Ensurepass.com : Ensure you pass the IT Exams
2018 May Microsoft Official New Released 70-411
100% Free Download! 100% Pass Guaranteed!

Administering Windows Server 2012

Question No: 51 – (Topic 1)

Your network contains an Active Directory domain named contoso.com. All user accounts reside in an organizational unit (OU) named OU1.

You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU1. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop of each user.

You discover that when a user deletes Link1, the shortcut is removed permanently from the desktop.

You need to ensure that if a user deletes Link1, the shortcut is added to the desktop again. What should you do?

  1. Enforce GPO1.

  2. Modify the Link1 shortcut preference of GPO1.

  3. Enable loopback processing in GPO1.

  4. Modify the Security Filtering settings of GPO1.

Answer: B Explanation:

Replace Delete and recreate a shortcut for computers or users. The net result of the Replace action is to overwrite the existing shortcut. If the shortcut does not exist, then the Replace action creates a new shortcut.

This type of preference item provides a choice of four actions: Create, Replace, Update, and Delete. The behavior of the preference item varies with the action selected and whether the shortcut already exists.

Ensurepass 2018 PDF and VCE

Refernces:

http: //technet.microsoft.com/en-us/library/cc753580.aspx http: //technet.microsoft.com/en-us/library/cc753580.aspx

Question No: 52 – (Topic 1)

Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.

You have two GPOs linked to an organizational unit (OU) named OU1. You need to change the precedence order of the GPOs.

What should you use?

  1. Dcgpofix

  2. Get-GPOReport

  3. Gpfixup

  4. Gpresult

  5. Gpedit. msc

  6. Import-GPO

  7. Restore-GPO

  8. Set-GPInheritance

  9. Set-GPLink

  10. Set-GPPermission

  11. Gpupdate

  12. Add-ADGroupMember

Answer: I Explanation:

The Set-GPLinkcmdlet sets the properties of a GPO link. You can set the following properties:

-> Enabled. If the GPO link is enabled, the settings of the GPO are applied when

Group Policy is processed for the site, domain or OU.

-> Enforced. If the GPO link is enforced, it cannot be blocked at a lower-level (in the Group Policy processing hierarchy) container.

-> Order. The order specifies the precedence that the settings of the GPO take over conflicting settings in other GPOs that are linked (and enabled) to the same site, domain, or OU.

Reference: http: //technet. microsoft. com/en-us/library/ee461022. aspx

Question No: 53 – (Topic 1)

Your network contains an Active Directory domain named contoso.com.

All user accounts for the marketing department reside in an organizational unit (OU) named OU1. All user accounts for the finance department reside in an organizational unit (OU) named OU2.

You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU2. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop.

You discover that when a user signs in, the Link1 is not added to the desktop. You need to ensure that when a user signs in, Link1 is added to the desktop. What should you do?

  1. Enforce GPO1.

  2. Enable loopback processing in GPO1.

  3. Modify the Link1 shortcut preference of GPO1.

  4. Modify the Security Filtering settings of GPO1.

Answer: D Explanation:

Security filtering is a way of refining which users and computers will receive and apply the settings in a Group Policy object (GPO). Using security filtering, you can specify that only certain security principals within a container where the GPO is linked apply the GPO. Security group filtering determines whether the GPO as a whole applies to groups, users, or computers; it cannot be used selectively on different settings within a GPO.

Question No: 54 – (Topic 1)

Your network contains two servers named Server1 and Server2 that run windows Server 2012 R2. Server1 and 5erver2 have the Windows Server Update Services server role installed.

Server1 synchronizes from Microsoft Update. Server2 is a Windows Server Update Services (WSUS) replica of Server1.

You need to configure replica downstream servers to send Server1 summary information about the computer update status.

What should you do?

  1. From Server1, configure Reporting Rollup.

  2. From Server2, configure Reporting Rollup.

  3. From Server2, configure Email Notifications.

  4. From Server1, configure Email Notifications.

Answer: A Explanation:

WSUS Reporting Rollup Sample Tool

This tool uses the WSUS application programming interface (API) to demonstrate centralized monitoring and reporting for WSUS. It creates a single report of update and computer status from the WSUS servers into your WSUS environment. The sample package also contains sample source files to customize or extend the tool functionality of the tool to meet specific needs. The WSUS Reporting Rollup Sample Tool and files are provided AS IS. No product support is available for this tool or sample files. For more information read the readme file.

