Download Administering Windows Server 2012.70-411.TestKing.2018-06-15.171q.vcex

Vendor: Microsoft
Exam Code: 70-411
Exam Name: Administering Windows Server 2012
Date: Jun 15, 2018
File Size: 20 MB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

ProfExam Discount

Demo Questions

Question 1
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. 
You run ntdsutil as shown in the exhibit.
  
You need to ensure that you can access the contents of the mounted snapshot. 
What should you do?
  1. From the snapshot context of ntdsutil, run activate instance "NTDS".
  2. From a command prompt, run dsamain.exe -dbpath c:\$snap_201204131056_volumec$\windows\ntds\ntds. dit -Idapport 389.
  3. From the snapshot context of ntdsutil, run mount {79f94f82-5926-4f44-8af0-2f56d827a57d}.
  4. From a command prompt, run dsamain.exe -dbpath c:\$snap_201204131056_volumec$\windows\ntds\ntds. dit -Idapport 33389.
Correct answer: D
Explanation:
By default, only members of the Domain Admins group and the Enterprise Admins group are allowed to view the snapshots because they contain sensitive AD DS data. If you want to access snapshot data from an old domain or forest that has been deleted, you can allow nonadministrators to access the data when you run Dsamain.exe. If you plan to view the snapshot data on a domain controller, specify ports that are different from the ports that the domain controller will use. A client starts an LDAP session by connecting to an LDAP server, called a Directory System Agent (DSA), by default on TCP port and UDP [7] port 389. The client then sends an operation request to the server, and the server sends responses in return. With some exceptions, the client does not need to wait for a response before sending the next request, and the server may send the responses in any order. All information is transmitted using Basic Encoding Rules (BER).   References:http://technet.microsoft.com/en-us/library/cc753609(v=ws.10).aspx
By default, only members of the Domain Admins group and the Enterprise Admins group are allowed to view the snapshots because they contain sensitive AD DS data. If you want to access snapshot data from an old domain or forest that has been deleted, you can allow nonadministrators to access the data when you run Dsamain.exe. 
If you plan to view the snapshot data on a domain controller, specify ports that are different from the ports that the domain controller will use. 
A client starts an LDAP session by connecting to an LDAP server, called a Directory System Agent (DSA), by default on TCP port and UDP [7] port 389. The client then sends an operation request to the server, and the server sends responses in return. With some exceptions, the client does not need to wait for a response before sending the next request, and the server may send the responses in any order. All information is transmitted using Basic Encoding Rules (BER). 
  
References:
http://technet.microsoft.com/en-us/library/cc753609(v=ws.10).aspx
Question 2
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 is backed up daily. The domain has the Active Directory Recycle Bin enabled. 
During routine maintenance, you delete 500 inactive user accounts and 100 inactive groups. One of the deleted groups is named Group1. Some of the deleted user accounts are members of some of the deleted groups. 
For documentation purposes, you must provide a list of the members of Group1 before the group was deleted. 
You need to identify the names of the users who were members of Group1 prior to its deletion. 
You want to achieve this goal by using the minimum amount of administrative effort. 
What should you do first?
  1. Mount the most recent Active Directory backup.
  2. Reactivate the tombstone of Group1.
  3. Perform an authoritative restore of Group1.
  4. Use the Recycle Bin to restore Group1.
Correct answer: A
Explanation:
The Active Directory Recycle Bin does not have the ability to track simple changes to objects.  If the object itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the future. In other words, there is no rollback capacity for changes to object properties, or, in other words, to the values of these properties.
The Active Directory Recycle Bin does not have the ability to track simple changes to objects.  
If the object itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the future. In other words, there is no rollback capacity for changes to object properties, or, in other words, to the values of these properties.
Question 3
Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers. The domain controllers are configured as shown in the following table. 
  
The network contains a server named Server1 that has the Hyper-v server role installed. DC6 is a virtual machine that is hosted on Server1. 
You need to ensure that you can clone DC6. 
Which FSMO role should you transfer to DC2?
  1. Rid master
  2. Domain naming master
  3. PDC emulator
  4. Infrastructure master
Correct answer: C
Explanation:
The clone domain controller uses the security context of the source domain controller (the domain controller whose copy it represents) to contact the Windows Server 2012 R2 Primary Domain Controller (PDC) emulator operations master role holder (also known as flexible single master operations, or FSMO). The PDC emulator must be running Windows Server 2012 R2, but it does not have to be running on a hypervisor. Reference:http://technet.microsoft.com/en-us/library/hh831734.aspx
The clone domain controller uses the security context of the source domain controller (the domain controller whose copy it represents) to contact the Windows Server 2012 R2 Primary Domain Controller (PDC) emulator operations master role holder (also known as flexible single master operations, or FSMO). The PDC emulator must be running Windows Server 2012 R2, but it does not have to be running on a hypervisor. 
Reference:
http://technet.microsoft.com/en-us/library/hh831734.aspx
Question 4
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed. 
Server1 has a folder named Folder1 that is used by the human resources department. 
You need to ensure that an email notification is sent immediately to the human resources manager when a user copies an audio file or a video file to Folder1. 
What should you configure on Server1?
  1. a storage report task
  2. a file screen exception
  3. a file screen
  4. a file group
Correct answer: C
Explanation:
Create file screens to control the types of files that users can save, and generate notifications when users attempt to save unauthorized files. With File Server Resource Manager (FSRM) you can create file screens that prevent users from saving unauthorized files on volumes or folders. File Screen Enforcement:You can create file screens to prevent users from saving unauthorized files on volumes or folders. There are two types of file screen enforcement: active and passive enforcement. Active file screen enforcement does not allow the user to save an unauthorized file. Passive file screen enforcement allows the user to save the file, but notifies the user that the file is not an authorized file. You can configure notifications, such as events logged to the event log or e-mails sent to users and administrators, as part of active and passive file screen enforcement.
Create file screens to control the types of files that users can save, and generate notifications when users attempt to save unauthorized files. 
With File Server Resource Manager (FSRM) you can create file screens that prevent users from saving unauthorized files on volumes or folders. 
File Screen Enforcement:
You can create file screens to prevent users from saving unauthorized files on volumes or folders. There are two types of file screen enforcement: active and passive enforcement. Active file screen enforcement does not allow the user to save an unauthorized file. Passive file screen enforcement allows the user to save the file, but notifies the user that the file is not an authorized file. You can configure notifications, such as events logged to the event log or e-mails sent to users and administrators, as part of active and passive file screen enforcement.
Question 5
Your network contains an Active Directory domain named contoso.com. The domain contains five servers. The servers are configured as shown in the following table. 
  
