Want to know Testking 70-411 Exam practice test features? Want to lear more about Microsoft Administering Windows Server 2012 certification experience? Study 100% Guarantee Microsoft 70-411 answers to Most recent 70-411 questions at Testking. Gat a success with an absolute guarantee to pass Microsoft 70-411 (Administering Windows Server 2012) test on your first attempt.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Microsoft 70-411 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 70-411 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/70-411-exam-dumps.html
2021 Apr 70-411 exams
Q21. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
You need to configure Server1 to meet the following requirements:
. Ensure that old files in a folder named Folder1 are archived automatically to a folder named Archive1.
. Ensure that JPG files can always be saved to a local computer, even when a file screen exists.
Which two nodes should you configure? To answer, select the appropriate two nodes in the answer area.
Answer Area
Answer:
Q22. Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run Windows Server 2008, Windows Server 2008 R2 Windows Server 2012, and Windows Server 2012 R2.
A domain controller named DC1 runs Windows Server 2012 R2. DC1 is backed up daily.
During routine maintenance, you delete a group named Group1.
You need to recover Group1 and identify the names of the users who were members of Group1 prior to its deletion. You want to achieve this goal by using the minimum amount of administrative effort.
What should you do first?
A. Perform an authoritative restore of Group1.
B. Mount the most recent Active Directory backup.
C. Use the Recycle Bin to restore Group1.
D. Reactivate the tombstone of Group1.
Answer: A
Explanation:
The Active Directory Recycle Bin does not have the ability to track simple changes to objects. If the object itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the future. In other words, there is no rollback capacity for changes to object properties, or, in other words, to the values of these properties. There is another approach you should be aware of. Tombstone reanimation (which has nothing to do with zombies) provides the only way to recover deleted objects without taking a DC offline, and it's the only way to recover a deleted object's identity information, such as its objectGUID and objectSid attributes. It neatly solves the problem of recreating a deleted user or group and having to fix up all the old access control list (ACL) references, which contain the objectSid of the deleted object. Restores domain controllers to a specific point in time, and marks objects in Active Directory as being authoritative with respect to their replication partners.
Q23. HOTSPOT
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
You have a client named Client1 that is configured as an 802. IX supplicant.
You need to configure Server1 to handle authentication requests from Client1. The solution must minimize the number of authentication methods enabled on Server1.
Which authentication method should you enable? To answer, select the appropriate authentication method in the answer area.
Answer:
Q24. Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify which security principals are authorized to have their password cached on RODC1.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
Answer: B
Q25. HOTSPOT
Your network contains one Active Directory domain named contoso.com. The domain contains 10 file servers that run Windows Server 2012 R2.
You plan to enable BitLocker Drive Encryption (BitLocker) for the operating system drives of the file servers.
You need to configure BitLocker policies for the file servers to meet the following requirements:
. Ensure that all of the servers use a startup PIN for operating system drives encrypted with BitLocker.
. Ensure that the BitLocker recovery key and recovery password are stored in Active
Directory. Which two Group Policy settings should you configure? To answer, select the appropriate settings in the answer area.
Answer:
Up to the immediate present 70-411 testing engine:
Q26. You have a file server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
Files created by users in the human resources department are assigned the Department classification property automatically.
You are configuring a file management task named Task1 to remove user files that have not been accessed for 60 days or more.
You need to ensure that Task1 only removes files that have a Department classification property of human resources. The solution must minimize administrative effort.
What should you configure on Task1?
A. Configure a file screen
B. Create a condition
C. Create a classification rule
D. Create a custom action
Answer: B
Explanation:
Create a File Expiration Task The following procedure guides you through the process of creating a file management task for expiring files. File expiration tasks are used to automatically move all files that match certain criteria to a specified expiration directory, where an administrator can then back those files up and delete them. Property conditions. Click Add to create a new condition based on the file’s classification. This will open the Property Condition dialog box, which allows you to select a property, an operator to perform on the property, and the value to compare the property against. After clicking OK, you can then create additional conditions, or edit or remove an existing condition.
Q27. Your network contains an Active Directory domain named contoso.com. All domain
controllers run Windows Server 2012 R2. One of the domain controllers is named DC1. The DNS zone for the contoso.com zone is Active Directory-integrated and has the default settings.