Reference: http: //technet. microsoft. com/en-us/windowsserver/bb466192. aspx

Question No: 55 – (Topic 1)

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 is backed up daily.

The domain has the Active Directory Recycle Bin enabled.

During routine maintenance, you delete 500 inactive user accounts and 100 inactive groups. One of the deleted groups is named Group1. Some of the deleted user accounts are members of some of the deleted groups.

For documentation purposes, you must provide a list of the members of Group1 before the group was deleted.

You need to identify the names of the users who were members of Group1 prior to its deletion.

You want to achieve this goal by using the minimum amount of administrative effort. What should you do first?

  1. Mount the most recent Active Directory backup.

  2. Reactivate the tombstone of Group1.

  3. Perform an authoritative restore of Group1.

  4. Use the Recycle Bin to restore Group1.

Answer: A Explanation:

The Active Directory Recycle Bin does not have the ability to track simple changes to objects.

If the object itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the future. In other words, there is no rollback capacity for changes to object properties, or, in other words, to the values of these properties.

Question No: 56 – (Topic 1)

Your network contains an Active Directory domain named contoso.com. The domain contains a Web server named www.contoso.com. The Web server is available on the Internet.

You implement DirectAccess by using the default configuration.

You need to ensure that users never attempt to connect to www.contoso.com by using DirectAccess. The solution must not prevent the users from using DirectAccess to access other resources in contoso.com.

Which settings should you configure in a Group Policy object (GPO)?

  1. DirectAccess Client Experience Settings

  2. DNS Client

  3. Name Resolution Policy

  4. Network Connections

Answer: C Explanation:

For DirectAccess, the NRPT must be configured with the namespaces of your intranet with a leading dot (for example, internal.contoso.com or . corp.contoso.com). For a DirectAccess client, any name request that matches one of these namespaces will be sent to the specified intranet Domain Name System (DNS) servers.

Include all intranet DNS namespaces that you want DirectAccess client computers to access.

There are no command line methods for configuring NRPT rules. You must use Group Policy settings. To configure the NRPT through Group Policy, use the Group Policy add-in at Computer Configuration \Policies\Windows Settings\Name Resolution Policy in the Group Policy object for DirectAccess clients. You can create a new NRPT rule and edit or delete existing rules. For more information, see Configure the NRPT with Group Policy.

Question No: 57 – (Topic 1)

Your network contains an Active Directory domain named contoso.com. The domain contains five servers. The servers are configured as shown in the following table.

Ensurepass 2018 PDF and VCE

All desktop computers in contoso.com run Windows 8 and are configured to use BitLocker Drive Encryption (BitLocker) on all local disk drives.

You need to deploy the Network Unlock feature. The solution must minimize the number of features and server roles installed on the network.

To which server should you deploy the feature?

  1. Server1

  2. Server2

  3. Server3

  4. Server4

  5. Server5

Answer: E Explanation:

The BitLocker Network Unlock feature will install the WDS role if it is not already installed. If you want to install it separately before you install BitLocker Network Unlock you can use Server Manager or Windows PowerShell. To install the role using Server Manager, select the Windows Deployment Services role in Server Manager.

Question No: 58 – (Topic 1)

You have a server named WSUS1 that runs Windows Server 2012 R2. WSUS1 has the Windows Server Update Services server role installed and has one volume.

You add a new hard disk to WSUS1 and then create a volume on the hard disk.

You need to ensure that the Windows Server Update Services (WSUS) update files are stored on the new volume.

What should you do?

  1. From the Update Services console, configure the Update Files and Languages option.

  2. From the Update Services console, run the Windows Server Update Services Configuration Wizard.

  3. From a command prompt, run wsusutil.exe and specify the export parameter.

  4. From a command prompt, run wsusutil.exe and specify the movecontent parameter.

Answer: D Explanation:

Local Storage Considerations

If you decide to store update files on your server, the recommended minimum disk size is 30 GB. However, depending on the synchronization options you specify, you might need to use a larger disk. For example, when specifying advanced synchronization options, as in the following procedure, if you select options to download multiple languages and/or the option to download express installation files, your server disk can easily reach 30 GB. Therefore if you choose any of these options, install a larger disk (for example, 100 GB).

If your disk gets full, you can install a new, larger disk and then move the update files to the new location. To do this, after you create the new disk drive, you will need to run the WSUSutil.exetool (with the movecontent command) to move the update files to the new disk. For this procedure, see Managing WSUS from the Command Line.

