Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(381-382)!

QUESTION 381
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
Server1 has the following BitLocker Drive Encryption (BitLocker) settings:
 clip_image001
You need to ensure that drive D will unlock automatically when Server1 restarts. What command should you run?
To answer, select the appropriate options in the answer area.
 clip_image002
Answer:
 clip_image002[4]

QUESTION 382
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DL1.
You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder 1.
You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages.
What should you do?

A.    From File Explorer, modify the Classification tab of Folder1.
B.    From the File Server Resource Manager console, modify the Email Notifications settings.
C.    From the File Server Resource Manager console, set a folder management property.
D.    From File Explorer, modify the Customize tab of Folder1.

Answer: C
Explanation:
To specify a separate access-denied message for a shared folder by using File Server Resource Manager
See step 3 below.
Open File Server Resource Manager. In Server Manager, click Tools, and then click File Server Resource Manager.
Expand File Server Resource Manager (Local), and then click Classification Management.
Right-click Classification Properties, and then click Set Folder Management Properties.
In the Property box, click Access-Denied Assistance Message, and then click Add. Click Browse, and then choose the folder that should have the custom access- denied message.
In the Value box, type the message that should be presented to the users when they cannot a
ccess a resource within that folder. You can add macros to the message that will insert customized text. The macros include:
uk.co.certification.simulator.d.l@24b940d8
Click OK, and then click Close.

Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(371-380)!

QUESTION 371
Hotspot Question
Your network contains an Active Director domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2.
You have two user accounts named User1 and User2. User1 and User2 are the members of a group named Group1. User1 has the Department value set to Accounting, user2 has the Department value set to Marketing. Both users have the Employee Type value set to Contract Employee.
You create the auditing entry as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[20]
To answer, complete each statement according to the information presented in the exhibit.
Each correct selection is worth one point.
 clip_image001[68]
Answer:
 clip_image001[70]

QUESTION 372
Hotspot Question
You have a server named Server1 that runs Windows Server 2012 R2.
You configure Network Access Protection (NAP) on Server1.
Your company implements a new security policy stating that all client computers must have the latest updates installed. The company informs all employees that they have two weeks to update their computer accordingly.
You need to ensure that if the client computers have automatic updating disabled, they are provided with full access to the network until a specific date and time.
Which two nodes should you configure?
To answer, select the appropriate two nodes in the answer area.
 clip_image001[72]
Answer:
 clip_image001[74]

QUESTION 373
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server server role installed.
You need to allow connections that use 802.1x.
What should you create?

A.    A network policy that uses Microsoft Protected EAP (PEAP) authentication
B.    A network policy that uses EAP-MSCHAP v2 authentication
C.    A connection request policy that uses EAP-MSCHAP v2 authentication
D.    A connection request policy that uses MS-CHAP v2 authentication

Answer: C

QUESTION 374
Drag and Drop Question
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed.
All of the VPN servers on your network use Server1 for RADIUS authentication.
You create a security group named Group1.
You need to configure Network Policy and Access Services (NPAS) to meet the following requirements:
– Ensure that only the members of Group1 can establish a VPN connection to the VPN servers.
– Allow only the members of Group1 to establish a VPN connection to the VPN servers if the members are using client computers that run Windows 8 or later.
Which type of policy should you create for each requirement?
To answer, drag the appropriate policy types to the correct requirements. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 clip_image002[22]
Answer:
 clip_image002[24]

QUESTION 375
Hotspot Question
Your company has four offices. The offices are located in Montreal, Seattle, Sydney, and New York.
The network contains an Active Directory domain named contoso.com. The domain contains a server named Server2 that runs Windows Server 2012 R2. Server2 has the DHCP Server server role installed.
All client computers obtain their IPv4 and IPv6 addresses from DHCP.
You need to ensure that Network Access Protection (NAP) enforcement for DHCP applies to all of the client computers except for the client computers in the New York office.
Which two nodes should you configure?
To answer, select the appropriate two nodes in the answer area.
 clip_image002[26]
Answer:
 clip_image002[28]

QUESTION 376
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
On Server1, you create a network policy named Policy1.
You need to configure Policy1 to ensure that users are added to a VLAN.
Which attributes should you add to Policy1?

A.    Tunnel-Tag, Tunnel-Password, Tunnel-Medium-Type, and Tunnel-Preference
B.    Tunnel-Tag, Tunnel-Server-Auth-ID, Tunnel-Preference, and Tunnel-Pvt-Group-ID
C.    Tunnel-Type, Tunnel-Tag, Tunnel-Medium-Type, and Tunnel-Pvt-Group-ID
D.    Tunnel-Type, Tunnel-Password, Tunnel-Server-Auth-ID, and Tunnel-Pvt-Group-ID

Answer: C

QUESTION 377
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed.
You need to enable trace logging for Network Policy Server (NPS) on Server1.
Which tool should you use?

A.    The tracert.exe command
B.    The Network Policy Server console
C.    The Server Manager console
D.    The netsh.exe command

Answer: D
Explanation:
You can use log files on servers running Network Policy Server (NPS) and NAP client computers to help troubleshoot NAP problems. Log files can provide the detailed information required for troubleshooting complex problems.
You can capture detailed information in log files on servers running NPS by enabling remote access tracing. The Remote Access service does not need to be installed or running to use remote access tracing. When you enable tracing on a server running NPS, several log files are created in %windir%\tracing.
The following log files contain helpful information about NAP:
IASNAP.LOG: Contains detailed information about NAP processes, NPS authentication, and NPS authorization.
IASSAM.LOG: Contains detailed information about user authentication and authorization.
Membership in the local Administrators group, or equivalent, is the minimum required to enable tracing. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups
(http://go.microsoft.com/fwlink/?LinkId=83477).
To create tracing log files on a server running NPS
Open a command line as an administrator.
Type netshras set tr * en.
Reproduce the scenario that you are troubleshooting.
Type netshras set tr * dis.
Close the command prompt window.
http://technet.microsoft.com/en-us/library/dd348461%28v=ws.10%29.aspx

QUESTION 378
Hotspot Question
Your network contains an Active Directory domain named contoso.com. All client computers are configured as DHCP clients.
You link a Group Policy object (GPO) named GPO1 to an organizational unit (OU) that contains all of the client computer accounts.
You need to ensure that Network Access Protection (NAP) compliance is evaluated on all of the client computers.
Which two settings should you configure in GPO1?
To answer, select the appropriate two settings in the answer area.
 clip_image001[76]
Answer:
clip_image001[78] 

QUESTION 379
Your network contains a Network Policy Server (NPS) server named Server1. The network contains a server named SQL1 that has Microsoft SQL Server 2008 R2 installed. All servers run Windows Server 2012 R2.
You configure NPS on Server1 to log c.
You need to ensure that the accounting data is captured if SQL1 fails. The solution must minimize cost.
What should you do?

A.    Implement Failover Clustering.
B.    Implement database mirroring.
C.    Run the Accounting Configuration Wizard.
D.    Modify the SQL Server Logging properties.

Answer: C

QUESTION 380
Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run Windows Server 2008, Windows Server 2008 R2 Windows Server 2012, and Windows Server 2012 R2.
A domain controller named DC1 runs Windows Server 2012 R2. DC1 is backed up daily.
During routine maintenance, you delete a group named Group1.
You need to recover Group1 and identify the names of the users who were members of Group1 prior to its deletion. You want to achieve this goal by using the minimum amount of administrative effort.
What should you do first?

A.    Perform an authoritative restore of Group1.
B.    Mount the most recent Active Directory backup.
C.    Use the Recycle Bin to restore Group1.
D.    Reactivate the tombstone of Group1.

Answer: A
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(361-370)!

QUESTION 361
You have a failover cluster that contains five nodes. All of the nodes run Windows Server 2012 R2. All of the nodes have BitLocker Drive Encryption (BitLocker) enabled.
You enable BitLocker on a Cluster Shared Volume (CSV).
You need to ensure that all of the cluster nodes can access the CSV.
Which cmdlet should you run next?

A.    Unblock-Tpm
B.    Add-BitLockerKeyProtector
C.    Remove-BitLockerKeyProtector
D.    Enable BitLockerAutoUnlock

Answer: B

QUESTION 362
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Deployment Services server role installed.
Server1 contains two boot images and four install images.
You need to ensure that when a computer starts from PXE, the available operating system images appear in a specific order.
What should you do?

A.    Modify the properties of the boot images.
B.    Create a new image group.
C.    Modify the properties of the install images.
D.    Modify the PXE Response Policy.

Answer: C

QUESTION 363
Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012 R2. The forest contains a single domain.
You create a Password Settings object (PSO) named PSO1.
You need to delegate the rights to apply PSO1 to the Active Directory objects in an organizational unit named OU1.
What should you do?

A.    From Active Directory Users and Computers, run the Delegation of Control Wizard.
B.    From Active Directory Administrative Center, modify the security settings of PSO1.
C.    From Group Policy Management, create a Group Policy object (GPO) and link the GPO to OU1.
D.    From Active Directory Administrative Center, modify the security settings of OU1.

Answer: B

QUESTION 364
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Network Policy Server server role installed. The domain contains a server named Server2 that is configured for RADIUS accounting.
Server1 is configured as a VPN server and is configured to forward authentication requests to Server2.
You need to ensure that only Server2 contains event information about authentication requests from connections to Server1.
Which two nodes should you configure from the Network Policy Server console?
To answer, select the appropriate two nodes in the answer area.
 clip_image001[54]
Answer:
 clip_image001[56]

QUESTION 365
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 P.2. Server1 has the Network Policy and Access Services server role installed.
Your company’s security policy requires that certificate-based authentication must be used by some network services.
You need to identify which Network Policy Server (NPS) authentication methods comply with the security policy.
Which two authentication methods should you identify? (Each correct answer presents part of the solution. Choose two.)

A.    MS-CHAP
B.    PEAP-MS-CHAP v2
C.    Chap
D.    EAP-TLS
E.    MS-CHAP v2

Answer: BD
Explanation:
PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and uses server- side public key certificates to authenticate the server. When you use EAP with a strong EAP type, such as TLS with smart cards or TLS with certificates, both the client and the server use certificates to verify their identities to each other.

QUESTION 366
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
An organizational unit (OU) named 0U1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in 0U1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort.
Which tool should you use?

A.    Server Manager
B.    Active Directory Users and Computers
C.    The Gpupdate command
D.    Group Policy Management Console (GPMC)

Answer: D
Explanation:
Starting with Windows Server 2012 and Windows 8, you can now remotely refresh Group Policy settings for all computers in an OU from one central location through the Group Policy Management Console (GPMC). Or you can use the Invoke- GPUpdatecmdlet to refresh Group Policy for a set of computers, not limited to the OU structure, for example, if the computers are located in the default computers container.
 clip_image001[58]
 
 clip_image001[60]

clip_image001[62]
http://technet.microsoft.com/en-us//library/jj134201.aspx http://blogs.technet.com/b/grouppolicy/archive/2012/11/27/group-policy-in-windows-server-2012-using-remote-gpupdate.aspx

QUESTION 367
Your company has a main office and a branch office.
The main office contains a server that hosts a Distributed File System (DFS) replicated folder.
You plan to implement a new DFS server in the branch office.
You need to recommend a solution that minimizes the amount of network bandwidth used to perform the initial synchronization of the folder to the branch office.
You recommend using the Export-DfsrClone and Import-DfsrClonecmdlets.
Which additional command or cmdlet should you include in the recommendation?

A.    Robocopy.exe
B.    Synchost.exe
C.    Export-BcCachePackage
D.    Sync-DfsReplicationGroup

Answer: D

QUESTION 368
You have a cluster named Cluster1 that contains two nodes. Both nodes run Windows Server 2012 R2. Cluster1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2.
You configure a custom service on VM1 named Service1.
You need to ensure that VM1 will be moved to a different node if Service1 fails.
Which cmdlet should you run on Cluster1?

A.    Add-ClusterVmMonitoredItem
B.    Add-ClusterGenericServiceRole
C.    Set-ClusterResourceDependency
D.    Enable VmResourceMetering

Answer: A

QUESTION 69
Hotspot Question
You have a server named Servers that runs Windows Server 2012 R2. Servers has the Windows Deployment Services server role installed.
Server5 contains several custom images of Windows 8.
You need to ensure that when 32-bit client computers start by using PXE, the computers automatically install an image named Image 1.
What should you configure?
To answer, select the appropriate tab in the answer area.
 clip_image001[64]
Answer:
 clip_image001[66]

QUESTION 370
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The network contains several group Managed Service Accounts that are used by four member servers.
You need to ensure that if a group Managed Service Account resets a password of a domain user account, an audit entry is created.
You create a Group Policy object (GPO) named GPO1.
What should you do next?

A.    In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User Account Management. Link GPO1 to the Domain Controllers organizational unit (OU).
B.    In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User Account Management. Move the member servers to a new organizational unit (OU). Link GPO1 to the new OU.
C.    In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive Privilege Use. Link GPO1 to the Domain Controllers organizational unit (OU).
D.    In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive Privilege Use. Move the member servers to a new organizational unit (OU). Link GPO1 to the new OU.

Answer: A
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(351-360)!

QUESTION 351
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. All servers run Windows Server 2012 R2.
You need to collect the error events from all of the servers on Server1. The solution must ensure that when new servers are added to the domain, their error events are collected automatically on Server1.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)

A.    On Server1, create a collector initiated subscription.
B.    On Server1, create a source computer initiated subscription.
C.    From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.
D.    From a Group Policy object (GPO), configure the Configure forwarder resource usage setting.

Answer: BC

QUESTION 352
Your company has a main office and two branch offices. The main office is located in Seattle. The two branch offices are located in Montreal and Miami. Each office is configured as an Active Directory site.
The network contains an Active Directory domain named contoso.com. Network traffic is not routed between the Montreal office and the Miami office.
You implement a Distributed File System (DFS) namespace named \\contoso.com\public. The namespace contains a folder named Folder1. Folder1 has a folder target in each office.
You need to configure DFS to ensure that users in the branch offices only receive referrals to the target in their respective office or to the target in the main office.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)

A.    Set the Ordering method of \\contoso.com\public to Random order.
B.    Set the Advanced properties of the folder target in the Seattle office to Last among all targets.
C.    Set the Advanced properties of the folder target in the Seattle office to First among targets of equal cost.
D.    Set the Ordering method of \\contoso.com\public to Exclude targets outside of the client’s site.
E.    Set the Advanced properties of the folder target in the Seattle office to Last among targets of equal cost.
F.    Set the Ordering method of \\contoso.com\public to Lowest cost.

Answer: CD
Explanation:
Exclude targets outside of the client’s site In this method, the referral contains only the targets that are in the same site as the client. These same-site targets are listed in random order. If no same-site targets exist, the client does not receive a referral and cannot access that portion of the namespace. Note: Targets that have target priority set to "First among all targets" or "Last among all targets" are still listed in the referral, even if the ordering method is set to Exclude targets outside of the client’s site .
Note 2: Set the Ordering Method for Targets in Referrals A referral is an ordered list of targets that a client computer receives from a domain controller or namespace server when the user accesses a namespace root or folder with targets. After the client receives the referral, the client attempts to access the first target in the list. If the target is not available, the client attempts to access the next target.

QUESTION 353
You have a server named Server 1.
You enable BitLocker Drive Encryption (BitLocker) on Server 1.
You need to change the password for the Trusted Platform Module (TPM) chip.
What should you run on Server1?

A.    Manage-bde.exe
B.    Set-TpmOwnerAuth
C.    bdehdcfg.exe
D.    tpmvscmgr.exe

Answer: B
Explanation:
The Set-TpmOwnerAuthcmdlet changes the current owner authorization value of the Trusted Platform Module (TPM) to a new value. You can specify the current owner authorization value or specify a file that contains the current owner authorization value. If you do not specify an owner authorization value, the cmdlet attempts to read the value from the registry.
Use the ConvertTo-TpmOwnerAuthcmdlet to create an owner authorization value. You can specify a new owner authorization value or specify a file that contains the new value.

QUESTION 354
You have a file server that has the File Server Resource Manager role service installed.
You open the File Server Resource Manager console as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[14]
You need to ensure that all of the folders in Folder1 have a 100-MB quota limit.
What should you do?

A.    Run the Update FsrmQuotacmdlet.
B.    Run the Update-FsrmAutoQuotacmdlet.
C.    Create a new quota for Folder1.
D.    Modify the quota properties of Folder1.

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/jj900582.aspx

QUESTION 355
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server2, Server3, and Server4.
Server2 and Server4 host a Distributed File System (DFS) namespace named Namespace1.
You open the DFS Management console as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[16]
To answer, complete each statement according to the information presented in the exhibit.
Each correct selection is worth one point.
 clip_image001[36]
Answer:
 clip_image001[38]

QUESTION 356
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
You create an organizational unit (OU) named OU1 and a Group Policy object (GPO) named GPO1. You link GPO1 to OU1.
You move several file servers that store sensitive company documents to OU1. Each file server contains more than 40 shared folders.
You need to audit all of the failed attempts to access the files on the file servers in OU1. The solution must minimize administrative effort.
Which two audit policies should you configure in GPO1?
To answer, select the appropriate two objects in the answer area.
 clip_image001[40]
Answer:
 clip_image001[42]

QUESTION 357
Your network contains an Active Directory domain named contoso.com. The domain contains five servers. The servers are configured as shown in the following table.
 clip_image001[44]
All desktop computers in contoso.com run Windows 8 and are configured to use BitLocker Drive Encryption (BitLocker) on all local disk drives.
You need to deploy the Network Unlock feature. The solution must minimize the number of features and server roles installed on the network.
To which server should you deploy the feature?

A.    Server1
B.    Server2
C.    Server3
D.    Server4
E.    Server5

Answer: E

QUESTION 358
Hotspot Question
Your network contains 25 Web servers that run Windows Server 2012 R2.
You need to configure auditing policies that meet the following requirements:
– Generate an event each time a new process is created.
– Generate an event each time a user attempts to access a file share.
Which two auditing policies should you configure?
To answer, select the appropriate two auditing policies in the answer area.
 clip_image001[46]
Answer:
clip_image001[48] 

QUESTION 359
Your network contains an Active Directory domain named contoso.com. The domain contains a virtual machine named Server1 that runs Windows Server 2012 R2.
Server1 has a dynamically expanding virtual hard disk that is mounted to drive E.
You need to ensure that you can enable BitLocker Drive Encryption (BitLocker) on drive E.
Which command should you run?

A.    manage-bde -protectors -add c: -startup e:
B.    manage-bde -lock e:
C.    manage-bde -protectors -add e: -startupkey c:
D.    manage-bde -on e:

Answer: D
Explanation:
Manage-bde: on
Encrypts the drive and turns on BitLocker.
Example:
The following example illustrates using the -on command to turn on BitLocker for drive C and add a recovery password to the drive.
manage-bde -on C: -recoverypassword

QUESTION 360
Hotspot Question
You have a file server named Server1 that runs Windows Server 2012 R2.
A user named User1 is assigned the modify NTFS permission to a folder named C:\shares and all of the subfolders of C:\shares.
On Server1, you open File Server Resource Manager as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[18]
To answer, complete each statement according to the information presented in the exhibit.
Each correct selection is worth one point.
 clip_image001[50]
Answer:
 clip_image001[52]
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(341-350)!

QUESTION 341
Your network contains an Active Directory domain named contoso.com. The domain contains three servers. The servers are configured as shown in the following table.
 clip_image001[18]
You need to ensure that end-to-end encryption is used between clients and Server2 when the clients connect to the network by using DirectAccess.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)

A.    From the Remote Access Management Console, reload the configuration.
B.    Add Server2 to a security group in Active Directory.
C.    Restart the IPSec Policy Agent service on Server2.
D.    From the Remote Access Management Console, modify the Infrastructure Servers settings.
E.    From the Remote Access Management Console, modify the Application Servers settings.

Answer: BE
Explanation:
When selecting application servers that require end-to-end encryption and authentication, it is important to note that:
** The selected end-to-end application servers must be members of one or more AD DS security groups.
* The selected end-to-end application servers must run Windows Server 2008 or later.
* The selected end-to-end application servers must be accessible via IPv6 (Native or ISATAP, not NAT64).
* The selected end-to-end application servers can be used with smart cards for an additional level of authorization.

QUESTION 342
Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8.1.
The network contains a shared folder named FinancialData that contains five files.
You need to ensure that the FinancialData folder and its contents are copied to all of the client computers.
Which two Group Policy preferences should you configure? (Each correct answer presents part of the solution. Choose two.)

A.    Shortcuts
B.    Network Shares
C.    Environment
D.    Folders
E.    Files

Answer: DE

QUESTION 343
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
You implement DirectAccess.
You need to view the properties of the DirectAccess connection.
Which connection properties should you view?
To answer, select the appropriate connection properties in the answer area.
 clip_image001[20]
Answer:
 clip_image002
Explanation:
http://technet.microsoft.com/en-us/library/jj613767.aspx
 clip_image002[4]

QUESTION 344
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8.1 Enterprise and Microsoft Office 2013.
You implement a Group Policy central store.
You need to modify the default Microsoft Office 2013 Save As location for all client computers. The solution must minimize administrative effort.
What should you configure in a Group Policy object (GPO)?

A.    The Group Policy preferences
B.    An application control policy
C.    The Administrative Templates
D.    The Software Installation settings

Answer: A

QUESTION 345
Your network contains an Active Directory domain named contoso.com. The domain contains a server named NPS1 that has the Network Policy Server server role installed. All servers run Windows Server 2012 R2.
You install the Remote Access server role on 10 servers.
You need to ensure that all of the Remote Access servers use the same network policies.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)

A.    Configure each Remote Access server to use the Routing and Remote Access service (RRAS) to authenticate connection requests.
B.    On NPS1, create a remote RADIUS server group. Add all of the Remote Access servers to the remote RADIUS server group.
C.    On NPS1, create a new connection request policy and add a Tunnel-Type and a Service-Type condition.
D.    Configure each Remote Access server to use a RADIUS server named NPS1.
E.    On NPS1, create a RADIUS client template and use the template to create RADIUS clients.

Answer: BC
Explanation:
When you configure a remote RADIUS server group in NPS and you configure a connection request policy with the group, you are designating the location where NPS is to forward connection requests.
Note: When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the domain where the user or computer account is located.

QUESTION 346
Your network contains a server named Server1 that has the Network Policy and Access Services server role installed.
All of the network access servers forward connection requests to Server1.
You create a new network policy on Server1.
You need to ensure that the new policy applies only to connection requests from the
192.168.0.0/24 subnet.
What should you do?

A.    Set the Client IP4 Address condition to 192.168.0.0/24.
B.    Set the Client IP4 Address condition to 192.168.0.
C.    Set the Called Station ID constraint to 192.168.0.0/24.
D.    Set the Called Station ID constraint to 192.168.0.

Answer: B
Explanation:
Called Station ID condition specifies the network access server telephone number dialed by access client.
Client IPv4 Address condition specifies the Internet Protocol (IP) version 4 address of the RADIUS client that forwarded the connection request to the NPS server.

QUESTION 347
Hotspot Question
Your network contains an Active Directory named contoso.com.
You have users named User1 and user2.
The Network Access Permission for User1 is set to Control access through NPS Network Policy. The Network Access Permission for User2 is set to Allow access.
A policy named Policy1 is shown in the Policy1 exhibit. (Click the Exhibit button.)
 clip_image001[22]
A policy named Policy2 is shown in the Policy2 exhibit. (Click the Exhibit button.)
 clip_image001[24]
A policy named Policy3 is shown in the Policy3 exhibit. (Click the Exhibit button.)
 clip_image001[26]
For each of the following statements, select Yes if the statement is true. Otherwise, select No. Each correct selection is worth one point.
 clip_image001[28]

Answer:
 clip_image001[30]

QUESTION 348
Drag and Drop Question
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server.
You need to log all DHCP clients that have windows Firewall disabled.
Which three actions should you perform in sequence? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
 clip_image002[6]
Answer:
 clip_image002[8]

QUESTION 349
Drag and Drop Question
You have a WIM file that contains an image of Windows Server 2012 R2.
Recently, a technician applied a Microsoft Standalone Update Package (MSU) to the image.
You need to remove the MSU package from the image.
Which three actions should you perform in sequence?
To answer, move the appropriate three actions from the list of actions to the answer area and arrange them in the correct order.
 clip_image002[10]
Answer:
 clip_image002[12]

QUESTION 350
Hotspot Question
Your company has two offices. The offices are located in Montreal and Seattle.
The network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2. Server1 is located in the Seattle office. Server2 is located in the Montreal office. Both servers run Windows Server 2012 R2 and have the Windows Server Update Services (WSUS) server role installed.
You need to configure Server2 to download updates that are approved on Server1 only.
What cmdlet should you run?
To answer, select the appropriate options in the answer area.
 clip_image001[32]
Answer:

clip_image001[34]
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(331-340)!

QUESTION 331
Your network contains an Active Directory domain named adatum.com.
A network administrator creates a Group Policy central store.
After the central store is created, you discover that when you create new Group Policy objects (GPOs), the GPOs do not contain any Administrative Templates.
You need to ensure that the Administrative Templates appear in new GPOs.
What should you do?

A.    Add your user account to the Group Policy Creator Owners group.
B.    Configure all domain controllers as global catalog servers.
C.    Copy files from %Windir%\Policydefimtions to the central store.
D.    Modify the Delegation settings of the new GPOs.

Answer: C

QUESTION 332
Your network contains two Active Directory forests named contoso.com and dev.contoso.com. The contoso.com forest contains a domain controller named DC1. The dev.contoso.com forest contains a domain controller named DC2. Each domain contains an organizational unit (OU) named OU1.
Dev.contoso.com has a Group Policy object (GPO) named GPO1. GPO1 contains 200 settings, including several settings that have network paths. GPO1 is linked to OU1.
You need to copy GPO1 from dev.contoso.com to contoso.com.
What should you do first on DC2?

A.    From the Group Policy Management console, right-click GPO1 and select Copy.
B.    Run the mtedit.exe command and specify the /Domaintcontoso.com /DC:DC 1 parameter.
C.    Run the Save-NetGpocmdlet.
D.    Run the Backup-Gpocmdlet.

Answer: D

QUESTION 333
You manage a server that runs Windows Server 2012 R2. The server has the Windows Deployment Services server role installed.
You have a desktop computer that has the following configuration:
– Computer name: Computer1
– Operating system: Windows 8
– MAC address: 20-CF-30-65-D0-87
– GUID: 979708BF-C04B-4525-9FE0-C4150BB6C618
You need to configure a pre-staged device for Computer1 in the Windows Deployment Services console.
Which two values should you assign to the device ID? (Each correct answer presents a complete solution. Choose two.)

A.    20CF3065D08700000000000000000000
B.    979708BFC04B45259FE0C4150BB6C618
C.    979708BF-C04B-452S-9FE0-C4150BB6C618
D.    0000000000000000000020CF306SD087
E.    00000000-0000-0000-0000-C41S0BB6C618

Answer: CD
Explanation:
* To add or remove pre-staged client to/from AD DS, specify the name of the computer or the device ID, which is a GUID, media access control (MAC) address, or Dynamic Host Configuration Protocol (DHCP) identifier associated with the computer.
* Example: Remove a device by using its ID from a specified domain This command removes the pre-staged device that has the specified ID. The cmdlet searches the domain named TSQA.Contoso.com for the device.
Windows PowerShell
PS C:\> Remove-WdsClient -DeviceID "5a7a1def-2e1f-4a7b-a792-ae5275b6ef92" -Domain -DomainName "TSQA.Contoso.com"

QUESTION 334
Hotspot Question
You have a server named Server4 that runs Windows Server 2012 R2. Server4 has the Windows Deployment Services server role installed.
Server4 is configured as shown in the exhibit. (Click the Exhibit button.)
 clip_image002
To answer, complete each statement according to the information presented in the exhibit.
Each correct selection is worth one point.
 clip_image001
Answer:
 clip_image001[4]

QUESTION 335
Hotspot Question
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
You need to audit successful and failed attempts to read data from USB drives on the servers.
Which two objects should you configure?
To answer, select the appropriate two objects in the answer area.
 clip_image001[6]
Answer:
 clip_image001[8]

QUESTION 336
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2. Both servers have the DFS Replication role service installed.
You need to configure the DFS Replication environment to meet the following requirements:
– Increase the quota limit of the staging folder.
– Configure the staging folder cleanup process to provide the highest amount of free space possible.
Which cmdlets should you use to meet each requirement?
To answer, select the appropriate options in the answer area.
 clip_image001[10]
Answer:
 clip_image001[12]

QUESTION 337
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DL1.
You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder1.
You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages.
What should you do?

A.    From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share – Advanced option.
B.    From the File Server Resource Manager console, modify the Access-Denied Assistance settings.
C.    From the File Server Resource Manager console, modify the Email Notifications settings.
D.    From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share -Applications option.

Answer: C
Explanation:
Configure the email notification settings You must configure the email notification settings on each file server that will send the access-denied assistance messages.
Open File Server Resource Manager. In Server Manager, click Tools, and then click File Server Resource Manager.
Right-click File Server Resource Manager (Local), and then click Configure Options.
Click the Email Notifications tab.
Configure the following settings:
Click Send Test E-mail to ensure that the email notifications are configured correctly.
Click OK.

QUESTION 338
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
You need to configure Server1 to meet the following requirements:
– Ensure that old files in a folder named Folder1 are archived automatically to a folder named Archive1.
– Ensure that all storage reports are saved to a network share.
Which two nodes should you configure?
To answer, select the appropriate two nodes in the answer area.
 clip_image001[14]
Answer:
 clip_image001[16]

QUESTION 339
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1.
You create a global group named RODC_Admins.
You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on R0DC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects.
What should you do?

A.    From Active Directory Site and Services, configure the Security settings of the RODC1 server object.
B.    From Windows PowerShell, run the Set-ADAccountControlcmdlet.
C.    From a command prompt, run the dsmgmt local roles command.
D.    From Active Directory Users and Computers, configure the Member Of settings of the RODC1 account.

Answer: C
Explanation:
RODC: using the dsmgmt.exe utility to manage local administrators One of the benefits of of RODC is that you can add local administrators who do not have full access to the domain administration. This gives them the abiltiy to manage the server but not add or change active directory objects unless those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt.

QUESTION 340
Your network contains an Active Directory domain named contoso.com.
You need to install and configure the Web Application Proxy role service.
What should you do?

A.    Install the Active Directory Federation Services server role and the Remote Access server role on different servers.
B.    Install the Active Directory Federation Services server role and the Remote Access server role on the same server.
C.    Install the Web Server (IIS) server role and the Application Server server role on the same server.
D.    Install the Web Server (IIS) server role and the Application Server server role on different servers.

Answer: A
Explanation:
AD FS is required to provide authentication and authorization services to Web Application Proxy and to store the Web Application Proxy configuration. Remote Access is the role containing the Web Application Proxy role service. (http://technet.microsoft.com/en-us/library/dn383650.aspx)
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(321-330)!

QUESTION 321
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 are nodes in a Hyper-V cluster named Cluster1. Cluster1 hosts 10 virtual machines. All of the virtual machines run Windows Server 2012 R2 and are members of the domain. You need to ensure that the first time a service named Service1 fails on a virtual machine, the virtual machine is moved to a different node. You configure Service1 to be monitored from Failover Cluster Manager. What should you configure on the virtual machine?

A.    From the Recovery settings of Service1, set the First failure recovery action to Restart the Service.
B.    From the Recovery settings of Service1, set the First failure recovery action to Take No Action.
C.    From the General settings, modify the Startup type.
D.    From the General settings, modify the Service status.

Answer: B

QUESTION 322
Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2, On Server1, you create a Data Collector Set (DCS) named Data1. You need to export Data1 to Server2. What should you do first?

A.    Right-click Data1 and click Data Manager…
B.    Right-click Data1 and click Save template…
C.    Right-click Data1 and click Properties.
D.    Right-click Data1 and click Export list…

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc766318.aspx

QUESTION 323
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1. You make a change to GPO1. You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort. Which tool should you use?

A.    The Set-AdComputercmdlet
B.    Group Policy Object Editor
C.    Active Directory Users and Computers
D.    Group Policy Management Console (GPMC)

Answer: D
Explanation:
In the previous versions of Windows, this was accomplished by having the user run GPUpdate.exe on their computer. Starting with Windows Server 2012 and Windows 8, you can now remotely refresh Group Policy settings for all computers in an OU from one central location through the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdate cmdlet to refresh Group Policy for a set of computers, not limited to the OU structure, for example, if the computers are located in the default computers container.
Note: Group Policy Management Console (GPMC) is a scriptable Microsoft Management Console (MMC) snap-in, providing a single administrative tool for managing Group Policy across the enterprise. GPMC is the standard tool for managing Group Policy.
Incorrect:
Not B: Secedit configures and analyzes system security by comparing your current configuration to at least one template.
Reference: Force a Remote Group Policy Refresh (GPUpdate)

QUESTION 324
Your network contains an Active Directory domain named contoso.com. Network Access Protection (NAP) is deployed to the domain. You need to create NAP event trace log files on a client computer.
What should you run?

A.    Logman
B.    Tracert
C.    Register-EngineEvent
D.    Register-ObjectEvent

Answer: A

QUESTION 325
Your network contains an Active Directory domain named contoso.com. The domain contains client computers that run either Windows XP, Windows 7, or Windows 8. Network Policy Server (NPS) is deployed to the domain. You plan to create a system health validator (SHV). You need to identify which policy settings can be Applied to all of the computers. Which three policy settings should you identify? (Each correct answer presents part of the solution. Choose three.)

A.    A firewall is enabled for all network connections.
B.    An antispyware application is on.
C.    Automatic updating is enabled.
D.    Antivirus is up to date.
E.    Antispyware is up to date.

Answer: ACD
Explanation:
* System health agent (SHA) is a NAP component.
* System health agent (SHA)
A component that checks the state of the client computer to determine whether the settings monitored by the SHA are up-to-date and configured correctly. For example, the Windows Security Health Agent (WSHA) can monitor Windows Firewall, whether antivirus software is installed, enabled, and updated, whether antispyware software is installed, enabled, and updated, and whether Microsoft Update Services is enabled and the computer has the most recent security updates from Microsoft Update Services. There might also be SHAs (and corresponding system health validators) available from other companies that provide different functionality.

QUESTION 326
Drag and Drop Question
Your network contains an Active Directory forest named contoso.com. The forest contains a Network Policy Server (NPS) server named NPS1 and a VPN server named VPN1. VPN1 forwards all authentication requests to NPS1.
A partner company has an Active Directory forest named adatum.com. The adatum.com forest contains an NPS server named NPS2.
You plan to grant users from adatum.com VPN access to your network.
You need to authenticate the users from adatum.com on VPN1.
What should you create on each NPS server?
To answer, drag the appropriate objects to the correct NPS servers. Each object may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 clip_image002[46]
Answer:
 clip_image002[48]

QUESTION 327
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains the users shown in the following table.
 clip_image001[114]
You have a Network Policy Server (NPS) server that has the network policies shown in the following table.
 clip_image001[116]
User1, User2, and User3 plan to connect to the network by using a VPN. You need to identify which network policy will apply to each user.
What should you identify?
To answer, select the appropriate policy for each user in the answer area.
 clip_image001[118]
Answer:
 clip_image001[120]

QUESTION 328
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Server1 has the Network Policy Server server role installed. Server2 has the DHCP Server server role installed. Both servers run Windows Server 2012 R2.
You are configuring Network Access Protection (NAP) to use DHCP enforcement.
You configure a DHCP scope as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[122]
You need to ensure that non-compliant NAP clients receive different DHCP options than compliant NAP clients.
What should you configure on each server?
To answer, select the appropriate options for each server in the answer area.
 clip_image001[124]
Answer:
 clip_image001[126]

QUESTION 329
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The domain contains a server named Server1 that has the Network Policy Server server role and the Remote Access server role installed. The domain contains a server named Server2 that is configured as a RADIUS server.
Server1 provides VPN access to external users.
You need to ensure that all of the VPN connections to Server1 are logged to the RADIUS server on Server2.
What should you run?

A.    Add-RemoteAccessRadius -ServerNameServer1 -AccountingOnOffMsg Enabled – SharedSecret "Secret" -Purpose Accounting
B.    Set-RemoteAccessAccounting -AccountingOnOffMsg Enabled -AccountingOnOffMsg Enabled
C.    Add-RemoteAccessRadius -ServerName Server2 -AccountingOnOffMsg Enabled – SharedSecret "Secret" -Purpose Accounting
D.    Set-RemoteAccessAccounting -EnableAccountingType Inbox -AccountingOnOffMsg Enabled

Answer: C

QUESTION 330
Your network contains four Network Policy Server (NPS) servers named Server1, Server2, Servers, and Server4.
Server1 is configured as a RADIUS proxy that forwards connection requests to a remote RADIUS server group named Group1.
You need to ensure that Server2 and Server3 receive connection requests. Server4 must only receive connection requests if both Server2 and Server3 are unavailable.
How should you configure Group1?

A.    Change the Weight of Server4 to 10.
B.    Change the Weight of Server2 and Server3 to 10.
C.    Change the Priority of Server2 and Server3 to 10.
D.    Change the Priority of Server4 to 10.

Answer: D
Explanation:
During the NPS proxy configuration process, you can create remote RADIUS server groups and then add RADIUS servers to each group. To configure load balancing, you must have more than one RADIUS server per remote RADIUS server group. While adding group members, or after creating a RADIUS server as a group member, you can access the Add RADIUS server dialog box to configure the following items on the Load Balancing tab:
Priority. Priority specifies the order of importance of the RADIUS server to the NPS proxy server. Priority level must be assigned a value that is an integer, such as 1, 2, or 3. The lower the number, the higher priority the NPS proxy gives to the RADIUS server.
For example, if the RADIUS server is assigned the highest priority of 1, the NPS proxy sends connection requests to the RADIUS server first; if servers with priority 1 are not available, NPS then sends connection requests to RADIUS servers with priority 2, and so on. You can assign the same priority to multiple RADIUS servers, and then use the Weight setting to load balance between them.
Weight. NPS uses this Weight setting to determine how many connection requests to send to each group member when the group members have the same priority level. Weight setting must be assigned a value between 1 and 100, and the value represents a percentage of 100 percent. For example, if the remote RADIUS server group contains two members that both have a priority level of 1 and a weight rating of 50, the NPS proxy forwards 50 percent of the connection requests to each RADIUS server.
Advanced settings. These failover settingsprovide a way for NPS to determine whether the remote RADIUS server is unavailable. If NPS determines that a RADIUS server is unavailable, it can start sending connection requests to other group members. With these settings you can configure the number of seconds that the NPS proxy waits for a response from the RADIUS server before it considers the request dropped; the maximum number of dropped requests before the NPS proxy identifies the RADIUS server as unavailable; and the number of seconds that can elapse between requests before the NPS proxy identifies the RADIUS server as unavailable.
The default priority is 1 and can be changed from 1 to 65535. So changing server 2 and 3 to priority 10 is not the way to go.
 clip_image001[128]
http://technet.microsoft.com/en-us/library/dd197433(WS.10).aspx

Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(311-320)!

QUESTION 311
You have 30 servers that run Windows Server 2012 R2. All of the servers are backed up daily by using Windows Azure Online Backup. You need to perform an immediate backup of all the servers to Windows Azure Online Backup. Which Windows PowerShell cmdlets should you run on each server?

A.    Start-OBRegistration | Start-OBBackup
B.    Get-OBPolicy | Start-OBBackup
C.    Get-WBBackupTarget | Start-WBBackup
D.    Get-WBPolicy | Start-WBBackup

Answer: B
Explanation:
A. starts a backup job using a policy
B. Registers the current computer to Windows Azure Backup.
C. Not using Azure
D. Not using Azure
http://technet.microsoft.com/en-us/library/hh770406(v=wps.620).aspx http://technet.microsoft.com/en-us/library/hh770426.aspx
http://technet.microsoft.com/en-us/library/hh770398.aspx

QUESTION 312
You have 20 servers that run Windows Server 2012 R2. You need to create a Windows PowerShell script that registers each server in Windows Azure Online Backup and sets an encryption passphrase. Which two PowerShell cmdlets should you run in the script? (Each correct answer presents part of the solution. Choose two.)

A.    New-OBPolicy
B.    New-OBRetentionPolicy
C.    Add-OBFileSpec
D.    Start-OBRegistration
E.    Set OBMachineSetting

Answer: DE
Explanation:
D: Start-OBRegistration
Registers the current computer with Windows Azure Online Backup using the credentials (username and password) created during enrollment.
E: The Set-OBMachineSettingcmdlet sets aOBMachineSetting object for the server that includes proxy server settings for accessing the internet, network bandwidth throttling settings, and the encryption passphrase that is required to decrypt the files during recovery to another server. Incorrect:
Not C: TheAdd-OBFileSpeccmdlet adds theOBFileSpecobject, which specifies the items to include or exclude from a backup, to the backup policy (OBPolicyobject). TheOBFileSpecobject can include or exclude multiple files, folders, or volumes.
http://technet.microsoft.com/en-us/library/hh770416(v=wps.620).aspx
http://technet.microsoft.com/en-us/library/hh770425(v=wps.620).aspx
http://technet.microsoft.com/en-us/library/hh770424.aspx
http://technet.microsoft.com/en-us/library/hh770398.aspx
http://technet.microsoft.com/en-us/library/hh770409.aspx

QUESTION 313
Your network contains an Active Directory domain named adatum.com. All domain controllers run Windows Server 2008 R2. The domain contains a file server named Server6 that runs Windows Server 2012 R2. Server6 contains a folder named Folder1. Folder1 is shared as Share1. The NTFS permissions on Folder1 are shown in the exhibit. (Click the Exhibit button.)
 clip_image002[44]
The domain contains two global groups named Group1 and Group2. You need to ensure that only users who are members of both Group1 and Group2 are denied access to Folder1. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Remove the Deny permission for Group1 from Folder1.
B.    Deny Group2 permission to Folder1.
C.    Install a domain controller that runs Windows Server 2012 R2.
D.    Create a conditional expression.
E.    Deny Group2 permission to Share1.
F.    Deny Group1 permission to Share1.

Answer: AD
Explanation:
* Conditional Expressions for Permission Entries Windows Server 2008 R2 and Windows 7 enhanced Windows security descriptors by introducing a conditional access permission entry. Windows Server 2012 R2 takes advantage of conditional access permission entries by inserting user claims, device claims, and resource properties, into conditional expressions. Windows Server 2012 R2 security evaluates these expressions and allows or denies access based on results of the evaluation. Securing access to resources through claims is known as claims-based access control. Claims-based access control works with traditional access control to provide an additional layer of authorization that is flexible to the varying needs of the enterprise environment. http://social.technet.microsoft.com/wiki/contents/articles/14269.introducing-dynamicaccess-control-en-us.aspx

QUESTION 314
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. The File Server Resource Manager role service is installed on Server1. All servers run Windows Server 2012 R2. A Group Policy object (GPO) named GPO1 is linked to the organizational unit (OU) that contains Server1. The following graphic shows the configured settings in GPO1.
 clip_image001[110]
Server1 contains a folder named Folder1. Folder1 is shared as Share1. You attempt to configure access-denied assistance on Server1, but the Enable accessdenied assistance option cannot be selected from File Server Resource Manager. You need to ensure that you can configure access- denied assistance on Server1 manually by using File Server Resource Manager. What should you do?

A.    Set the Customize message for Access Denied errors policy setting to Enabled for GPO1.
B.    Set the Enable access-denied assistance on client for all file types policy setting to Enabled for GPO1.
C.    Set the Customize message for Access Denied errors policy setting to Not Configured for GPO1.
D.    Set the Enable access-denied assistance on client for all file types policy setting to Disabled for GPO1.

Answer: C
Explanation:
Ensure that you can configure access-denied assistance
http://technet.microsoft.com/en-us/library/hh831402.aspx#BKMK_1

QUESTION 315
You have a server named FS1 that runs Windows Server 2012 R2. You install the File and Storage Services server role on FS1. From Windows Explorer, you view the properties of a shared folder named Share1 and you discover that the Classification tab is missing. You need to ensure that you can assign classifications to Share1 from Windows Explorer manually. What should you do?

A.    From Folder Options, clear Use Sharing Wizard (Recommend).
B.    Install the File Server Resource Manager role service.
C.    From Folder Options, select Show hidden files, folders, and drives.
D.    Install the Enhanced Storage feature.

Answer: B

QUESTION 316
Your network contains an Active Directory forest named adatum.com. All servers run Windows Server 2012 R2. The domain contains four servers. The servers are configured as shown in the following table.
 clip_image001[112]
You need to deploy IP Address Management (IPAM) to manage DNS and DHCP. On which server should you install IPAM?

A.    Server1
B.    Server2
C.    Server3
D.    Server4

Answer: D
Explanation:
IPAM can not be installed on a Domain Controller.

QUESTION 317
Your company deploys a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2. The forest contains a domain controller named DC10. On DC10; the disk that contains the SYSVOL folder fails. You replace the failed disk. You stop the Distributed File System (DFS) Replication service. You restore the SYSVOL folder. You need to perform a non-authoritative synchronization of SYSVOL on DC10. Which tool should you use before you start the DFS Replication service on DC10?

A.    Ldp
B.    Ultrasound
C.    dfsmgmt.msc (used to be Dfsgui.msc)
D.    Frsutil

Answer: C
Explanation:
Back to original since the answer changed.
===
http://support.microsoft.com/kb/2218556
===
Original C
Which I’d probably pick if it was "dfsmgmt.msc"

QUESTION 318
Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2012 R2. You need to create a custom Active Directory Application partition. Which tool should you use?

A.    Netdom
B.    Ntdsutil
C.    Dsmod
D.    Dsamain

Answer: B
Explanation:
* To create or delete an application directory partition Open Command Prompt.
Type:ntdsutil
At the ntdsutil command prompt, type:domain management
At the domain management command prompt, type:connection At the server connections command prompt, type:connect to server ServerName At the server connections command prompt, type:quit
At the domain management command prompt, do one of the following:
* partition management
Manages directory partitions for Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS).
This is a subcommand of Ntdsutil and Dsmgmt. Ntdsutil and Dsmgmt are command-line tools that are built into Windows Server 2008 and Windows Server 2008 R2.
/ partition management create nc %s1 %s2
Creates the application directory partition with distinguished name %s1, on the Active Directory domain controller or AD LDS instance with full DNS name %s2. If you specify "NULL" for %s2, this command uses the currently connected Active Directory domain controller. Use this command only with AD DS. For AD LDS, use create nc %s1 %s2 %s3.
Note:
* An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the replication of a particular application directory partition hosts a replica of that partition.

QUESTION 319
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. You create an Active Directory snapshot of DC1 each day. You need to view the contents of an Active Directory snapshot from two days ago. What should you do first?

A.    Stop the Active Directory Domain Services (AD DS) service.
B.    Run the ntdsutil.exe command.
C.    Run the dsamain.exe command.
D.    Start the Volume Shadow Copy Service (VSS).

Answer: B
Explanation:
Mounting an Active Directory snapshot Before connecting to the snapshot we need to mount it. By looking at the results of the List All command in step #8 above, identify the snapshot that you wish to mount, and note the number next to it.
In order to mount an Active Directory snapshot follow these steps:
Log on as a member of the Domain Admins group to one of your Windows Server 2008 Domain Controllers.
Open a Command Prompt window by clicking on the CMD shortcut in the Start menu, or by typing CMD and pressing Enter in the Run or Quick Search parts of the Start menu. Note: You must run NTDSUTIL from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.
In the CMD window, type the following command:
ntdsutil
In the CMD window, type the following command:
snapshot
To view all available snapshots, in the CMD window, type the following command:
list all The result should look like this:
snapshot: List All
1: 2008/10/25:03:14 {ec53ad62-8312-426f-8ad4-d47768351c9a}
2: C: {15c6f880-cc5c-483b-86cf-8dc2d3449348}
In this example we only have one snapshot available, one from 2008/10/25 at 03:14AM (yes, I write articles at this time…). We’ll mount this one.
In the CMD window, type the following command:
mount 2
The result should look like this:
snapshot: mount 2
Snapshot {15c6f880-cc5c-483b-86cf-8dc2d3449348} mounted as
C:’$SNAP_200810250314_VOLUMEC$’
Next, you can leave the NTDSUTIL running, or you can quit by typing quit 2 times. Note: Like the above command, the mounting process can also be run in one line.
However, note that
NTDSUTIL requires that the "list all" command be run in the same session that you mount the snapshot. So in order to mount the snapshot with a one-liner, you will need to run "list all" first.
ntdsutil snapshot "list all" "mount 2" quit quit
Note: You do not need to quit from the NTDSUTIL command, you can keep it open assuming that you’ll probably want to unmount the snapshot right after working with it.

QUESTION 320
You have a server named Server1 that runs Windows Server 2012 R2. You need to configure Server1 to create an entry in an event log when the processor usage exceeds 60 percent. Which type of data collector should you create?

A.    an event trace data collector
B.    a performance counter data collector
C.    a performance counter alert
D.    a configuration data collector

Answer: C

Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(301-310)!

QUESTION 301
Your network contains a Hyper-V host named Hyperv1. Hyperv1 runs Windows Server 2012 R2. Hyperv1 hosts four virtual machines named VM1, VM2, VM3, and VM4. All of the virtual machines run Windows Server 2008 R2. You need to view the amount of memory resources and processor resources that VM4 currently uses. Which tool should you use on Hyperv1?

A.    Resource Monitor
B.    Task Manager
C.    Hyper-V Manager
D.    Windows System Resource Manager (WSRM)

Answer: C

QUESTION 302
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. DirectAccess is deployed to the network. Remote users connect to the DirectAccess server by using a variety of network speeds. The remote users report that sometimes their connection is very slow. You need to minimize Group Policy processing across all wireless wide area network (WWAN) connections. Which Group Policy setting should you configure?

A.    Configure Group Policy slow link detection.
B.    Configure wireless policy processing.
C.    Change Group Policy processing to run asynchronously when a slow network connection is detected.
D.    Configure Direct Access connections as a fast network connection.

Answer: A

QUESTION 303
Your network contains a single Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 400 desktop computers that run Windows 8 and 10 desktop computers that run Windows XP Service Pack 3 (SP3). All new desktop computers that are added to the domain run Windows 8. All of the desktop computers are located in an organizational unit (OU) named OU1. You create a Group Policy object (GPO) named GPO1. GPO1 contains startup script settings. You link GPO1 to OU1. You need to ensure that GPO1 is Applied only to computers that run Windows XP SP3. What should you do?

A.    Modify the Security settings of OU1.
B.    Run the Set-GPInheritancecmdlet and specify the -target parameter.
C.    Create and link a WMI filter to GPO1.
D.    Run the Set-GPLinkcmdlet and specify the -target parameter.

Answer: C

QUESTION 304
Your network contains an Active Directory domain named contoso.com. AH servers run Windows Server 2012 R2. The domain contains a server named Server1. You install the Windows PowerShell Web Access gateway on Server1. You need to provide administrators with the ability to manage the servers in the domain by using the Windows PowerShell Web Access gateway. Which two cmdlets should you run on Server1? (Each correct answer presents part of the solution. Choose two.)

A.    Set-WSManQuickConfig
B.    Set-WSManInstance
C.    Add-PswaAuthorizationRule
D.    Set-BCAuthentication
E.    Install-Pswa Web Application

Answer: CE

QUESTION 305
You have a server named Server1 that runs Windows Server 2012 R2. You promote Server1 to a domain controller. You need to view the service location (SRV) records that Server1 registers in DNS. What should you do on Server1?

A.    Open the Netlogon.dns file.
B.    Open the Srv.sys file.
C.    Run ipconfig /displaydns.
D.    Run Get-DnsServerDiagnostics.

Answer: A

QUESTION 306
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2. You create a group Managed Service Account named gservice1. You need to configure a service named Service1 to run as the gservice1 account. How should you configure Service1?

A.    From Windows PowerShell, run Set-Service and specify the -PassThrough parameter.
B.    From a command prompt, run sc.exe and specify the config parameter.
C.    From Windows PowerShell, run Set-Service and specify the -StartupType parameter.
D.    From a command prompt, run sc.exe and specify the privs parameter.

Answer: B
Explanation:
A. General settings only allow you to stop, start and set type/paramaters
B. Set-Service provides a way for you to change the Description, StartupType, or DisplayName of a service
C. Modifies service configuration
D. Sets the response/action on service failure
http://windows.microsoft.com/en-us/windows-vista/using-system-configuration http://technet.microsoft.com/en-us/library/ee176963.aspx
http://technet.microsoft.com/en-us/library/cc990290(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc738230(v=ws.10).aspx

QUESTION 307
You have a server named Data1 that runs a Server Core Installation of Windows Server 2012 R2 Standard. You need to configure Data1 to run a Server Core Installation of Windows Server 2012 R2 Enterprise. You want to achieve this goal by using the minimum amount of administrative effort.
What should you perform?

A.    a clean installation of Windows Server 2012 R2
B.    an upgrade installation of Windows Server 2012 R2
C.    an online servicing by using Dism
D.    an offline servicing by using Dism

Answer: C

QUESTION 308
You perform a Server Core Installation of Windows Server 2012 R2 on a server named Server1. You need to add a graphical user interface (GUI) to Server1. Which tool should you use?

A.    the Add-WindowsPackagecmdlet
B.    the Add-WindowsFeaturecmdlet
C.    the Install-Module cmdlet
D.    the Install-RoleServicecmdlet

Answer: B

QUESTION 309
You have a server named Server1 that runs Windows Server 2012 R2. You plan to create an image of Server1. You need to remove the source files for all server roles that are not installed on Server1.
Which tool should you use?

A.    Ocsetup.exe
B.    Servermanagercmd.exe
C.    Imagex.exe
D.    Dism.exe

Answer: D
Explanation:
servermanagercmd.exe – The ServerManagerCmd.exe command-line tool has been deprecated in WindowsServer 2008 R2.
imagex.exe – ImageX is a command-line tool in Windows Vista that you can use to create and manageWindows image (.wim) files. A .wim file contains one or more volume images, disk volumes that containimages of an installed Windows operating system. dism.exe – Deployment Image Servicing and Management (DISM.exe) is a command-line tool that canbe used to service a Windows?image or to prepare a Windows Preinstallation Environment (WindowsPE) image. It replaces Package Manager (Pkgmgr.exe), PEimg, and Intlcfg that were included inWindows Vista? The functionality that was included in these tools is now consolidated in one tool(DISM.exe), and new functionality has been added to improve the experience for offline servicing. DISMcan Add, remove, and enumerate packages. ocsetup.exe – The Ocsetup.exe tool is used as a wrapper for Package Manager (Pkgmgr.exe) and for WindowsInstaller (Msiexec.exe). Ocsetup.exe is a command-line utility that can be used to perform scripted installs andscripted uninstalls of Windows optional components. The Ocsetup.exe tool replaces the Sysocmgr.exe tool thatWindows XP and Windows Server 2003i use.
 clip_image002[42]
http://technet.microsoft.com/en-us/library/hh824822.aspx http://blogs.technet.com/b/joscon/archive/2010/08/26/adding-features-with-dism.aspx http://technet.microsoft.com/en-us/library/hh831809.aspx
http://technet.microsoft.com/en-us/library/hh825265.aspx

QUESTION 310
You have five servers that run Windows Server 2012 R2. The servers have the Failover Clustering feature installed. You deploy a new cluster named Cluster1. Cluster1 is configured as shown in the following table.
 clip_image001[108]
Server1, Server2, and Server3 are configured as the preferred owners of the cluster roles. Dynamic quorum management is disabled. You plan to perform hardware maintenance on Server3. You need to ensure that if the WAN link between Site1 and Site2 fails while you are performing maintenance on Servers, the cluster resource will remain available in Site1. What should you do?

A.    Add a file share witness in Site1.
B.    Remove the node vote for Server3.
C.    Remove the node vote for Server4 and Server5.
D.    Enable dynamic quorum management.

Answer: C

Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(291-300)!

QUESTION 291
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. One of the domain controllers is named DC1.
The DNS zone for the contoso.com zone is Active Directory-integrated and has the default settings.
A server named Server1 is a DNS server that runs a UNIX-based operating system.
You plan to use Server1 as a secondary DNS server for the contoso.com zone.
You need to ensure that Server1 can host a secondary copy of the contoso.com zone.
What should you do?

A.    From Windows PowerShell, run the Set-DnsServerPrimaryZone cmdlet and specify the contoso.com
zone as a target.
B.    From DNS Manager, modify the Security settings of DC1
C.    From DNS Manager, modify the replication scope of the contoso.com zone
D.    From DNS Manager, modify the Advanced settings of DC1.

Answer: A
Explanation:
Set-DnsServerPrimaryZone
Changes settings for a DNS primary zone.
Applies To: Windows Server 2012 R2
The Set-DnsServerPrimaryZone cmdlet changes settings for an existing Domain Name System (DNS) primary zone. You can change values that are relevant for either Active Directory-integrated zones or file-backed zones.
Examples of parameters include:
/ -NotifyServers<IPAddress[]>
Specifies an array of IP addresses of secondary DNS servers that the DNS master server notifies of changes to resource records. You need this parameter only if you selected the value NotifyServers for the Notify parameter.
/ -Notify<String>
Specifies how a DNS master server notifies secondary servers of changes to resource records. The acceptable values for this parameter are:
— NoNotify. The zone does not send change notifications to secondary servers. — Notify. The zone sends change notifications to all secondary servers. — NotifyServers. The zone sends change notifications to some secondary servers. If you choose this option, specify the list of secondary servers in the NotifyServers parameter.
Reference: Set-DnsServerPrimaryZone

QUESTION 292
Your network contains an Active Directory domain named contoso.com. Network Access Protection (NAP) is deployed to the domain.
You need to create NAP event trace log files on a client computer.
What should you run?

A.    Register-ObjectEvent
B.    Register-EngineEvent
C.    tracert
D.    logman

Answer: D
Explanation:
Register-ObjectEvent: Monitor events generated from .Net Framework Object. Register-EngineEvent: Subscribes to events that are generated by the Windows PowerShell engine and by the New-Event cmdlet.
http://technet.microsoft.com/en-us/library/hh849967.aspx
tracert: Trace IP route
logman: Manages and schedules performance counter and event trace log collections on a local and remote systems.
http://technet.microsoft.com/en-us/library/bb490956.aspx

QUESTION 293
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two servers. The servers are configured as shown in the following table.
 clip_image001[104]
Server1 and Server2 host a load-balanced website named Web1. Web1 runs by using an application pool named WebApp1. WebApp1 uses a group Managed Service Account named gMSA1 as its identity.
Domain users connect to Web1 by using either the name Web1.contoso.com or the alias myweb.contoso.com.
You discover the following:
– When the users access Web1 by using Web1.contoso.com, they authenticate by using Kerberos.
– When the users access Web1 by using myweb.contoso.com, they authenticate by using NTLM.
You need to ensure that the users can authenticate by using Kerberos when they connect by using myweb.contoso.com.
What should you do?

A.    Run the Add-ADComputerServiceAccount cmdlet.
B.    Modify the properties of the gMSA1 service account.
C.    Modify the properties of the Web1 website.
D.    Run the Install-ADServiceAccount cmdlet.

Answer: D
Explanation:
* Install-ADServiceAccount
Installs an Active Directory service account on a computer.
* The Install-ADServiceAccount cmdlet installs an existing Active Directory service account on the computer on which the cmdlet is run. This cmdlet verifies that the computer is eligible to host the service account. The cmdlet also makes the required changes locally so that the service account password can be periodically reset by the computer without requiring any user action.
* Managed service accounts and virtual accounts are two new types of accounts introduced
in Windows Server 2008 R2/2012 and Windows 7/8 to enhance the service isolation and manageability of network applications such as Microsoft SQL Server and Internet Information Services (IIS).
* If you configure the application to use a domain account, you can isolate the privileges for the application, but you need to manually manage passwords or create a custom solution for managing these passwords. Many SQL Server and IIS applications use this strategy to enhance security, but this strategy requires additional administration and complexity. In these deployments, service administrators spend a considerable amount of time on maintenance tasks such as managing service passwords and service principal names (SPNs), which are required for Kerberos authentication. In addition, these maintenance tasks can disrupt service.
Two new types of accounts available in Windows Server 2008 R2 and Windows 7–the managed service account and the virtual account–are designed to provide crucial applications such as SQL Server or IIS with the isolation of their own accounts, while eliminating the need for an administrator to manually administer the SPN and credentials for these accounts.
Reference: Service Accounts Step-by-Step Guide

QUESTION 294
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2.
The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[106]
Active Directory Recycle Bin is enabled.
You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1 an hour ago.
You need to restore the membership of Group1.
What should you do?

A.    Apply a virtual machine snapshot to VM1.
B.    Modify the is Deleted attribute of Group1.
C.    Perform tombstone reanimation.
D.    Export and import data by using Dsamain.

Answer: C
Explanation:
Active Directory provides a mechanism for restoring a tombstone back into a normal object. This is effectively an undelete function for deleted objects. The function is a specially formed LDAP modify operation that must include two specific attribute modifications: it must remove the isDeleted attribute (not just set it to FALSE) and it must move the object to another container by changing the object’s distinguishedName. The new distinguishedName typically (but not necessarily) uses the lastKnownParent attribute as the container and keeps the same RDN minus the \0ADEL:<objectGUID> component that Active Directory added when it created the tombstone.
Note:
* When deleting an object, Active Directory will not actually delete that object immediately (in most cases) but rather it will keep it for a period of time as a tombstone object. This means it will remove some of its attributes, add the isDeleted=True attribute, and place the object in the Deleted Object container.
* Tombstone reanimation (which has nothing to do with zombies) provides the only way to recover deleted objects without taking a DC offline, and it’s the only way to recover a deleted object’s identity information, such as its objectGUID and objectSid attributes. It neatly solves the problem of recreating a deleted user or group and having to fix up all the old access control list (ACL) references, which contain the objectSid of the deleted object. Just keep in mind that tombstone reanimation does have its own limitations, which I will discuss, so you’ll still want to keep authoritative restores in your box of tricks.
* Restoring an object in Active Directory Recycle Bin to Restore A Deleted Object
In the management console, go to Tools > Active Directory Administrative Center Click the Deleted Objects folder
Search the list of deleted objects for the object that needs to be restored.
Right-click the selected object and select Restore from the shortcut menu.
Reference: Step-By-Step: Utilizing Active Directory Recycle Bin to Restore A Deleted Object
QUESTION 295
Sometimes its important to remove an RODC from your forest or domain. However, its important that you follow a simple rule whilst removing RODC’s. What is this rule?

A.    All RODC’s must be detached before removing a final writable domain controller
B.    All writable domain controllers must be removed before RODC’s can be detached
C.    Your forest must only consist of RODC’s if you want to remove them
D.    There are no rules for removing RODC’s

Answer: A
Explanation:
After researching this and using logic, we need a writable DC for a RODC to exist,
therefore we have to remove all RODC’s before removing the last writable DC.

QUESTION 296
DNS record types come in many forms, but which record type is being described below? Maps a domain name such as www.google.com to an IP address

A.    A
B.    CNAME
C.    MX
D.    PTR

Answer: A

QUESTION 297
In Windows Server 2012 R2, you can remove the Server Graphical Shell, resulting in the "Minimal Server Interface." This is similar to a Server with a GUI installation except that some features are not installed. Which of the following features is not installed in this scenario?

A.    MMC
B.    Windows Explorer
C.    Control Panel (subset)
D.    Server Manager

Answer: B
Explanation:
When you choose the minimal server interface option Internet Explorer 10, Windows Explorer, the desktop, and the Start screen are not installed. Microsoft Management Console (MMC), Server Manager, and a subset of Control Panel are still present.

QUESTION 298
Which of the following features is available when Windows Server 2012 R2 is installed using the GUI option but without the desktop experience feature installed?

A.    Metro-style Start screen
B.    Built-in help system
C.    All of these
D.    Windows Media Player

Answer: AB
Explanation:
Here is description of Desktop Experience:
http://technet.microsoft.com/en-us/library/cc772567.aspx

QUESTION 299
You are a network administrator of an Active Directory domain named contoso.com. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DHCP Server server role and the Network Policy Server role service installed. You enable Network Access Protection (NAP) on all of the DHCP scopes on Server1. You need to create a DHCP policy that willApply to all of the NAP non-compliant DHCP clients. Which criteria should you specify when you create the DHCP policy?

A.    The relay agent information
B.    The client identifier
C.    The vendor class
D.    The user class

Answer: D

QUESTION 300
You have a server named Server1 that runs Windows Server 2012 R2. You create a custom Data Collector Set (DCS) named DCS1. You need to configure Server1 to start DCS1 automatically when the network usage exceeds 70 percent. Which type of data collector should you create?

A.    A configuration data collector
B.    A performance counter data collector
C.    An event trace data collector
D.    A performance counter alert

Answer: D
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(281-290)!

QUESTION 281
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed.
An administrator creates a RADIUS client template named Template1.
You create a RADIUS client named Client1 by using Template1.
You need to modify the shared secret for Client1.
What should you do first?

A.    Clear Select an existing template for Client1
B.    Set the Shared secret setting of Template1 to Manual.
C.    Clear Enable this RADIUS client for Client1.
D.    Configure the Advanced settings of Template1.

Answer: A

QUESTION 282
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2.
The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[96]
You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1 an hour ago.
You need to restore the membership of Group1.
What should you do?

A.    Apply a virtual machine snapshot to VM1.
B.    Perform an authoritative restore.
C.    Perform a non-authoritative restore.
D.    Perform tombstone reanimation.

Answer: B
Explanation:
Authoritative restore allows the administrator to recover a domain controller, restore it to a specific point in time, and mark objects in Active Directory as being authoritative with respect to their replication partners. For example, you might need to perform an authoritative restore if an administrator inadvertently deletes an organizational unit containing a large number of users. If you restore the server from tape, the normal replication process would not restore the inadvertently deleted organizational unit. Authoritative restore allows you to mark the organizational unit as authoritative and force the replication process to restore it to all of the other domain controllers in the domain.
Incorrect:
Not C: A nonauthoritative restore returns the domain controller to its state at the time of backup and then allows normal replication to overwrite that state with any changes that occurred after the backup was taken. After you restore the system state, the domain controller queries its replication partners. The replication partners replicate any changes to the restored domain controller, ensuring that the domain controller has an accurate and updated copy of the Active Directory database.
Reference: Performing an Authoritative Restore

QUESTION 283
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two servers. The servers are configured as shown in the following table.
 clip_image001[98]
Server1 and Server2 host a load-balanced website named Web1. Web1 runs by using an application pool named WebApp1. WebApp1 uses a group Managed Service Account named gMSA1 as its identity.
Domain users connect to Web1 by using either the name Web1.contoso.com or the alias myweb.contoso.com.
You discover the following:
– When the users access Web1 by using Web1.contoso.com, they authenticate by using Kerberos.
– When the users access Web1 by using myweb.contoso.com, they authenticate by using NTLM.
You need to ensure that the users can authenticate by using Kerberos when they connect by using myweb.contoso.com.
What should you do?

A.    Run the Set-ADServiceAccount cmdlet.
B.    Run the New-ADServiceAccount cmdlet.
C.    Modify the properties of the WebApp1 application pool.
D.    Modify the properties of the Web1 website.

Answer: B
Explanation:
Note:
* Managed service accounts and virtual accounts are two new types of accounts introduced in Windows Server 2008 R2/2012 and Windows 7/8 to enhance the service isolation and manageability of network applications such as Microsoft SQL Server and Internet Information Services (IIS).
* The New-ADServiceAccount cmdlet creates a new Active Directory managed service account (MSA).
* If you configure the application to use a domain account, you can isolate the privileges for the application, but you need to manually manage passwords or create a custom solution for managing these passwords. Many SQL Server and IIS applications use this strategy to enhance security, but this strategy requires additional administration and complexity. In these deployments, service administrators spend a considerable amount of time on maintenance tasks such as managing service passwords and service principal names (SPNs), which are required for Kerberos authentication. In addition, these maintenance tasks can disrupt service.
Two new types of accounts available in Windows Server 2008 R2 and Windows 7–the managed service account and the virtual account–are designed to provide crucial applications such as SQL Server or IIS with the isolation of their own accounts, while eliminating the need for an administrator to manually administer the SPN and credentials for these accounts.
Reference: Service Accounts Step-by-Step Guide

QUESTION 284
Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2.
You have a Password Settings object (PSOs) named PSO1.
You need to view the settings of PSO1.
Which tool should you use?

A.    Active Directory Administrative Center
B.    Get-ADAccountResultantPasswordReplicationPolicy
C.     Local Security Policy
D.     Get-ADDomainControllerPasswordReplicationPolicy

Answer: A
Explanation:
Up until now, PSOs were created with the ADSI Edit application or PowerShell. Now, we can use the Active Directory Administrative Center.
Note:
* Password Setting Object (PSO) is another name for Fine Grain Password Policies. These PSOs allowed us to set up a different password policy based on security group membership.
* Storing fine-grained password policies
Windows Server 2008 includes two new object classes in the Active Directory Domain Services (AD DS) schema to store fine-grained password policies:
/ Password Settings Container
/ Password Settings
The Password Settings Container (PSC) object class is created by default under the System container in the domain. It stores the Password Settings objects (PSOs) for that domain. You cannot rename, move, or delete this container.

QUESTION 285
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. Server1 has a share named Share1.
When users without permission to Share1 attempt to access the share, they receive the Access Denied message as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[32]
You deploy a new file server named Server2 that runs Windows Server 2012 R2.
You need to configure Server2 to display the same custom Access Denied message as Server1.
What should you install on Server2?

A.    The Remote Assistance feature
B.    The File Server Resource Manager role service
C.    The Enhanced Storage feature
D.    The Storage Services server role

Answer: B
Explanation:
We need to install the prerequisites for Access-Denied Assistance.
Because Access-Denied Assistance relies up on e-mail notifications, we also need to configure each relevant file server with a Simple Mail Transfer Protocol (SMTP) server address. Let’s do that quickly with Windows PowerShell:
Set-FSRMSetting -SMTPServer mailserver.nuggetlab.com -AdminEmailAddress [email protected] -FromEmailAddress [email protected]
You can enable Access-Denied Assistance either on a per-server basis or centrally via Group Policy. To my mind, the latter approach is infinitely preferable from an administration standpoint.
Create a new GPO and make sure to target the GPO at your file servers’ Active Directory computer accounts as well as those of your AD client computers. In the Group Policy Object Editor, we are looking for the following path to configure Access-Denied Assistance:
\Computer Configuration\Policies\Administrative Templates\System\Access-Denied Assistance
 clip_image002[34]
The Customize message for Access Denied errors policy, shown in the screenshot below, enables us to create the actual message box shown to users when they access a shared file to which their user account has no access.
 clip_image002[36]
What’s cool about this policy is that we can "personalize" the e-mail notifications to give us administrators (and, optionally, file owners) the details they need to resolve the permissions issue quickly and easily.
For instance, we can insert pre-defined macros to swap in the full path to the target file, the administrator e-mail address, and so forth. See this example:
Whoops! It looks like you’re having trouble accessing [Original File Path]. Please click Request Assistance to send [Admin Email] a help request e-mail message. Thanks!
You should find that your users prefer these human-readable, informative error messages to the cryptic, non-descript error dialogs they are accustomed to dealing with.
The Enable access-denied assistance on client for all file types policy should be enabled to force client computers to participate in Access-Denied Assistance. Again, you must make sure to target your GPO scope accordingly to "hit" your domain workstations as well as your Windows Server 2012 file servers.
Testing the configuration
This should come as no surprise to you, but Access-Denied Assistance works only with Windows Server 2012 and Windows 8 computers. More specifically, you must enable the Desktop Experience feature on your servers to see Access-Denied Assistance messages on server computers.
When a Windows 8 client computer attempts to open a file to which the user has no access, the custom Access-Denied Assistance message should appear:
 clip_image002[38]
If the user clicks Request Assistance in the Network Access dialog box, they see a secondary message:
 clip_image002[40]
At the end of this process, the administrator(s) will receive an e-mail message that contains the key information they need in order to resolve the access problem:
The user’s Active Directory identity
The full path to the problematic file
A user-generated explanation of the problem
So that’s it, friends! Access-Denied Assistance presents Windows systems administrators with an easy-to-manage method for more efficiently resolving user access problems on shared file system resources. Of course, the key caveat is that your file servers must run Windows Server 2012 and your client devices must run Windows 8, but other than that, this is a great technology that should save admins extra work and end-users extra headaches.
http://4sysops.com/archives/access-denied-assistance-in-windows-server-2012/

QUESTION 286
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
Administrators use client computers that run Windows 8 to perform all management tasks.
A central store is configured on a domain controller named DC1.
You have a custom administrative template file named App1.admx. App1.admx contains application settings for an application named Appl.
From a client computer named Computer1, you create a new Group Policy object (GPO) named GPO1.
You discover that the application settings for App1 fail to appear in GPO1.
You need to ensure that the App1 settings appear in all of the new GPOs that you create.
What should you do?

A.    Copy App1.admx to \\Contoso.com\SYSVOL\Contoso.com\Policies\PolicyDefinitions\
B.    From the Default Domain Controllers Policy, add App1.admx to the Administrative Templates.
C.    From the Default Domain Policy, add App1.admx to the Administrative Templates
D.    Copy App1.admx to \\Contoso.com\SYSVOL\Contoso.com\StarterGPOs.

Answer: A

QUESTION 287
Your network contains an Active Directory domain named contoso.com. The domain contains client computers that run either Windows XP, Windows 7, or Windows 8.
Network Policy Server (NPS) is deployed to the domain.
You plan to create a system health validator (SHV).
You need to identify which policy settings can be applied to all of the computers.
Which three policy settings should you identify? (Each correct answer presents part of the solution. Choose three.)

A.    A firewall is enabled for all network connections.
B.    An antispyware application is on.
C.    Automatic updating is enabled.
D.    Antivirus is up to date.
E.    Antispyware is up to date.

Answer: ACD
Explanation:
System health agent (SHA) is a NAP component. System health agent (SHA) A component that checks the state of the client computer to determine whether the settings monitored by the SHA are up-to-date and configured correctly. For example, the Windows Security Health Agent (WSHA) can monitor Windows Firewall, whether antivirus software is installed, enabled, and updated, whether antispyware software is installed, enabled, and updated, and whether Microsoft Update Services is enabled and the computer has the most recent security updates from Microsoft Update Services. There might also be SHAs (and corresponding system health validators) available from other companies that provide different functionality.

QUESTION 288
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed.
You need to enable trace logging for Network Policy Server (NPS) on Server1.
Which tool should you use?

A.    the Network Policy Server console
B.    the Server Manager console
C.    the tracert.exe command
D.    the netsh.exe command

Answer: D
Explanation:
You can use log files on servers running Network Policy Server (NPS) and NAP client computers to help troubleshoot NAP problems. Log files can provide the detailed information required for troubleshooting complex problems.
You can capture detailed information in log files on servers running NPS by enabling remote access tracing. The Remote Access service does not need to be installed or running to use remote access tracing. When you enable tracing on a server running NPS, several log files are created in %windir%\tracing.
The following log files contain helpful information about NAP:
IASNAP.LOG: Contains detailed information about NAP processes, NPS authentication, and NPS authorization.
IASSAM.LOG: Contains detailed information about user authentication and authorization.
Membership in the local Administrators group, or equivalent, is the minimum required to enable tracing. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups
(http://go.microsoft.com/fwlink/?LinkId=83477).
To create tracing log files on a server running NPS
Open a command line as an administrator.
Type netshras set tr * en.
Reproduce the scenario that you are troubleshooting.
Type netshras set tr * dis.
Close the command prompt window.
http://technet.microsoft.com/en-us/library/dd348461%28v=ws.10%29.aspx

QUESTION 289
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DNS Server server role installed.
Server1 is configured to delete automatically the DNS records of client computers that are no longer on the network. A technician confirms that the DNS records are deleted automatically from the contoso.com zone.
You discover that the contoso.com zone has many DNS records for servers that were on the network in the past, but have not connected to the network for a long time.
You need to set the time stamp for all of the DNS records in the contoso.com zone.
What should you do?

A.    From DNS Manager, modify the Advanced settings from the properties of Server1
B.    From Windows PowerShell, run the Set-DnsServerResourceRecordAging cmdlet
C.    From DNS Manager, modify the Zone Aging/Scavenging Properties
D.    From Windows PowerShell, run the Set-DnsServerZoneAging cmdlet.

Answer: D

QUESTION 290
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains three member servers named Server1, Server2, and Server3. All servers run Windows Server 2012 R2 and have the Windows Server Update Services (WSUS) server role installed.
Server1 and Server2 are configured as replica servers that use Server3 as an upstream server. You remove Server3 from the network.
You need to ensure that WSUS on Server2 retrieves updates from Server1.
The solution must ensure that Server1 and Server2 have the latest updates from Microsoft.
Which command should you run on each server? To answer, select the appropriate command to run on each server in the answer area.
 clip_image001[100]
Answer:

clip_image001[102]
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(271-280)!

QUESTION 271
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Desktop Session Host role service installed. The computer account of Server1 resides in an organizational unit (OU) named OU1.
You create and link a Group Policy object (GPO) named GPO1 to OU1. GPO1 is configured as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[100]
You need to prevent GPO1 from Applying to your user account when you log on to Server1. GPO1 must Apply to every other user who logs on to Server1.
What should you configure?

A.    WMI Filtering
B.    Item-level Targeting
C.    Block Inheritance
D.    Security Filtering

Answer: D

QUESTION 272
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 is backed up daily.
The domain has the Active Directory Recycle Bin enabled.
During routine maintenance, you delete 500 inactive user accounts and 100 inactive groups. One of the deleted groups is named Group1. Some of the deleted user accounts are members of some of the deleted groups.
For documentation purposes, you must provide a list of the members of Group1 before the group was deleted.
You need to identify the names of the users who were members of Group1 prior to its deletion.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you do first?

A.    Mount the most recent Active Directory backup.
B.    Perform an authoritative restore of Group1.
C.    Use the Recycle Bin to restore Group1.
D.    Reactivate the tombstone of Group1.

Answer: A

QUESTION 273
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2.
For Server2, you are configuring constrained delegation to a third-party service named Service1 on Server1.
When you attempt to add Service1 from Server1 to the delegation setting of Server2, you discover that Service1 is not listed in the Available services list.
You need to ensure that you can add Service1 for constrained delegation.
What should you do first?

A.    From the Services console, modify the properties of Service1
B.    From ADSI Edit, create a serviceConnectionPoint (SCP) object
C.    From a command prompt, run the setspn.exe command
D.    From Active Directory Users and Computers, enable the Advanced Features option.

Answer: A

QUESTION 274
You have a file server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
Files created by users in the human resources department are assigned the Department classification property automatically.
You are configuring a file management task named Task1 to remove user files that have not been accessed for 60 days or more.
You need to ensure that Task1 only removes files that have a Department classification property of human resources. The solution must minimize administrative effort.
What should you configure on Task1?

A.    Create a custom action.
B.    Configure a file screen.
C.    Create a classification rule.
D.    Create a condition.

Answer: D

QUESTION 275
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed.
An administrator creates a Network Policy Server (NPS) network policy named Policy1.
You need to ensure that Policy1 applies to L2TP connections only.
Which condition should you modify? To answer, select the appropriate object in the answer area.
 clip_image002[45]
Answer:

clip_image002[47]

QUESTION 276
Your network contains two DNS servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 hosts a primary zone for contoso.com. Server2 hosts a secondary zone forcontoso.com.
You need to ensure that Server2 replicates changes to the contoso.com zone every five minutes.
Which setting should you modify in the start of authority (SOA) record?

A.    Retry interval
B.    Minimum (default) TTL
C.    Expires after
D.    Refresh interval

Answer: D

QUESTION 277
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately.
The solution must minimize administrative effort.
Which tool should you use?

A.    The Secedit command
B.    The Set-AdComputer cmdlet
C.    Active Directory Users and Computers
D.    The Invoke-GpUpdate cmdlet

Answer: D
Explanation:
Invoke-GPUpdate
Schedule a remote Group Policy refresh (gpupdate) on the specified computer.
Applies To: Windows Server 2012 R2
The Invoke-GPUpdate cmdlet refreshes Group Policy settings, including security settings that are set on remote computers by scheduling the running of the Gpupdate command on a remote computer. You can combine this cmdlet in a scripted fashion to schedule the Gpupdate command on a group of computers.
The refresh can be scheduled to immediately start a refresh of policy settings or wait for a specified period of time, up to a maximum of 31 days. To avoid putting a load on the network, the refresh times will be offset by a random delay.
Note:
Group Policy is a complicated infrastructure that enables you to apply policy settings to remotely configure a computer and user experience within a domain. When the Resultant Set of Policy settings does not conform to your expectations, a best practice is to first verify that the computer or user has received the latest policy settings. In previous versions of Windows, this was accomplished by having the user run GPUpdate.exe on their computer.
With Windows Server 2012 R2 and Windows 8, you can remotely refresh Group Policy settings for all computers in an organizational unit (OU) from one central location by using the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdate Windows PowerShell cmdlet to refresh Group Policy for a set of computers, including computers that are not within the OU structure–for example, if the computers are located in the default computers container.
The remote Group Policy refresh updates all Group Policy settings, including security settings that are set on a group of remote computers, by using the functionality that is added to the context menu for an OU in the Group Policy Management Console (GPMC). When you select an OU to remotely refresh the Group Policy settings on all the computers in that OU, the following operations happen:
An Active Directory query returns a list of all computers that belong to that OU. For each computer that belongs to the selected OU, a WMI call retrieves the list of signed in users.
A remote scheduled task is created to run GPUpdate.exe /force for each signed in user and once for the computer Group Policy refresh. The task is scheduled to run with a random delay of up to 10 minutes to decrease the load on the network traffic. This random delay cannot be configured when you use the GPMC, but you can configure the random delay for the scheduled task or set the scheduled task to run immediately when you use the Invoke-GPUpdate cmdlet.
Reference: Force a Remote Group Policy Refresh (GPUpdate)

QUESTION 278
Your network contains two servers named W5U51 and WSUS_REPL that run Windows Server 2012 R2. WSUS1 and WSUS_REPL have the Windows Server Update Services server role installed.
All client computers run Windows 7.
WSUS1 synchronizes from Microsoft Update. WSUS_REPL is a Windows Server Update Services (WSUS) replica of WSUS1.
You need to configure replica downstream servers to send WSUS_REPL summary information about the computer update status.
What should you do?

A.    From WSUS1, configure Reporting Rollup.
B.    From WSUS_REPL, configure Reporting Rollup.
C.    From WSUS1, configure Email Notifications.
D.    From WSUS_REPL, configure Email Notifications.

Answer: A

QUESTION 279
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
You create a central store for Group Policy.
You receive a custom administrative template named Template1.admx.
You need to ensure that the settings in Template1.admx appear in all new Group Policy objects (GPOs).
What should you do?

A.    Copy Template1.admx to
\\Contoso.com\SYSVOL\Contoso.com\Policies\PolicyDefinitions\
B.    From the Default Domain Controllers Policy, add Template1.admx to the Administrative Templates.
C.    Copy Template1.admx to \\Contoso.com\NETLOGON
D.    From the Default Domain Policy, add Template1.admx to the Administrative Templates.

Answer: A

QUESTION 280
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2.
The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link.
Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com.
You need to configure Server1 to resolve names in fabrikam.com. The solution must NOT require that changes be made to the fabrikam.com zone on Server2.
What should you create?

A.    a secondary zone
B.    a stub zone
C.    a trust anchor
D.    a zone delegation

Answer: B
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html