Top Microsoft 70-411 item pool Choices

However, Testking is the leading resource provider of the Microsoft 70-411 exam practice materials. If you take aid from Testking, you will discover that just the most up-to-date contents for your Microsoft certification exam can produce obvious result. If you acquire the Microsoft Microsoft exam demos from Testking, you will make yourself properly prepared for the exam. Receiving certified is no dilemma with the aid of Testking.

♥♥ 2017 NEW RECOMMEND ♥♥

Free VCE & PDF File for Microsoft 70-411 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-411 Exam Dumps (PDF & VCE):
Available on:

2017 Apr 70-411 practice test

Q121. You have a DNS server named DN51 that runs Windows Server 2012 R2. 

On DNS1, you create a standard primary DNS zone named 

You need to change the frequency that secondary name servers will replicate the zone from DNS1. 

Which type of DNS record should you modify? 

A. Name server (NS) 

B. Start of authority (SOA) 

C. Host information (HINFO) 

D. Service location (SRV) 



The time to live is specified in the Start of Authority (SOA) record Note: TTL (time to live) - The number of seconds a domain name is cached locally before expiration and return to authoritative nameservers for updated information. 

Q122. You have a DNS server that runs Windows Server 2012 R2. The server hosts the zone for and is accessible from the Internet. 

You need to create a DNS record for the Sender Policy Framework (SPF) to list the hosts that are authorized to send email for 

Which type of record should you create? 

A. mail exchanger (MX) 

B. resource record signature (RRSIG) 

C. text (TXT) 

D. name server (NS) 


Q123. Your network contains a Hyper-V host named Hyperv1. Hyperv1 runs Windows Server 2012 R2. 

Hyperv1 hosts four virtual machines named VM1, VM2, VM3, and VM4. AH of the virtual machines run Windows Server 2008 R2. 

You need to view the amount of memory resources and processor resources that VM4 currently uses. 

Which tool should you use on Hyperv1? 

A. Windows System Resource Manager (WSRM) 

B. Task Manager 

C. Hyper-V Manager 

D. Resource Monitor 



Hyper-V Performance Monitoring Tool Know which resource is consuming more CPU. Find out if CPUs are running at full capacity or if they are being underutilized. Metrics tracked include Total CPU utilization, Guest CPU utilization, Hypervisor CPU utilization, idle CPU utilization, etc. 

WSRM is deprecated starting with Windows Server 2012 


You have a server named Server5 that runs Windows Server 2012 R2. Servers has the Windows Deployment Services server role installed. 

You need to ensure that when client computers connect to Server5 by using PXE, the computers use an unattended file. 

What should you configure? 

To answer, select the appropriate tab in the answer area. 


Q125. Your network contains an Active Directory domain named The domain contains a server named Server1 that runs Windows Server 2012 P.2. Server1 has the Network Policy and Access Services server role installed. 

You plan to deploy 802. lx authentication to secure the wireless network. 

You need to identify which Network Policy Server (NPS) authentication method supports certificate-based mutual authentication for the 802.1x deployment. 

Which authentication method should you identify? 




D. MS-CHAP v2 



802.1X uses EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication methods: 

. EAP (Extensible Authentication Protocol) uses an arbitrary authentication method, such as certificates, smart cards, or credentials. 

. EAP-TLS (EAP-Transport Layer Security) is an EAP type that is used in certificate-based security environments, and it provides the strongest authentication and key determination method. 

. EAP-MS-CHAP v2 (EAP-Microsoft Challenge Handshake Authentication Protocol version 2) is a mutual authentication method that supports password-based user or computer authentication. 

. PEAP (Protected EAP) is an authentication method that uses TLS to enhance the security of other EAP authentication protocols. 

Avant-garde 70-411 exam question:

Q126. Your network contains an Active Directory domain named All servers run Windows Server 2012 R2. The domain contains two servers. The servers are configured as shown in the following table. 

