Microsoft 70-411 Exam Questions & Practice Test – Free Download (21-30)

Microsoft 70-411 Exam Questions & Practice Test – Free Download (21-30)

QUESTION 21
Your network contains a single Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that hosts the primary DNS zone for contoso.com All servers dynamically register their host names.
You install the new Web servers that host identical copies of your company’s intranet website. The servers are configured as shown in the following table.

image
You need to use DNS records to load balance name resolution queries for intranet.contoso.com between the two Web servers.
What is the minimum number of DNS records that you should create manually?

A.    1
B.    2
C.    3
D.    4

Answer: B
Explanation:
An A records for each IP is needed
intranet.contoso.com > 10.0.0.20
intranet.contoso.com > 10.0.0.21
intranet.contoso.com > 10.0.0.22
http://technet.microsoft.com/en-us/library/cc772506.aspx
http://technet.microsoft.com/en-us/library/gg398251.aspx

QUESTION 22
You have a Direct Access Server named Server1 running Server 2012 R2.
You need to add prevent users from accessing websites from an Internet connection
What should you configure?

A.    Split Tunneling
B.    Security Groups
C.    Force Tunneling
D.    Network Settings

Answer: C
Explanation:
To make Internet resources available to DirectAccess clients that use force tunneling, you can use a proxy server, which can receive IPv6-based requests for Internet resources and translate them to requests for IPv4-based Internet resources.
http://technet.microsoft.com/en-us/library/jj134204.aspx#BKMK_forcetunnel http://blogs.technet.com/b/tomshinder/archive/2010/03/30/more-on-directaccess-split-tunneling-and-force- tunneling.aspx

QUESTION 23
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DL1.
You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder 1.
You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages.
What should you do?

A.    From File Explorer, modify the Classification tab of Folder1.
B.    From the File Server Resource Manager console, modify the Email Notifications settings.
C.    From the File Server Resource Manager console, set a folder management property.
D.    From File Explorer, modify the Customize tab of Folder1.

Answer: C
Explanation:
To specify a separate access-denied message for a shared folder by using File Server Resource Manager
See step 3 below.
Open File Server Resource Manager. In Server Manager, click Tools, and then click File Server Resource Manager.
Expand File Server Resource Manager (Local), and then click Classification Management.
Right-click Classification Properties, and then click Set Folder Management Properties.
In the Property box, click Access-Denied Assistance Message, and then click Add. Click Browse, and then choose the folder that should have the custom access- denied message.
In the Value box, type the message that should be presented to the users when they cannot access a resource within that folder. You can add macros to the message that will insert customized text. The macros include:
uk.co.certification.simulator.d.l@24b940d8
Click OK, and then click Close.

QUESTION 24
Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run Windows Server 2008, Windows Server 2008 R2 Windows Server 2012, and Windows Server 2012 R2.
A domain controller named DC1 runs Windows Server 2012 R2. DC1 is backed up daily.
During routine maintenance, you delete a group named Group1.
You need to recover Group1 and identify the names of the users who were members of Group1 prior to its deletion. You want to achieve this goal by using the minimum amount of administrative effort.
What should you do first?

A.    Perform an authoritative restore of Group1.
B.    Mount the most recent Active Directory backup.
C.    Use the Recycle Bin to restore Group1.
D.    Reactivate the tombstone of Group1.

Answer: A

QUESTION 25
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.
You have a Group Policy object (GPO) named GPO1 that contains several custom Administrative templates. You need to filter the GPO to display only settings that will be removed from the registry when the GPO falls out of scope. The solution must only display settings that are either enabled or disabled and that have a comment.
How should you configure the filter? To answer, select the appropriate options below. Select three.

image

A.    Set Managed to: Yes
B.    Set Managed to: No
C.    Set Managed to: Any
D.    Set Configured to: Yes
E.    Set Configured to: No
F.    Set Configured to: Any
G.    Set Commented to: Yes
H.    Set Commented to: No
I.    Set Commented to: Any

Answer: AFG
Explanation:
A: Set Managed to: Yes
There are two kinds of Administrative Template policy settings: Managed and Unmanaged. The Group Policy Client service governs Managed policy settings and removes a policy setting when it is no longer within scope of the user or computer.
F: Set Configured to: Any
We want to display both settings that are enable and disabled.
G: Set Commented to: Yes
Only settings that are commented should be displayed.
Note: Filter with Property Filters
The Local Group Policy Editor allows you to change the criteria for displaying Administrative Template policy settings. By default, the editor displays all policy settings, including unmanaged policy settings. However, you can use property filters to change how the Local Group Policy Editor displays Administrative Template policy settings.
There are three inclusive property filters that you can use to filter Administrative Templates. These property filters include:
Managed
Configured
Commented

QUESTION 26
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed.
You need to enable trace logging for Network Policy Server (NPS) on Server1.
Which tool should you use?

