Microsoft 70-411 Online Practice Questions and Exam Preparation

Microsoft 70-411 Online Questions & Answers

• Question 131:

  Your network contains one Active Directory domain named contoso.com. The domain contains 10 file servers that run Windows Server 2012 R2.

  You plan to enable BitLocker Drive Encryption (BitLocker) for the operating system drives of the file servers.

  You need to configure BitLocker policies for the file servers to meet the following requirements:

  Ensure that all of the servers use a startup PIN for operating system drives encrypted with BitLocker.

  Ensure that the BitLocker recovery key and recovery password are stored in Active Directory.

  Which two Group Policy settings should you configure? To answer, select the appropriate settings in the answer area.

  Hot Area:

  

  

  ---

  Choose how BitLocker-protected operating system drives can be recovered: With this policy setting, you can control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information. In Save BitLocker recovery information to Active Directory Domain Services , choose which BitLocker recovery information to store in Active Directory Domain Services (AD DS) for operating system drives. If you select Store recovery password and key packages, the BitLocker recovery password and the key package are stored in AD DS. Storing the key package supports recovering data from a drive that is physically corrupted. If you select Store recovery password only, only the recovery password is stored in AD DS.

  Require additional authentication at startup: With this policy setting, you can configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with a Trusted Platform Module (TPM). This policy setting is applied when you turn on BitLocker. On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use:

  -only the TPM for authentication -insertion of a USB flash drive containing the startup key -the entry of a 4-digit to 20-digit personal identification number (PIN) -a combination of the PIN and the USB flash drive There are four options for TPM-enabled computers or devices: Configure TPM startup

  Allow TPM

  Require TPM

  Do not allow TPM Configure TPM startup PIN

  Allow startup PIN with TPM

  Require startup PIN with TPM

  Do not allow startup PIN with TPM Configure TPM startup key

  Allow startup key with TPM

  Require startup key with TPM

  Do not allow startup key with TPM Configure TPM startup key and PIN

  Allow TPM startup key with PIN

  Require startup key and PIN with TPM

  Do not allow TPM startup key with PIN https://technet.microsoft.com/en-us/library/jj679890.aspx

• Question 132:

  Your network contains an Active Directory domain named contoso.com.

  A user named User1 creates a central store and opens the Group Policy Management Editor as shown in the exhibit. (Click the Exhibit button.)

  

  You need to ensure that the default Administrative Templates appear in GPO1. What should you do?

  A. Link a WMI filter to GPO1.
  B. Copy files from %Windir%\Policydefinitions to the central store.
  C. Configure Security Filtering in GPO1.
  D. Add User1 to the Group Policy Creator Owners group.
  B. Copy files from %Windir%\Policydefinitions to the central store.

  ---

  In earlier operating systems, all the default Administrative Template files are added to the ADM folder of a Group Policy object (GPO) on a domain controller. The GPOs are stored in the SYSVOL folder. The SYSVOL folder is automatically replicated to other domain controllers in the same domain. A policy file uses approximately 2 megabytes (MB) of hard disk space. Because each domain controller stores a distinct version of a policy, replication traffic is increased.

  In Group Policy for Windows Server 2008 and Windows Vista, if you change Administrative template policy settings on local computers, Sysvol will not be automatically updated with the new .admX or .admL files. This change in behavior is implemented to reduce network load and disk storage requirements, and to prevent conflicts between .admX files and.admL files when edits to Administrative template policy settings are made across different locales. To make sure that any local updates are reflected in Sysvol, you must manually copy the updated .admX or .admL files from the PolicyDefinitions file on the local computer to the Sysvol\PolicyDefinitions folder on the appropriate domain controller.

  To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain.

  To create a Central Store for .admx and .adml files, create a folder that is named PolicyDefinitions in the following location: \\FQDN\SYSVOL\FQDN\policies

  Reference:

  http: //support. microsoft. com/kb/929841

• Question 133:

  Your network contains an Active Directory domain named contoso.com. The functional level of the forest is Windows Server 2008 R2.

  Computer accounts for the marketing department are in an organizational unit (OU) named Departments\Marketing\Computers. User accounts for the marketing department are in an OU named Departments\Marketing\Users.

  All of the marketing user accounts are members of a global security group named MarketingUsers. All of the marketing computer accounts are members of a global security group named MarketingComputers.

  In the domain, you have Group Policy objects (GPOs) as shown in the exhibit. (Click the Exhibit button.)

  

  You create two Password Settings objects named PSO1 and PSO2. PSO1 is applied to MarketingUsers. PSO2 is applied to MarketingComputers. The minimum password length is defined for each policy as shown in the following table.

  

  You need to identify the minimum password length required for each marketing user. What should you identify?

  A. 5
  B. 6
  C. 7
  D. 10
  E. 12
  D. 10

• Question 134:

  Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.

  You mount an Active Directory snapshot on DC1.

  You need to expose the snapshot as an LDAP server.

  Which tool should you use?

  A. Ldp
  B. ADSI Edit
  C. Dsamain
  D. Ntdsutil
  C. Dsamain

  ---

  dsamain /dbpath E:\$SNAP_200704181137_VOLUMED$\WINDOWS\NTDS\ntds. dit /ldapport51389

  

  Reference: http: //technet. microsoft. com/en-us/library/cc753609(v=ws. 10). aspx

• Question 135:

  Your network has a router named Router1 that provides access to the Internet. You have a server named Server1 that runs Windows Server 2012 R2. Server1 to use Router1 as the default gateway.

  A new router named Router2 is added to the network. Router2 provides access to the Internet. The IP address of the internal interface on Router2 is 10.1.14.2S4.

