. (Click the Exhibit button.) 

You need to ensure that you can configure DirectAccess successfully. The solution must minimize the number of permissions assigned to User2. 

To which group should you add User2? 

A. Enterprise Admins 

B. Administrators 

C. Account Operators 

D. Server Operators 

Answer:

Explanation: 

You must have privileges to create WMI filters in the domain in which you want to create the filter. Permissions can be changed by adding a user to the Administrators group. 

Administrators (A built-in group) After the initial installation of the operating system, the only member of the group is the Administrator account. When a computer joins a domain, the Domain Admins group is added to the Administrators group. When a server becomes a domain controller, the Enterprise Admins group also is added to the Administrators group. The Administrators group has built-in capabilities that give its members full control over the system. The group is the default owner of any object that is created by a member of the group. This example logs in as a test user who is not a domain user or an administrator on the server. This results in the error specifying that DA can only be configured by a user with local administrator permissions. 

References: http://technet.microsoft.com/en-us/library/cc780416(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc775497(v=ws.10).aspx