[Free] 2018(May) EnsurePass Testinsides Microsoft 70-411 Dumps with VCE and PDF 81-90

Ensurepass.com : Ensure you pass the IT Exams
2018 May Microsoft Official New Released 70-411
100% Free Download! 100% Pass Guaranteed!

Administering Windows Server 2012

Question No: 81 – (Topic 1)

Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named R0DC1.

You create a global group named RODC_Admins.

You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on R0DC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects.

What should you do?

  1. From Active Directory Sites and Services, run the Delegation of Control Wizard.

  2. From a command prompt, run the dsadd computer command.

  3. From Active Directory Site and Services, configure the Security settings of the R0DC1 server object.

  4. From a command prompt, run the dsmgmt local roles command.

Answer: D Explanation:

RODC: using the dsmgmt.exe utility to manage local administrators

One of the benefits of RODC is that you can add local administrators who do not have full

access to the domain administration. This gives them the ability to manage the server but not add or change active directory objects unless those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt.

Question No: 82 – (Topic 1)

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.

A local account named Admin1 is a member of the Administrators group on Server1.

You need to generate an audit event whenever Admin1 is denied access to a file or folder. What should you run?

  1. auditpol.exe /set /userradmin1 /failure: enable

  2. auditpol.exe /set /user: admin1 /category: quot;detailed trackingquot; /failure: enable

  3. auditpol.exe /resourcesacl /set /type: file /user: admin1 /failure

  4. auditpol.exe /resourcesacl /set /type: key /user: admin1 /failure /access: ga

Answer: C Explanation:

http: //technet. microsoft. com/en-us/library/ff625687. aspx

To set a global resource SACL to audit successful and failed attempts by a user to perform generic read and write functions on files or folders:

auditpol /resourceSACL /set /type: File /user: MYDOMAINmyuser /success /failure /access: FRFW

http: //technet.microsoft.com/en-us/library/ff625687(v=ws.10).aspx Syntax

auditpol /resourceSACL

[/set /type: lt;resourcegt; [/success] [/failure] /user: lt;usergt; [/access: lt;access flagsgt;]] [/remove /type: lt;resourcegt; /user: lt;usergt; [/type: lt;resourcegt;]]

[/clear [/type: lt;resourcegt;]]

[/view [/user: lt;usergt;] [/type: lt;resourcegt;]]

References:

http: //technet. microsoft. com/en-us/library/ff625687(v=ws. 10). aspx http: //technet. microsoft. com/en-us/library/ff625687(v=ws. 10). aspx http: //technet. microsoft. com/en-us/library/ff625687. aspx

http: //technet. microsoft. com/en-us/library/ff625687(v=ws. 10). aspx

Question No: 83 – (Topic 1)

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.

The domain contains 200 Group Policy objects (GPOs).

An administrator named Admin1 must be able to add new WMI filters from the Group Policy Management Console (GPMC).

You need to delegate the required permissions to Admin1. The solution must minimize the number of permissions assigned to Admin1.

What should you do?

  1. From Active Directory Users and Computers, add Admin1 to the WinRMRemoteWMIUsers group.

  2. From Group Policy Management, assign Creator Owner to Admin1 for the WMI Filters container.

  3. From Active Directory Users and Computers, add Admin1 to the Domain Admins group.

  4. From Group Policy Management, assign Full control to Admin1 for the WMI Filters container.

Answer: D Explanation:

Users with Full control permissions can create and control all WMI filters in the domain, including WMI filters created by others.

Users with Creator owner permissions can create WMI filters, but can only control WMI

filters that they create.

Reference: http://technet.microsoft.com/en-us/library/cc757429(v=ws.10).aspx

Question No: 84 – (Topic 1)

You are a network administrator of an Active Directory domain named contoso.com.

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DHCP Server server role and the Network Policy Server role service installed.

You enable Network Access Protection (NAP) on all of the DHCP scopes on Server1.

You need to create a DHCP policy that will apply to all of the NAP non-compliant DHCP clients.

Which criteria should you specify when you create the DHCP policy?

  1. The client identifier

  2. The user class

  3. The vendor class

  4. The relay agent information

Answer: B Explanation:

Ensurepass 2018 PDF and VCE

To configure a NAP-enabled DHCP server

-> On the DHCP server, click Start, click Run, in Open, type dhcpmgmt. smc, and then press ENTER.

