Ensurepass

QUESTION 191

Your network contains an Active Directory domain named adatum.com. All domain controllers run Windows Server 2012 R2. The domain contains a virtual machine named DC2.

 

On DC2, you run Get-ADDCCIoningExcludedApplicationList and receive the output shown in the following table.

 

clip_image002

 

You need to ensure that you can clone DC2.

 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

 

clip_image004

 

A.

Option A

B.

Option B

C.

Option C

D.

Option D

E.

Option E

 

Correct Answer: AE

Explanation:

Because domain controllers provide a distributed environment, you could not safely clone an Active Directory domain controller in the past.

 

Before, if you cloned any server, the server would end up with the same domain or forest, which is unsupported with the same domain or forest. You would then have to run sysprep, which would remove the unique security information before cloning and then promote a domain controller manually. When you clone a domain controller, you perform safe cloning, which a cloned domain controller automatically runs a subset of the sysprep process and promotes the server to a domain controller automatically.

 

The four primary steps to deploy a cloned virtualized domain controller are as follows:

Grant the source virtualized domain controller the permission to be cloned by adding the source virtualized domain controller to the Cloneable Domain Controllers group.

Run Get-ADDCCloningExcludedApplicationListcmdlet in Windows PowerShell to determine which services and applications on the domain controller are not compatible with the cloning.

Run New-ADDCCloneConfigFile to create the clone configuration file, which is stored in the C:\Windows\NTDS.

In Hyper-V, export and then import the virtual machine of the source domain controller.

 

Run Get-ADDCCloningExcludedApplicationListcmdlet In this procedure, run the Get- ADDCCloningExcludedApplicationListcmdlet on the source virtualized domain controller to identify any programs or services that are not evaluated for cloning. You need to run the Get-ADDCCloningExcludedApplicationListcmdlet before the New- ADDCCloneConfigFilecmdlet because if the New-ADDCCloneConfigFilecmdlet detects an excluded application, it will not create a DCCloneConfig.xml file. To identify applications or services that run on a source domain controller which have not been evaluated for cloning Get-ADDCCloningExcludedApplicationList

Get-ADDCCloningExcludedApplicationList -GenerateXml

 

The clone domain controller will be located in the same site as the source domain controller unless a different site is specified in the DCCloneConfig.xml file.

Note:

The Get-ADDCCloningExcludedApplicationListcmdlet searches the local domain controller for programs and services in the installed programs database, the services control manager that are not specified in the default and user defined inclusion list. The applications in the resulting list can be added to the user defined exclusion list if they are determined to support cloning. If the applications are not cloneable, they should be removed from the source domain controller before the clone media is created. Any application that appears in cmdlet output and is not included in the user defined inclusion list will force cloning to fail.

The Get-ADDCCloningExcludedApplicationListcmdlet needs to be run before the New- ADDCCloneConfigFilecmdlet is used because if the New-ADDCCloneConfigFilecmdlet detects an excluded application, it will not create a DCCloneConfig.xml file. DCCloneConfig.xml is an XML configuration file that contains all of the settings the cloned DC will take when it boots. This includes network settings, DNS, WINS, AD site name, new DC name and more. This file can be generated in a few different ways.

 

The New-ADDCCloneConfigcmdlet in PowerShell

By hand with an XML editor

By editing an existing config file, again with an XML editor (Notepad is not an XML editor.)

 

clip_image006

clip_image008

clip_image010

 

You can populate the XML file. . . . . doesn’t need to be empty. . . . .

 

clip_image012

clip_image014

 

http://technet.microsoft.com/en-us/library/hh831734.aspx

http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in-active-directory-domain-services-in-windows-server-2012-part-13-domain-controller-cloning.aspx

 

 

QUESTION 192

HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.

 

Server1 has the following BitLocker Drive Encryption (BitLocker) settings:

 

clip_image016

 

You need to ensure that drive D will unlock
automatically when Server1 restarts. What command should you run?

 

To answer, select the appropriate options in the answer area.

 

clip_image017

 

Correct Answer:

clip_image018

 

 

QUESTION 193

Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2. Both servers have the File and Storage Services server role, the DFS Namespace role service, and the DFS Replication role service installed.

 

Server1 and Server2 are part of a Distributed File System (DFS) Replication group named Group1. Server1 and Server2 are connected by using a high-speed LAN connection.

 

You need to minimize the amount of processor resources consumed by DFS Replication.

