Act now and download your Microsoft 70-411 test today! Do not waste time for the worthless Microsoft 70-411 tutorials. Download Up to date Microsoft Administering Windows Server 2012 exam with real questions and answers and begin to learn Microsoft 70-411 with a classic professional.

2021 Mar 70-411 free exam

Q51. Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server. 

You need to ensure that only computers that send a statement of health are checked for Network Access Protection (NAP) health requirements. 

Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.) 

A. The Called Station ID constraints 

B. The MS-Service Class conditions 

C. The Health Policies conditions 

D. The NAS Port Type constraints 

E. The NAP-Capable Computers conditions 

Answer: C,E 

Reference: 

http://technet.microsoft.com/en-us/library/cc753603.aspx 

http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx 

http://technet.microsoft.com/en-us/library/cc731560.aspx 


Q52. You have a server named WSUS1 that runs Windows Server 2012 R2. WSUS1 has the Windows Server Update Services server role installed and has one volume. 

You add a new hard disk to WSUS1 and then create a volume on the hard disk. 

You need to ensure that the Windows Server Update Services (WSUS) update files are stored on the new volume. 

What should you do? 

A. From the Update Services console, configure the Update Files and Languages option. 

B. From the Update Services console, run the Windows Server Update Services Configuration Wizard. 

C. From a command prompt, run wsusutil.exe and specify the export parameter. 

D. From a command prompt, run wsusutil.exe and specify the movecontent parameter. 

Answer:

Explanation: 

Local Storage Considerations 

If you decide to store update files on your server, the recommended minimum disk size is 30 GB. However, depending on the synchronization options you specify, you might need to use a larger disk. For example, when specifying advanced synchronization options, as in the following procedure, if you select options to download multiple languages and/or the option to download express installation files, your server disk can easily reach 30 GB. 

Therefore if you choose any of these options, install a larger disk (for example, 100 GB). 

If your disk gets full, you can install a new, larger disk and then move the update files to the new location. To do this, after you create the new disk drive, you will need to run the WSUSutil.exetool (with the movecontent command) to move the update files to the new disk. For this procedure, see Managing WSUS from the Command Line. 

For example, if D:\WSUS1 is the new path for local WSUS update storage, D:\move. log is the path to the log file, and you wanted to copy the old files to the new location, you would type: wsusutil.exe movecontent D:\WSUS1\ D:\move. Log. 

Note: If you do not want to use WSUSutil.exe to change the location of local WSUS update storage, you can also use NTFS functionality to add a partition to the current location of local WSUS update storage. For more information about NTFS, go to Help and Support Center in Windows Server 2003. 

Syntax 

At the command line %drive%\Program Files\Update Services\Tools>, type: 

wsusutilmovecontentcontentpathlogfile -skipcopy [/?] 

The parameters are defined in the following table. 

contentpath - the new root for content files. The path must exist. 

logfile - the path and file name of the log file to create. 

-skipcopy - indicates that only the server configuration should be changed, and that the content files should not be copied. 

/help or /? - displays command-line help for movecontent command. 

References: 

http: //blogs.technet.com/b/sus/archive/2008/05/19/wsus-how-to-change-the-location-where-wsus-stores-updates-locally.aspx 

http: //technet.microsoft.com/en-us/library/cc720475(v=ws.10).aspx http: //technet.microsoft.com/en-us/library/cc708480%28v=ws.10%29.aspx http: //technet.microsoft.com/en-us/library/cc720466(v=ws.10).aspx http: //technet.microsoft.com/en-us/library/cc708480%28v=ws.10%29.aspx 


Q53. Your network has a router named Router1 that provides access to the Internet. You have a server named Server1 that runs Windows Server 2012 R2. Server1 to use Router1 as the default gateway. 

A new router named Router2 is added to the network. Router2 provides access to the Internet. The IP address of the internal interface on Router2 is 10.1.14.2S4. 

You need to configure Server1 to use Router2 to connect to the Internet if Router1 fails. 

What should you do on Server1? 

A. Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 1. 

B. Add 10.1.14.254 as a gateway and set the metric to 1. 

C. Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 500. 

D. Add 10.1.14.254 as a gateway and set the metric to 500. 

Answer:

Explanation: 

To configure the Automatic Metric feature: 

1. In Control Panel, double-click Network Connections. 

2. Right-click a network interface, and then click Properties. 

3. Click Internet Protocol (TCP/IP), and then click Properties. 

4. On the General tab, click Advanced. 

5. To specify a metric, on the IP Settings tab, click to clear the Automatic metric check box, and then enter the metric that you want in the Interface Metric field. 

To manually add routes for IPv4 

Open the Command Prompt window by clicking the Start button Picture of the Start button. 

In the search box, type Command Prompt, and then, in the list of results, click Command Prompt. 

At the command prompt, type route -p add [destination] [mask <netmask>] [gateway] 

[metric <metric>] [if <interface>]. 