-> In the DHCP console, open lt;servernamegt;\IPv4.

-> Right-click the name of the DHCP scope that you will use for NAP client computers, and then click Properties.

-> On the Network Access Protection tab, under Network Access Protection Settings, choose Enable for this scope, verify that Use default Network Access Protection profile is selected, and then click OK.

-> In the DHCP console tree, under the DHCP scope that you have selected, right- click Scope Options, and then click Configure Options.

-> On the Advanced tab, verify that Default User Class is selected next to User class.

-> Select the 003 Router check box, and in IP Address, under Data entry, type the IP

address for the default gateway used by compliant NAP client computers, and then click Add.

-> Select the 006 DNS Servers check box, and in IP Address, under Data entry, type

the IP address for each router to be used by compliant NAP client computers, and then click Add.

-> Select the 015 DNS Domain Name check box, and in String value, under Data

entry, type your organization#39;s domain name (for example, woodgrovebank. local), and then click Apply. This domain is a full-access network assigned to compliant NAP clients.

-> On the Advanced tab, next to User class, choose Default Network Access

Protection Class.

-> Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by noncompliant NAP client computers, and then click Add. This can be the same default gateway that is used by compliant NAP clients.

-> Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each DNS server to be used by noncompliant NAP client computers, and then click Add. These can be the same DNS servers used by compliant NAP clients.

-> Select the 015 DNS Domain Name check box, and in String value, under Data entry, type a name to identify the restricted domain (for example, restricted.

Woodgrovebank. local), and then click OK. This domain is a restricted-access network assigned to noncompliant NAP clients.

-> Click OK to close the Scope Options dialog box.

-> Close the DHCP console.

Reference: http: //technet.microsoft.com/en-us/library/dd296905(v=ws.10).aspx

Question No: 85 HOTSPOT – (Topic 1)

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.

You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1 by using TCP port 443.

What should you modify? To answer, select the appropriate object in the answer area.

Ensurepass 2018 PDF and VCE

Answer:

Ensurepass 2018 PDF and VCE

Explanation:

Ensurepass 2018 PDF and VCE

http: //technet. microsoft. com/en-us/library/cc771298(v=ws. 10). aspx

Secure Socket Tunneling Protocol (SSTP) is a new tunneling protocol that uses the HTTPS protocol over TCP port 443 to pass traffic through firewalls and Web proxies that might block PPTP and L2TP/IPsec traffic.

Question No: 86 – (Topic 1)

Your network contains an Active Directory domain named contoso.com. The domain contains three servers. The servers are configured as shown in the following table.

Ensurepass 2018 PDF and VCE

You need to ensure that end-to-end encryption is used between clients and Server2 when the clients connect to the network by using DirectAccess.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  1. From the Remote Access Management Console, reload the configuration.

  2. Add Server2 to a security group in Active Directory.

  3. Restart the IPSec Policy Agent service on Server2.

  4. From the Remote Access Management Console, modify the Infrastructure Servers settings.

  5. From the Remote Access Management Console, modify the Application Servers settings.

Answer: B,E Explanation:

Unsure about these answers:

-> A public key infrastructure must be deployed.

-> Windows Firewall must be enabled on all profiles.

-> ISATAP in the corporate network is not supported. If you are using ISATAP, you should remove it and use native IPv6.

-> Computers that are running the following operating systems are supported as DirectAccess clients:

Windows Server庐 2012 R2 Windows 8.1 Enterprise

Windows Server庐 2012

Windows 8 Enterprise Windows Server庐 2008 R2 Windows 7 Ultimate

Windows 7 Enterprise

-> Force tunnel configuration is not supported with KerbProxy authentication.

-> Changing policies by using a feature other than the DirectAccess management console or Windows PowerShell cmdlets is not supported.

-> Separating NAT64/DNS64 and IPHTTPS server roles on another server is not supported.

Question No: 87 – (Topic 1)

You manage a server that runs Windows Server 2012 R2. The server has the Windows Deployment Services server role installed.

You start a virtual machine named VM1 as shown in the exhibit. (Click the Exhibit button.)

Ensurepass 2018 PDF and VCE

You need to configure a pre-staged device for VM1 in the Windows Deployment Services console.

