(New Updated) 100 Percent Valid Microsoft 70-411 Braindumps From PassLeader For Free Share (41-60)
100% Pass 70-411 Guide: PassLeader now supplying the new version of 70-411 301q exam vce dumps, we ensure our exam questions are the most complete and authoritative compared with others', which will ensure your 70-411 exam 100% pass, and now we are offering the free new version VCE Player along with the VCE format 70-411 braindump, also the PDF format 70-411 301q practice test is available now, welcome to choose. QUESTION 41 Hotspot Question You have a file server named Server1 that runs Windows Server 2012 R2. A user named User1 is assigned the modify NTFS permission to a folder named C:shares and all of the subfolders of C:shares. On Server1, you open File Server Resource Manager as shown in the exhibit. (Click the Exhibit button.)
To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point. Answer:
QUESTION 42 Your network contains an Active Directory domain named contoso.com. The domain contains 30 user accounts that are used for network administration. The user accounts are members of a domain global group named Group1. You identify the security requirements for the 30 user accounts as shown in the following table.
You need to identify which settings must be implemented by using a Password Settings object (PSO) and which settings must be implemented by modifying the properties of the user accounts. What should you identify?
Answer:
QUESTION 43 Your network contains an Active Directory domain named contoso.com. The domain contains a virtual machine named Server1 that runs Windows Server 2012 R2. Server1 has a dynamically expanding virtual hard disk that is mounted to drive E. You need to ensure that you can enable BitLocker Drive Encryption (BitLocker) on drive E. Which command should you run? A. manage-bde -protectors -add c: -startup e: B. manage-bde -lock e: C. manage-bde -protectors -add e: -startupkey c: D. manage-bde -on e: Answer: D Explanation: Manage-bde: on Encrypts the drive and turns on BitLocker. Example: The following example illustrates using the -on command to turn on BitLocker for drive C and add a recovery password to the drive. manage-bde -on C: -recoverypassword QUESTION 44 Hotspot Question Your network contains 25 Web servers that run Windows Server 2012 R2. You need to configure auditing policies that meet the following requirements: - Generate an event each time a new process is created. - Generate an event each time a user attempts to access a file share. Which two auditing policies should you configure? To answer, select the appropriate two auditing policies in the answer area.
Answer:
QUESTION 45 Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. You have a Group Policy object (GPO) named GPO1 that contains hundreds of settings. GPO1 is linked to an organizational unit (OU) named OU1. OU1 contains 200 client computers. You plan to unlink GPO1 from OU1. You need to identify which GPO settings will be removed from the computers after GPO1 is unlinked from OU1. Which two GPO settings should you identify? (Each correct answer presents part of the solution. Choose two.) A. The managed Administrative Template settings B. The unmanaged Administrative Template settings C. The System Services security settings D. The Event Log security settings E. The Restricted Groups security settings Answer: AD Explanation: http://technet.microsoft.com/en-us/library/cc778402(v=ws.10).aspx http://technet.microsoft.com/en-us/library/bb964258.aspx There are two kinds of Administrative Template policy settings: Managed and Unmanaged. The Group Policy service governs Managed policy settings and removes a policy setting when it is no longer within scope of the user or computer. QUESTION 46 Your network contains an Active Directory domain named contoso.com. The domain contains an organizational unit (OU) named IT and a CU named Sales. All of the help desk user accounts are located in the IT CU. All of the sales user accounts are located in the Sales CU. The Sales CU contains a global security group named G_Sales. The IT CU contains a global security group named G_HelpDesk. You need to ensure that members of G_HelpDesk can perform the following tasks: - Reset the passwords of the sales users. - Force the sales users to change their password at their next logon. What should you do? A. Run the Set-ADFinecrainedPasswordPolicy cmdlet and specify the -identity parameter. B. Right-click the IT OU and select Delegate Control. C. Right-click the Sales OU and select Delegate Control. D. Run the Set-ADAccountPassword cmdlet and specify the -identity parameter. Answer: C Explanation: B. Wrong OU. Question asks for G_HelpDesk member to be able to delegate control of sales users/force reset C. G_HelpDesk members need to be allowed to delegate control on the Sales OU as it contains the sales users (G_Sales) http://technet.microsoft.com/en-us/library/cc732524.aspx QUESTION 47 Your network contains an Active Directory domain named contoso.com. The domain contains five servers. The servers are configured as shown in the following table.