Q54. Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. Server1 has a share named Share1. 

When users without permission to Share1 attempt to access the share, they receive the Access Denied message as shown in the exhibit. (Click the Exhibit button.) 

You deploy a new file server named Server2 that runs Windows Server 2012 R2. 

You need to configure Server2 to display the same custom Access Denied message as Server1. 

What should you install on Server2? 

A. The Remote Assistance feature 

B. The Storage Services server role 

C. The File Server Resource Manager role service 

D. The Enhanced Storage feature 

Answer:

Explanation: 

Access-Denied Assistance is a new role service of the File Server role in Windows Server 2012. 

We need to install the prerequisites for Access-Denied Assistance. 

Because Access-Denied Assistance relies up on e-mail notifications, we also need to configure each relevant file server with a Simple Mail Transfer Protocol (SMTP) server address. Let’s do that quickly with Windows PowerShell: 

Set-FSRMSetting -SMTPServer mailserver. nuggetlab.com -AdminEmailAddress admingroup@nuggetlab.com -FromEmailAddress admingroup@nuggetlab.com 

You can enable Access-Denied Assistance either on a per-server basis or centrally via Group Policy. To my mind, the latter approach is infinitely preferable from an administration standpoint. 

Create a new GPO and make sure to target the GPO at your file servers’ Active Directory computer accounts as well as those of your AD client computers. In the Group Policy Object Editor, we are looking for the following path to configure Access-Denied Assistance: \Computer Configuration\Policies\Administrative Templates\System\Access-Denied Assistance 

The Customize message for Access Denied errors policy, shown in the screenshot below, enables us to create the actual message box shown to users when they access a shared file to which their user account has no access. 

What’s cool about this policy is that we can “personalize” the e-mail notifications to give us administrators (and, optionally, file owners) the details they need to resolve the permissions issue quickly and easily. 

For instance, we can insert pre-defined macros to swap in the full path to the target file, the administrator e-mail address, and so forth. See this example: 

Whoops! It looks like you’re having trouble accessing [Original File Path]. Please click Request Assistance to send [Admin Email] a help request e-mail message. Thanks! 

You should find that your users prefer these human-readable, informative error messages to the cryptic, non-descript error dialogs they are accustomed to dealing with. 

The Enable access-denied assistance on client for all file types policy should be enabled to force client computers to participate in Access-Denied Assistance. Again, you must make sure to target your GPO scope accordingly to “hit” your domain workstations as well as your Windows Server 2012 file servers. 

Testing the configuration 

This should come as no surprise to you, but Access-Denied Assistance works only with Windows Server 2012 and Windows 8 computers. More specifically, you must enable the Desktop Experience feature on your servers to see Access-Denied Assistance messages on server computers. 

When a Windows 8 client computer attempts to open a file to which the user has no access, the custom Access-Denied Assistance message should appear: 

If the user clicks Request Assistance in the Network Access dialog box, they see a secondary message: 

At the end of this process, the administrator(s) will receive an e-mail message that contains the key information they need in order to resolve the access problem: 

The user’s Active Directory identity 

The full path to the problematic file 

A user-generated explanation of the problem 

So that’s it, friends! Access-Denied Assistance presents Windows systems administrators with an easy-to-manage method for more efficiently resolving user access problems on shared file system resources. Of course, the key caveat is that your file servers must run Windows Server 2012 and your client devices must run Windows 8, but other than that, this is a great technology that should save admins extra work and end-users extra headaches. 

Reference: http: //4sysops. com/archives/access-denied-assistance-in-windows-server-2012/ 


Q55. Your network contains an Active Directory domain named contoso.com. The network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed. 

You plan to deploy additional servers that have the Network Policy and Access Services server role installed. You must standardize as many settings on the new servers as possible. 

You need to identify which settings can be standardized by using Network Policy Server (NPS) templates. 

Which three settings should you identify? (Each correct answer presents part of the solution. Choose three.) 

A. IP filters 

B. shared secrets 

C. health policies 

D. network policies 

E. connection request policies 

Answer: A,B,C 


Most up-to-date 70-411 practice question:

Q56. Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed. Server1 hosts a primary zone for contoso.com. Server2 hosts a secondary zone for contoso.com. The zone is not configured to notify secondary servers of changes automatically. 

You update several records on Server1. 

You need to force the replication of the contoso.com zone records from Server1 to Server2. 

What should you do from Server2? 

A. Right-click the contoso.com zone and click Reload. 

B. Right-click the contoso.com zone and click Transfer from Master. 

C. Right-click Server2 and click Update Server Data Files. 

D. Right-click Server2 and click Refresh. 

Answer:

Explanation: 

Initiates zone transfer from secondary server Open DNS; In the console tree, right-click the applicable zone and click Transfer from master. 

