(New Updated) Preparing Microsoft 70-411 Exam With New 100 Percent Pass Guaranteed 70-411 Premium Braindumps (221-240)

By | February 2, 2015

How To 100% Pass 70-411 Exam: Exam 70-411 has been updated for few days, if you are preparing 70-411 exam and want to pass it exam easily, we recommend you to take the new 70-411 301q exam questions into your heart, and we PassLeader now are sharing the latest and updated 70-411 301q braindumps with VCE and PDF file, we have corrected all the new questions of our 70-411 VCE and PDF practice test and will help you 100% passing 70-411 exam.

PassLeader 70-411 Exam Dumps[15]

QUESTION 221
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server Update Services server role installed. You need to use the Group Policy object (GPO) to assign members to a computer group. Which setting should you configure in the GPO? To answer, select the appropriate setting in the answer area.
2211_thumb[1]

Answer:
2212_thumb[1]
Explanation:
Client-side targeting involves automatically assigning the computers by using either Group Policy or registry keys. Second, create the computer group in WSUS. Third, move the computers into groups by using whichever method you chose in the first step.
http://technet.microsoft.com/en-us/library/cc720433(v=ws.10).aspx

QUESTION 222
The contoso.com domain contains a a DNS server named Server1 that host a primary zone. Server2 contains a a secondary zone for the contoso.com doamin. You need to configure how long Server2 queries Server1 to renew the zone. What should you configure?

A.    Retry Interval
B.    Minimum TTL
C.    Refresh Interval
D.    Authority Record

Answer: C
Explanation:
A. The time, in seconds, a secondary server waits before retrying a failed zone transfer. Normally, this time is less than the refresh interval. The default value is 600 seconds (10 minutes).
B. The default Time-To-Live (TTL) of the zone and the maximum interval for caching negative answers to name queries. The default value is 3,600 seconds (1 hour).
C. The time, in seconds, that a secondary DNS server waits before querying its source for the zone to attempt renewal of the zone. When the refresh interval expires, the secondary DNS server requests a copy of the current SOA record for the zone from its source, which answers this request. The secondary DNS server then compares the serial number of the source server’s current SOA record (as indicated in the response) with the serial number in its own local SOA record. If they are different, the secondary DNS server requests a zone transfer from the primary DNS server. The default for this field is 900 seconds (15 minutes).
D. http://technet.microsoft.com/en-us/library/cc779148(v=ws.10).aspx

QUESTION 223
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains three member servers named Server1, Server2, and Server3. All servers run Windows Server 2012 R2 and have the Windows Server Update Services (WSUS) server role installed. Server1 and Server2 are configured as replica servers that use Server3 as an upstream server. You remove Server3 from the network. You need to ensure that WSUS on Server2 retrieves updates from Server1. The solution must ensure that Server1 and Server2 have the latest updates from Microsoft. Which command should you run on each server? To answer, select the appropriate command to run on each server in the answer area.
2231_thumb[2]

Answer:
2232_thumb[2]

QUESTION 224
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. You mount an Active Directory snapshot on DC1. You need to expose the snapshot as an LDAP server. Which tool should you use?

A.    ADSI Edit
B.    Ntdsutil
C.    Dsamain
D.    Ldp

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc753609(v=ws.10).aspx

QUESTION 225
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has a drive named E that is encrypted by using BitLocker Drive Encryption (BitLocker). A recovery key is stored on drive C. Drive E becomes locked. When you attempt to use the recovery key, you receive the following error message.
2251_thumb[3]
You need to access the data stored on drive E. What should you run first?

A.    manage-bde -protectors -get e:
B.    manage-bde -unlock e: -recoverykey c:\
C.    disable-bitlocker -mountpoint e:
D.    unlock-bitlocker -mountpoint e: -recoverykeypath c:

Answer: A
Explanation:
Manage-bde is used to turn on or turn off BitLocker, specify unlock mechanisms, update recovery methods, and unlock BitLocker-protected data drives. This command-line tool can be used in place of the BitLocker Drive Encryption Control Panel item.
http://technet.microsoft.com/en-us/library/ff829849.aspx

QUESTION 226
Your network contains an Active Directory domain named contoso.com. All user accounts reside in an organizational unit (OU) named OU1. You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU1. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop of each user. You discover that when a user deletes Link1, the shortcut is removed permanently from the desktop. You need to ensure that if a user deletes Link1, the shortcut is added to the desktop again. What should you do?

