QUESTION 91
Hotspot Question
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2 and are configured as DNS servers. All DNS zones are Active Directory-integrated. Active Directory Recycle Bin is enabled.
You need to modify the amount of time deleted objects are retained in the Active Directory Recycle Bin.
Which naming context should you use?
To answer, select the appropriate naming context in the answer area.
Answer:
Explanation:
http://technet.microsoft.com/en-us/library/dd392260%28v=ws.10%29.aspx
QUESTION 92
Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers. The domain controllers are configured as shown in the following table.
The network contains a server named Server1 that has the Hyper-V server role installed. DC6 is a virtual machine that is hosted on Server1.
You need to ensure that you can clone DC6.
What should you do?
A. Transfer the schema master to DC6.
B. Transfer the schema master to DC4.
C. Transfer the PDC emulator to DC2.
D. Transfer the PDC emulator to DC5.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/hh831734.aspx#steps_deploy_vdc
QUESTION 93
Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2012 R2.
You need to create a custom Active Directory application partition.
Which tool should you use?
A. Dsadd
B. Dsmod
C. Netdom
D. Ntdsutil
Answer: D
Explanation:
* To create or delete an application directory partition
1. Open Command Prompt.
2. Type:
ntdsutil
3. At the ntdsutil command prompt, type:
domain management
4. At the domain management command prompt, type:
connection
5. At the server connections command prompt, type:
connect to server ServerName
6. At the server connections command prompt, type:
quit
7. At the domain management command prompt, do one of the following:
To create an application directory partition, type:
create nc ApplicationDirectoryPartition DomainController o To delete an application directory partition, type:
delete nc ApplicationDirectoryPartition
* partition management
Manages directory partitions for Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS).
This is a subcommand of Ntdsutil and Dsmgmt. Ntdsutil and Dsmgmt are command-line tools that are built into Windows Server 2008 and Windows Server 2008 R2.
/ partition management create nc %s1 %s2
Creates the application directory partition with distinguished name %s1, on the Active Directory domain controller or AD LDS instance with full DNS name %s2. If you specify "NULL" for %s2, this command uses the currently connected Active Directory domain controller. Use this command only with AD DS. For AD LDS, use create nc %s1 %s2 %s3.
Note:
* An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the replication of a particular application directory partition hosts a replica of that partition.
QUESTION 94
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two servers.
The servers are configured as shown in the following table.
Server1 and Server2 host a load-balanced website named Web1. Web1 runs by using an application pool named WebApp1. WebApp1 uses a group Managed Service Account named gMSA1 as its identity. Domain users connect to Web1 by using either the name webl.contoso.com or the alias myweb.contoso.com.
You discover the following:
– When the users access Web1 by using webl.contoso.com, they authenticate by using Kerberos.
– When the users access Web1 by using myweb.contoso.com, they authenticate by using NTLM.
You need to ensure that the users can authenticate by using Kerberos when they connect by using myweb.contoso.com.
What should you do?
A. Modify the properties of the WebApp1 application pool.
B. Run the Add-ADComputerServiceAccount cmdlet.
C. Modify the properties of the Web1 website.
D. Modify the properties of the gMSA1 service account.
Answer: B
Explanation:
The Add-ADComputerServiceAccount cmdlet adds one or more computer service accounts to an Active Directory computer.
The Computer parameter specifies the Active Directory computer that will host the new service accounts.
Reference: Add-ADComputerServiceAccount
QUESTION 95
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
Server1 hosts 10 virtual machines. A virtual machine named VM1 runs Windows Server 2012 R2 and hosts a processor-intensive application named Appl.
Users report that App1 responds more slowly than expected.
You need to monitor the processor usage on VM1 to identify whether changes must be made to the hardware settings of VM1.
Which performance object should you monitor on Server1?
A. Processor
B. Hyper-V Hypervisor Virtual Processor
C. Hyper-V Hypervisor Root Virtual Processor
D. Process
E. Hyper-V Hypervisor Logical Processor
Answer: B
QUESTION 96
Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers named DC1, DC2, DC3, DC4, DC5, and DC6. Each domain controller has the DNS Server server role installed and hosts an Active Directory-integrated zone for contoso.com. You plan to create a new Active Directory-integrated zone named litwareinc.com that will be used for testing.
You need to ensure that the new zone will be available only on DC5 and DC6.
What should you do first?
