★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-417 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/70-417-dumps.html


It is impossible to pass Microsoft 70-417 exam without any help in the short term. Come to Exambible soon and find the most advanced, correct and guaranteed Microsoft 70-417 practice questions. You will get a surprising result by our Rebirth Upgrading Your Skills to MCSA Windows Server 2012 practice guides.

2021 Feb vce 70-417:

Q191. Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run Windows Server 2008, Windows Server 2008 R2 Windows Server 2012, and Windows Server 2012 R2. 

A domain controller named DC1 runs Windows Server 2012 R2. DC1 is backed up daily. 

During routine maintenance, you delete a group named Group1. 

You need to recover Group1 and identify the names of the users who were members of Group1 prior to its deletion. You want to achieve this goal by using the minimum amount of administrative effort. 

What should you do first? 

A. Perform an authoritative restore of Group1. 

B. Mount the most recent Active Directory backup. 

C. Use the Recycle Bin to restore Group1. 

D. Reactivate the tombstone of Group1. 

Answer:

Explanation: 

The Active Directory Recycle Bin does not have the ability to track simple changes to objects. If the object itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the future. In other words, there is no rollback capacity for changes to object properties, or, in other words, to the values of these properties. There is another approach you should be aware of. Tombstone reanimation (which has nothing to do with zombies) provides the only way to recover deleted objects without taking a DC offline, and it's the only way to recover a deleted object's identity information, such as its objectGUID and objectSid attributes. It neatly solves the problem of recreating a deleted user or group and having to fix up all the old access control list (ACL) references, which contain the objectSid of the deleted object. Restores domain controllers to a specific point in time, and marks objects in Active Directory as being authoritative with respect to their replication partners. 


Q192. Your network contains an Active Directory domain named adatum.com. The domain contains several thousand member servers that run Windows Server 2012 R2. All of the computer accounts for the member servers are in an organizational unit (OU) named ServersAccounts. Servers are restarted only occasionally. 

You need to identify which servers were restarted during the last two days. 

What should you do? 

A. Run dsquery computer and specify the -sra /epwc parameter. 

B. Run Get-ADComputer and specify the SearchScope parameter. 

C. Run dsquery server and specify the -o parameter. 

D. Run Get-ADComputer and specify the lastLogon property 

Answer:

Explanation: 

http://technet.microsoft.com/en-us/library/ee617192.aspx 

SearchScope Specifies the scope of an Active Directory search. Possible values for this 

parameter are: 

Base or 0 

OneLevel or 1 

Subtree or 2 

A Base query searches only the current path or object. 

A OneLevel query searches the immediate children of that path or object. 

A Subtree query searches the current path or object and all children of that path or object. 

http://technet.microsoft.com/en-us/library/cc732885%28v=ws.10%29.aspx 

Dsquery server 

-o {dn | rdn} 

Specifies the format that dsquery uses to display the search results. A dn value displays 

the distinguished name of each entry. An rdn value displays the relative distinguished 

name of each entry. The default value is dn. 

NB: epwc doesn't exist for Dsquery computer so even if i'm not sure it's the best way, the 

only possible answer is using "Get-ADComputer and specify the lastLogon property" 


Q193. Your network contains three Active Directory forests. Each forest contains an Active Directory Rights Management Services (AD RMS) root cluster. 

All of the users in all of the forests must be able to access protected content from any of the forests. 

You need to identify the minimum number of AD RMS trusts required. 

How many trusts should you identify? 

A. 2 

B. 3 

C. 4 

D. 6 

Answer:

Explanation: 

http://technet.microsoft.com/en-us/library/dd772648%28v=ws.10%29.aspx AD RMS Multi-forest Considerations 


Q194. OTSPOT 

Your network contains an Active Directory domain named contoso.com. 

You need to identify whether the Company attribute replicates to the global catalog. 

Which part of the Active Directory partition should you view? 

To answer, select the appropriate Active Directory object in the answer area. 

Answer: 


Q195. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. The domain contains a standalone server named Server2 that is located in a perimeter network. Both servers run the default installation of Windows Server 2012 R2. 

You need to manage Server2 remotely from Server1. 

What should you do? 

A. From Server1, run the Enable-PsRemotingcmdlet. 

B. From Server2, run the winrm command. 

C. From Server2/ run the Enable-PsRemotingcmdlet. 

D. From Server1, run the winrm command. 

Answer:


Updated mcp 70-417:

Q196. Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2. 

