It is impossible to pass Microsoft 70 417 exam exam without any help in the short term. Come to Testking soon and find the most advanced, correct and guaranteed Microsoft microsoft 70 417 practice questions. You will get a surprising result by our Up to the minute Upgrading Your Skills to MCSA Windows Server 2012 practice guides.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Microsoft 70-417 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 70-417 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/70-417-exam-dumps.html
Q21. Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
Server1 hosts 10 virtual machines. A virtual machine named VM1 runs Windows Server 2012 R2 and hosts a processor-intensive application named App1.
Users report that App1 responds more slowly than expected.
You need to monitor the processor usage on VM1 to identify whether changes must be made to the hardware settings of VM1.
Which performance object should you monitor on Server1?
A. Hyper-V Hypervisor Logical Processor
B. Hyper-V Hypervisor Root Virtual Processor
C. Processor
D. Hyper-V Hypervisor Virtual Processor
E. Process
Answer: D
Explanation:
http://social.technet.microsoft.com/wiki/contents/articles/1234.hyper-v-concepts-vcpu-virtual-processor.aspx http://blogs.msdn.com/b/tvoellm/archive/2008/05/12/hyper-v-performance-counters-part-four-of-many-hyper-v-hypervisor-virtual-processor-and- hyper-v-hypervisor-root-virtual-processor-counter-set.aspx
Q22. Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 are part of a workgroup.
On Server1 and Server2, you create a local user account named Admin1. You add the account to the local Administrators group. On both servers, Admin1 has the same password.
You log on to Server1 as Admin1. You open Computer Management and you connect to Server2.
When you attempt to create a scheduled task, view the event logs, and manage the shared folders, you receive Access Denied messages.
You need to ensure that you can administer Server2 remotely from Server1 by using Computer Management. What should you configure on Server2?
A. From Local Users and Groups, modify the membership of the Remote Management Users group.
B. From Server Manager, modify the Remote Management setting.
C. From Windows Firewall, modify the Windows Management Instrumentation (WMI) firewall rule.
D. From Registry Editor, configure the LocalAccountTokenFilterPolicyresgistry value
Answer: D
Q23. RAG DROP
Your network contains an Active Directory domain named contoso.com. The domain
contains a domain controller named DC1.
You need to create an Active Directory snapshot on DC1.
Which four commands should you run?
To answer, move the four appropriate commands from the list of commands to the answer
area and arrange them in the correct order.
Answer:
Q24. In an isolated test environment, you deploy a server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. The test environment does not have Active Directory Domain Services (AD DS) installed.
You install the Active Directory Domain Services server role on Server1.
You need to configure Server1 as a domain controller.
Which cmdlet should you run?
A. Install-ADDSDomain
B. Install-ADDSForest
C. Install-ADDSDomainController
D. Install-WindowsFeature
Answer: B Explanation:
Install-ADDSDomainController Installs a domain controller in Active Directory. Install-ADDSDomain Installs a new Active Directory domain configuration. Install-ADDSForest Installs a new Active Directory forest configuration. Install-WindowsFeature Installs one or more Windows Server roles, role services, or features on either thelocal or a specified remote server that is running Windows Server 2012 R2. This cmdlet is equivalent to andreplaces Add-WindowsFeature, the cmdlet that was used to install roles, role services, and features.
C:\PS>Install-ADDSForest -DomainName corp.contoso.com -CreateDNSDelegation DomainMode Win2008 -ForestMode Win2008R2 -DatabasePath "d:\NTDS" -SysvolPath "d:\SYSVOL" –LogPath "e:\Logs"Installs a new forest named corp.contoso.com, creates a DNS delegation in the contoso.com domain, setsdomain functional level to Windows Server 2008 R2 and sets forest functional level to Windows Server 2008,installs the Active Directory database and SYSVOL on the D:\ drive, installs the log files on the E:\ drive andhas the server automatically restart after AD DS installation is complete and prompts the user to provide andconfirm the Directory Services Restore Mode (DSRM) password. http://technet.microsoft.com/en-us/library/hh974720%28v=wps.620%29.aspx
Q25. Your network contains an Active Directory domain named contoso.com. The domain contains four servers. The servers are configured as shown in the following table.
You plan to deploy an enterprise certification authority (CA) on a server named Servers. Server5 will be used to issue certificates to domain-joined computers and workgroup computers.
You need to identify which server you must use as the certificate revocation list (CRL) distribution point for Server5.
Which server should you identify?
A. Server1
B. Server3
C. Server4
D. Server2
Answer: B
Explanation:
CDP (and AD CS) always uses a Web Server NB: this CDP must be accessible from outside the AD, but here we don't have to wonder about that as there's only one web server.
http://technet.microsoft.com/fr-fr/library/cc782183%28v=ws.10%29.aspx
Selecting a CRL Distribution Point Because CRLs are valid only for a limited time, PKI clients need to retrieve a new CRL periodically. Windows Server 2003 PKI Applications look in the CRL distribution point extension for a URL that points to a network location from which the CRL object can be retrieved. Because CRLs for enterprise CAs are stored in Active Directory, they can be accessed by means of LDAP. In comparison, because CRLs for stand-alone CAs are stored in a directory on the server, they can be accessed by means of HTTP, FTP, and so on as long as the CA is online. Therefore, you should set the CRL distribution point after the CA has been installed.