A. Create an application directory partition.
B. Change the zone replication scope.
C. Create an Active Directory connection object.
D. Create an Active Directory site link.
Answer: A
Explanation:
A. A partition is a data structure in AD DS that distinguishes data for different replication purposes. When you create an application directory partition for DNS, you can control the scope of replication for the zone that is stored in that partition
http://technet.microsoft.com/en-us/library/cc754292.aspx
QUESTION 97
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
You pre-create a read-only domain controller (P.QDC) account named RODC1.
You export the settings of RODC1 to a file named Filel.txt.
You need to promote RODC1 by using Filel.txt.
Which tool should you use?
A. The Install-WindowsFeature cmdlet
B. The Add-WindowsFeature cmdlet
C. The Dism command
D. The Install-ADDSDomainController cmdlet
E. the Dcpromo command
Answer: E
Explanation:
http://technet.microsoft.com/en-us/library/jj574152.aspx "If you have experience creating read-only domain controllers, you will discover that the installation wizard has the same graphical interface as seen when using the older Active Directory Users and Computers snap-in from Windows Server 2008 and uses the same code, which includes exporting the configuration in the unattend file format used by the obsolete dcpromo." "The Summary dialog enables you to confirm your settings. This is the last opportunity to stop the installation before the wizard creates the staged account. Click Next when you are ready to create the staged RODC computer account. Click Export Settings to save an answer file in the obsolete dcpromo unattend file format."
QUESTION 98
How to configure IIS to change the authentication (kerberos or ntlm)
A. cscript adsutil.vbs set w3svc/WebSite/root/NTAuthenticationProviders "Negotiate,NTLM"
B. .
C. .
D. .
Answer: A
Explanation:
http://support.microsoft.com/kb/215383/en-us
QUESTION 99
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named dcl.contoso.com.
You discover that the Default Domain Policy Group Policy objects (GPOs) and the Default Domain Controllers Policy GPOs were deleted.
You need to recover the Default Domain Policy and the Default Domain Controllers Policy GPOs.
What should you run?
A. dcgpofix.exe /target:domain
B. gpfixup.exe /dc:dc1.contoso.com
C. dcgpofix.exe /target:both
D. gptixup.exe /oldnb:contoso /newnb:dc1
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/hh875588(v=ws.10).aspx
QUESTION 100
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the DHCP Server server role installed. The network contains 400 client computers that run Windows 8. All of the client computers are joined to the domain and are configured DHCP clients.
You install a new server named Server2 that runs Windows Server 2012 R2. On Server2, you install the Network Policy Server role service and you configure Network Access Protection (NAP) to use the DHCP enforcement method.
You need to ensure that Server1 only provides a valid default gateway to computers that pass the system health validation.
Which two actions should you perform?
(Each correct answer presents part of the solution. Choose two.)
A. From the DHCP console, configure the 016 Swap Server option.
B. From the DHCP console, create a new policy.
C. From the NAP Client Configuration console, enable the DHCP Quarantine Enforcement Client.
D. From the DHCP console, enable NAP on all scopes.
E. From Server Manager, install the Network Policy Server role service.
Answer: DE
Explanation:
D: The administrator must define the following settings on the NAP DHCP server:
/ (D) NAP-enabled scopes: In order to use a DHCP scope with NAP, you must enable it specifically for NAP in scope properties under NAP settings.
/ Default NAP class: You must configure any required scope options for computers that are noncompliant with health requirements. A default gateway is not provided to noncompliant computers regardless of whether the 003 Router option is configured here. / Remote RADIUS server groups: If connection requests are forwarded from the DHCP server to a NAP health policy server on another computer, you must configure the NPS service on the NAP DHCP server to forward connection requests to the NAP health policy server. This setting is not required if the NAP DHCP server is also the NAP health policy server. / Default user class: You must configure any required scope options for computers that are compliant with health requirements.
: The NAP DHCP server is a server running Windows Server 2008 or Windows Server 2008 R2 (or Windows 2012) with the DHCP server role installed and running. Additionally, if this server is not also the NAP health policy server, it must have the NPS role service installed (E), running, and configured to forward connection requests to the NAP health policy server. The NAP DHCP server restricts noncompliant client access by providing a limited IP address configuration to computers that do not meet health requirements. A limited access configuration has a subnet mask of 255.255.255.255 and no default gateway. Static host routes are provisioned to provide access to the DHCP server and any servers that have been added to remediation server groups on the NAP health policy server.
Reference: DHCP Enforcement Configuration
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html