All client computers run Windows 8 Enterprise. 

You plan to deploy Network Access Protection (NAP) by using IPSec enforcement. 

A Group Policy object (GPO) named GPO1 is configured to deploy a trusted server group to all of the client computers. 

You need to ensure that the client computers can discover HRA servers automatically. 

Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.) 

A. On all of the client computers, configure the EnableDiscovery registry key. 

B. In a GPO, modify the Request Policy setting for the NAP Client Configuration. 

C. On Server2, configure the EnableDiscovery registry key. 

D. On DC1, create an alias (CNAME) record. 

E. On DC1, create a service location (SRV) record. 

Answer: A,B,E 


Requirements for HRA automatic discovery 

The following requirements must be met in order to configure trusted server groups on NAP client computers using HRA automatic discovery: 

Client computers must be running Windows Vista. with Service Pack 1 (SP1) or Windows XP with Service Pack 3 (SP3). 

The HRA server must be configured with a Secure Sockets Layer (SSL) certificate. 

The EnableDiscovery registry key must be configured on NAP client computers. 

DNS SRV records must be configured. 

The trusted server group configuration in either local policy or Group Policy must be cleared. 

http: //technet. microsoft. com/en-us/library/dd296901. aspx 

Q127. Your network contains an Active Directory domain named The domain contains a file server named Server1 that runs Windows Server 2012 R2. 

You view the effective policy settings of Server1 as shown in the exhibit. (Click the Exhibit button.) 

On Server1, you have a folder named C:\Share1 that is shared as Share1. Share1 contains confidential data. A group named Group1 has full control of the content in Share1. 

You need to ensure that an entry is added to the event log whenever a member of Group1 deletes a file in Share1. 

What should you configure? 

A. the Audit File Share setting of Servers GPO 

B. the Sharing settings of C:\Share1 

C. the Audit File System setting of Servers GPO 

D. the Security settings of C:\Share1 



You can use Computer Management to track all connections to shared resources on a Windows Server 2008 R2 system. 

Whenever a user or computer connects to a shared resource, Windows Server 2008 R2 lists a connection in the Sessions node. 

File access, modification and deletion can only be tracked, if the object access auditing is enabled you can see the entries in the event log. 

To view connections to shared resources, type net session at a command prompt or follow these steps: 

In Computer Management, connect to the computer on which you created the shared resource. 

In the console tree, expand System Tools, expand Shared Folders, and then select Sessions. You can now view connections to shares for users and computers. 

To enable folder permission auditing, you can follow the below steps: 

Click start and run "secpol. msc" without quotes. 

Open the Local Policies\Audit Policy 

Enable the Audit object access for "Success" and "Failure". 

Go to target files and folders, right click the folder and select properties. 

Go to Security Page and click Advanced. 

Click Auditing and Edit. 

Click add, type everyone in the Select User, Computer, or Group. 

Choose Apply onto: This folder, subfolders and files. 

Tick on the box “Change permissions” 

Click OK. 

After you enable security auditing on the folders, you should be able to see the folder permission changes in the server's Security event log. Task Category is File System. 


http: //social. technet. microsoft. com/Forums/en-US/winservergen/thread/13779c78-0c73-4477-8014-f2eb10f3f10f/ 

http: //technet. microsoft. com/en-us/library/cc753927(v=ws. 10). aspx 

http: //social. technet. microsoft. com/Forums/en-US/winservergen/thread/13779c78-0c73-4477-8014-f2eb10f3f10f/ 

http: //support. microsoft. com/kb/300549 

http: //www. windowsitpro. com/article/permissions/auditing-folder-permission-changes 

http: //www. windowsitpro. com/article/permissions/auditing-permission-changes-on-a-folder 

Q128. You have a server named Server1 that runs Windows Server 2012 R2. You create a Data Collector Set (DCS) named DCS1. 

You need to configure DCS1 to log data to D:\logs. 

What should you do? 