A.    Modify the Link1 shortcut preference of GPO1.
B.    Enable loopback processing in GPO1.
C.    Enforce GPO1.
D.    Modify the Security Filtering settings of GPO1.

Answer: A
Explanation:
This type of preference item provides a choice of four actions: Create, Replace, Update, and Delete. The behavior of the preference item varies with the action selected and whether the shortcut already exists.
http://technet.microsoft.com/en-us/library/cc753580.aspx
http://technet.microsoft.com/en-us/library/cc753580.aspx

QUESTION 227
Your network contains an Active Directory forest named contoso.com. The forest contains two sites named Main and Branch. The Main site contains 400 desktop computers and the Branch site contains 150 desktop computers. All of the desktop computers run Windows 8. In Main, the network contains a member server named Server1 that runs Windows Server 2012 R2. You install the Windows Server Update Services server role on Server1. You need to ensure that Windows updates obtained from Windows Server Update Services (WSUS) are the same for the computers in each site. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?

A.    From the Update Services console, create computer groups.
B.    From the Update Services console, configure the Computers options.
C.    From the Group Policy Management console, configure the Windows Update settings.
D.    From the Group Policy Management console, configure the Windows Anytime Upgrade settings.
E.    From the Update Services console, configure the Synchronization Schedule options.

Answer: C
Explanation:
Create one computer group for Main site and another group for Branch site. You can deploy Windows updates by computer group.

QUESTION 228
Your network contains an Active Directory forest named contoso.com. The domain contains three servers. The servers are configured as shown in the following table.
2281_thumb[2]
You plan to implement the BitLocker Drive Encryption (BitLocker) Network Unlock feature. You need to identify which server role must be deployed to the network to support the planned implementation. Which role should you identify?

A.    Network Policy and Access Services
B.    Volume Activation Services
C.    Active Directory Rights Management Services
D.    Windows Deployment Services

Answer: D
Explanation:
Windows Deployment Services (WDS) is a server role that enables you to remotely deploy Windows operating systems. You can use it to set up new computers by using a networkbased installation. This means that you do not have to install each operating system directly from a CD, USB drive or DVD. To use Windows Deployment Services, you should have a working knowledge of common desktop deployment technologies and networking components, including Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), and Active Directory Domain Services (AD DS). It is also helpful to understand the Preboot eXecution Environment (also known as Pre-Execution Environment).

QUESTION 229
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. You need to create an Active Directory snapshot on DC1. Which four commands should you run? To answer, move the four appropriate commands from the list of commands to the answer area and arrange them in the correct order.
2291_thumb[2]

Answer:
2292_thumb[3]
Explanation:
http://technet.microsoft.com/nl-nl/library/cc753609%28v=ws.10%29.aspx
http://mizitechinfo.wordpress.com/2013/08/13/simple-step-create-a-snapshot-of-ad-ds-in-windows-server-2012-r2-by-using-ntdsutil/

QUESTION 230
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Print1. Your company implements DirectAccess. A user named User1 frequently works at a customer’s office. The customer’s office contains a print server named Print1. While working at the customer’s office, User1 attempts to connect to Print1. User1 connects to the Print1 server in contoso.com instead of the Print1 server at the customer’s office. You need to provide User1 with the ability to connect to the Print1 server in the customer’s office. Which Group Policy option should you configure? To answer, select the appropriate option in the answer area.
2301_thumb[2]

Answer:
2302_thumb[2]


PassLeader 70-411 Exam Dumps[23]

http://www.passleader.com/70-411.html

QUESTION 231
Hotspot Question
Your network contains an Active Directory domain named contoso.com. You need to create a certificate template for the BitLocker Drive Encryption (BitLocker) Network Unlock feature. Which Cryptography setting of the certificate template should you modify? To answer, select the appropriate setting in the answer area.

2311_thumb[2]

Answer:
2312_thumb[2]

QUESTION 232
Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012 R2. The forest contains a single domain. You create a Password Settings object (PSO) named PSO1. You need to delegate the rights to apply PSO1 to the Active Directory objects in an organizational unit named OU1. What should you do?

A.    From Active Directory Users and Computers, run the Delegation of Control Wizard.
B.    From Active Directory Administrative Center, modify the security settings of PSO1.
C.    From Group Policy Management, create a Group Policy object (GPO) and link the GPO to OU1.
D.    From Active Directory Administrative Center, modify the security settings of OU1.

