Download Administering Windows Server 2012.70-411.PracticeTest.2018-06-23.163q.vcex

Vendor: Microsoft
Exam Code: 70-411
Exam Name: Administering Windows Server 2012
Date: Jun 23, 2018
File Size: 19 MB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAM_HUB

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2. 
The domain contains two domain controllers. The domain controllers are configured as shown in the following table. 
  
Active Directory Recycle Bin is enabled. 
You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1 an hour ago. 
You need to restore the membership of Group1. 
What should you do?
  1. Recover the items by using Active Directory Recycle Bin.
  2. Modify the Recycled attribute of Group1.
  3. Perform tombstone reanimation.
  4. Perform an authoritative restore.
Correct answer: D
Explanation:
Because removing user accounts from an Active Directory group will not send them to the Active Directory Recycle Bin, performing an authoritative restore is the best option.
Because removing user accounts from an Active Directory group will not send them to the Active Directory Recycle Bin, performing an authoritative restore is the best option.
Question 2
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1. 
You create a global group named RODC_Admins. 
You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on RODC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects. 
What should you do?
  1. From Active Directory Site and Services, configure the Security settings of the RODC1 server object.
  2. From Active Directory Sites and Services, run the Delegation of Control Wizard.
  3. From a command prompt, run the dsmgmt local roles command.
  4. From a command prompt, run the dsadd computer command.
Correct answer: C
Explanation:
RODC: using the dsmgmt.exe utility to manage local administratorsOne of the benefits of RODC is that you can add local administrators who do not have full access to the domain administration. This gives them the ability to manage the server but not add or change active directory objects unless those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt.
RODC: using the dsmgmt.exe utility to manage local administrators
One of the benefits of RODC is that you can add local administrators who do not have full access to the domain administration. This gives them the ability to manage the server but not add or change active directory objects unless those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt.
Question 3
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. 
You create an Active Directory snapshot of DC1 each day.  
You need to view the contents of an Active Directory snapshot from two days ago. 
What should you do first?
  1. Run the dsamain.exe command.
  2. Stop the Active Directory Domain Services (AD DS) service.
  3. Start the Volume Shadow Copy Service (VSS).
  4. Run the ntdsutil.exe command.
Correct answer: A
Explanation:
Dsamain.exe exposes Active Directory data that is stored in a snapshot or backup as a Lightweight Directory Access Protocol (LDAP) server. Reference: http://technet.microsoft.com/en-us/library/cc772168.aspx
Dsamain.exe exposes Active Directory data that is stored in a snapshot or backup as a Lightweight Directory Access Protocol (LDAP) server. 
Reference: http://technet.microsoft.com/en-us/library/cc772168.aspx
Question 4
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. 
In a remote site, a support technician installs a server named DC10 that runs Windows Server 2012 R2. DC10 is currently a member of a workgroup. 
You plan to promote DC10 to a read-only domain controller (RODC). 
You need to ensure that a user named Contoso\User1 can promote DC10 to a RODC in the contoso.com domain. The solution must minimize the number of permissions assigned to User1. 
What should you do?
  1. From Active Directory Users and Computers, run the Delegation of Control Wizard on the contoso.com domain object.
  2. From Active Directory Administrative Center, pre-create an RODC computer account.
  3. From Ntdsutil, run the local roles command.
  4. Join DC10 to the domain. Run dsmod and specify the /server switch.
Correct answer: B
Explanation:
A staged read only domain controller(RODC) installation works in two discrete phases:Staging an unoccupied computer account Attaching an RODC to that account during promotion Install a Windows Server 2012 R2 Active Directory Read-Only Domain Controller (RODC).
A staged read only domain controller(RODC) installation works in two discrete phases:
  • Staging an unoccupied computer account 
  • Attaching an RODC to that account during promotion 
Install a Windows Server 2012 R2 Active Directory Read-Only Domain Controller (RODC).
Question 5
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs. 
You have two GPOs linked to an organizational unit (OU) named OU1. 
You need to change the precedence order of the GPOs. 
What should you use?
  1. Dcgpofix
  2. Get-GPOReport
  3. Gpfixup
  4. Gpresult
  5. Gpedit. msc
  6. Import-GPO
  7. Restore-GPO
  8. Set-GPInheritance
  9. Set-GPLink
  10. Set-GPPermission
  11. Gpupdate
  12. Add-ADGroupMember
Correct answer: I
Explanation:
The Set-GPLinkcmdlet sets the properties of a GPO link. You can set the following properties:Enabled. If the GPO link is enabled, the settings of the GPO are applied when Group Policy is processed for the site, domain or OU. Enforced. If the GPO link is enforced, it cannot be blocked at a lower-level (in the Group Policy processing hierarchy) container. Order. The order specifies the precedence that the settings of the GPO take over conflicting settings in other GPOs that are linked (and enabled) to the same site, domain, or OU. References:http://technet.microsoft.com/en-us/library/ee461022.aspx
The Set-GPLinkcmdlet sets the properties of a GPO link. 
You can set the following properties:
  • Enabled. If the GPO link is enabled, the settings of the GPO are applied when Group Policy is processed for the site, domain or OU. 
  • Enforced. If the GPO link is enforced, it cannot be blocked at a lower-level (in the Group Policy processing hierarchy) container. 
  • Order. The order specifies the precedence that the settings of the GPO take over conflicting settings in other GPOs that are linked (and enabled) to the same site, domain, or OU. 
References:
http://technet.microsoft.com/en-us/library/ee461022.aspx
Question 6
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs. 
A network administrator accidentally deletes the Default Domain Policy GPO. 
You do not have a backup of any of the GPOs. 
You need to recreate the Default Domain Policy GPO. 
What should you use?
  1. Dcgpofix
  2. Get-GPOReport
  3. Gpfixup
  4. Gpresult
  5. Gpedit. msc
  6. Import-GPO
  7. Restore-GPO
  8. Set-GPInheritance
  9. Set-GPLink
  10. Set-GPPermission
  11. Gpupdate
  12. Add-ADGroupMember
Correct answer: A
Explanation:
Dcgpofix Restores the default Group Policy objects to their original state (that is, the default state after initial installation). Reference: http://technet.microsoft.com/en-us/library/hh875588(v=ws.10).aspx
Dcgpofix 
Restores the default Group Policy objects to their original state (that is, the default state after initial installation). 
Reference: http://technet.microsoft.com/en-us/library/hh875588(v=ws.10).aspx
Question 7
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs. 
The domain contains a top-level organizational unit (OU) for each department. A group named Group1 contains members from each department. 
You have a GPO named GPO1 that is linked to the domain. 
You need to configure GPO1 to apply settings to Group1 only. 
What should you use?
  1. Dcgpofix
  2. Get-GPOReport
  3. Gpfixup
  4. Gpresult
  5. Gpedit. msc
  6. Import-GPO
  7. Restore-GPO
  8. Set-GPInheritance
  9. Set-GPLink
  10. Set-GPPermission
  11. Gpupdate
  12. Add-ADGroupMember
Correct answer: J
Explanation:
Set-GPPermission grants a level of permissions to a security principal (user, security group, or computer) for one GPO or all the GPOs in a domain. You use the TargetName and TargetType parameters to specify a user, security group, or computer for which to set the permission level. -Replace <SwitchParameter> Specifies that the existing permission level for the group or user is removed before the new permission level is set. If a security principal is already granted a permission level that is higher than the specified permission level and you do not use the Replace parameter, no change is made. Reference: http://technet.microsoft.com/en-us/library/ee461038.aspx
Set-GPPermission grants a level of permissions to a security principal (user, security group, or computer) for one GPO or all the GPOs in a domain. You use the TargetName and TargetType parameters to specify a user, security group, or computer for which to set the permission level. 
-Replace <SwitchParameter> 
Specifies that the existing permission level for the group or user is removed before the new permission level is set. If a security principal is already granted a permission level that is higher than the specified permission level and you do not use the Replace parameter, no change is made. 
Reference: http://technet.microsoft.com/en-us/library/ee461038.aspx
Question 8
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs. 
The domain is renamed to adatum.com. 
Group Policies no longer function correctly. 
You need to ensure that the existing GPOs are applied to users and computers. You want to achieve this goal by using the minimum amount of administrative effort. 
What should you use?
  1. Dcgpofix
  2. Get-GPOReport
  3. Gpfixup
  4. Gpresult
  5. Gpedit. msc
  6. Import-GPO
  7. Restore-GPO
  8. Set-GPInheritance
  9. Set-GPLink
  10. Set-GPPermission
  11. Gpupdate
  12. Add-ADGroupMember
Correct answer: C
Explanation:
You can use the gpfixup command-line tool to fix the dependencies that Group Policy objects (GPOs) and Group Policy links in Active Directory Domain Services (AD DS) have on Domain Name System (DNS) and NetBIOS names after a domain rename operation. Reference: http://technet.microsoft.com/en-us/library/hh852336(v=ws.10).aspx
You can use the gpfixup command-line tool to fix the dependencies that Group Policy objects (GPOs) and Group Policy links in Active Directory Domain Services (AD DS) have on Domain Name System (DNS) and NetBIOS names after a domain rename operation. 
Reference: http://technet.microsoft.com/en-us/library/hh852336(v=ws.10).aspx
Question 9
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. 
You log on to Server1 by using a user account named User2. 
From the Remote Access Management Console, you run the Getting Started Wizard and you receive a warning message as shown in the exhibit.
  