The domain contains two domain controllers. The domain controllers are configured as shown in the following table. 

Active Directory Recycle Bin is enabled. 

You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1 an hour ago. 

You need to restore the membership of Group1. 

What should you do? 

A. Perform an authoritative restore. 

B. Perform a non-authoritative restore. 

C. Recover the items by using Active Directory Recycle Bin. 

D. Apply a virtual machine snapshot to VM1. 

Answer:

Explanation: 

Authoritative restore allows the administrator to recover a domain controller, restore it to a specific point in time, and mark objects in Active Directory as being authoritative with respect to their replication partners. For example, you might need to perform an authoritative restore if an administrator inadvertently deletes an organizational unit containing a large number of users. If you restore the server from tape, the normal replication process would not restore the inadvertently deleted organizational unit. Authoritative restore allows you to mark the organizational unit as authoritative and force the replication process to restore it to all of the other domain controllers in the domain. Incorrect: Not C: A nonauthoritative restore returns the domain controller to its state at the time of backup and then allows normal replication to overwrite that state with any changes that occurred after the backup was taken. After you restore the system state, the domain controller queries its replication partners. The replication partners replicate any changes to the restored domain controller, ensuring that the domain controller has an accurate and updated copy of the Active Directory database. 

Reference: Performing an Authoritative Restore 

What should you do? 

A. Export and import data by using Dsamain. 

B. Apply a virtual machine snapshot to VM1. 

C. Recover the items by using Active Directory Recycle Bin. 

D. Modify the isRecycled attribute of Group1. Answer:


Q197. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named dcl.contoso.com. 

You discover that the Default Domain Policy Group Policy objects (GPOs) and the Default Domain Controllers Policy GPOs were deleted. 

You need to recover the Default Domain Policy and the Default Domain Controllers Policy GPOs. 

What should you run? 

A. dcgpofix.exe /target:domain 

B. dcgpofix.exe /target:both 

C. gpfixup.exe /oldnb:contoso/newnb:dc1 

D. gpfixup.exe /dc:dc1.contoso.com 

Answer:

Explanation: 

http://technet.microsoft.com/en-us/library/cc739095(v=ws.10).aspx 


Q198. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 has the DNS Server server role installed. 

The network contains client computers that run either Linux, Windows 7, or Windows 8. 

You have a zone named adatum.com as shown in the exhibit. (Click the Exhibit button.) 

You plan to configure Name Protection on all of the DHCP servers. 

You need to configure the adatum.com zone to support Name Protection. 

What should you do? 

A. Change the zone type. 

B. Sign the zone. 

C. Add a DNSKEY record. 

D. Configure Dynamic updates. 

Answer:


Q199. You have a server named Server1 that runs Windows Server 2012 R2. 

You connect two new hard disks to Server1. 

You need to create a storage space that contains the two disks. 

The solution must meet the following requirements: 

. Provide fault tolerance if a single disk fails. 

. Maximize the amount of files that can be stored in the storage space. 

What should you create? 

A. a parity space 

B. a simple space 

C. a spanned volume 

D. a mirrored space 

Answer:

Explanation: 

References: http://social.technet.microsoft.com/wiki/contents/articles/15198.storage-spaces-overview.aspx http://technet.microsoft.com/en-us/library/cc772180.aspx Training Guide: Installing and Configuring Windows Server 2012: Chapter 8: File Services and Storage, p. 367-8 


Q200. Your network contains an Active Directory forest that contains two domains. The forest contains five domain controllers. 

The domain controllers are configured as shown in the following table. 

You need to configure DC5 as a global catalog server. 

Which tool should you use? 

A. Active Directory Administrative Center 

B. Active Directory Users and Computers 

C. Active Directory Sites and Services 

D. Active Directory Domains and Trusts 

Answer:

Explanation: 

Active Directory Sites and Services can be used to Add or remove the global catalog read-only directory partitions from a domain controller in the site. Confirm that all read-only directory partitions have been replicated to the new global catalog server. As well as verify that the global catalog server is being advertised in Domain Name System (DNS). 

References: http://technet.microsoft.com/en-us/library/cc730868.aspx http://technet.microsoft.com/en-us/library/cc770674.aspx