Microsoft 70-411 Online Practice Questions and Exam Preparation

Microsoft 70-411 Online Questions & Answers

• Question 151:

  Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2008 R2. You plan to test Windows Server 2012 R2 by using native-boot virtual hard disks

  (VHDs).

  You have a Windows image file named file1.wim.

  You need to add an image of a volume to file1.wim.

  What should you do?

  A. Run imagex.exe and specify the /append parameter.
  B. Run imagex.exe and specify the /export parameter.
  C. Run dism.exe and specify the /image parameter.
  D. Run dism.exe and specify the /append-image parameter.
  D. Run dism.exe and specify the /append-image parameter.

  ---

  Explanation: The Deployment Image Servicing and Management (DISM) tool is a command-line tool that enables the creation of Windows image (.wim) files for deployment in a manufacturing or corporate IT environment. The /Append-Image

  option appends a volume image to an existing .wim file allowing you to store many customized Windows images in a fraction of the space. When you combine two or more Windows image files into a single .wim, any files that are duplicated

  between the images are only stored once.

  Incorrect:

  Not A, Not B: Imagex has been retired and replaced by dism.

  Reference: Append a Volume Image to an Existing Image Using DISM

  https://technet.microsoft.com/en-us/library/hh824916.aspx

• Question 152:

  Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8 Enterprise.

  You implement a Group Policy central store.

  You have an application named App1. App1 requires that a custom registry setting be deployed to all of the computers.

  You need to deploy the custom registry setting. The solution must minimize administrator effort.

  What should you configure in a Group Policy object (GPO)?

  A. The Software Installation settings
  B. The Administrative Templates
  C. An application control policy
  D. The Group Policy preferences
  D. The Group Policy preferences

  ---

  Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit. In the console tree under Computer Configuration or User Configuration, expand the Preferences folder, and then expand the Windows Settings folder. Right-click the Registry node, point to New, and select Registry Item. Group Policy preferences provide the means to simplify deployment and standardize configurations. They add to Group Policy a centralized system for deploying preferences (that is, settings that users can change later).

  You can also use Group Policy preferences to configure applications that are not Group Policy-aware. By using Group Policy preferences, you can change or delete almost any registry setting, file or folder, shortcut, and more. You are not

  limited by the contents of Administrative Template files. The Group Policy Management Editor (GPME) includes Group Policy preferences.

  References:

  http: //technet.microsoft.com/en-us/library/gg699429.aspx http: //www. unidesk. com/blog/gpos-set-custom-registry-entries-virtual-desktops-disabling- machine-password

  

• Question 153:

  Your network contains on Active Directory domain named contoso.com. The domain contains an organizational unit (OU) named AIIServers_OU.

  You create and link a Group Policy object (GPO) named GPO1 to AIIServer_OU. GPO1 is configured as shown in the exhibit. (Click the Exhibit button.)

  

  d You need to ensure that GPO1 only applies to servers that have Remote Desktop Services (RDS) installed What should you configure?

  A. Item-level targeting
  B. Block Inheritance
  C. Security Filtering
  D. WMI Filtering
  D. WMI Filtering

  ---

  Explanation: If you need to configure a Remote Desktop Server farm and need to setup some group policies that only applied to computers that are Remote Desktop Servers, there are a couple of obvious ways you could achieve this. 1) You could put your Remote Desktop Servers in a specific Organisational Unit and link your Group Policies there 2) You could create a WMI Filter to filter by name i.e. SELECT * FROM Win32_ComputerSystem WHERE ((Name = `RDSERVER01') OR (Name = `RDSERVER02')) If you don't want to have to update the WMI Filter if you need to add more Remote Desktop Servers, you can use the following WMI Filter against the rootCIMV2TerminalServices Namespace: Select * From Win32_TerminalServiceSetting Where TerminalServerMode=1

  http://www.focusedit.co.uk/54-group-policy-wmi-filter-for-remote-desktop-server/ https://blogs.technet.microsoft.com/askds/2008/09/11/fun-with-wmi-filters-in-group-policy/

• Question 154:

  Your network contains an Active Directory domain named contoso.com.

  You implement DirectAccess.

  You need to view the properties of the DirectAccess connection.

  Which connection properties should you view?

  To answer, select the appropriate connection properties in the answer area.

  Hot Area:

  

  

• Question 155:

  Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series.

  Information and details provided in a question apply only to that question.

  Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.

  You have a GPO named GPO1 that is linked to the domain.

  You need to configure GPO1 to apply settings to Group1 only.

  You need to configure GPO1 to apply settings to Group1 only.

  What should you use?

  A. Dcgpofix
  B. Get-GPOReport
  C. Gpfixup
  D. Gpresult
  E. Gpedit. msc
  F. Import-GPO
  G. Restore-GPO
  H. Set-GPInheritance
  I. Set-GPLink
  J. Set-GPPermission
  C. Gpfixup

• Question 156:

  Your company has a main office and a branch office.

  The main office contains a server that hosts a Distributed File System (DFS) replicated folder.

  You plan to implement a new DFS server in the branch office.

  You need to recommend a solution that minimizes the amount of network bandwidth used to perform the initial synchronization of the folder to the branch office. You recommend using the Export-DfsrClone and Import-DfsrClonecmdlets.

  Which additional command or cmdlet should you include in the recommendation?

  A. Robocopy.exe
  B. Synchost.exe
  C. Export-BcCachePackage
  D. Sync-DfsReplicationGroup
  A. Robocopy.exe

  ---

  By preseeding files before you set up DFS Replication, add a new replication partner, or replace a server, you can speed up initial synchronization and enable cloning of the DFS Replication database in Windows Server 2012 R2. The Robocopy method is one of several preceding methods

• Question 157:

  Your network contains two Active Directory forests named adatum.com and contoso.com. The network contains three servers. The servers are configured as shown in the following table.