You need to ensure that you can configure DirectAccess successfully. The solution must minimize the number of permissions assigned to User2. 
To which group should you add User2?
  1. Enterprise Admins
  2. Administrators
  3. Account Operators
  4. Server Operators
Correct answer: B
Explanation:
You must have privileges to create WMI filters in the domain in which you want to create the filter. Permissions can be changed by adding a user to the Administrators group. Administrators (A built-in group) After the initial installation of the operating system, the only member of the group is the Administrator account. When a computer joins a domain, the Domain Admins group is added to the Administrators group. When a server becomes a domain controller, the Enterprise Admins group also is added to the Administrators group. The Administrators group has built-in capabilities that give its members full control over the system. The group is the default owner of any object that is created by a member of the group. This example logs in as a test user who is not a domain user or an administrator on the server. This results in the error specifying that DA can only be configured by a user with local administrator permissions. References:http://technet.microsoft.com/en-us/library/cc780416(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc775497(v=ws.10).aspx
You must have privileges to create WMI filters in the domain in which you want to create the filter. Permissions can be changed by adding a user to the Administrators group. 
Administrators (A built-in group) 
After the initial installation of the operating system, the only member of the group is the Administrator account. When a computer joins a domain, the Domain Admins group is added to the Administrators group. When a server becomes a domain controller, the Enterprise Admins group also is added to the Administrators group. The Administrators group has built-in capabilities that give its members full control over the system. The group is the default owner of any object that is created by a member of the group. 
This example logs in as a test user who is not a domain user or an administrator on the server. This results in the error specifying that DA can only be configured by a user with local administrator permissions. 
References:
http://technet.microsoft.com/en-us/library/cc780416(v=ws.10).aspx 
http://technet.microsoft.com/en-us/library/cc775497(v=ws.10).aspx
Question 10
Your network contains an Active Directory domain named contoso.com. 
You need to install and configure the Web Application Proxy role service. 
What should you do?
  1. Install the Active Directory Federation Services server role and the Remote Access server role on different servers.
  2. Install the Active Directory Federation Services server role and the Remote Access server role on the same server.
  3. Install the Web Server (IIS) server role and the Application Server server role on the same server.
  4. Install the Web Server (IIS) server role and the Application Server server role on different servers.
Correct answer: A
Explanation:
Web Application Proxy is a new Remote Access role service in Windows Server® 2012 R2.    
Web Application Proxy is a new Remote Access role service in Windows Server® 2012 R2. 
  
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!