All desktop computers in contoso.com run Windows 8 and are configured to use BitLocker Drive Encryption (BitLocker) on all local disk drives. You need to deploy the Network Unlock feature. The solution must minimize the number of features and server roles installed on the network. To which server should you deploy the feature? A. Server1 B. Server2 C. Server3 D. Server4 E. Server5 Answer: E Explanation: The BitLocker Network Unlock feature will install the WDS role if it is not already installed. If you want to install it separately before you install BitLocker Network Unlock you can use Server Manager or Windows PowerShell. To install the role using Server Manager, select the Windows Deployment Services role in Server Manager. QUESTION 48 Hotspot Question Your network contains an Active Directory domain named contoso.com. You create an organizational unit (OU) named OU1 and a Group Policy object (GPO) named GPO1. You link GPO1 to OU1. You move several file servers that store sensitive company documents to OU1. Each file server contains more than 40 shared folders. You need to audit all of the failed attempts to access the files on the file servers in OU1. The solution must minimize administrative effort. Which two audit policies should you configure in GPO1? To answer, select the appropriate two objects in the answer area.
Answer:
QUESTION 49 Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8 Enterprise. You implement a Group Policy central store. You have an application named App1. App1 requires that a custom registry setting be deployed to all of the computers. You need to deploy the custom registry setting. The solution must minimize administrator effort. What should you configure in a Group Policy object (GPO)? A. The Software Installation settings B. The Administrative Templates C. An application control policy D. The Group Policy preferences Answer: D Explanation: Group Policy preferences provide the means to simplify deployment and standardize configurations. They add to Group Policy a centralized system for deploying preferences (that is, settings that users can change later). You can also use Group Policy preferences to configure applications that are not Group Policy-aware. By using Group Policy preferences, you can change or delete almost any registry setting, file or folder, shortcut, and more. You are not limited by the contents of Administrative Template files. The Group Policy Management Editor (GPME) includes Group Policy preferences. http://technet.microsoft.com/en-us/library/gg699429.aspx http://www.unidesk.com/blog/gpos-set-custom-registry-entries-virtual-desktops-disabling-machine-password QUESTION 50 You have a file server that has the File Server Resource Manager role service installed. You open the File Server Resource Manager console as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that all of the folders in Folder1 have a 100-MB quota limit. What should you do? A. Run the Update FsrmQuotacmdlet. B. Run the Update-FsrmAutoQuotacmdlet. C. Create a new quota for Folder1. D. Modify the quota properties of Folder1. Answer: C Explanation: By using auto apply quotas, you can assign a quota template to a parent volume or folder. Then File Server Resource Manager automatically generates quotas that are based on that template. Quotas are generated for each of the existing subfolders and for subfolders that you create in the future. http://technet.microsoft.com/en-us/library/cc731577.aspx http://www.passleader.com/70-411.html QUESTION 51 You have a server named Server 1. You enable BitLocker Drive Encryption (BitLocker) on Server 1. You need to change the password for the Trusted Platform Module (TPM) chip. What should you run on Server1? A. Manage-bde.exe B. Set-TpmOwnerAuth C. bdehdcfg.exe D. tpmvscmgr.exe Answer: B Explanation: The Set-TpmOwnerAuthcmdlet changes the current owner authorization value of the Trusted Platform Module (TPM) to a new value. You can specify the current owner authorization value or specify a file that contains the current owner authorization value. If you do not specify an owner authorization value, the cmdlet attempts to read the value from the registry. Use the ConvertTo-TpmOwnerAuthcmdlet to create an owner authorization value. You can specify a new owner authorization value or specify a file that contains the new value. QUESTION 52 Your company has a main office and two branch offices. The main office is located in Seattle. The two branch offices are located in Montreal and Miami. Each office is configured as an Active Directory site. The network contains an Active Directory domain named contoso.com. Network traffic is not routed between the Montreal office and the Miami office. You implement a Distributed File System (DFS) namespace named \contoso.compublic. The namespace contains a folder named Folder1. Folder1 has a folder target in each office. You need to configure DFS to ensure that users in the branch offices only receive referrals to the target in their respective office or to the target in the main office. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. Set the Ordering method of \contoso.compublic to Random order. B. Set the Advanced properties of the folder target in the Seattle office to Last among all targets. C. Set the Advanced properties of the folder target in the Seattle office to First among targets of equal cost. D. Set the Ordering method of \contoso.compublic to Exclude targets outside of the client's site. E. Set the Advanced properties of the folder target in the Seattle office to Last among targets of equal cost. F. Set the Ordering method of \contoso.compublic to Lowest cost. Answer: CD Explanation: Exclude targets outside of the client's site In this method, the referral contains only the targets that are in the same site as the client. These same-site targets are listed in random order. If no same-site targets exist, the client does not receive a referral and cannot access that portion of the namespace. Note 1: Targets that have target priority set to "First among all targets" or "Last among all targets" are still listed in the referral, even if the ordering method is set to Exclude targets outside of the client's site. Note 2: Set the Ordering Method for Targets in Referrals A referral is an ordered list of targets that a client computer receives from a domain controller or namespace server when the user accesses a namespace root or folder with targets. After the client receives the referral, the client attempts to access the first target in the list. If the target is not available, the client attempts to access the next target. QUESTION 53 Hotspot Question Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Network Policy Server server role installed. The domain contains a server named Server2 that is configured for RADIUS accounting. Server1 is configured as a VPN server and is configured to forward authentication requests to Server2. You need to ensure that only Server2 contains event information about authentication requests from connections to Server1. Which two nodes should you configure from the Network Policy Server console? To answer, select the appropriate two nodes in the answer area.