A. Right-click DCS1 and click Properties. 

B. Right-click DCS1 and click Export list. 

C. Right-click DCS1 and click Data Manager. 

D. Right-click DCS1 and click Save template. 



The Root Directory will contain data collected by the Data Collector Set. Change this setting if you want to store your Data Collector Set data in a different location than the default. Browse to and select the directory, or type the directory name. 

To view or modify the properties of a Data Collector Set after it has been created, you can: 

* Select the Open properties for this data collector set check box at the end of the Data 

Collector Set Creation Wizard. 

* Right-click the name of a Data Collector Set, either in the MMC scope tree or in the 

console window, and click Properties in the context menu. 

Directory tab: 

In addition to defining a root directory for storing Data Collector Set data, you can specify a 

single Subdirectory or create a Subdirectory name format by clicking the arrow to the right 

of the text entry field. 

Q129. Your network contains an Active Directory domain named The domain contains a server named Server1 that runs Windows Server 2012 R2. 

You enable and configure Routing and Remote Access (RRAS) on Server1. 

You create a user account named User1. 

You need to ensure that User1 can establish VPN connections to Server1. 

What should you do? 

A. Create a network policy. 

B. Create a connection request policy. 

C. Add a RADIUS client. 

D. Modify the members of the Remote Management Users group. 



Network policies are sets of conditions, constraints, and settings that allow you to designate who is authorized to connect to the network and the circumstances under which they can or cannot connect. 

Network policies can be viewed as rules. Each rule has a set of conditions and settings. 

Configure your VPN server to use Network Access Protection (NAP) to enforce health requirement policies. 

References: http: //technet. microsoft. com/en-us/library/hh831683. aspx 

http: //technet. microsoft. com/en-us/library/cc754107. aspx 

http: //technet. microsoft. com/en-us/library/dd314165%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/windowsserver/dd448603. aspx 

http: //technet. microsoft. com/en-us/library/dd314165(v=ws. 10). aspx 

http: //technet. microsoft. com/en-us/library/dd469733. aspx 

http: //technet. microsoft. com/en-us/library/dd469660. aspx 

http: //technet. microsoft. com/en-us/library/cc753603. aspx 

http: //technet. microsoft. com/en-us/library/cc754033. aspx 

http: //technet. microsoft. com/en-us/windowsserver/dd448603. aspx 

Q130. Your network contains an Active Directory domain named All servers run Windows Server 2012 R2. 

An organizational unit (OU) named ResearchServers contains the computer accounts of all research servers. 

All domain users are configured to have a minimum password length of eight characters. 

You need to ensure that the minimum password length of the local user accounts on the research servers in the ResearchServers OU is 10 characters. 

What should you do? 

A. Configure a local Group Policy object (GPO) on each research server. 

B. Create and link a Group Policy object (GPO) to the ResearchServers OU. 

C. Create a universal group that contains the research servers. Create a Password Settings object (PSO) and assign the PSO to the group. 

D. Create a global group that contains the research servers. Create a Password Settings object (PSO) and assign the PSO to the group. 



For a domain, and you are on a member server or a workstation that is joined to the domain 

1. Open Microsoft Management Console (MMC). 

2. On the File menu, click Add/Remove Snap-in, and then click Add. 

3. Click Group Policy Object Editor, and then click Add. 

4. In Select Group Policy Object, click Browse. 

5. In Browse for a Group Policy Object, select a Group Policy object (GPO) in the appropriate domain, site, or organizational unit--or create a new one, click OK, and then click Finish. 

6. Click Close, and then click OK. 

7. In the console tree, click Password Policy. 


Group Policy Object [computer name] Policy/Computer Configuration/Windows 

Settings/Security Settings/Account Policies/Password Policy 

8. In the details pane, right-click the policy setting that you want, and then click Properties. 

9. If you are defining this policy setting for the first time, select the Define this policy setting 

check box. 

10. Select the options that you want, and then click OK.