Ensurepass

QUESTION 111

Your network contains two servers named Served and Server 2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed.

 

On Server1, you create a standard primary zone named contoso.com.

 

You plan to create a standard primary zone for ad.contoso.com on Server2.

 

You need to ensure that Server1 forwards all queries for ad.contoso.com to Server2.

 

What should you do from Server1?

 

A.

Create a trust anchor named Server2.

B.

Create a conditional forward that points to Server2.

C.

Add Server2 as a name server.

D.

Create a zone delegation that points to Server2.

 

Correct Answer: D

Explanation:

You can divide your Domain Name System (DNS) namespace into one or more zones. You can delegate management of part of your namespace to another location or department in your organization by delegating the management of the corresponding zone. For more information, see Understanding Zone Delegation

 

clip_image002

clip_image004

 

 

QUESTION 112

HOTSPOT

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.

 

You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1. The solution must NOT require the use of certificates or pre-shared keys.

 

What should you modify?

 

To answer, select the appropriate object in the answer area.

 

clip_image006

 

Correct Answer:

clip_image008

 

 

QUESTION 113

Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed. Server1 hosts a primary zone for contoso.com. Server2 hosts a secondary zone for contoso.com. The zone is not configured to notify secondary servers of changes automatically.

 

You update several records on Server1.

 

You need to force the replication of the contoso.com zone records from Server1 to Server2.

 

What should you do from Server2?

 

A.

Right-click the contoso.com zone and click Reload.

B.

Right-click the contoso.com zone and click Transfer from Master.

C.

Right-click Server2 and click Update Server Data Files.

D.

Right-click Server2 and click Refresh.

 

Correct Answer: B

Explanation:

Initiates zone transfer from secondary server

Open DNS; In the console tree, right-click the applicable zone and click Transfer from master.

 

clip_image010

 

http://technet.microsoft.com/en-us/library/cc779391%28v=ws.10%29.aspx

http://technet.microsoft.com/en-us/library/cc779391%28v=ws.10%29.aspx

http://technet.microsoft.com/en-us/library/cc786985(v=ws.10).aspx

http://technet.microsoft.
com/en-us/library/cc779391(v=ws.10).aspx

 

 

 

 

 

 

 

 

 

 

 

QUESTION 114

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.

 

An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.

 

You make a change to GPO1.

 

You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort.

 

Which tool should you use?

 

< p class="MsoNormal" style="margin: 0cm 0cm 0pt; line-height: normal; text-autospace: ; mso-layout-grid-align: none" align="left">A.

The Secedit command

B.

Group Policy Management Console (GPMC)

C.

Server Manager

D.

The Gpupdate command

 

Correct Answer: B

Explanation:

In the previous versions of Windows, this was accomplished by having the user run GPUpdate.exe on their computer.

 

Starting with Windows Server® 2012 and Windows® 8, you can now remotely refresh Group Policy settings for all computers in an OU from one central location through the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdatecmdlet to refresh Group Policy for a set of computers, not limited to the OU structure, for example, if the computers are located in the default computers container.

 

clip_image012

clip_image014

clip_image016

 

http://technet.microsoft.com/en-us//library/jj134201.aspx

http://blogs.technet.com/b/grouppolicy/archive/2012/11/27/group-policy-in-windows-server-2012-using-remote-gpupdate.aspx

 

 

 

 

 

 

 

QUESTION 115

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.

 

A domain controller named DO has the ADMX Migrator tool installed. You have a custom Administrative Template file on DC1 named Template1.adm.

 

You need to add a custom registry entry to Template1.adm by using the ADMX Migrator tool.

 

Which action should you run first?

 

A.

Load Template

B.

New Policy Setting

C.

Generate ADMX from ADM

D.

New Category

 

Correct Answer: C

Explanation:

The ADMX Migrator provides two conversion methods — through the editor or through a command-line program. From the ADMX Editor, choose the option to Generate ADMX from ADM. Browse to your ADM file, and the tool quickly and automatically converts it. You then can open the converted file in the editor to examine its values and properties and modify it if you wish. The ADMX Migrator Command Window is a little more complicated; it requires you to type a lengthy command string at a prompt to perform the conversions. However, it includes some options and flexibility not available in the graphical editor.

 

clip_image017

 

http://technet.microsoft.com/pt-pt/magazine/2008.02.utilityspotlight%28en-us%29.aspx

http://technet.microsoft.com/pt-pt/magazine/2008.02.utilityspotlight%28en-us%29.aspx

 

 

 

 

 

QUESTION 116

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.

 

You create a central store for Group Policy.

 

You receive a custom administrative template named Template1.admx.

 

You need to ensure that the settings in Template1.admx appear in all new Group Policy objects (GPOs).

 

What should you do?

 

A.

From the Default Domain Controllers Policy, add Template1.admx to the Administrative Templates.

B.

From the Default Domain Policy, add Template1.admx to the Administrative Templates.

C.

Copy Template1.admx to

\\Contoso.com\SYSVOL\Contoso.com\Policies\PolicyDefinitions\.

D.

Copy Template1.admx to \\Contoso.com\NETLOGON.

 

Correct Answer: C

Explanation:

Unlike ADM files, ADMX files are not stored in individual GPOs. For domain-based enterprises, administrators can create a central store location of ADMX files that is accessible by anyone with permission to create or edit GPOs.

 

clip_image019

 

 

 

 

QUESTION 117

Your network contains an Active Directory domain named contoso.com. Network Access Protection (NAP) is deployed to the domain.

 

You need to create NAP event trace log files on a client computer.

 

What should you run?

 

A.

logman

B.

Register-ObjectEvent

C.

tracert

D.

Register-EngineEvent

 

Correct Answer: A

Explanation:

You can enable NAP client tracing by using the command line. On computers running Windows Vista® you can enable tracing by using the NAP Client Configuration console. NAP client tracing files are written in Event Trace Log (ETL) fo
rmat. These are binary files representing trace data that must be decoded by Microsoft support personnel. Use the -o option to specify the directory to which they are written. In the following example, files are written to %systemroot%\tracing\nap. For more information, see Logman (http://go.microsoft.com/fwlink/?LinkId=143549).

 

To create NAP event trace log files on a client computer

 

Open a command line as an administrator.

Type

logman start QAgentRt -p {b0278a28-76f1-4e15-b1df-14b209a12613} 0xFFFFFFFF 9 -o %systemroot%\tracing\nap\QAgentRt. etl -ets.

Note: To troubleshoot problems with WSHA, use the following GUID: 789e8f15-0cbf-4402- b0ed-0e22f90fdc8d.

Reproduce the scenario that you are troubleshooting.

Type logman stop QAgentRt -ets.

Close the command prompt window.

 

http://technet.microsoft.com/en-us/library/dd348461%28v=ws.10%29.aspx

 

 

QUESTION 118

Your network contains three Network Policy Server (NPS) servers named NPS1, NPS2, and NPS3.

 

NP51 is configured as a RADIUS proxy that forwards connection requests to a remote RADIUS server group named Group1.

 

You need to ensure that NPS2 receives connection requests. NPS3 must only receive connection requests if NPS2 is unavailable.

 


How should you configure Group1?

 

A.

Change the Priority of NPS3 to 10.

B.

Change the Weight of NPS2 to 10.

C.

Change the Weight of NPS3 to 10.

D.

Change the Priority of NPS2 to 10.

 

Correct Answer: A

Explanation:

Priority. Priority specifies the order of importance of the RADIUS server to the NPS proxy server. Priority level must be assigned a value that is an integer, such as 1, 2, or 3. The lower the number, the higher priority the NPS proxy gives to the RADIUS server. For example, if the RADIUS server is assigned the highest priority of 1, the NPS proxy sends connection requests to the RADIUS server first; if servers with priority 1 are not available, NPS then sends connection requests to RADIUS servers with priority 2, and so on. You can assign the same priority to multiple RADIUS servers, and then use the Weight setting to load balance between them.

 

 

QUESTION 119

Your network contains two Active Directory forests named adatum.com and contoso.com. The network contains three servers. The servers are configured as shown in the following table.

 

clip_image021

 

You need to ensure that connection requests from adatum.com users are forwarded to Server2 and connection requests from contoso.com users are forwarded to Server3.

 

Which two should you configure in the connection request policies on Server1? (Each correct answer presents part of the solution. Choose two.)

 

A.

The Authentication settings

B.

The Standard RADIUS Attributes settings

C.

The Location Groups condition

D.

The Identity Type condition

E.

The User Name condition

 

Correct Answer: AE

Explanation:

The User Name attribute group contains the User Name attribute. By using this attribute, you can designate the user name, or a portion of the user name, that must match the user name supplied by the access client in the RADIUS message. This attribute is a character string that typically contains a realm name and a user account name. You can use pattern- matching syntax to specify user names.

 

clip_image022

 

By using this setting, you can override the authentication settings that are configured in all network policies and you can designate the authentication methods and types that are required to connect to your network.

Forward requests to the following remote RADIUS server group. By using this setting, NPS forwards connection requests to the remote RADIUS server group that you specify. If the NPS server receives a valid Access-Accept message that corresponds to the Access-Request message, the connection attempt is considered authenticated and authorized. In this case, the NPS server acts as a RADIUS proxy

 

clip_image023

 

Connection request policies are sets of conditions and profile settings that give network administrators flexibility in configuring how incoming authentication and accounting request messages are handled by the IAS server. With connection request policies, you can create a series of policies so that some RADIUS request messages sent from RADIUS clients are processed locally (IAS is being used as a RADIUS server) and other types of messages are forwarded to another RADIUS server (IAS is being used a
s a RADIUS proxy). This capability allows IAS to be deployed in many new RADIUS scenarios.

 

With connection request policies, you can use IAS as a RADIUS server or as a RADIUS proxy, based on the time of day and day of the week, by the realm name in the request, by the type of connection being requested, by the IP address of the RADIUS client, and so on.

 

http://technet.microsoft.com/en-us/library/cc757328.aspx

http://technet.microsoft.com/en-us/library/cc753603.aspx

 

 

QUESTION 120

HOTSPOT

You have a server named Server1 that has the Network Policy and Access Services server role installed.

 

You plan to configure Network Policy Server (NPS) on Server1 to use certificate-based authentication for VPN connections.

 

You obtain a certificate for NPS.

 

You need to ensure that NPS can perform certificate-based authentication.

 

To which store should you import the certificate?

 

To answer, select the appropriate store in the answer area.

 

clip_image025

 

Correct Answer:

clip_image027

 

Free VCE & PDF File for Microsoft 70-411 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…