★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 70-417 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/70-417-dumps.html
Exam Code: 70-417 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Upgrading Your Skills to MCSA Windows Server 2012
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass 70-417 Exam.
2021 Jul 70-417 windows server 2012:
Q171. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
You are creating a central access rule named Test Finance that will be used to audit members of the Authenticated users group for access failure to shared folders in the finance department.
You need to ensure that access requests are unaffected when the rule is published.
What should you do?
A. Set the Permissions to Use the following permissions as proposed permissions.
B. Add a Resource condition to the current permissions entry for the Authenticated Users principal.
C. Set the Permissions to Use following permissions as current permissions.
D. Add a User condition to the current permissions entry for the Authenticated Users principal.
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/jj134043.aspx
Q172. Which of the following situations would you use AD LDS?
A. A DMZ
B. Standard private network
C. You require the use of Group Policy
D. You require the use of Organizational Units
Answer: A
Explanation:
A DMZ (Demilitarized Zone) such as a web server is usually the classic choice for using AD LDS (Active Directory Lightweight Directory Service)
Q173. You have a server named Server1 that runs Windows Server 2012 R2. On Server1, you configure a custom Data Collector Set (DCS) named DCS1. You need to ensure that all performance log data that is older than 30 days is deleted automatically.
What should you configure?
A. A File Server Resource Manager (FSRM) file screen on the %Systemdrive%\PerfLogs folder
B. The Data Manager settings of DCS1
C. A schedule for DCS1
D. A File Server Resource Manager (FSRM) quota on the %Systemdrive%\PerfLogs folder
Answer: B
Q174. Your IT manager is concerned that someone is trying to gain access to your company's computers by logging on with valid domain user names and various password attempts.
Which audit policy should you monitor for these activities?
A. Policy Change
B. Account Logon
C. Privilege Use
D. Directory Service Access
Answer: B
Explanation:
Old (removed questions as came out before the exam release =>unvalid but can be The Account Logon audit category in Windows Server 2008 generates events for credential
validation. These events occur on the computer that is authoritative for the credentials
Q175. OTSPOT
Your network contains an Active Directory domain named fabrikam.com. You implement DirectAccess and an IKEv2 VPN. You need to view the properties of the VPN connection. Which connection properties should you view? To answer, select the appropriate connection properties in the answer area.
Answer:
Most recent microsoft 70-417:
Q176. A global catalog server is available to directory clients when Domain Name System (DNS) servers can locate it as a global catalog server. In which order do the following events need to occur before the catalog server is ready?
A) The Net Logon service on the domain controller has updated DNS with global-catalogspecific service (SRV) resource records.
B) The isGlobalCatalogReadyrootDSE attribute is set to TRUE.
C) The global catalog receives replication of read-only replicas to the required occupancy level.
A. C then A, then B
B. B then C, then A
C. A then C, then B
D. C then B, then A
Answer: A
Explanation:
http://technet.microsoft.com/fr-fr/library/cc739901%28v=ws.10%29.aspx Verify global catalog readiness When a global catalog server has satisfied replication requirements, the isGlobalCatalogReady Root DSE attribute is set to TRUE and the global catalog is ready to serve clients.http://technet.microsoft.com/de-de/library/howglobal-catalog-serverswork%28v=ws.10%29.aspx How the Global Catalog Works Global Catalog Server Creation and Advertisement By default, before a domain controller advertises itself as a global catalog server in DNS, the global catalog contents must be replicated to the server. This process involves replication of a partial, read-only replica of every domain in the forest except for the domain for which the new global catalog server is authoritative. The duration of this process depends on how many domains the forest contains, the size of the domains, and the relative locations of source and destination domain controllers. If multiple domains are in the forest and if source domain controllers are located only in distant sites, the process takes longer than if all domains are in the same site or in only a few sites. When replication must occur between sites to create the global catalog, replication occurs according to the site link schedule. Requirements for Global Catalog Readiness By default, a global catalog server is not considered "ready" (the server advertises itself in DNS as a global catalog server) until all read-only directory partitions have been fully replicated to the new global catalog server. The Global Catalog Partition Occupancy registry entry under HKEY_Local_Machine\System \CurrentControlSet \Services \NTDS\Parameters determines the requirements for how many read- only directory partitions must be present on a domain controller for it to be considered a global catalog server, from no partitions (0) to all partitions (6). For domain controllers that run Windows Server 2003 or later, the default occupancy value requires that all read-only directory partitions be replicated to the global catalog server before the Net Logon service registers SRV resource records in DNS. For most conditions, this default provides the best option for ensuring that a global catalog server provides a consistent view of the directory. In less common circumstances, however, it might be useful to make the global catalog server available with an incomplete set of partial domain directory partitions for example, when delay of replication of a domain that is not required by users is jeopardizing their ability to log on.