The system account writes the CRL to its distribution point, whether the CRL is published manually or is published according to an established schedule. Therefore you must ensure that the system accounts for CAs have permission to write to the CRL distribution point. Because the CRL path is also included in every certificate, you must define the CRL location and its access path before deploying certificates. If an Application performs revocation checking and a valid CRL is not available on the local computer, it rejects the certificate.
You can modify the CRL distribution point by using the Certification Authority MMC snap-in. In this way, you can change the location where the CRL is published to meet the needs of users in your organization. You must move the CRL distribution point from the CA configuration folder to a Web server to change the location of the CRL, and you must move each new CRL to the new distribution point, or else the chain will break when the previous CRL expires.
Note On root CAs, you must also modify the CRL distribution point in the CAPolicy.inf file so that the root CA certificate references the correct CDP and AIA paths, if specified. If you are using certificates on the Internet, you must have at least one HTTPs-accessible location for all certificates that are not limited to internal use.
http://technet.microsoft.com/en-us/library/cc771079.aspx Configuring Certificate Revocation It is not always possible to contact a CA or other trusted server for information about the validity of a certificate. To effectively support certificate status checking, a client must be able to access revocation data to determine whether the certificate is valid or has been revoked. To support a variety of scenarios, Active Directory Certificate Services (AD CS) supports industry-standard methods of certificate revocation. These include publication of certificate revocation lists (CRLs) and delta CRLs, which can be made available to clients from a variety of locations, including Active Directory Domain Services (AD DS), Web servers, and network file shares.
Q26. You have a server named Server1 that runs Windows Server 2012 R2.
You plan to create an image of Server1.
You need to remove the source files for all server roles that are not installed on Server1.
Which tool should you use?
A. dism.exe
B. servermanagercmd.exe
C. ocsetup.exe
D. imagex.exe
Answer: A
Explanation:
servermanagercmd.exe The ServerManagerCmd.exe command-line tool has been deprecated in WindowsServer 2008 R2. imagex.exe ImageX is a command-line tool in Windows Vista that you can use to create and manageWindows image (.wim) files. A .wim file contains one or more volume images, disk volumes that containimages of an installed Windows operating system. dism.exe Deployment Image Servicing and Management (DISM.exe) is a command-line tool that canbe used to service a Windows?image or to prepare a Windows Preinstallation Environment (WindowsPE) image. It replaces Package Manager (Pkgmgr.exe), PEimg, and Intlcfg that were included inWindows Vista? The functionality that was included in these tools is now consolidated in one tool(DISM.exe), and new functionality has been added to improve the experience for offline servicing. DISMcan Add, remove, and enumerate packages. ocsetup.exe The Ocsetup.exe tool is used as a wrapper for Package Manager (Pkgmgr.exe) and for WindowsInstaller (Msiexec.exe). Ocsetup.exe is a command-line utility that can be used to perform scripted installs andscripted uninstalls of Windows optional components. The Ocsetup.exe tool replaces the Sysocmgr.exe tool thatWindows XP and Windows Server 2003i use.
http://technet.microsoft.com/en-us/library/hh824822.aspx http://blogs.technet.com/b/joscon/archive/2010/08/26/adding-features-with- dism.aspx http://technet.microsoft.com/en-us/library/hh831809.aspx http://technet.microsoft.com/en-us/library/hh825265.aspx
Q27. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012.
The domain contains an Edge Server named Server1. Server1 is configured as a DirectAccess server. Server1 has the following settings:
Internal DNS name: Server1.contoso.com External DNS name: dal.contoso.com Internal IPv6 address: 2002:cla8:6a:3333::l External IPv4 address: 65.55.37.62
Your company uses split-brain DNS for the contoso.com zone.
You run the Remote Access Setup wizard as shown in the following exhibit. (Click the Exhibit button.)
...
You need to ensure that client computers on the Internet can establish DirectAccess connections to Server1.
Which additional name suffix entry should you add from the Remote Access Setup wizard?
A. A Name Suffix value of Server1.contoso.com and a blank DNS Server Address value
B. A Name Suffix value of dal.contoso.com and a blank DNS Server Address value
C. A Name Suffix value of Server1.contoso.com and a DNS Server Address value of
65.55.37.62
D. A Name Suffix value of dal.contoso.com and a DNS Server Address value of
65.55.37.62
Answer: A
Explanation:
*
In a non-split-brain DNS environment, the Internet namespace is different from the intranet namespace. For example, the Contoso Corporation uses contoso.com on the Internet and corp.contoso.com on the intranet. Because all intranet resources use the corp.contoso.com DNS suffix, the NRPT rule for corp.contoso.com routes all DNS name queries for intranet resources to intranet DNS servers. DNS name queries for names with the contoso.com suffix do not match the corp.contoso.com intranet namespace rule in the NRPT and are sent to Internet DNS servers.