For example, if D:\WSUS1 is the new path for local WSUS update storage, D:\move. log is the path to the log file, and you wanted to copy the old files to the new location, you would type: wsusutil.exe movecontent D:\WSUS1\ D:\move. Log.

Note: If you do not want to use WSUSutil.exe to change the location of local WSUS update storage, you can also use NTFS functionality to add a partition to the current location of local WSUS update storage. For more information about NTFS, go to Help and Support Center in Windows Server 2003.

Syntax

At the command line %drive%\Program Files\Update Services\Toolsgt;, type: wsusutilmovecontentcontentpathlogfile -skipcopy [/?]

The parameters are defined in the following table.

contentpath – the new root for content files. The path must exist. logfile – the path and file name of the log file to create.

-skipcopy – indicates that only the server configuration should be changed, and that the content files should not be copied.

/help or /? – displays command-line help for movecontent command.

References:

http: //blogs.technet.com/b/sus/archive/2008/05/19/wsus-how-to-change-the-location- where-wsus-stores-updates-locally.aspx

http: //technet.microsoft.com/en-us/library/cc720475(v=ws.10).aspx

http: //technet.microsoft.com/en-us/library/cc708480(v=ws.10).aspx http: //technet.microsoft.com/en-us/library/cc720466(v=ws.10).aspx

http: //technet.microsoft.com/en-us/library/cc708480(v=ws.10).aspx

Question No: 59 – (Topic 1)

Your network contains an Active Directory domain named contoso.com. All domain controllers run either Windows Server 2008 or Windows Server 2008 R2.

You deploy a new domain controller named DC1 that runs Windows Server 2012 R2. You log on to DC1 by using an account that is a member of the Domain Admins group.

You discover that you cannot create Password Settings objects (PSOs) by using Active Directory Administrative Center.

You need to ensure that you can create PSOs from Active Directory Administrative Center. What should you do?

  1. Modify the membership of the Group Policy Creator Owners group.

  2. Transfer the PDC emulator operations master role to DC1.

  3. Upgrade all of the domain controllers that run Window Server 2008.

  4. Raise the functional level of the domain.

Answer: D Explanation:

Fine-grained password policies allow you to specify multiple password policies within a single domain so that you can apply different restrictions for password and account lockout policies to different sets of users in a domain. To use a fine-grained password policy, your domain functional level must be at least Windows Server 2008. To enable fine-grained password policies, you first create a Password Settings Object (PSO). You then configure the same settings that you configure for the password and account lockout policies. You can create and apply PSOs in the Windows Server 2012 environment by using the Active Directory Administrative Center (ADAC) or Windows PowerShell.

Step 1: Create a PSO

Applies To: Windows Server 2008, Windows Server 2008 R2

Reference:

http: //technet. microsoft. com/en-us//library/cc754461(v=ws. 10). aspx

Question No: 60 – (Topic 1)

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The functional level of both the domain and the forest is Windows Server 2008 R2.

The domain contains a domain-based Distributed File System (DFS) namespace that is configured as shown in the exhibit. (Click the Exhibit button.)

Ensurepass 2018 PDF and VCE

You need to enable access-based enumeration on the DFS namespace. What should you do first?

  1. Raise the domain functional level.

  2. Raise the forest functional level.

  3. Install the File Server Resource Manager role service on Server3 and Server5.

  4. Delete and recreate the namespace.

Answer: D Explanation:

Access-based enumeration is only supported on a Domain-based Namespace in Windows Server 2008 Mode. This type of Namespace requires a minimum Windows Server 2003 forest functional level and a minimum Windows Server 2008 domain functional level.

The exhibit indicates that the current namespace is a Domain-based Namespace in Windows Server 2000 Mode. To migrate a domain-based namespace from Windows 2000 Server mode to Windows Server 2008 mode, you must export the namespace to a file, delete the namespace, recreate it in Windows Server 2008 mode, and then import the namespace settings.

Reference:

http://msdn.microsoft.com/en-us/library/cc770287.aspx http://msdn.microsoft.com/en-us/library/cc753875.aspx

100% Ensurepass Free Download!
Download Free Demo:70-411 Demo PDF
100% Ensurepass Free Guaranteed!
Download 2018 EnsurePass 70-411 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Comments are closed.