References: http: //technet. microsoft. com/en-us/library/cc779391%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/cc779391%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/cc786985(v=ws. 10). aspx 

http: //technet. microsoft. com/en-us/library/cc779391(v=ws. 10). aspx 


Q57. Your network contains an Active Directory domain named contoso.com. The domain 

contains a domain controller named DC1 that runs Windows Server 2012 R2. 

You mount an Active Directory snapshot on DC1. 

You need to expose the snapshot as an LDAP server. 

Which tool should you use? 

A. Ldp 

B. ADSI Edit 

C. Dsamain 

D. Ntdsutil 

Answer:

Explanation: 

dsamain /dbpath E:\$SNAP_200704181137_VOLUMED$\WINDOWS\NTDS\ntds. dit /ldapport51389 

Reference: http: //technet. microsoft. com/en-us/library/cc753609(v=ws. 10). aspx 


Q58. Your network contains a single Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that hosts the primary DNS zone for contoso.com. 

All servers dynamically register their host names. 

You install three new Web servers that host identical copies of your company's intranet website. The servers are configured as shown in the following table. 

You need to use DNS records to load balance name resolution queries for intranet.contoso.com between the three Web servers. 

What is the minimum number of DNS records that you should create manually? 

A. 1 

B. 3 

C. 4 

D. 6 

Answer:

Explanation: 

To create DNS Host (A) Records for all internal pool servers 

1. Click Stabrt, click All Programs, click Administrative Tools, and then click DNS. 

2. In DNS Manager, click the DNS Server that manages your records to expand it. 

3. Click Forward Lookup Zones to expand it. 

4. Right-click the DNS domain that you need to add records to, and then click New Host (A or AAAA). 

5. In the Name box, type the name of the host record (the domain name will be automatically appended). 

6. In the IP Address box, type the IP address of the individual Front End Server and then select Create associated pointer (PTR) record or Allow any authenticated user to update DNS records with the same owner name, if applicable. 

7. Continue creating records for all member Front End Servers that will participate in DNS Load Balancing. 

For example, if you had a pool named pool1.contoso.com and three Front End Servers, you would create the following DNS entries: 

Reference: 

http: //technet. microsoft. com/en-us/library/cc772506. aspx 

http: //technet. microsoft. com/en-us/library/gg398251. aspx 


Q59. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. 

You have several Windows PowerShell scripts that execute when users log on to their client computer. 

You need to ensure that all of the scripts execute completely before the users can access their desktop. 

Which setting should you configure? To answer, select the appropriate setting in the answer area. 

Answer: 


Q60. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. 

The domain contains an Edge Server named Server1. Server1 is configured as a DirectAccess server. Server1 has the following settings: 

You run the Remote Access Setup wizard as shown in the following exhibit. (Click the Exhibit button.) 

You need to ensure that client computers on the Internet can establish DirectAccess connections to Server1. 

Which additional name suffix entry should you add from the Remote Access Setup wizard? 

A. A Name Suffix value of dal.contoso.com and a blank DNS Server Address value 

B. A Name Suffix value of Server1.contoso.com and a DNS Server Address value of 65.55.37.62 

C. A Name Suffix value of dal.contoso.com and a DNS Server Address value of 

65.55.37.62 

D. A Name Suffix value of Server1.contoso.com and a blank DNS Server Address value 

Answer:

Explanation: 

Split-brain DNS is the use of the same DNS domain for both Internet and intranet resources. For example, the Contoso Corporation is using split brain DNS; contoso.com is the domain name for intranet resources and Internet resources. Internet users use http: //www.contoso.com to access Contoso’s public Web site and Contoso employees on the Contoso intranet use http: //www.contoso.com to access Contoso’s intranet Web site. A Contoso employee with their laptop that is not a DirectAccess client on the intranet that 

accesses http: //www.contoso.com sees the intranet Contoso Web site. When they take their laptop to the local coffee shop and access that same URL, they will see the public Contoso Web site. 

When a DirectAccess client is on the Internet, the Name Resolution Policy Table (NRPT) sends DNS name queries for intranet resources to intranet DNS servers. A typical NRPT for DirectAccess will have a rule for the namespace of the organization, such as contoso.com for the Contoso Corporation, with the Internet Protocol version 6 (IPv6) addresses of intranet DNS servers. With just this rule in the NRPT, when a user on a DirectAccess client on the Internet attempts to access the uniform resource locator (URL) for their Web site (such as http: //www.contoso.com), they will see the intranet version. 

Because of this rule, they will never see the public version of this URL when they are on the Internet. 

For split-brain DNS deployments, you must list the FQDNs that are duplicated on the Internet and intranet and decide which resources the DirectAccess client should reach, the intranet version or the public (Internet) version. For each name that corresponds to a resource for which you want DirectAccess clients to reach the public version, you must add the corresponding FQDN as an exemption rule to the NRPT for your DirectAccess clients. 

Name suffixes that do not have corresponding DNS servers are treated as exemptions. 

References: 

http: //technet. microsoft. com/en-us/library/ee382323(v=ws. 10). aspx