Which two values should you assign to the device ID? (Each correct answer presents a complete solution. Choose two.)

A. 979708BFC04B45259FE0C4150BB6C618

B. 979708BF-C04B-4525-9FE0-C4150BB6C618

C. 00155D000F1300000000000000000000

D. 0000000000000000000000155D000F13

E. 00000000-0000-0000-0000-C4150BB6C618

Answer: B,D Explanation:

Use client computer#39;s media access control (MAC) address preceded with twenty zeros or the globally unique identifier (GUID) in the format: {XXXXXXXX-XXXX-XXXX-XXX- XXXXXXXXXXXX}.

Reference: http: //technet. microsoft. com/en-us/library/cc754469. aspx

Question No: 88 – (Topic 1)

You have a file server that has the File Server Resource Manager role service installed.

You open the File Server Resource Manager console as shown in the exhibit. (Click the Exhibit button.)

Ensurepass 2018 PDF and VCE

You need to ensure that all of the folders in Folder1 have a 100-MB quota limit. What should you do?

  1. Run the Update FsrmQuotacmdlet.

  2. Run the Update-FsrmAutoQuotacmdlet.

  3. Create a new quota for Folder1.

  4. Modify the quota properties of Folder1.

Answer: C Explanation:

By using auto apply quotas, you can assign a quota template to a parent volume or folder. Then File Server Resource Manager automatically generates quotas that are based on that template. Quotas are generated for each of the existing subfolders and for subfolders that you create in the future.

Ensurepass 2018 PDF and VCE

Ref: http://technet.microsoft.com/en-us/library/cc731577.aspx

Question No: 89 – (Topic 1)

You have a server named Server1 that runs Windows Server 2012 R2.

On Server1, you configure a custom Data Collector Set (DCS) named DCS1. DCS1 is

configured to store performance log data in C:\Logs.

You need to ensure that the contents of C:\Logs are deleted automatically when the folder reaches 100 MB in size.

What should you configure?

  1. A File Server Resource Manager (FSRM) file screen on the C:\Logs folder

  2. The Data Manager settings of DCS1

  3. A schedule for DCS1

  4. A File Server Resource Manager (FSRM) quota on the C:\Logs folder

    Answer: B Explanation:

    To configure data management for a Data Collector Set

    1. In Windows Performance Monitor, expand Data Collector Sets and click User Defined.

    2. In the console pane, right-click the name of the Data Collector Set that you want to configure and click Data Manager.

    3. On the Data Manager tab, you can accept the default values or make changes according to your data retention policy. See the table below for details on each option.

      When Minimum free disk or Maximum folders is selected, previous data will be deleted according to the Resource policy you choose (Delete largest or Delete oldest) when the limit is reached. When Apply policy before the data collector set starts is selected, previous data will be deleted according to your selections before the data collector set creates its next log file.

      When Maximum root path size is selected, previous data will be deleted according to your selections when the root log folder size limit is reached.

    4. Click the Actions tab. You can accept the default values or make changes. See the table below for details on each option.

    5. When you have finished making your changes, click OK.

      Question No: 90 – (Topic 1)

      Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.

      Server1 hosts 10 virtual machines. A virtual machine named VM1 runs Windows Server 2012 R2 and hosts a processor-intensive application named App1.

      Users report that App1 responds more slowly than expected.

      You need to monitor the processor usage on VM1 to identify whether changes must be made to the hardware settings of VM1.

      Which performance object should you monitor on Server1?

      1. Processor

      2. Hyper-V Hypervisor Virtual Processor

      3. Hyper-V Hypervisor Logical Processor

      4. Hyper-V Hypervisor Root Virtual Processor

      5. Process

Answer: C Explanation:

In the simplest way of thinking the virtual processor time is cycled across the available logical processors in a round-robin type of fashion. Thus all the processing power gets used over time, and technically nothing ever sits idle.

To accurately measure the processor utilization of a guest operating system, use the 鈥淺Hyper-V Hypervisor Logical Processor (Total)\% Total Run Time鈥?performance monitor counter on the Hyper-V host operating system.

100% Ensurepass Free Download!
Download Free Demo:70-411 Demo PDF
100% Ensurepass Free Guaranteed!
Download 2018 EnsurePass 70-411 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com