★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 70-417 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/70-417-dumps.html
Certifications could be the proof of your skills, know-how plus ability. These are essential to receive a great performing seating in a effectively reputed firm. This certifications provde the excess know-how and also the primary skills for the employment that guide yourself to supercharge your employment. If you have approved a qualification assessment, your notice your needs have increased in the industry. This studies revealed that the public who have at least one Exambible Microsoft currently have far better pay that your other folks, the rise rate is in addition identified greater than the other people.
2021 Dec cbt nuggets 70-417:
Q211. Virtual Network Manager (available from the Hyper-V Manager snap-in) offers three types of virtual networks that you can use to define various networking topologies for virtual machines and the virtualization server.
Which type of virtual network is isolated from all external network traffic on the virtualization server, as well any network traffic between the management operating system and the external network.
A. Internal virtual network
B. Private virtual network
C. External virtual network
D. None of these
Answer: B
Q212. Which of the following reasons justifies why you should audit failed events?
A. To log resource access for reporting and billing
B. To monitor for malicious attempts to access a resource which has been denied
C. None of these
D. To monitor access that would suggest users are performing actions greater than you had planned
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc778162%28v=ws.10%29.aspx Auditing Security Events Best practices If you decide to audit failure events in the policy change event category, you can see if unauthorized users or attackers are trying to change policy settings, including security policy settings. Although this can be helpful for intrusion detection, the increase in resources that is required and the possibility of a denial-of-service attack usually outweigh the benefits.
Q213. OTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and configured.
For all users, you are deploying smart cards for logon. You are using an enrollment agent to enroll the smart card certificates for the users.
You need to configure the Contoso Smartcard Logon certificate template to support the use of the enrollment agent.
Which setting should you modify? To answer, select the appropriate setting in the answer area.
Answer:
172. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort.
Which tool should you use?
A. The Set-AdComputercmdlet
B. Group Policy Management Console (GPMC)
C. Server Manager
D. TheGpupdate command
Answer: B
Explanation:
In the previous versions of Windows, this was accomplished by having the user run
GPUpdate.exe on their computer. Starting with Windows Server? 2012 and Windows?8,
you can now remotely refresh Group Policy settings for all computers in an OU from one
central location through the Group Policy Management Console (GPMC). Or you can use
the Invoke-GPUpdate cmdlet to refresh Group Policy for a set of computers, not limited to
the OU structure, for example, if the computers are located in the default computers
container. Note: Group Policy Management Console (GPMC) is a scriptable Microsoft
Management Console (MMC) snap-in, providing a single administrative tool for managing
Group Policy across the enterprise. GPMC is the standard tool for managing Group Policy.
Incorrect:
Not B: Secedit configures and analyzes system security by comparing your current
configuration to at least one template.
Reference: Force a Remote Group Policy Refresh (GPUpdate)
Q214. Your network contains a Windows Server 2012 R2 image named Server12.wim. Server12.wim contains the images shown in the following table.
Server12.wim is located in C:\.
You need to enable the Windows Server Migration Tools feature in the Windows Server 2012 R2 Datacenter image. You want to achieve this goal by using the minimum amount of administrative effort.
Which command should you run first?
A. imagex.exe /apply c:\server12.wim 4 c:\
B. dism.exe /image:c:\server12.wim /enable-feature /featurename:servermigration
C. imagex.exe /capture c: c:\Server12.wim "windows server 2012 r2 datacenter"
D. dism.exe /mount-wim /wimfile:c:\Server12.wim /index:4 /mountdir:c:\mount
Answer: D
Explanation:
This command will mount the image before making any changes. References: http://technet.microsoft.com/en-us/library/cc749447(v=ws.10).aspx http://technet.microsoft.com/en-us/library/dd744382(v=ws.10).aspx
Q215. OTSPOT
You have a Hyper-V host named Server1 that runs Windows Server 2008 R2.All of the virtual machines on Server1 use VHDs.
You install the Hyper-V server role on a server named Server2 that runs Windows Server 2012 R2.Server2 has the same hardware configurations as Server1.
You plan to migrate the Hyper-V host from Server1 to Server2 by using the Windows Server Migration Tools.
In the table below, identify what can be migrated by using the Windows Server Migration Tools. Make only one selection in each row. Each correct selection is worth one point.
Answer:
Updated 70-417 free study guide:
Q216. Your network contains an Active Directory domain named contoso.com. The domain contains a Web server named www.contoso.com. The Web server is available on the Internet.
You implement DirectAccess by using the default configuration.