Answer:
QUESTION 54 Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1. You make a change to GPO1. You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort. Which tool should you use? A. Group Policy Object Editor B. The Secedit command C. Group Policy Management Console (GPMC) D. Active Directory Users and Computers Answer: C Explanation: In the previous versions of Windows, this was accomplished by having the user run GPUpdate.exe on their computer. Starting with Windows Server 2012 and Windows 8, you can now remotely refresh Group Policy settings for all computers in an OU from one central location through the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdate cmdlet to refresh Group Policy for a set of computers, not limited to the OU structure, for example, if the computers are located in the default computers container. Note: Group Policy Management Console (GPMC) is a scriptable Microsoft Management Console (MMC) snap-in, providing a single administrative tool for managing Group Policy across the enterprise. GPMC is the standard tool for managing Group Policy. Incorrect: Not B: Secedit configures and analyzes system security by comparing your current configuration to at least one template. Reference: Force a Remote Group Policy Refresh (GPUpdate) QUESTION 55 Hotspot Question Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the following BitLocker Drive Encryption (BitLocker) settings:
You need to ensure that drive D will unlock automatically when Server1 restarts. What command should you run? To answer, select the appropriate options in the answer area.
Answer:
QUESTION 56 Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. All servers run Windows Server 2012 R2. You need to collect the error events from all of the servers on Server1. The solution must ensure that when new servers are added to the domain, their error events are collected automatically on Server1. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. On Server1, create a collector initiated subscription. B. On Server1, create a source computer initiated subscription. C. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting. D. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting. Answer: BC Explanation: To set up a Source-Initiated Subscription with Windows Server 2003/2008 so that events of interest from the Security event log of several domain controllers can be forwarded to an administrative workstation * Group Policy The forwarding computer needs to be configured with the address of the server to which the events are forwarded. This can be done with the following group policy setting: Computer configuration-Administrative templates-Windows components-Event forwarding-Configure the server address, refresh interval, and issue certificate authority of a target subscription manager. * Edit the GPO and browse to Computer Configuration | Policies | Administrative Templates | Windows Components | Event Forwarding - Configure the server address, refresh interval, and issuer certificate authority of a target Subscription Manager QUESTION 57 Hotspot Question Your company has two offices. The offices are located in Montreal and Seattle. The network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2. Server1 is located in the Seattle office. Server2 is located in the Montreal office. Both servers run Windows Server 2012 R2 and have the Windows Server Update Services (WSUS) server role installed. You need to configure Server2 to download updates that are approved on Server1 only. What cmdlet should you run? To answer, select the appropriate options in the answer area.
Answer:
QUESTION 58 You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed. Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DL1. You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder 1. You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages. What should you do? A. From File Explorer, modify the Classification tab of Folder1. B. From the File Server Resource Manager console, modify the Email Notifications settings. C. From the File Server Resource Manager console, set a folder management property. D. From File Explorer, modify the Customize tab of Folder1. Answer: C Explanation: To specify a separate access-denied message for a shared folder by using File Server Resource Manager. See step 3 below: -- Open File Server Resource Manager. In Server Manager, click Tools, and then click File Server Resource Manager. -- Expand File Server Resource Manager (Local), and then click Classification Management. -- Right-click Classification Properties, and then click Set Folder Management Properties. In the Property box, click Access-Denied Assistance Message, and then click Add. Click Browse, and then choose the folder that should have the custom access- denied message. In the Value box, type the message that should be presented to the users when they cannot access a resource within that folder. You can add macros to the message that will insert customized text. The macros include: uk.co.certification.simulator.d.l@24b940d8 Click OK, and then click Close. QUESTION 59 Drag and Drop Question You have a WIM file that contains an image of Windows Server 2012 R2. Recently, a technician applied a Microsoft Standalone Update Package (MSU) to the image. You need to remove the MSU package from the image. Which three actions should you perform in sequence? To answer, move the appropriate three actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
QUESTION 60 Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. A domain controller named DC1 has the ADMX Migrator tool installed. You have a custom Administrative Template file on DC1 named Template1.adm. You need to add a custom registry entry to Template1.adm by using the ADMX Migrator tool. Which action should you run first? A. New Category B. Load Template C. New Policy Setting D. Generate ADMX from ADM Answer: D Explanation: A. Done after ADMX is created, adds categories of policy settings B. Done after ADMX is created, Loads ADMX template to be edited C. Done after ADMX is created, defines new registry-based policy settings D. Coverts ADM files into ADMX (XML Format) http://technet.microsoft.com/en-us/magazine/2008.02.utilityspotlight.aspx http://www.passleader.com/70-411.html
|