Ensurepass

QUESTION 51
Your network contains an Active Directory domain named contoso.com.
Domain controllers run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012. A support technician accidentally deletes a user account named User1.
You need to use tombstone reanimation to restore the User1 account. Which tool should you use?
A. Esentutl
B. Ldp
C. Ntdsutil
D. Active Directory Administrative Center
Correct Answer: B
Section: DC, AD, GPO & FSMO roles
Explanation
Explanation/Reference:
we’re told that we use tombstone reanimation
so the only correct answer is LDP (which by the way is implemented since Server2003)
===========
old explanation :
ADAC would be the perfect solution if this environment was in 2008 R2 functional level; however it is currently below that due to there being Windows Server 2003 DCs.
This means you must use the LDP utility as previously.
http://technet.microsoft.com/en-us/magazine/2007.09.tombstones.aspx
Using LDP to Reanimate Tombstones
[…]
Now that I’ve shown you how the nuts and bolts of tombstone reanimation work, I want to demonstrate how
I can use LDP to restore the CN=John Smith user I deleted. […]
Using ADRESTORE to Reanimate Tombstones
Once you figure out how to use LDP, reanimating a tombstone is not terribly difficult. But it’s not very convenient, either. Fortunately, the good folks at Sysinternals (a company that is now part of Microsoft) developed a command-line tool to simplify the reanimation process. This tool, called ADRESTORE, is available from the Microsoft Web site at microsoft.com/technet/ sysinternals/utilities/AdRestore.mspx. Installation is simple. Just copy the executable to an appropriate directory on your machine, for instance the C:WINDOWSSYSTEM32 directory.
ADRESTORE runs in two modes. If you run it with no parameters, it will list all the tombstones in the
CN=Deleted Objects container of the default domain.

QUESTION 52
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012.
On all of the domain controllers, Windows is installed in C:Windows and the Active Directory database is located in D:WindowsNTDS.
All of the domain controllers have a third-party application installed. The operating system fails to recognize that the application is compatible with domain controller cloning.
You verify with the application vendor that the application supports domain controller cloning. You need to prepare a domain controller for cloning.
What should you do?
A. In C:WindowsSystem32SysprepActionfiles, add the application information to an XML file named
Respecialize.xml.
B. In D:WindowsNTDS, create an XML file named DCCIoneConfig.xml and add the application information to the file.
C. In D:WindowsNTDS, create an XML file named CustomDCCIoneAllowList.xml and add the application information to the file.
D. In C:Windows, create an XML file named DCCIoneConfig.xml and add the application information to the file.
Correct Answer: C
Section: DC, AD, GPO & FSMO roles
Explanation
Explanation/Reference:
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in-active-directory- domain-services-in-windows-server-2012-part-13-domain-controller-cloning.aspx

QUESTION 53
Your network contains an Active Directory domain named contoso.com.
All servers run Windows Server 2012. The domain contains two servers. The servers are configured as shown in the following table.
All client computers run Windows 8 Enterprise.
You plan to deploy Network Access Protection (NAP) by using IPSec enforcement.
A Group Policy object (GPO) named GPO1 is configured to deploy a trusted server group to all of the client computers.
You need to ensure that the client computers can discover HRA servers automatically.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. On Server2, configure the EnableDiscovery registry key. B. On DC1, create an alias (CNAME) record.
C. On DC1, create a service location (SRV) record.
D. In a GPO, modify the Trusted Server setting for the NAP Client Configuration. E. On all of the client computers, configure the EnableDiscovery registry key.
Correct Answer: CDE
Section: Network (DNS, DHCP, NIC teaming, IPAM, VPN, NAP, DirectAccess…) Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/dd296901(v=ws.10).aspx

QUESTION 54
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012.
Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server.
The network contains two subnets named Subnet1 and Subnet2. Server1 has a DHCP scope for each subnet.
You need to ensure that noncompliant computers on Subnet1 receive different network policies than noncompliant computers on Subnet2.
Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.) A. The NAS Port Type constraints
B. The Health Policies conditions
C. The Called Station ID constraints
D. The NAP-Capable Computers conditions
E. The MS-Service Class conditions
Correct Answer: DE
Section: Network (DNS, DHCP, NIC teaming, IPAM, VPN, NAP, DirectAccess…) Explanation
Explanation/Reference:
The MS-Service Class is how you can specify which subnet the computer must be coming from in order to apply the policy.

QUESTION 55
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012.
Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server.
You need to ensure that only computers that send a statement of health are checked for Network Access
Protection (NAP) health requirements.
Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.) A. The NAP-Capable Computers conditions
B. The MS-Service Class conditions
C. The NAS Port Type constraints
D. The Called Station ID constraints
E. The Health Policies conditions
Correct Answer: AE
Section: Network (DNS, DHCP, NIC teaming, IPAM, VPN, NAP, DirectAccess…) Explanation
Explanation/Reference:
The NAP-Capable ensures that the machine is able to send a statement of health, and the Health Policy tells it which policy to evaluate against.

Download Ensurepass Latest 2013 MCSA 70-417 Real Exam Questions , help you to pass exam 100%.

Comments are closed.