Administering Windows Server 2012 v1.0 (70-411)

Page:    1 / 21   
Total 305 questions

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.
All client computers run Windows 8.1 Enterprise.
DC1 contains a Group Policy object (GPO) named GPO1.
You need to deploy a VPN connection to all users.
What should you configure from User Configuration in GPO1?

  • A. Policies/Administrative Templates/Network/Windows Connect Now
  • B. Policies/Administrative Templates/Network/Network Connections
  • C. Policies/Administrative Templates/Windows Components/Windows Mobility Center
  • D. Preferences/Control Panel Settings/Network Options


Answer : D

Explanation:
-> Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit.
-> In the console tree under Computer Configuration or User Configuration, expand the Preferences folder, and then expand the Control Panel Settings folder.
-> Right-click the Network Options node, point to New, and select VPN Connection.
The Network Options extension allows you to centrally create, modify, and delete dial-up networking and virtual private network (VPN) connections. Before you create a network option preference item, you should review the behavior of each type of action possible with the extension.


Reference:
http://technet.microsoft.com/en-us/library/cc772449.aspx

Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8.1.
The network contains a shared folder named FinancialData that contains five files.
You need to ensure that the FinancialData folder and its contents are copied to all of the client computers.
Which two Group Policy preferences should you configure? (Each correct answer presents part of the solution. Choose two.)

  • A. Shortcuts
  • B. Network Shares
  • C. Environment
  • D. Folders
  • E. Files


Answer : DE

Explanation:
Folder preference items allow you to create, update, replace, and delete folders and their contents. (To configure individual files rather than folders, see Files
Extension.) Before you create a Folder preference item, you should review the behavior of each type of action possible with this extension.
File preference items allow you to copy, modify the attributes of, replace, and delete files. (To configure folders rather than individual files, see Folders Extension.)
Before you create a File preference item, you should review the behavior of each type of action possible with this extension.

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
You have a Group Policy object (GPO) named GPO1 that contains hundreds of settings. GPO1 is linked to an organizational unit (OU) named OU1. OU1 contains
200 client computers.
You plan to unlink GPO1 from OU1.
You need to identify which GPO settings will be removed from the computers after GPO1 is unlinked from OU1.
Which two GPO settings should you identify? (Each correct answer presents part of the solution. Choose two.)

  • A. The managed Administrative Template settings
  • B. The unmanaged Administrative Template settings
  • C. The System Services security settings
  • D. The Event Log security settings
  • E. The Restricted Groups security settings


Answer : AD

Explanation:
There are two kinds of Administrative Template policy settings: Managed and Unmanaged . The Group Policy service governs Managed policy settings and removes a policy setting when it is no longer within scope of the user or computer.
References:
http://technet.microsoft.com/en-us/library/cc778402(v=ws.10).aspx http://technet.microsoft.com/en-us/library/bb964258.aspx

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8.1 Enterprise and Microsoft Office 2013.
You implement a Group Policy central store.
You need to modify the default Microsoft Office 2013 Save As location for all client computers.
The solution must minimize administrative effort.
What should you configure in a Group Policy object (GPO)?

  • A. The Group Policy preferences
  • B. An application control policy
  • C. The Administrative Templates
  • D. The Software Installation settings


Answer : A

Explanation:
Group Policy preferences provide the means to simplify deployment and standardize configurations. They add to Group Policy a centralized system for deploying preferences (that is, settings that users can change later). You can also use Group Policy preferences to configure applications that are not Group Policy-aware.
By using Group Policy preferences, you can change or delete almost any registry setting, file or folder, shortcut, and more. You are not limited by the contents of
Administrative Template files.
References:
http://technet.microsoft.com/en-us/library/dn581922.aspx
https://trekker.net/archives/set-the-default-save-location-to-computer-in-office-2013/

HOTSPOT -
Your network contains an Active Directory domain named contoso.com.
You have several Windows PowerShell scripts that execute when users log on to their client computer.
You need to ensure that all of the scripts execute completely before the users can access their desktop.
Which setting should you configure? To answer, select the appropriate setting in the answer area.
Hot Area:




Answer :

Explanation:

Run logon scripts synchronously -
Directs the system to wait for logon scripts to finish running before it starts the Windows Explorer interface program and creates the desktop.
If you enable this policy, Windows Explorer does not start until the logon scripts have finished running. This setting assures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop.
If you disable this policy or do not configure it, the logon scripts and Windows Explorer are not synchronized and can run simultaneously.
References:
http://technet.microsoft.com/en-us/library/cc738773(v=ws.10).aspx

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
The domain contains 200 Group Policy objects (GPOs) and 100 WMI filters.
An administrator named Admin1 must be able to create new WMI filters and edit all of the existing WMI filters from the Group Policy Management Console
(GPMC).
You need to delegate the required permissions to Admin1. The solution must minimize the number of permissions assigned to Admin1.
What should you do?

