Microsoft 70-411 Online Practice Questions and Exam Preparation

Microsoft 70-411 Online Questions & Answers

• Question 181:

  Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.

  The domain contains a server named Server1 that has the Network Policy Server server role and the Remote Access server role installed. The domain contains a server named Server2 that is configured as a RADIUS server.

  Server1 provides VPN access to external users.

  You need to ensure that all of the VPN connections to Server1 are logged to the RADIUS server on Server2.

  What should you run?

  A. Add-RemoteAccessRadius -ServerNameServer1 -AccountingOnOffMsg Enabled - SharedSecret "Secret" -Purpose Accounting
  B. Set-RemoteAccessAccounting -AccountingOnOffMsg Enabled -AccountingOnOffMsg Enabled
  C. Add-RemoteAccessRadius -ServerName Server2 -AccountingOnOffMsg Enabled - SharedSecret "Secret" -Purpose Accounting
  D. Set-RemoteAccessAccounting -EnableAccountingType Inbox -AccountingOnOffMsg Enabled
  C. Add-RemoteAccessRadius -ServerName Server2 -AccountingOnOffMsg Enabled - SharedSecret "Secret" -Purpose Accounting

  ---

  Add-RemoteAccessRadius

  Adds a new external RADIUS server for VPN authentication, accounting for DirectAccess (DA) and VPN, or one-time password (OTP) authentication for DA.

  AccountingOnOffMsg

  Indicates the enabled state for sending of accounting on or off messages. The acceptable values for this parameter are:

  Enabled.

  Disabled. This is the default value.

  This parameter is applicable only when the RADIUS server is being added for Remote Access accounting.

• Question 182:

  Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run Windows Server 2008, Windows Server 2008 R2 Windows Server 2012, and Windows Server 2012 R2.

  A domain controller named DC1 runs Windows Server 2012 R2. DC1 is backed up daily.

  During routine maintenance, you delete a group named Group1.

  You need to recover Group1 and identify the names of the users who were members of Group1 prior to its deletion. You want to achieve this goal by using the minimum amount of administrative effort.

  What should you do first?

  A. Perform an authoritative restore of Group1.
  B. Mount the most recent Active Directory backup.
  C. Use the Recycle Bin to restore Group1.
  D. Reactivate the tombstone of Group1.
  A. Perform an authoritative restore of Group1.

  ---

  The Active Directory Recycle Bin does not have the ability to track simple changes to objects. If the object itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the future. In other words, there is no rollback capacity for changes to object properties, or, in other words, to the values of these properties. There is another approach you should be aware of. Tombstone reanimation (which has nothing to do with zombies) provides the only way to recover deleted objects without taking a DC offline, and it's the only way to recover a deleted object's identity information, such as its objectGUID and objectSid attributes. It neatly solves the problem of recreating a deleted user or group and having to fix up all the old access control list (ACL) references, which contain the objectSid of the deleted object. Restores domain controllers to a specific point in time, and marks objects in Active Directory as being authoritative with respect to their replication partners.

• Question 183:

  Your network contains an Active Directory domain named contoso.com. All domain controllers run either Windows Server 2008 or Windows Server 2008 R2.

  You deploy a new domain controller named DC1 that runs Windows Server 2012 R2.

  You log on to DC1 by using an account that is a member of the Domain Admins group.

  You discover that you cannot create Password Settings objects (PSOs) by using Active Directory Administrative Center.

  You need to ensure that you can create PSOs from Active Directory Administrative Center. What should you do?

  A. Modify the membership of the Group Policy Creator Owners group.
  B. Transfer the PDC emulator operations master role to DC1.
  C. Upgrade all of the domain controllers that run Window Server 2008.
  D. Raise the functional level of the domain.
  D. Raise the functional level of the domain.

  ---

  Fine-grained password policies allow you to specify multiple password policies within a single domain so that you can apply different restrictions for password and account lockout policies to different sets of users in a domain. To use a fine-grained password policy, your domain functional level must be at least Windows Server 2008. To enable fine-grained password policies, you first create a Password Settings Object (PSO). You then configure the same settings that you configure for the password and account lockout policies. You can create and apply PSOs in the Windows Server 2012 environment by using the Active Directory Administrative Center (ADAC) or Windows PowerShell.

  Step 1: Create a PSO Applies To: Windows Server 2008, Windows Server 2008 R2

  Reference:

  http: //technet. microsoft. com/en-us//library/cc754461%28v=ws. 10%29. aspx

• Question 184:

  Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012.

  You have a Group Policy object (GPO) named GPO1 that contains several custom Administrative templates.

