QUESTION 241

You have a Direct Access Server named Server1 running Server 2012. You need to add prevent users from accessing websites from an Internet connection. What should you configure?

 

A.

Split Tunneling

B.

Security Groups

C.

Force Tunneling

D.

Network Settings

 

Correct Answer: C

 

 

QUESTION 242

Your network contains an Active Direct
ory domain named contoso.com. The domain does not contain a certification authority (CA). All servers run Windows Server 2012. All client computers run Windows 8. You need to add a data recovery agent for the Encrypting File System (EFS) to the domain. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two).

 

A.

From the Default Domain Controllers policy, select Create Data Recovery Agent.

B.

From the Default Domain Controllers policy, select Add Data Recovery Agent.

C.

From Windows PowerShell, run Get-Certificate.

D.

From the Default Domain Policy, select Add Data Recovery Agent.

E.

From a command prompt, run cipher.exe.

F.

From the Default Domain Policy, select Create Data Recovery Agent.

 

Correct Answer: DE

 

 

QUESTION 243

DRAG DROP

Your network contains an Active Directory domain named contoso.com. You have a failover cluster named Cluster1. All of the nodes in Cluster1 have BitLocker Drive Encryption (BitLocker) installed. You plan to add a new volume to the shared storage of Cluster1. You need to add the new volume to the shared storage. The solution must meet the following requirements:

 

clip_image002Encrypt the volume.

clip_image002[1]Avoid using maintenance mode on the cluster.

 

Which three actions should you perform?

 

To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.

 

clip_image003

 

Correct Answer:

clip_image004

 

 

QUESTION 244

Your network contains an Active Directory domain named contoso.com. The domain functional level in Windows Server 2008. All domain controllers run Windows Server 2008 R2. The domain contains a file server named Server1 that runs Windows Server 2012. Server1 has a BitLocker Drive Encryption (BitLocker)-encrypted drive. Server1 uses a trusted Platform Module (TPM) chip. You enable the Turn on TPM backup to Active Directory Domain Services policy setting by using a Group Policy object (GPO). You need to ensure that you can back up the BitLocker recovery information to Active Directory. What should you do?

 

A.

Upgrade a domain controller to Windows 2012.

B.

Enable the Store BitLocker recovery information in the Active Directory Services (Windows Server2008 and Windows Vista) policy settings.

C.

Raise the forest functional level to Windows 2008 R2.

D.

Add a BitLocker data recovery agent

 

Correct Answer: B

 

 

 

 

 

 

 

 

QUESTION 245

HOTSPOT

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012. The domain contains an organizational unit (OU) named FileServers_OU. FileServers_OU contains the computer accounts for all of the file servers in the domain. You need to audit the users who successfully access shares on the file servers. Which audit category should you configure?

 

To answer, select the appropriate category in the answer area.

 

clip_image006

 

Correct Answer:

clip_image008


 

 

 

 

 

 

 

QUESTION 246

Your network contains an Active Directory domain named contoso.com. The domain does not contain a certification authority (CA). All servers run Windows Server 2012. All client computers run Windows 8. You need to add a data recovery agent for the Encrypting File System (EFS) to the domain. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

 

A.

From Windows PowerShell, run Get-Certificate.

B.

From the Default Domain Controllers Policy, select Create Data Recovery Agent.

C.

From the Default Domain Policy, select Add Data Recovery Agent.

D.

From a command prompt, run cipher.exe.

E.

From the Default Domain Policy, select Create Data Recovery Agent.

F.

From the Default Domain Controllers Policy, select Add Data Recovery Agent.

 

Correct Answer: CD

 

 

QUESTION 247

Your network contains an Active Directory domain named contoso.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.

 

clip_image010

 

You are creating a Distributed File System (DFS) namespace as shown in the exhibit.

 

clip_image012

 

You need to identify which configuration prevents you from creating a DFS namespace in Windows Server 2008 mode. Which configuration should you identify?

 

A.

The location of the PDC emulator role

B.

The functional level of the domain

C.

The operating system on Server1 and Server3

D.

The location of the RID master role

 

Correct Answer: B

 

 

QUESTION 248

Your domain has contains a Windows 8 computer name Computer1 using BitLocker. The E:\ drive is encrypted and currently locked. You need to unlock the E:\ drive with the recovery key stored on C:\. What should you run?

 

A.

Unlock-BitLocker

B.

Suspend-BitLocker

C.

Enable-BitLockerAutoUnloc

D.

Disable-BitLocker

 

Correct Answer: A

 

 

QUESTION 249

On the DFS replication your receive a wrap error on the sysvol on domain controller 4. Which 3 steps should you do to recover this error in the correct order?

 

A.

Stop FSR

B.

Start FSR

C.

Edit the computer object in AD

D.

Edit the registry

E.

Stop DFSR

F.

Start DFRS

 

Correct Answer: ABD

 

 

QUESTION 250

Your network contains an Active Directory domain named contoso.com. The domain functional level is Windows Server 2008. All domain controllers run Windows Server 2008 R2. The domain contains a file server named Server1 that runs Windows Server 2012. Server1 has a BitLocker Drive Encryption (BitLocker)-encrypted drive. Server1 uses a Trusted Platform Module (TPM) chip. You enable the Turn on TPM backup to Active Directory Domain Services policy setting by using a Group Policy object (GPO). You need to ensure that you can back up the BitLocker recovery information to Active Directory. What should you do?

 

A.

Raise the forest functional level to Windows Server 2008 R2.

B.

Enable the Configure the level of TPM owner authorization information available to the operating system policy setting and set the Operating system managed TPM authentication level to None.

C.

Add a BitLocker data recovery agent.

D.

Import the TpmSchemaExtension.ldf and TpmSchemaExtensionACLChanges.ldf schema extensions to the Active Directory schema.

 

Correct Answer: D

 

Free VCE & PDF File for Microsoft 70-411 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…