 

What should you do?

 

A.

Modify the replication schedule.

B.

Modify the staging quota.

C.

Disable Remote Differential Compression (RDC).

D.

Reduce the bandwidth usage.

 

Correct Answer: C

Explanation:

Because disabling RDC can help conserve disk input/output (I/O) and CPU resources, you might want to disable RDC on a connection if the sending and receiving members are in a local area network (LAN), and bandwidth use is not a concern. However, in a LAN environment where bandwidth is contended, RDC can be beneficial when transferring large files.

Question tells it uses a high-speed LAN connection.

http://technet.microsoft.com/en-us/library/cc758825%28v=ws.10%29.aspx

http://technet.microsoft.com/en-us/library/cc754229.aspx

 

 

 

 

 

 

 

 

 

 

QUESTION 194

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.

 

All sales users have laptop computers that run Windows 8. The sales computers are joined to the domain. All user accounts for the sales department are in an organizational unit (OU) named Sales_OU.

 

A Group Policy object (GPO) named GPO1 is linked to Sales_OU.

 

You need to configure a dial-up connection for all of the sales users.

 

What should you configure from User Configuration in GPO1?

 

A.

Policies/Administrative Templates/Network/Windows Connect Now

B.

Preferences/Control Panel Settings/Network Options

C.

Policies/Administrative Templates/Windows Components/Windows Mobility Center

D.

Policies/Administrative Templates/Network/Network Connections

 

Correct Answer: B

Explanation:

The Network Options extension allows you to centrally create, modify, and delete dial-up networking and virtual private network (VPN) connections. Before you create a network option preference item, you should review the behavior of each type of action possible with the extension.

 

clip_image019

 

To create a new Dial-Up Connection preference item

 

Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit. In the console tree under Computer Configuration or User Configuration, expand the Preferences folder, and then expand the Control Panel Settings folder. Right-click the Network Options node, point to New, and select Dial-Up Connection.

http://technet.microsoft.com/en-us/library/cc772107.aspx

http://technet.microsoft.com/en-us/library/cc772107.aspx

http://technet.microsoft.com/en-us/library/cc772449.aspx

 

 

QUESTION 195

Your network contains an Active Directory domain named contoso.com.

 

A user named User1 creates a central store and opens the Group Policy Management Editor as shown in the exhibit. (Click the Exhibit button.)

 

clip_image021

 

You need to ensure that the default Administrative Templates appear in GPO1.

 

What should you do?

 

A.

Link a WMI filter to GPO1.

B.

Copy files from %Windir%\Policydefinitions to the central store.

C.

Configure Security Filtering in GPO1.

D.

Add User1 to the Group Policy Creator Owners group.

 

Correct Answer: B

Explanation:

In earlier operating systems, all the default Administrative Template files are added to the ADM folder of a Group Policy object (GPO) on a domain controller. The GPOs are stored in the SYSVOL folder. The SYSVOL folder is automatically replicated to other domain controllers in the same domain. A policy file uses approximately 2 megabytes (MB) of hard disk space. Because each domain controller stores a distinct version of a policy, replication traffic is increased.

 

In Group Policy for Windows Server 2008 and Windows Vista, if you change Administrative template policy settings on local computers, Sysvol will not be automatically updated with the new .admX or .admL files. This change in behavior is implemented to reduce network load and disk storage requirements, and to prevent conflicts between .admX files and.admL files when edits to Administrative template policy settings are made across different locales. To make sure that any local updates are reflected in Sysvol, you must manually copy the updated .admX or .admL files from the PolicyDefinitions file on the local computer to the Sysvol\PolicyDefinitions folder on the appropriate domain controller.

 

To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain.

 

To create a Central Store for .admx and .adml files, create a folder that is named PolicyDefinitions in the following location:

\\FQDN\SYSVOL\FQDN\policies

 

http://support.microsoft.com/kb/929841

 

 

QUESTION 196

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.

 

Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DL1.

 

You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder 1.

 

You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages.

 

What should you do?

 

A.

From File Explorer, modify the Classification tab of Folder1.

B.

From the File Server Resource Manager console, modify the Email Notifications settings.

C.

From the File Server Resource Manager console, set a folder management property.

D.

From File Explorer, modify the Customize tab of Folder1.