Answer: B
Explanation:
PSOs cannot be applied to organizational units (OUs) directly. If your users are organized into OUs, consider creating global security groups that contain the users from these Ous and then applying the newly defined finegrained password and account lockout policies to them. If you move a user from one OU to another, you must update user memberships in the corresponding global security groups. Go ahead and hit “OK” and then close out of all open windows. Now that you have created a password policy, we need to apply it to a user/group. In order to do so, you must have “write” permissions on the PSO object. We’re doing this in a lab, so I’m Domain Admin. Write permissions are not a problem : )
1. Open Active Directory Users and Computers (Start, point to Administrative Tools, and then click Active Directory Users and Computers).
2. On the View menu, ensure that Advanced Features is checked.
3. In the console tree, expand Active Directory Users and Computers\yourdomain\System\Password Settings Container.
4. In the details pane, right-click the PSO, and then click Properties.
5. Click the Attribute Editor tab.
6. Select the msDS-PsoAppliesTo attribute, and then click Edit.

QUESTION 233
Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains four domain controllers. The domain controllers are configured as shown in the following table.
2331_thumb
You open Active Directory Users and Computers on a client computer and connect to DC1. You display the members of a group named Group1 as shown in the Group1 Members exhibit. (Click the Exhibit button.)
2332_thumb[2]
When you view the properties of a user named Userl02, you receive the error message shown in the Error exhibit. (Click the Exhibit button.)
2333_thumb[2]
The error message does not display for any other members of Group1. You need to identify which domain controller causes the issue shown in the error message. Which domain controller should you identify?

A.    DC1
B.    DC2
C.    DC10
D.    DC11

Answer: B
Explanation:
The infrastructure master for a domain periodically examines the references, within its replica of the directory data, to objects not held on that domain controller. It queries a Global Catalog server for current information about the distinguished name and SID of each referenced object. If this information has changed, the infrastructure master makes the change in its local replica and also replicates the new values to other domain controllers within the domain. The error hints the object reference is not updated in Infrastructure Master of Contoso.com domain.

QUESTION 234
Your network contains an Active Directory domain named adatum. com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. All client computers run Windows 7. You need to ensure that user settings are saved to \\Server1\Users\. What should you do?

A.    From a Group Policy object (GPO), configure the Folder Redirection settings.
B.    From the properties of each user account, configure the Home folder settings.
C.    From the properties of each user account, configure the User profile settings.
D.    From a Group Policy object (GPO), configure the Drive Maps preference.

Answer: C
Explanation:
If a computer is running Windows 2000 Server or later on a network, users can store their profiles on the server. These profiles are called roaming user profiles.

QUESTION 235
Hotspot Question
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has two network adapters and is located in a perimeter network. You need to configure Server1 as a network address translation (NAT) server. Which node should you use to add the NAT routing protocol? To answer, select the appropriate node in the answer area.
2351_thumb[1]

Answer:
2352_thumb[2]

QUESTION 236
Hotspot Question
You have a server named Server5 that runs Windows Server 2012 R2. Servers has the Windows Deployment Services server role installed. You need to ensure that when client computers connect to Server5 by using PXE, the computers use an unattended file. What should you configure? To answer, select the appropriate tab in the answer area.
2361_thumb[2]

Answer:
2362_thumb[2]

QUESTION 237
Your network contains a server named Server1 that has the Network Policy and Access Services server role installed. All of the network access servers forward connection requests to Server1. You create a new network policy on Server1. You need to ensure that the new policy applies only to connection requests from Microsoft RAS servers that are located on the 192.168.0.0/24 subnet. Which two configurations should you perforin? (Each correct answer presents part of the solution. Choose two.)

A.    Set the MS-RAS Vendor ID condition to $teelHead.
B.    Set the Called Station ID constraint to 192.168.0.
C.    Set the Client IP4 Address condition to 192.168.0.0/24.
D.    Set the MS-RAS Vendor ID condition to ^311$.
E.    Set the Called Station ID constraint to 192.168.0.0/24.
F.    Set the Client IP4 Address condition to 192.168.0.

Answer: DF
Explanation:
D: MS-RAS-Vendor Matches “^311$” ) The condition means that the policy applies only when the version of the RADIUS client is ^311$, so subsequent settings in this policy apply only to RRAS machines.
F: Client IPv4 Address. Specifies the Internet Protocol (IP) version 4 address of the RADIUS client that forwarded the connection request to the NPS server.