  You need to filter the GPO to display only settings that will be removed from the registry when the GPO falls out of scope. The solution must only display settings that are either enabled or disabled and that have a comment. How should you configure the filter?

  To answer, select the appropriate options below. Select three.

  

  A. Set Managed to: Yes
  B. Set Managed to: No
  C. Set Managed to: Any
  D. Set Configured to: Yes
  E. Set Configured to: No
  F. Set Configured to: Any
  G. Set Commented to: Yes
  H. Set Commented to: No
  I. Set Commented to: Any
  A. Set Managed to: Yes
  F. Set Configured to: Any
  G. Set Commented to: Yes

• Question 185:

  You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed. Server1 has a folder named Folder1 that is used by the sales department.

  You need to ensure that an email notification is sent to the sales manager when a File Screening Audit report is generated.

  What should you configure on Server1?

  A. a file group
  B. a file screen
  C. a file screen exception
  D. a storage report task
  D. a storage report task

  ---

  From the Storage Reports Management node, you can generate reports that will help you understand file use on the storage server. You can use the storage reports to monitor disk usage patterns (by file type or user), identify duplicate files and dormant files, track quota usage, and audit file screening.

  

  Before you run a File Screen Audit report, in the File Server Resource Manager Options dialog box, on the File Screen Audit tab, verify that the Record file screening activity in the auditing database check box is selected. Reference: http: //technet. microsoft. com/en-us/library/cc755988. aspx http: //technet. microsoft. com/en-us/library/cc730822. aspx http: //technet. microsoft. com/en-us/library/cc770594. aspx http: //technet. microsoft. com/en-us/library/cc771212. aspx http: //technet. microsoft. com/en-us/library/cc732074. aspx

• Question 186:

  Your network contains an Active Directory domain named adatum.com. The domain has a certification authority (CA) named CA1.

  All servers run Windows Server 2012 R2 .All client computers run Windows 10.

  You need to add a data recovery agent for the encrypting File System (EFS) to the domain.

  What should you do?

  A. From the Default Domain policy, select Create Data Recovery Agent.
  B. From the Default Domain controller policy, select Add Data Recovery Agent.
  C. From the default Domain controller policy, select Add Data recovery Agent.
  D. From the Default Domain policy, select Add Data Recovery Agent.
  D. From the Default Domain policy, select Add Data Recovery Agent.

• Question 187:

  Your network contains an Active Directory domain named adatum.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2.

  All client computers run Windows 7.

  You need to ensure that user settings are saved to \\Server1\Users\.

  What should you do?

  A. From the properties of each user account, configure the Home folder settings.
  B. From a Group Policy object (GPO), configure the Folder Redirection settings.
  C. From the properties of each user account, configure the User profile settings.
  D. From a Group Policy object (GPO), configure the Drive Maps preference.
  C. From the properties of each user account, configure the User profile settings.

  ---

  If a computer is running Windows 2000 Server or later on a network, users can store their profiles on the server. These profiles are called roaming user profiles.

• Question 188:

  Your network contains an Active Directory domain named contoso.com. The domain contains a virtual machine named Server1 that runs Windows Server 2012 R2.

  Server1 has a dynamically expanding virtual hard disk that is mounted to drive E.

  You need to ensure that you can enable BitLocker Drive Encryption (BitLocker) on drive E.

  Which command should you run?

  A. manage-bde -protectors -add c: -startup e:
  B. manage-bde -lock e:
  C. manage-bde -protectors -add e: -startupkey c:
  D. manage-bde -on e:
  D. manage-bde -on e:

  ---

  Manage-bde: on

  Encrypts the drive and turns on BitLocker.

  Example:

  The following example illustrates using the -on command to turn on BitLocker for drive C and add a recovery password to the drive.

  manage-bde n C: -recoverypassword

• Question 189:

  You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed.

  All of the VPN servers on your network use Server1 for RADIUS authentication.

  You create a security group named Group1.

  You need to configure Network Policy and Access Services (NPAS) to meet the following requirements:

  

  Ensure that only the members of Group1 can establish a VPN connection to the VPN servers.

  

  Allow only the members of Group1 to establish a VPN connection to the VPN servers if the members are using client computers that run Windows 8 or later.

  Which type of policy should you create for each requirement?

  To answer, drag the appropriate policy types to the correct requirements. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

  Select and Place:

  

  

• Question 190:

  Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server2, Server3, and Server4.

  Server2 and Server4 host a Distributed File System (DFS) namespace named Namespace1.

  You open the DFS Management console as shown in the exhibit. (Click the Exhibit button.)

  

  To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.

  Hot Area: