QUESTION 171

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server Update Services server role installed.

 

Server1 stores update files locally in C:\Updates.

 

You need to change the location in which the update files are stored to D:\Updates.

 

What should you do?

 

A.

From the Update Services console, run the Windows Server Update Services Configuration Wizard.

B.

From a command prompt, run wsusutil.exe and specify the movecontent parameter.

C.

From the Update Services console, configure the Update Files and Languages option.

D.

From a command prompt, run wsusutil.exe and specify the export parameter.

 

Correct Answer: B

Explanation:

You might need to change the location where WSUS stores updates locally. This might be required if the disk becomes full and there is no longer any room for new updates. You might also have to do this if the disk where updates are stored fails and the replacement disk uses a new drive letter.

You accomplish this move with the movecontent command of WSUSutil.exe, a command- line tool that is copied to the file system of the WSUS server during WSUS Setup. By default, Setup copies WSUSutil.exe to the following location:

WSUSInstallationDrive:\Program Files\Microsoft Windows Server Update Services\Tools\

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 172

HOTSPOT

You have a server named Server5 that runs Windows Server 2012 R2. Servers has the Windows Deployment Services server role installed.

 

You need to ensure that when client computers connect to Server5 by using PXE, the computers use an unattended file.

 

What should you configure?

 

To answer, select the appropriate tab in the answer area.

 

clip_image002

 

Correct Answer:

clip_image004

 

 

QUESTION 173

You have a server named Server1 that runs Windows Server 2012 R2.

 

You create a custom Data Collector Set (DCS) named DCS1.

 

You need to configure Server1 to start DCS1 automatically when the network usage exceeds 70 percent.

 

Which type of data collector should you create?

 

A.

A performance counter alert

B.

A configuration data collector

C.

A performance counter data collector

D.

An event trace data collector

Correct Answer: A

Explanation:

Performance alerts notify you when a specified performance counter exceeds your configured threshold by logging an event to the event log. But rather than notifying you immediately when the counter exceeds the threshold, you can configure a time period over which the counter needs to exceed the threshold, to avoid unnecessary alerts.

 

clip_image006

 

 

QUESTION 174

HOTSPOT

You have a server named Server1 that runs Windows Server 2012 R2.

 

You configure Network Access Protection (NAP) on Server1.

 

Your company implements a new security policy stating that all client computers must have the latest updates installed. The company informs all employees that they have two weeks to update their computer accordingly.

 

You need to ensure that if the client computers have automatic updating disabled, they are provided with full access to the network until a specific date and time.

 

Which two nodes should you configure?

 

To answer, select the appropriate two nodes in the answer area.

clip_image008

 

Correct Answer:

clip_image010

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 175

Your network contains an Active Directory domain named contoso.com. The domain contains a RADIUS server named Server1 that runs Windows Server 2012 R2.

 

You add a VPN server named Server2 to the network.

 

On Server1, you create several network policies.

 

You need to configure Server1 to accept authentication requests from Server2.

 

Which tool should you use on Server1?

 

A.

Server Manager

B.

Routing and Remote Access

C.

New-NpsRadiusClient

D.

Connection Manager Administration Kit (CMAK)

 

Correct Answer: C

Explanation:

New-NpsRadiusClient -Name “NameOfMyClientGroup” -Address “10.1.0.0/16” – AuthAttributeRequired 0 -NapCompatible 0 -SharedSecret “SuperSharedSecretxyz” – VendorName “RADIUS Standard”

 

clip_image012

clip_image014

http://technet.microsoft.com/en-us/library/hh918425(v=wps.620).aspx

http://technet.microsoft.com/en-us/library/jj872740(v=wps.620).aspx

http://technet.microsoft.com/en-us/library/dd469790.aspx

 

 

QUESTION 176

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server server role installed. You need to allow connections that use 802.1x. What should you create?

 

A.

A network policy that uses Microsoft Protected EAP (PEAP) authentication

B.

A network policy that uses EAP-MSCHAP v2 authentication

C.

A connection request policy that uses EAP-MSCHAP v2 authentication

D.

A connection request policy that uses MS-CHAP v2 authentication

 

Correct Answer: C

Explanation:

802.1X uses EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication methods:

EAP (Extensible Authentication Protocol) uses an arbitrary authentication method, such as certificates, smart cards, or credentials. EAP-TLS (EAP-Transport Layer Security) is an EAP type that is used in certificate- based security environments, and it provides the strongest authentication and key determination method.

EAP-MS-CHAP v2 (EAP-Microsoft Challenge Handshake Authentication Protocol version 2) is a mutual authentication method that supports password-based user or computer authentication.

PEAP (Protected EAP) is an authentication method that uses TLS to enhance the security of other EAP authentication protocols.

 

Connection request policies are sets of conditions and settings that allow network administrators to designate which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting.

With connection request policies, you can use NPS as a RADIUS server or as a RADIUS proxy, based on factors such as the following:

The time of day and day of the week

The realm name in the connection request

The type of connection being requested

The IP address of the RADIUS client

 

 

QUESTION 177

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server role service installed.

 

You plan to configure Server1 as a Network Access Protection (NAP) health policy server for VPN enforcement by using the Configure NAP wizard.

 

You need to ensure that you can configure the VPN enforcement method on Server1 successfully.

 

What should you install on Server1 before you run the Configure NAP wizard?

 

A.

A system health validator (SHV)

B.

The Hos
t Credential Authorization Protocol (HCAP)

C.

A computer certificate

D.

The Remote Access server role

 

Correct Answer: C

Explanation:

Configure NAP enforcement for VPN

This checklist provides the steps required to deploy computers with Routing and Remote Access Service installed and configured as VPN servers with Network Policy Server (NPS) and Network Access Protection (NAP).

 

clip_image016

clip_image018

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 178

HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed.

 

An administrator creates a Network Policy Server (NPS) network policy named Policy1. You need to ensure that Policy1 applies to L2TP connections only.

 

Which condition should you modify?

 

To answer, select the appropriate object in the answer area.

 

clip_image019

 

Correct Answer:

clip_image020

 

 

QUESTION 179

DRAG DROP

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed.

 

All of the VPN servers on your network use Server1 for RADIUS authentication.

 

You create a security group named Group1.

 

You need to configure Network Policy and Access Services (NPAS) to meet the following requirements:

 

clip_image022Ensure that only the members of Group1 can establish a VPN connection to the VPN servers.

clip_image022[1]Allow only the members of Group1 to establish a VPN connection to the VPN servers if the members are using client computers that run Windows 8 or later.

 

Which type of policy should you create for each requirement?

 

To answer, drag the appropriate policy types to the correct requirements. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

 

clip_image024

 

Correct Answer:

clip_image026

 

 

QUESTION 180

HOTSPOT

Your company has four offices. The offices are located in Montreal, Seattle, Sydney, and New York.

 

The network contains an Active Directory domain named contoso.com. The domain contains a server named Server2 that runs Windows Server 2012 R2. Server2 has the DHCP Server server role installed.

 

All client computers obtain their IPv4 and IPv6 addresses from DHCP.

 

You need to ensure that Network Access Protection (NAP) enforcement for DHCP applies to all of the client computers except for the client computers in the New York office.

 

Which two nodes should you configure?

 

To answer, select the appropriate two nodes in the answer area.

 

clip_image027

 

Correct Answer:

clip_image028

 

 

Free VCE & PDF File for Microsoft 70-411 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…