  • A. From Active Directory Users and Computers, add Admin1 to the WinRMRemoteWMIUsers__group.
  • B. From Group Policy Management, assign Creator Owner to Admin1 for the WMI Filters container.
  • C. From Active Directory Users and Computers, add Admin1 to the Domain Admins group.
  • D. From Group Policy Management, assign Full control to Admin1 for the WMI Filters container.


Answer : D

Explanation:
Users with Full control permissions can create and control all WMI filters in the domain, including WMI filters created by others.
Users with Creator owner permissions can create WMI filters, but can only control WMI filters that they create.
Reference:
http://technet.microsoft.com/en-us/library/cc757429(v=ws.10).aspx

HOTSPOT -
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
You have a client named Client1 that is configured as an 802.1X supplicant.
You need to configure Server1 to handle authentication requests from Client1. The solution must minimize the number of authentication methods enabled on
Server1.
Which authentication method should you enable? To answer, select the appropriate authentication method in the answer area.
Hot Area:




Answer :

Explanation:
Microsoft Windows uses EAP to authenticate network access for Point-to-Point Protocol(PPP) connections (dial-up and virtual private network) and for IEEE
802.1X-based network access to authenticating Ethernet switches and wireless access points (APs).
References:
http://technet.microsoft.com/en-us/library/bb457039.aspx

HOTSPOT -
Your network contains an Active Directory domain named contoso.com. The domain contains several DNS servers.
All DNS servers host a DNS zone named adatum.com. The adatum.com zone is not Active Directory-integrated.
An administrator modifies the start of authority (SOA) record for the adatum.com zone.
After the modification, you discover that when you add or modify DNS records in the adatum.com zone, the changes are not transferred to the DNS servers that host secondary copies of the adatum.com zone.
You need to ensure that the records are transferred to all the copies of the adatum.com zone.
What should you modify in the SOA record for the adatum.com zone?
To answer, select the appropriate setting in the answer area.
Hot Area:




Answer :

Explanation:
When a DNS server receives an update through Active Directory replication:
If the serial number of the replicated record is higher than the serial number in the SOA record of the local copy of the zone, the local zone serial number is set to the serial number in the replicated record.
Note Each DNS record in the zone has a copy of the zone serial number at the time when the record was last modified.
If the serial number of the replicated record is the same or lower than the local serial number, and if the local DNS server is configured not to allow zone transfer of the zone, the local zone serial number is not changed.
If the serial number of the replicated record is the same or lower than the local zone serial number, if the DNS server is configured to allow a zone transfer of the zone, and if the local zone serial number has not been changed since the last zone transfer occurred to a remote DNS server, then the local zone serial number will be incremented. Otherwise that is if a copy of the zone with the current local zone serial number has not been transferred to a remote DNS server, the local zone serial number is not changed.

HOTSPOT -
Your network contains an Active Directory domain named contoso.com.
You implement DirectAccess.
You need to view the properties of the DirectAccess connection.
Which connection properties should you view? To answer, select the appropriate connection properties in the answer area.
Hot Area:




Answer :

Your network contains two DNS servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 hosts a primary zone for contoso.com. Server2 hosts a secondary zone for contoso.com.
You need to ensure that Server2 replicates changes to the contoso.com zone every five minutes.
Which setting should you modify in the start of authority (SOA) record?

  • A. Retry interval
  • B. Expires after
  • C. Minimum (default) TTL
  • D. Refresh interval


Answer : D

Explanation:
By default, the refresh interval for each zone is set to 15 minutes. The refresh interval is used to determine how often other DNS servers that load and host the zone must attempt to renew the zone.


Your network contains two Active Directory domains named contoso.com and adatum.com.
The network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed. Server1 has a copy of the contoso.com DNS zone.
You need to configure Server1 to resolve names in the adatum.com domain. The solution must meet the following requirements:
Prevent the need to change the configuration of the current name servers that host zones for adatum.com. Minimize administrative effort.
Which type of zone should you create?

  • A. Secondary
  • B. Stub
  • C. Reverse lookup
  • D. Primary


Answer : B

Explanation:
When a zone that this DNS server hosts is a stub zone, this DNS server is a source only for information about the authoritative name servers for this zone. The zone at this server must be obtained from another DNS server that hosts the zone. This DNS server must have network access to the remote DNS server to copy the authoritative name server information about the zone. is a copy of a zone that contains only necessary resource records (Start of Authority (SOA), Name Server (NS), and Address/Host (A) record) in the master zone and acts as a pointer to the authoritative name server. The stub zone allows the server to forward queries to the name server that is authoritative for the master zone without going up to the root name servers and working its way down to the server. While a stub zone can improve performance, it does not provide redundancy or load sharing.