You need to ensure that users never attempt to connect to www.contoso.com by using DirectAccess. The solution must not prevent the users from using DirectAccess to access other resources in contoso.com.
Which settings should you configure in a Group Policy object (GPO)?
A. DirectAccess Client Experience Settings
B. Name Resolution Policy
C. DNS Client
D. Network Connections
Answer: B
Explanation:
http://www.techrepublic.com/blog/10things/10-things-you-should-know-aboutdirectaccess/1371
Q217. Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1.
You create a global group named RODC_Admins.
You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on RODC1.
The solution must not provide RODC_Admins with the ability to manage Active Directory objects.
What should you do?
A. From a command prompt, run the dsadd computer command.
B. From Active Directory Users and Computers, run the Delegation of Control Wizard.
C. From Active Directory Users and Computers, configure the Member Of settings of the RODC1 account.
D. From a command prompt, run the dsmgmt local roles command.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc731885.aspx http://technet.microsoft.com/en-us/library/cc732473.aspx Manages Administrator Role Separation for a read-only domain controller (RODC). Administrator role separation provides a nonadministrative user with the permissions to install and administer an RODC, without granting that user permissions to do any other type of domain administration.
Q218. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012.
The domain contains an Edge Server named Server1. Server1 is configured as a DirectAccess server. Server1 has the following settings:
Internal DNS name: Server1.contoso.com External DNS name: dal.contoso.com Internal IPv6 address: 2002:cla8:6a:3333::l External IPv4 address: 65.55.37.62
Your company uses split-brain DNS for the contoso.com zone.
You run the Remote Access Setup wizard as shown in the following exhibit. (Click the Exhibit button.)
...
You need to ensure that client computers on the Internet can establish DirectAccess connections to Server1.
Which additional name suffix entry should you add from the Remote Access Setup wizard?
A. A Name Suffix value of Server1.contoso.com and a blank DNS Server Address value
B. A Name Suffix value of dal.contoso.com and a blank DNS Server Address value
C. A Name Suffix value of Server1.contoso.com and a DNS Server Address value of
65.55.37.62
D. A Name Suffix value of dal.contoso.com and a DNS Server Address value of
65.55.37.62
Answer: A
Explanation:
*
In a non-split-brain DNS environment, the Internet namespace is different from the intranet namespace. For example, the Contoso Corporation uses contoso.com on the Internet and corp.contoso.com on the intranet. Because all intranet resources use the corp.contoso.com DNS suffix, the NRPT rule for corp.contoso.com routes all DNS name queries for intranet resources to intranet DNS servers. DNS name queries for names with the contoso.com suffix do not match the corp.contoso.com intranet namespace rule in the NRPT and are sent to Internet DNS servers.
*
Split-brain DNS is a configuration method that enables proper resolution of names (e.g., example.com) from both inside and outside of your local network.
Note: For split-brain DNS deployments, you must list the FQDNs that are duplicated on the Internet and intranet and decide which resources the DirectAccess client should reach, the intranet version or the public (Internet) version. For each name that corresponds to a resource for which you want DirectAccess clients to reach the public version, you must add the corresponding FQDN as an exemption rule to the NRPT for your DirectAccess clients. Name suffixes that do not have corresponding DNS servers are treated as exemptions.
Reference: Design Your DNS Infrastructure for DirectAccess
Q219. Your network contains a single Active Directory domain named contoso.com. The domain contains a member server named Server1 that runs Windows Server 2012 R2.
Server1 has the Windows Server Updates Services server role installed and is configured to download updates from the Microsoft Update servers.
You need to ensure that Server1 downloads express installation files from the Microsoft Update servers.
What should you do from the Update Services console?
A. From the Products and Classifications options, configure the Products settings.
B. From the Products and Classifications options, configure the Classifications settings.
C. From the Update Files and Languages options, configure the Update Files settings.
D. From the Automatic Approvals options, configure the Update Rules settings.
Answer: C
Q220. You have a server that runs Windows Server 2012 R2.
The disks on the server are configured as shown in the exhibit. (Click the Exhibit button.)
You need to create a storage pool that contains Disk 1 and Disk 2. What should you do first?
A. Convert Disk 1 and Disk 2 to GPT disks
B. Create a volume on Disk 2
C. Convert Disk 1 and Disk 2 to dynamic disks
D. Delete volume E
Answer: D
Explanation:
Storage Pools use unallocated space thus you need to delete Volume E.
References:
http://technet.microsoft.com/en-us/library/ff399688.aspx