  

  You need to ensure that connection requests from adatum.com users are forwarded to Server2 and connection requests from contoso.com users are forwarded to Server3. Which two should you configure in the connection request policies on Server1? (Each correct answer presents part of the solution. Choose two.)

  A. The Authentication settings
  B. The Standard RADIUS Attributes settings
  C. The Location Groups condition
  D. The Identity Type condition
  E. The User Name condition
  A. The Authentication settings
  E. The User Name condition

  ---

  The User Name attribute group contains the User Name attribute. By using this attribute, you can designate the user name, or a portion of the user name, that must match the user name supplied by the access client in the RADIUS message. This attribute is a character string that typically contains a realm name and a user account name. You can use pattern- matching syntax to specify user names.

  

  By using this setting, you can override the authentication settings that are configured in all network policies and you can designate the authentication methods and types that are required to connect to your network. Forward requests to the following remote RADIUS server group . By using this setting, NPS forwards connection requests to the remote RADIUS server group that you specify. If the NPS server receives a valid Access-Accept message that corresponds to the Access- Request message, the connection attempt is considered authenticated and authorized. In this case, the NPS server acts as a RADIUS proxy

  

  Connection request policies are sets of conditions and profile settings that give network administrators flexibility in configuring how incoming authentication and accounting request messages are handled by the IAS server. With connection

  request policies, you can create a series of policies so that some RADIUS request messages sent from RADIUS clients are processed locally (IAS is being used as a RADIUS server) and other types of messages are forwarded to another

  RADIUS server (IAS is being used as a RADIUS proxy). This capability allows IAS to be deployed in many new RADIUS scenarios.

  With connection request policies, you can use IAS as a RADIUS server or as a RADIUS proxy, based on the time of day and day of the week, by the realm name in the request, by the type of connection being requested, by the IP address of

  the RADIUS client, and so on.

  References:

  http: //technet. microsoft. com/en-us/library/cc757328. aspx http: //technet. microsoft. com/en-us/library/cc753603. aspx

• Question 158:

  You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.

  Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DLL.

  You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder1.

  You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about

  other access-denied messages.

  What should you do?

  A. From the File Server Resource Manager console, create a local classification property.
  B. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share - Applications option.
  C. From the File Server Resource Manager console, modify the Access-Denied Assistance settings.
  D. From the File Server Resource Manager console, set a folder management property.
  D. From the File Server Resource Manager console, set a folder management property.

• Question 159:

  Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed.

  An administrator creates a RADIUS client template named Template1.

  You create a RADIUS client named Client1 by using Template 1.

  You need to modify the shared secret for Client1.

  What should you do first?

  A. Configure the Advanced settings of Template1.
  B. Set the Shared secret setting of Template1 to Manual.
  C. Clear Enable this RADIUS client for Client1.
  D. Clear Select an existing template for Client1.
  D. Clear Select an existing template for Client1.

  ---

  Clear checkmark for Select an existing template in the new client wizard.

  In New RADIUS Client, in Shared secret, do one of the following:

  Bullet Ensure that Manual is selected, and then in Shared secret, type the strong password that is also entered on the RADIUS client. Retype the shared secret in Confirm shared secret.

  

• Question 160:

  Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Remote Access server role installed.

  DirectAccess is implemented on Server1 by using the default configuration.

  You discover that DirectAccess clients do not use DirectAccess when accessing websites on the Internet.

  You need to ensure that DirectAccess clients access all Internet websites by using their DirectAccess connection. What should you do?

  A. Configure a DNS suffix search list on the DirectAccess clients.
  B. Configure DirectAccess to enable force tunneling.
  C. Disable the DirectAccess Passive Mode policy setting in the DirectAccess Client Settings Group Policy object (GPO).
  D. Enable the Route all traffic through the internal network policy setting in the DirectAccess Server Settings Group Policy object (GPO).
  B. Configure DirectAccess to enable force tunneling.

  ---

  With IPv6 and the Name Resolution Policy Table (NRPT), by default, DirectAccess clients separate their intranet and Internet traffic as follows:

  DNS name queries for intranet fully qualified domain names (FQDNs) and all intranet traffic is exchanged over the tunnels that are created with the DirectAccess server or directly with intranet servers. Intranet traffic from DirectAccess clients

  is IPv6 traffic.

  DNS name queries for FQDNs that correspond to exemption rules or do not match the intranet namespace, and all traffic to Internet servers, is exchanged over the physical interface that is connected to the Internet. Internet traffic from

  DirectAccess clients is typically IPv4 traffic.

  In contrast, by default, some remote access virtual private network (VPN) implementations, including the VPN client, send all intranet and Internet traffic over the remote access VPN connection. Internet-bound traffic is routed by the VPN

  server to intranet IPv4 web proxy servers for access to IPv4 Internet resources. It is possible to separate the intranet and Internet traffic for remote access VPN clients by using split tunneling. This involves configuring the Internet Protocol (IP)

  routing table on VPN clients so that traffic to intranet locations is sent over the VPN connection, and traffic to all other locations is sent by using the physical interface that is connected to the Internet. You can configure DirectAccess clients to

  send all of their traffic through the tunnels to the DirectAccess server with force tunneling. When force tunneling is configured, DirectAccess clients detect that they are on the Internet, and they remove their IPv4 default route. With the

  exception of local subnet traffic, all traffic sent by the DirectAccess client is IPv6 traffic that goes through tunnels to the DirectAccess server.