A.    The tracert.exe command
B.    The Network Policy Server console
C.    The Server Manager console
D.    The netsh.exe command

Answer: D
Explanation:
You can use log files on servers running Network Policy Server (NPS) and NAP client computers to help troubleshoot NAP problems. Log files can provide the detailed information required for troubleshooting complex problems.
You can capture detailed information in log files on servers running NPS by enabling remote access tracing. The Remote Access service does not need to be installed or running to use remote access tracing. When you enable tracing on a server running NPS, several log files are created in %windir%\tracing.
The following log files contain helpful information about NAP:
IASNAP.LOG: Contains detailed information about NAP processes, NPS authentication, and NPS authorization.
IASSAM.LOG: Contains detailed information about user authentication and authorization.
Membership in the local Administrators group, or equivalent, is the minimum required to enable tracing. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups
(http://go.microsoft.com/fwlink/?LinkId=83477).
To create tracing log files on a server running NPS
Open a command line as an administrator.
Type netshras set tr * en.
Reproduce the scenario that you are troubleshooting.
Type netshras set tr * dis.
Close the command prompt window.
http://technet.microsoft.com/en-us/library/dd348461%28v=ws.10%29.aspx

QUESTION 27
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named dcl.contoso.com.
You discover that the Default Domain Policy Group Policy objects (GPOs) and the Default Domain Controllers Policy GPOs were deleted.
You need to recover the Default Domain Policy and the Default Domain Controllers Policy GPOs.
What should you run?

A.    dcgpofix.exe /target:domain
B.    gpfixup.exe /dc:dc1.contoso.co,n
C.    dcgpofix.exe /target:both
D.    gptixup.exe /oldnb:contoso /newnb:dc1

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/hh875588(v=ws.10).aspx

QUESTION 28
Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2.
You have a Password Settings object (PSOs) named PSO1.
You need to view the settings of PSO1.
Which tool should you use?

A.    Group Policy Management
B.    Server Manager
C.    Get-ADAccountResultantPasswordReplicationPolicy
D.    Active Directory Administrative Center

Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc770848(v=ws.10).aspx
Incorrect:
* Get-ADFineGrainedPasswordPolicy
Gets one or more Active Directory fine grained password policies.
* To store fine-grained password policies, Windows Server 2008 includes two new object classes in the Active Directory Domain Services (AD DS) schema:
Password Settings Container
Password Settings
The Password Settings Container (PSC) object class is created by default under the System container in the domain. It stores the Password Settings objects (PSOs) for that domain.

QUESTION 29
Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
You need to prevent all of the GPOs at the site level and at the domain level from being applied to users and computers in an organizational unit (OU) named OU1.
You want to achieve this goal by using the minimum amount of Administrative effort.
What should you use?

A.    dcgpofix
B.    Get-GPOReport
C.    Gpfixup
D.    Gpresult
E.    Gptedit.msc
F.    Import-GPO
G.    Import-GPO
H.    Restore-GPO
I.    Set-GPInheritance
J.    Set-GPLink
K.    Set-GPPermission
L.    Gpupdate
M.    Add-ADGroupMember

Answer: I
Explanation:
http://technet.microsoft.com/en-us/library/ee461032.aspx
http://technet.microsoft.com/en-us/library/cc757050.aspx

QUESTION 30
Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
You have two GPOs linked to an organizational unit (OU) named OU1.
You need to change the precedence order of the GPOs.
What should you use?

A.    dcgpofix
B.    Get-GPOReport
C.    Gpfixup
D.    Gpresult
E.    Gptedit.msc
F.    Import-GPO
G.    Restore-GPO
H.    Set-GPInheritance
I.    Set-GPLink
J.    Set-GPPermission
K.    Gpupdate
L.    Add-ADGroupMember

Answer: I
Explanation:
The Set-GPLink cmdlet sets the properties of a GPO link.
You can set the following properties:
— Enabled. If the GPO link is enabled, the settings of the GPO are applied when Group Policy is processed for the site, domain or OU.
— Enforced. If the GPO link is enforced, it cannot be blocked at a lower-level (in the Group Policy processing hierarchy) container.
— Order. The order specifies the precedence that the settings of the GPO take over conflicting settings in other GPOs that are linked (and enabled) to the same site, domain, or OU. http://technet.microsoft.com/en-us/library/ee461022.aspx

If you want to pass Microsoft 70-411 successfully, donot missing to read latest lead2pass Microsoft 70-411 exam questions.
If you can master all lead2pass questions you will able to pass 100% guaranteed.

http://www.lead2pass.com/70-411.html

         

Author: admin