 

Correct Answer: C

Explanation:

http://technet.microsoft.com/en-us/library/jj574182.aspx#BKMK_12

When using the email model each of the file shares, you can determine whether access requests to each file share will be received by the administrator, a distribution list that represents the file share owners, or both.

 

You can use the File Server Resource Manager console to configure the owner distribution list by editing the management properties of the classification properties.

 

 

 

 

QUESTION 197

HOTSPOT

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains two Active Directory sites named Site1 and Site2.

 

You plan to deploy a read-only domain controller (RODC) named DC10 to Site2. You pre- create the DC10 domain controller account by using Active Directory Users and Computers.

 

You need to identify which domain controller will be used for initial replication during the promotion of the RODC.

 

Which tab should you use to identify the domain controller?

 

To answer, select the appropriate tab in the answer area.

 

clip_image023

 

Correct Answer:

clip_image025

 

 

QUESTION 198

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.

 

An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.

 

You make a change to GPO1.

 

You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort.

 

Which tool should you use?

 

A.

The Secedit command

B.

The Invoke-GpUpdate cmdlet

C.

Group Policy Object Editor

D.

Server Manager

 

Correct Answer: B

Explanation:

Invoke-GPUpdate

Schedule a remote Group Policy refresh (gpupdate) on the specified computer.

Applies To: Windows Server 2012 R2

The Invoke-GPUpdate cmdlet refreshes Group Policy settings, including security settings that are set on remote computers by scheduling the running of the Gpupdate command on a remote computer. You can combine this cmdlet in a scripted fashion to schedule the Gpupdate command on a group of computers.

The refresh can be scheduled to immediately start a refresh of policy settings or wait for a specified period of time, up to a maximum of 31 days. To avoid putting a load on the network, the refresh times will be offset by a random delay.

 

Note:

Group Policy is a complicated infrastructure that enables you to apply policy settings to remotely configure a computer and user experience within a domain. When the Resultant Set of Policy settings does not conform to your expectations, a best practice is to first verify that the computer or user has received the latest policy settings. In previous versions of Windows, this was accomplished by having the user run GPUpdate.exe on their computer. With Windows Server 2012 R2 and Windows 8, you can remotely refresh Group Policy settings for all computers in an organizational unit (OU) from one central location by using the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdate Windows PowerShell cmdlet to refresh Group Policy for a set of computers, including computers that are not within the OU structure–for example, if the computers are located in the default computers container.

The remote Group Policy refresh updates all Group Policy settings, including security settings that are set on a group of remote computers, by using the functionality that is added to the context menu for an OU in the Group Policy Management Console (GPMC). When you select an OU to remotely refresh the Group Policy settings on all the computers in that OU, the following operations happen:

An Active Directory query returns a list of all computers that belong to that OU. For each computer that belongs to the selected OU, a WMI call retrieves the list of signed in users.

A remote scheduled task is created to run GPUpdate.exe /force for each signed in user and once for the computer Group Policy refresh. The task is scheduled to run with a random delay of up to 10 minutes to decrease the load on the network traffic. This random delay cannot be configured when you use the GPMC, but you can configure the random delay for the scheduled task or set the scheduled task to run immediately when you use the Invoke-GPUpdate cmdlet.

 

Reference: Force a Remote Group Policy Refresh (GPUpdate)

 

 

QUESTION 199

HOTSPOT

Your network contains a RADIUS server named Admin1.

 

You install a new server named Server2 that runs Windows Server 2012 R2 and has Network Policy Server (NPS) installed.

 

You need to ensure that all accounting requests for Server2 are forwarded to Admin1.

 

On Server2, you create a new remote RADIUS server group named Group1 that contains Admin1.

 

What should you configure next on Server2?

To answer, select the appropriate node in the answer area.

 

clip_image027

 

Correct Answer:

clip_image029

 

 

 

 

 

 

 

QUESTION 200

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.

< font face="Arial"> 

You enable and configure Routing and Remote Access (RRAS) on Server1.

 

You create a user account named User1.

 

You need to ensure that User1 can establish VPN connections to Server1.

 

What should you do?

 

A.

Modify the members of the Remote Management Users group.

B.

Add a RADIUS client.

C.

Modify the Dial-in setting of User1.

D.

Create a connection request policy.

 

Correct Answer: C

Explanation:

Access permission is also granted or denied based on the dial-in properties of each user account.

http://technet.microsoft.com/en-us/library/cc772123.aspx

 

Free VCE & PDF File for Microsoft 70-411 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…