A server named Server1 is a DNS server that runs a UNIX-based operating system.
You plan to use Server1 as a secondary DNS server for the contoso.com zone.
You need to ensure that Server1 can host a secondary copy of the contoso.com zone.
What should you do?
A. From DNS Manager, modify the Advanced settings of DC1.
B. From DNS Manager, modify the Zone Transfers settings of the contoso.com zone.
C. From Windows PowerShell, run the Set-DnsServerForwardercmdlet and specify the contoso.com zone as a target.
D. From DNS Manager, modify the Security settings of DC1.
Answer: C
Explanation:
There are two ways that a secondary DNS server can be added. In both scenarios you will need to add the new server to the Forwarders list of the primary Domain Controller.
1. The Set-DnsServerForwarder cmdlet changes forwarder settings on a Domain Name System (DNS) server.
2. From the primary server, open DNS Manager, right click on the server name and select Properties. Click on the Forwarders tab and click the Edit button in the middle of the dialogue box.
Q28. Your company deploys a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2. The forest contains a domain controller named DC10.
On DC10, the disk that contains the SYSVOL folder fails.
You replace the failed disk. You stop the Distributed File System (DFS) Replication service. You restore the SYSVOL folder.
You need to perform a non-authoritative synchronization of SYSVOL on DC10.
Which tool should you use before you start the DFS Replication service on DC10?
A. Dfsgui.msc
B. Dfsmgmt.msc
C. Adsiedit.msc
D. Ldp
Answer: C
Explanation:
How to perform a non-authoritative synchronization of DFSR-replicated SYSVOL (like "D2" for FRS)
. In the ADSIEDIT. MSC tool modify the following distinguished name (DN) value and attribute on each of the domain controllers that you want to make non-authoritative:
CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=<the server name>,OU=Domain Controllers,DC=<domain> msDFSR-Enabled=FALSE
. Force Active Directory replication throughout the domain.
. Run the following command from an elevated command prompt on the same servers that you set as non-authoritative:
DFSRDIAG POLLAD
. You will see Event ID 4114 in the DFSR event log indicating SYSVOL is no longer being replicated.
. On the same DN from Step 1, set:
msDFSR-Enabled=TRUE
. Force Active Directory replication throughout the domain.
. Run the following command from an elevated command prompt on the same servers that you set as non-authoritative:
DFSRDIAG POLLAD
. You will see Event ID 4614 and 4604 in the DFSR event log indicating SYSVOL has been initialized. That domain controller has now done a “D2” of SYSVOL.
Note: Active Directory Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory. ADSI Edit (adsiedit. msc) provides a view of every object and attribute in an Active Directory forest. You can use ADSI Edit to query, view, and edit attributes that are not exposed through other Active Directory Microsoft Management Console (MMC) snap-ins: Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, and Active Directory Schema.
Q29. Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify which domain controller must be online when cloning a domain controller.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
Answer: D
Explanation: One requirement for cloning a domain controller is an existing Windows Server 2012 DC that hosts the PDC emulator role. You can run the Get-ADDomain and retrieve which server has the PDC emulator role.
Example: Command Prompt: C:PS>
Get-ADDomain
Output wouldinclude a line such as: PDCEmulator : Fabrikam-DC1.Fabrikam.com
Incorrect:
Not A: The Get-ADGroupMember cmdlet gets the members of an Active Directory group.
Members can be users, groups, and computers.
Not E: The Get-ADOptionalFeature cmdlet gets an optional feature or performs a search to retrieve multiple optional features from an Active Directory.
Not F: The Get-ADAuthorizationGroup cmdlet gets the security groups from the specified user, computer or service accounts token.
Reference: Step-by-Step: Domain Controller Cloning
http://blogs.technet.com/b/canitpro/archive/2013/06/12/step-by-step-domain-controller-cloning.aspx
Reference: Get-ADDomain https://technet.microsoft.com/en-us/library/ee617224.aspx
Q30. HOTSPOT
Your network contains an Active Directory domain named contoso.com.
You have several Windows PowerShell scripts that execute when client computers start.
When a client computer starts, you discover that it takes a long time before users are prompted to log on.
You need to reduce the amount of time it takes for the client computers to start. The solution must not prevent scripts from completing successfully.
Which setting should you configure? To answer, select the appropriate setting in the answer area.
Answer:
