Exam Code: 70-411 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Administering Windows Server 2012
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass 70-411 Exam.

2021 Mar 70-411 exam

Q21. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. 

You have several Windows PowerShell scripts that execute when client computers start. 

When a client computer starts, you discover that it takes a long time before users are prompted to log on. 

You need to reduce the amount of time it takes for the client computers to start. The solution must not prevent scripts from completing successfully. 

Which setting should you configure? To answer, select the appropriate setting in the answer area. 

Answer: 


Q22. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. 

Server1 has the following role services installed: 

. DirectAccess and VPN (RRAS) 

. Network Policy Server 

Remote users have client computers that run either Windows XP, Windows 7, or Windows 8. 

You need to ensure that only the client computers that run Windows 7 or Windows 8 can establish VPN connections to Server1. 

What should you configure on Server1? 

A. A condition of a Network Policy Server (NPS) network policy 

B. A constraint of a Network Policy Server (NPS) network policy 

C. a condition of a Network Policy Server (NPS) connection request policy 

D. A vendor-specific RADIUS attribute of a Network Policy Server (NPS) connection request policy 

Answer:

Explanation: 

If you want to configure the Operating System condition, click Operating System, and then click Add. In Operating System Properties, click Add, and then specify the operating system settings that are required to match the policy. 

The Operating System condition specifies the operating system (operating system version or service pack number), role (client or server), and architecture (x86, x64, or ia64) required for the computer configuration to match the policy. 


Q23. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed. 

Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DLL. 

You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder1. 

You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages. 

What should you do? 

A. From the File Server Resource Manager console, create a local classification property. 

B. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share - Applications option. 

C. From the File Server Resource Manager console, modify the Access-Denied Assistance settings. 

D. From the File Server Resource Manager console, set a folder management property. 

Answer:


Q24. Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server. 

The network contains two subnets named Subnet1 and Subnet2. Server1 has a DHCP scope for each subnet. 

You need to ensure that noncompliant computers on Subnet1 receive different network policies than noncompliant computers on Subnet2. 

Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.) 

A. The NAP-Capable Computers conditions 

B. The NAS Port Type constraints 

C. The Health Policies conditions 

D. The MS-Service Class conditions 

E. The Called Station ID constraints 

Answer: C,D 

Explanation: 

The NAP health policy server uses the NPS role service with configured health policies and system health validators (SHVs) to evaluate client health based on administrator-defined requirements. Based on results of this evaluation, NPS instructs the DHCP server to provide full access to compliant NAP client computers and to restrict access to client computers that are noncompliant with health requirements. 

If policies are filtered by DHCP scope, then MS-Service Class is configured in policy conditions. 


Q25. You have a file server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed. 

Files created by users in the human resources department are assigned the Department classification property automatically. 

You are configuring a file management task named Task1 to remove user files that have not been accessed for 60 days or more. 

You need to ensure that Task1 only removes files that have a Department classification property of human resources. The solution must minimize administrative effort. 

What should you configure on Task1? 

A. Configure a file screen 

B. Create a condition 

C. Create a classification rule 

D. Create a custom action 

Answer:

Explanation: 

Create a File Expiration Task The following procedure guides you through the process of creating a file management task for expiring files. File expiration tasks are used to automatically move all files that match certain criteria to a specified expiration directory, where an administrator can then back those files up and delete them. Property conditions. Click Add to create a new condition based on the file’s classification. This will open the Property Condition dialog box, which allows you to select a property, an operator to perform on the property, and the value to compare the property against. After clicking OK, you can then create additional conditions, or edit or remove an existing condition. 


Most recent 70-411 download:

Q26. HOTSPOT 

You have a file server named Server1 that runs Windows Server 2012 R2. 

A user named User1 is assigned the modify NTFS permission to a folder named C:\shares and all of the subfolders of C:\shares. 

On Server1, you open File Server Resource Manager as shown in the exhibit. (Click the Exhibit button.) 

To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point. 

Answer: 


Q27. Your network contains an Active Directory domain named adatum.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. 

All client computers run Windows 7. 

You need to ensure that user settings are saved to \\Server1\Users\. 

What should you do? 

A. From the properties of each user account, configure the Home folder settings. 

B. From a Group Policy object (GPO), configure the Folder Redirection settings. 

C. From the properties of each user account, configure the User profile settings. 

D. From a Group Policy object (GPO), configure the Drive Maps preference. 

Answer:

Explanation: 

If a computer is running Windows 2000 Server or later on a network, users can store their profiles on the server. These profiles are called roaming user profiles. 


Q28. Your network contains one Active Directory domain named contoso.com. 

From the Group Policy Management console, you view the details of a Group Policy object (GPO) named GPO1. You need to ensure that the comments field of GPO1 contains a detailed description of 

GPO1. 

What should you do? 

A. From Active Directory Users and Computers, edit the properties of contoso.com/System/Policies/{229DCD27-9D98-ACC2-A6AE-ED765F065FF5}. 

B. Open GPO1 in the Group Policy Management Editor, and then modify the properties of GPO1. 

C. From Notepad, edit \\contoso.com\SYSVOL\ contoso.com\Policies\{229DCD27-9D98-ACC2-A6AE-ED765F065FF5}\gpt.ini. 

D. From Group Policy Management, click View, and then click Customize. 

Answer:

Explanation: Adding a comment to a Group Policy object 

Open the Group Policy Management Console. Expand the.Group Policy Objects.node

. Right-click the Group Policy object you want to comment and then click.Edit.

. In the console tree, right-click the name of the Group Policy object and then click.Properties.

. Click the.Comment.tab. 

Type your comments in the.Comment.box. 

Click.OK 

Reference: Comment a Group Policy Object 

https://technet.microsoft.com/en-us/library/cc770974.aspx 


Q29. Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1. 

The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. 

You need to identify which domain controller must be online when cloning a domain controller. 

Which cmdlet should you use? 

A. Get-ADGroupMember 

B. Get-ADDomainControllerPasswordReplicationPolicy 

C. Get-ADDomainControllerPasswordReplicationPolicyUsage 

D. Get-ADDomain 

E. Get-ADOptionalFeature 

F. Get-ADAccountAuthorizationGroup 

Answer:

Explanation: One requirement for cloning a domain controller is an existing Windows Server 2012 DC that hosts the PDC emulator role. You can run the Get-ADDomain and retrieve which server has the PDC emulator role. 

Example: Command Prompt: C:\PS> 

Get-ADDomain 

Output wouldinclude a line such as: PDCEmulator : Fabrikam-DC1.Fabrikam.com 

Incorrect: 

Not A: The Get-ADGroupMember cmdlet gets the members of an Active Directory group. 

Members can be users, groups, and computers. 

Not E: The Get-ADOptionalFeature cmdlet gets an optional feature or performs a search to retrieve multiple optional features from an Active Directory. 

Not F: The Get-ADAuthorizationGroup cmdlet gets the security groups from the specified user, computer or service accounts token. 

Reference: Step-by-Step: Domain Controller Cloning 

http://blogs.technet.com/b/canitpro/archive/2013/06/12/step-by-step-domain-controller-cloning.aspx 

Reference: Get-ADDomain https://technet.microsoft.com/en-us/library/ee617224.aspx 


Q30. Your network contains an Active Directory domain named adatum.com. 

You have a standard primary zone named adatum.com. 

You need to provide a user named User1 the ability to modify records in the zone. Other users must be prevented from modifying records in the zone. 

What should you do first? 

A. Run the Zone Signing Wizard for the zone. 

B. From the properties of the zone, modify the start of authority (SOA) record. 

C. From the properties of the zone, change the zone type. 

D. Run the New Delegation Wizard for the zone. 

Answer:

Explanation: 

The Zone would need to be changed to a AD integrated zone When you use directory-integrated zones, you can use access control list (ACL) editing to secure a dnsZone object container in the directory tree. This feature provides detailed access to either the zone or a specified resource record in the zone. For example, an ACL for a zone resource record can be restricted so that dynamic updates are allowed only for a specified client computer or a secure group, such as a domain administrators group. This security feature is not available with standard primary zones. 

DNS update security is available only for zones that are integrated into Active Directory. After you integrate a zone, you can use the access control list (ACL) editing features that are available in the DNS snap-in to add or to remove users or groups from the ACL for a specific zone or for a resource record. 

Standard (not an Active Directory integrated zone) has no Security settings: 

You need to firstly change the "Standard Primary Zone" to AD Integrated Zone: 

Now there's Security tab: 

References: http: //technet. microsoft. com/en-us/library/cc753014. aspx 

http: //technet. microsoft. com/en-us/library/cc726034. aspx 

http: //support. microsoft. com/kb/816101