All desktop computers in contoso.com run Windows 8 and are configured to use BitLocker Drive Encryption (BitLocker) on all local disk drives. 
You need to deploy the Network Unlock feature. The solution must minimize the number of features and server roles installed on the network. 
To which server should you deploy the feature?
  1. Server1
  2. Server2
  3. Server3
  4. Server4
  5. Server5
Correct answer: E
Explanation:
The BitLocker Network Unlock feature will install the WDS role if it is not already installed. If you want to install it separately before you install BitLocker Network Unlock you can use Server Manager or Windows PowerShell. To install the role using Server Manager, select the Windows Deployment Services role in Server Manager.
The BitLocker Network Unlock feature will install the WDS role if it is not already installed. If you want to install it separately before you install BitLocker Network Unlock you can use Server Manager or Windows PowerShell. To install the role using Server Manager, select the Windows Deployment Services role in Server Manager.
Question 6
Your network contains an Active Directory domain named contoso.com. The Active Directory Recycle bin is enabled for contoso.com. 
A support technician accidentally deletes a user account named User1. You need to restore the User1 account. 
Which tool should you use?
  1. Ldp
  2. Esentutl
  3. Active Directory Administrative Center
  4. Ntdsutil
Correct answer: C
Question 7
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2. 
The domain contains two domain controllers. The domain controllers are configured as shown in the following table. 
  
Active Directory Recycle Bin is enabled. 
You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1 an hour ago. 
You need to restore the membership of Group1. 
What should you do?
  1. Recover the items by using Active Directory Recycle Bin.
  2. Modify the Recycled attribute of Group1.
  3. Perform tombstone reanimation.
  4. Perform an authoritative restore.
Correct answer: D
Explanation:
Because removing user accounts from an Active Directory group will not send them to the Active Directory Recycle Bin, performing an authoritative restore is the best option.
Because removing user accounts from an Active Directory group will not send them to the Active Directory Recycle Bin, performing an authoritative restore is the best option.
Question 8
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1. 
You create a global group named RODC_Admins. 
You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on RODC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects. 
What should you do?
  1. From Active Directory Site and Services, configure the Security settings of the RODC1 server object.
  2. From Active Directory Sites and Services, run the Delegation of Control Wizard.
  3. From a command prompt, run the dsmgmt local roles command.
  4. From a command prompt, run the dsadd computer command.
Correct answer: C
Explanation:
RODC: using the dsmgmt.exe utility to manage local administratorsOne of the benefits of RODC is that you can add local administrators who do not have full access to the domain administration. This gives them the ability to manage the server but not add or change active directory objects unless those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt.
RODC: using the dsmgmt.exe utility to manage local administrators
One of the benefits of RODC is that you can add local administrators who do not have full access to the domain administration. This gives them the ability to manage the server but not add or change active directory objects unless those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt.
Question 9
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. 
You create an Active Directory snapshot of DC1 each day.  
You need to view the contents of an Active Directory snapshot from two days ago. 
What should you do first?
  1. Run the dsamain.exe command.
  2. Stop the Active Directory Domain Services (AD DS) service.
  3. Start the Volume Shadow Copy Service (VSS).
  4. Run the ntdsutil.exe command.
Correct answer: A
Explanation:
Dsamain.exe exposes Active Directory data that is stored in a snapshot or backup as a Lightweight Directory Access Protocol (LDAP) server. Reference: http://technet.microsoft.com/en-us/library/cc772168.aspx
Dsamain.exe exposes Active Directory data that is stored in a snapshot or backup as a Lightweight Directory Access Protocol (LDAP) server. 
Reference: http://technet.microsoft.com/en-us/library/cc772168.aspx
Question 10
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. 
In a remote site, a support technician installs a server named DC10 that runs Windows Server 2012 R2. DC10 is currently a member of a workgroup. 
You plan to promote DC10 to a read-only domain controller (RODC). 
You need to ensure that a user named Contoso\User1 can promote DC10 to a RODC in the contoso.com domain. The solution must minimize the number of permissions assigned to User1. 
What should you do?
  1. From Active Directory Users and Computers, run the Delegation of Control Wizard on the contoso.com domain object.
  2. From Active Directory Administrative Center, pre-create an RODC computer account.
  3. From Ntdsutil, run the local roles command.
  4. Join DC10 to the domain. Run dsmod and specify the /server switch.
Correct answer: B
Explanation:
A staged read only domain controller(RODC) installation works in two discrete phases:Staging an unoccupied computer account Attaching an RODC to that account during promotion Install a Windows Server 2012 R2 Active Directory Read-Only Domain Controller (RODC).
A staged read only domain controller(RODC) installation works in two discrete phases:
  • Staging an unoccupied computer account 
  • Attaching an RODC to that account during promotion 
Install a Windows Server 2012 R2 Active Directory Read-Only Domain Controller (RODC).
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!