*
Split-brain DNS is a configuration method that enables proper resolution of names (e.g., example.com) from both inside and outside of your local network.
Note: For split-brain DNS deployments, you must list the FQDNs that are duplicated on the Internet and intranet and decide which resources the DirectAccess client should reach, the intranet version or the public (Internet) version. For each name that corresponds to a resource for which you want DirectAccess clients to reach the public version, you must add the corresponding FQDN as an exemption rule to the NRPT for your DirectAccess clients. Name suffixes that do not have corresponding DNS servers are treated as exemptions.
Reference: Design Your DNS Infrastructure for DirectAccess
Q28. Your network contains an Active Directory domain named adatum.com.
You have a standard primary zone named adatum.com.
You need to provide a user named User1 the ability to modify records in the zone.
Other users must be prevented from modifying records in the zone.
What should you do first?
A. Run the Zone Signing Wizard for the zone
B. From the properties of the zone, change the zone type
C. Run the new Delegation Wizard for the zone
D. From the properties of the zone, modify the Start Of Authority (SOA) record
Answer: C
Q29. Your network contains an Active Directory domain named contoso.com. The domain
contains a domain controller named DC1 that runs Windows Server 2012 R2.
You create an Active Directory snapshot of DC1 each day.
You need to view the contents of an Active Directory snapshot from two days ago.
What should you do first?
A. Start the Volume Shadow Copy Service (VSS).
B. Run the dsamain.exe command.
C. Run the ntdsutil.exe command.
D. Stop the Active Directory Domain Services (AD DS) service.
Answer: C
Explanation:
Mounting an Active Directory snapshot
Before connecting to the snapshot we need to mount it. By looking at the results of the List
All command in step #8 above, identify the snapshot that you wish to mount, and note the
number next to it.
In order to mount an Active Directory snapshot follow these steps:
Log on as a member of the Domain Admins group to one of your Windows Server 2008
Domain Controllers.
Open a Command Prompt window by clicking on the CMD shortcut in the Start menu, or by
typing CMD and pressing Enter in the Run or Quick Search parts of the Start menu.
Note: You must run NTDSUTIL from an elevated command prompt. To open an elevated
command prompt, click Start, right-click Command Prompt, and then click Run as
administrator.
In the CMD window, type the following command:
ntdsutil
In the CMD window, type the following command:
snapshot
To view all available snapshots, in the CMD window, type the following command:
list all The result should look like this:
snapshot: List All
1: 2008/10/25:03:14 {ec53ad62-8312-426f-8ad4-d47768351c9a}
2: C: {15c6f880-cc5c-483b-86cf-8dc2d3449348}
In this example we only have one snapshot available, one from 2008/10/25 at 03:14AM
(yes, I write articles at this time…). We'll mount this one.
In the CMD window, type the following command:
mount 2
The result should look like this:
snapshot: mount 2
Snapshot {15c6f880-cc5c-483b-86cf-8dc2d3449348} mounted as
C:'$SNAP_200810250314_VOLUMEC$'
Next, you can leave the NTDSUTIL running, or you can quit by typing quit 2 times.
Note: Like the above command, the mounting process can also be run in one line.
However, note that
NTDSUTIL requires that the "list all" command be run in the same session that you mount
the snapshot. So in order to mount the snapshot with a one-liner, you will need to run "list
all" first.
ntdsutil snapshot "list all" "mount 2" quit quit
Note: You do not need to quit from the NTDSUTIL command, you can keep it open
assuming that you'll probably want to unmount the snapshot right after working with it.
Q30. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 and a server named Server2 that runs Windows Server 2008 R2 Service Pack 1 (SP1). Both servers are member servers.
On Server2, you install all of the software required to ensure that Server2 can be managed remotely from Server Manager.
You need to ensure that you can manage Server2 from Server1 by using Server Manager.
Which two tasks should you perform on Server2? (Each correct answer presents part of the solution. Choose two.)
A. Run the Enable-PSRemotingcmdlet.
B. Run the Configure-SMRemoting.psl script.
C. Run the Enable-PSSessionConfigurationcmdlet.
D. Run the Set-ExecutionPolicycmdlet.
E. Run the systempropertiesremote.exe command.
Answer: B,D
Explanation:
To configure Server Manager remote management by using Windows PowerShell
On the computer that you want to manage remotely, open a Windows PowerShell session
with elevated user rights.
In the Windows PowerShell session, type the following, and then press Enter.
Set-ExecutionPolicy –ExecutionPolicyRemoteSigned (D)
Type the following, and then press Enter to enable all required firewall rule exceptions.
Configure-SMRemoting.ps1 -force –enable (B)