  You need to configure Server1 to use Router2 to connect to the Internet if Router1 fails.

  What should you do on Server1?

  A. Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 1.
  B. Add 10.1.14.254 as a gateway and set the metric to 1.
  C. Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 500.
  D. Add 10.1.14.254 as a gateway and set the metric to 500.
  C. Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 500.

  ---

  To configure the Automatic Metric feature:

  1.

  In Control Panel, double-click Network Connections.

  2.

  Right-click a network interface, and then click Properties.

  3.

  Click Internet Protocol (TCP/IP), and then click Properties.

  4.

  On the General tab, click Advanced.

  5.

  To specify a metric, on the IP Settings tab, click to clear the Automatic metric check box, and then enter the metric that you want in the Interface Metric field.

  To manually add routes for IPv4

  Open the Command Prompt window by clicking the Start button Picture of the Start button. In the search box, type Command Prompt, and then, in the list of results, click Command Prompt.

  At the command prompt, type route -p add [destination] [mask ] [gateway] [metric ] [if ].

• Question 136:

  Your network contains an Active Directory domain named contoso.com.

  All user accounts reside in an organizational unit (OU) named OU1. All of the users in the marketing department are members of a group named Marketing. All of the users in the human resources department are members of a group named HR.

  You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU1. You configure the Group Policy preferences of GPO1 to add two shortcuts named Link1 and Link2 to the desktop of each user.

  You need to ensure that Link1 only appears on the desktop of the users in Marketing and that Link2 only appears on the desktop of the users in HR.

  What should you configure?

  A. Security Filtering
  B. WMI Filtering
  C. Group Policy Inheritance
  D. Item-level targeting
  D. Item-level targeting

  ---

  You can use item-level targeting to change the scope of individual preference items, so they apply only to selected users or computers. Within a single Group Policy object (GPO), you can include multiple preference items, each customized for selected users or computers and each targeted to apply settings only to the relevant users or computers.

  Reference: http://technet.microsoft.com/en-us/library/cc733022.aspx

• Question 137:

  You manage a server that runs Windows Server 2012 R2. The server has the Windows Deployment Services server role installed. You start a virtual machine named VM1 as shown in the exhibit. (Click the Exhibit button.)

  

  You need to configure a pre-staged device for VM1 in the Windows Deployment Services console.

  Which two values should you assign to the device ID? (Each correct answer presents a complete solution. Choose two.)

  A. 979708BFC04B45259FE0C4150BB6C618
  B. 979708BF-C04B-4525-9FE0-C4150BB6C618
  C. 00155D000F1300000000000000000000
  D. 0000000000000000000000155D000F13
  E. 00000000-0000-0000-0000-C4150BB6C618
  B. 979708BF-C04B-4525-9FE0-C4150BB6C618
  D. 0000000000000000000000155D000F13

  ---

  Use client computer's media access control (MAC) address preceded with twenty zeros or the globally unique identifier (GUID) in the format: {XXXXXXXX-XXXX-XXXX-XXX- XXXXXXXXXXXX}. Reference: http: //technet. microsoft. com/en-us/library/cc754469. aspx

• Question 138:

  Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questionsin this series. Information and details provided in a question apply only to that question.

  Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.

  You need to prevent all of the GPOs at the site level and at the domain level from being applied to users and computers in an organizational unit (OU) named OU1. You want to achieve this goal by using the minimum amount of administrative

  effort.

  What should you use?

  A. Dcgpofix
  B. Get-GPOReport
  C. Gpfixup
  D. Gpresult
  E. Gpedit.msc
  F. Import-GPO
  G. Restore-GPO
  H. Set-GPInheritance
  I. Set-GPLink
  J. Set-GPPermission
  H. Set-GPInheritance

  ---

  References: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee461032(v=technet.10)

• Question 139:

  Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains two Active Directory sites named Site1 and Site2.

  You plan to deploy a read-only domain controller (RODC) named DC10 to Site2. You precreate the DC10 domain controller account by using Active Directory Users and Computers.

  You need to identify which domain controller will be used for initial replication during the promotion of the RODC.

  Which tab should you use to identify the domain controller?

  To answer, select the appropriate tab in the answer area.

  Hot Area:

  

  

• Question 140:

  Your network contains a server named Server1 that has the Network Policy and Access Services server role installed.

  All of the network access servers forward connection requests to Server1.

  You create a new network policy on Server1.

  You need to ensure that the new policy applies only to connection requests from the 192.168.0.0/24 subnet.

  What should you do?

  A. Set the Client IP4 Address condition to 192.168.0.0/24.
  B. Set the Client IP4 Address condition to 192.168.0.
  C. Set the Called Station ID constraint to 192.168.0.0/24.
  D. Set the Called Station ID constraint to 192.168.0.
  B. Set the Client IP4 Address condition to 192.168.0.

  ---

  RADIUS client properties

  Following are the RADIUS client conditions that you can configure in network policy. Calling Station ID: Specifies the network access server telephone number that was dialed by the dial-up access client.

  Client Friendly Name: Specifies the name of the RADIUS client that forwarded the connection request to the NPS server.

  Client IPv4 Address: Specifies the Internet Protocol (IP) version 4 address of the RADIUS client that forwarded the connection request to the NPS server. Client IPv6 Address: Specifies the Internet Protocol (IP) version 6 address of the

  RADIUS client that forwarded the connection request to the NPS server. Client Vendor: Specifies the name of the vendor or manufacturer of the RADIUS client that sends connection requests to the NPS server. MS RAS Vendor: Specifies the

  vendor identification number of the network access server that is requesting authentication.