QUESTION 238
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 is configured as a VPN server. You need to configure Server1 to perform network address translation (NAT). What should you do?

A.    From Network Connections, modify the Internet Protocol Version 6 (TCP/IPv6) setting of each network adapter.
B.    From Routing and Remote Access, add an IPv4 routing protocol.
C.    From Routing and Remote Access, add an IPv6 routing protocol.
D.    From Network Connections, modify the Internet Protocol Version 4 (TCP/IPv4) setting of each network adapter.

Answer: B
Explanation:
To configure an existing RRAS server to support both VPN remote access and NAT routing:
1. Open Server Manager.
2. Expand Roles, and then expand Network Policy and Access Services.
3. Right-click Routing and Remote Access, and then click Properties.
4. Select IPv4 Remote access Server or IPv6 Remote access server, or both.

QUESTION 239
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Remote Access server role installed. DirectAccess is implemented on Server1 by using the default configuration. You discover that DirectAccess clients do not use DirectAccess when accessing websites on the Internet. You need to ensure that DirectAccess clients access all Internet websites by using their DirectAccess connection. What should you do?

A.    Disable the DirectAccess Passive Mode policy setting in the DirectAccess Client Settings Group Policy object (GPO).
B.    Configure a DNS suffix search list on the DirectAccess clients.
C.    Enable the Route all traffic through the internal network policy setting in the DirectAccess Server Settings Group Policy object (GPO).
D.    Configure DirectAccess to enable force tunneling.

Answer: D
Explanation:
With IPv6 and the Name Resolution Policy Table (NRPT), by default, DirectAccess clients separate their intranet and Internet traffic as follows:
– DNS name queries for intranet fully qualified domain names (FQDNs) and all intranet traffic is exchanged over the tunnels that are created with the DirectAccess server or directly with intranet servers. Intranet traffic from DirectAccess clients is IPv6 traffic.
– DNS name queries for FQDNs that correspond to exemption rules or do not match the intranet namespace, and all traffic to Internet servers, is exchanged over the physical interface that is connected to the Internet. Internet traffic from DirectAccess clients is typically IPv4 traffic.
In contrast, by default, some remote access virtual private network (VPN) implementations, including the VPN client, send all intranet and Internet traffic over the remote access VPN connection. Internet-bound traffic is routed by the VPN server to intranet IPv4 web proxy servers for access to IPv4 Internet resources. It is possible to separate the intranet and Internet traffic for remote access VPN clients by using split tunneling. This involves configuring the Internet Protocol (IP) routing table on VPN clients so that traffic to intranet locations is sent over the VPN connection, and traffic to all other locations is sent by using the physical interface that is connected to the Internet. You can configure DirectAccess clients to send all of their traffic through the tunnels to the DirectAccess server with force tunneling. When force tunneling is configured, DirectAccess clients detect that they are on the Internet, and they remove their IPv4 default route. With the exception of local subnet traffic, all traffic sent by the DirectAccess client is IPv6 traffic that goes through tunnels to the DirectAccess server.

QUESTION 240
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1. You create a global group named RODC_Admins. You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on R0DC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects. What should you do?

A.    From Active Directory Users and Computers, run the Delegation of Control Wizard.
B.    From a command prompt, run the dsadd computer command.
C.    From Active Directory Users and Computers, configure the Managed By settings of the RODC1 account.
D.    From Active Directory Site and Services, configure the Security settings of the RODC1 server object.

Answer: C
Explanation:
Modify the Managed By tab of the RODC account properties in the Active Directory Users and Computers snap-in, as shown in the following figure. You can click Change to change which security principal is the delegated RODC administrator. You can choose only one security principal. Specify a security group rather than an individual user so you can control RODC administration permissions most efficiently. This method changes the managedBy attribute of the computer object that corresponds to the RODC to the SID of the security principal that you specify. This is the recommended way to specify the delegated RODC administrator account because the information is stored in AD DS, where it can be centrally managed by domain administrators.
Incorrect:
Not A: You delegate administration of a domain or organizational unit by using the Delegation of Control wizard available in the Active Directory Users and Computers snap- in.
Not B: dsadd group just adds a group to the Active Directory.


PassLeader 70-411 Exam Dumps[7]

http://www.passleader.com/70-411.html