You can use stub zones to:
-> Keep delegated zone information current. By updating a stub zone for one of its child zones regularly, the DNS server that hosts both the parent zone and the stub zone will maintain a current list of authoritative DNS servers for the child zone.
-> Improve name resolution. Stub zones enable a DNS server to perform recursion using the stub zone's list of name servers, without having to query the Internet or an internal root server for the DNS namespace.
-> Simplify DNS administration. By using stub zones throughout your DNS infrastructure, you can distribute a list of the authoritative DNS servers for a zone without using secondary zones. However, stub zones do not serve the same purpose as secondary zones, and they are not an alternative for enhancing redundancy and load sharing.
There are two lists of DNS servers involved in the loading and maintenance of a stub zone:
-> The list of master servers from which the DNS server loads and updates a stub zone. A master server may be a primary or secondary DNS server for the zone.
In both cases, it will have a complete list of the DNS servers for the zone.
-> The list of the authoritative DNS servers for a zone. This list is contained in the stub zone using name server (NS) resource records.
When a DNS server loads a stub zone, such as widgets. tailspintoys.com, it queries the master servers, which can be in different locations, for the necessary resource records of the authoritative servers for the zone widgets. tailspintoys.com. The list of master servers may contain a single server or multiple servers, and it can be changed anytime.
References:
http://technet.microsoft.com/en-us/library/cc771898.aspx
http://technet.microsoft.com/en-us/library/cc754190.aspx
http://technet.microsoft.com/en-us/library/cc730980.aspx

Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers named DC1, DC2, DC3, DC4, DC5, and DC6.
Each domain controller has the DNS Server server role installed and hosts an Active Directory-integrated zone for contoso.com.
You plan to create a new Active Directory-integrated zone named litwareinc.com that will be used for testing.
You need to ensure that the new zone will be available only on DC5 and DCG.
What should you do first?

  • A. Change the zone replication scope.
  • B. Create an Active Directory connection object.
  • C. Create an Active Directory site link.
  • D. Create an application directory partition.


Answer : D

Explanation:
You can store Domain Name System (DNS) zones in the domain or application directory partitions of Active Directory Domain Services (AD DS). A partition is a data structure in AD DS that distinguishes data for different replication purposes. When you create an application directory partition for DNS, you can control the scope of replication for the zone that is stored in that partition.

HOTSPOT -
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has two network adapters and is located in a perimeter network.
You need to install the RIP version 2 routing protocol on Server1.
Which node should you use to add the RIP version 2 routing protocol?
To answer, select the appropriate node in the answer area.
Hot Area:




Answer :

Explanation:


Your network contains an Active Directory domain named contoso.com. The domain contains a server named NPS1 that has the Network Policy Server server role installed. All servers run Windows Server 2012 R2.
You install the Remote Access server role on 10 servers.
You need to ensure that all of the Remote Access servers use the same network policies.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  • A. Configure each Remote Access server to use the Routing and Remote Access service (RRAS) to authenticate connection requests.
  • B. On NPS1, create a remote RADIUS server group. Add all of the Remote Access servers to the remote RADIUS server group.
  • C. On NPS1, create a new connection request policy and add a Tunnel-Type and a Service-Type condition.
  • D. Configure each Remote Access server to use a RADIUS server named NPS1.
  • E. On NPS1, create a RADIUS client template and use the template to create RADIUS clients.


Answer : CD

Explanation:
Connection request policies are sets of conditions and settings that allow network administrators to designate which RADIUS servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting.
When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the domain where the user or computer account is located. For example, if you want to forward connection requests to one or more RADIUS servers in untrusted domains, you can configure NPS as a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain.
To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages.
Reference:
http://technet.microsoft.com/en-us/library/cc730866(v=ws.10).aspx

HOTSPOT -
You have a server named Server1 that has the Web Server (IIS) server role installed.
You obtain a Web Server certificate.
You need to configure a website on Server1 to use Secure Sockets Layer (SSL).
To which store should you import the certificate? To answer, select the appropriate store in the answer area.
Hot Area:




Answer :

Explanation:
When you enable secure communications (SSL and TLS) on an Internet Information Services (IIS) computer, you must first obtain a server certificate.
If it is a Self-Signed certificate, it only can be used on the local server machine.
If it is a public certificate, you'll need to download the CA root certificate of the certificate and install the CA root certificate into the Trusted Root Certificate
Authorities store.
Root certificates provide a level of trust that certificates that are lower in the hierarchy can inherit. Each certificate is inspected for a parent certificate until the search reaches the root certificate.
References:
http://technet.microsoft.com/en-us/library/cc740068(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc700805.aspx http://www.sqlservermart.com/HowTo/Windows_Import_Certificate.aspx http://msdn.microsoft.com/en-us/library/windows/hardware/ff553506(v=vs.85).aspx http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis http://support.microsoft.com/kb/299875/en-us http://technet.microsoft.com/en-us/library/dd163531.aspx http://blogs.msdn.com/b/mosharaf/archive/2006/10/30/using-test-certificate-with-reporting-services-2005-to-establish-ssl-connection.aspx

Page:    1 / 21   
Total 305 questions