Q177. Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server1, Server2, and Server3 that run Windows Server 2012 R2. All three servers have the Hyper-V server role installed and the Failover Clustering feature installed.
Server1 and Server2 are nodes in a failover cluster named Cluster1. Several highly available virtual machines run on Cluster1. Cluster1 has that Hyper-V Replica Broker role installed. The Hyper-V Replica Broker currently runs on Server1.
Server3 currently has no virtual machines.
You need to configure Cluster1 to be a replica server for Server3 and Server3 to be a replica server for Cluster1.
Which two tools should you use? {Each correct answer presents part of the solution. Choose two.)
A. The Hyper-V Manager console connected to Server3
B. The Failover Cluster Manager console connected to Server3
C. The Hyper-V Manager console connected to Server1.
D. The Failover Cluster Manager console connected to Cluster1
E. The Hyper-V Manager console connected to Server2
Answer: A,D
Explanation:
Steps: Install the Replica Broker Hyper-v "role" configure replication on Server 3 in Hyper-V manager and mention the cluster (that's why a replica broker is needed) configure replication on Cluster 1 using the failover cluster manager. Using Hyper-V Replica in a failover cluster The configuration steps previously described Apply to VMs that are not hosted in a failover cluster. However, you might want to provide an offsite replica VM for a clustered VM. In this scenario, you would provide two levels of fault tolerance. The failover cluster is used to provide local fault tolerance, for example, if a physical node fails within a functioning data center. The offsite replica VM, on the other hand, could be used to recover only from sitelevel failures, for example, in case of a power outage, weather emergency, or natural disaster. The steps to configure a replica VM for a clustered VM differ slightly from the normal configuration, but they aren't complicated. The first difference is that you begin by opening Failover Cluster Manager, not Hyper-V Manager. In Failover Cluster Manager, you then have to add a failover cluster role named Hyper-V Replica Broker to the cluster. (Remember, the word "role" is now used to describe a hosted service in a failover cluster.) To add the Hyper-V Replica Broker role, right-click the Roles node in Failover Cluster Manager and select Configure Role. This step opens the High Availability Wizard. In the High Availability Wizard, select Hyper-V Replica Broker
Q178. Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs. You have two GPOs linked to an organizational unit (OU) named OU1. You need to change the precedence order of the GPOs. What should you use?
A. Dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gptedit.msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritance
I. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
Answer: I
Explanation:
http://technet.microsoft.com/en-us/library/ee461022.aspx
Q179. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has following storage spaces:
Data
Users
Backups
Primordial
....
You add an additional hard disk to Server1.
You need to identify which storage space contains the new hard disk.
Which storage space contains the new disk?
A. Primordial
B. Data
C. Backups
D. Users
Answer: A
Explanation:
New Disks (Unallocated space) added to Primordial spacePrimordial Pool? All storage that meets acceptable criteria for Storage Spaces will be placed in the Primordial Pool. Thiscan be considered the default pool for devices from which any other pools will be created. Notice that there are no other virtual disks or pools at this point. The Primordial Pool will only consist of physical storage devices that do not belong to any other pools.
http://blogs.technet.com/b/canitpro/archive/2012/12/13/storage-pools-dive-right-in.aspx http:// blogs.technet.com/b/askpfeplat/archive/2012/10/10/windows-server-2012-storagespaces-is- it for-youcould-be.aspx
Q180. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA).
All users in the domain are issued a smart card and are required to log on to their domain-joined client computer by using their smart card.
A user named User1 resigned and started to work for a competing company. You need to prevent User1 immediately from logging on to any computer in the domain.
The solution must not prevent other users from logging on to the domain.
Which tool should you use?
A. Active Directory Users and Computers
B. Certificate Templates
C. The Security Configuration Wizard
D. The Certificates snap-in
Answer: A