(New Updated) Recently Updated New Microsoft 70-411 301q Real Exam Questions Ensure 100 Percent Pass (61-80)

100% Pass 70-411 Guide: PassLeader now supplying the new version of 70-411 301q exam vce dumps, we ensure our exam questions are the most complete and authoritative compared with others’, which will ensure your 70-411 exam 100% pass, and now we are offering the free new version VCE Player along with the VCE format 70-411 braindump, also the PDF format 70-411 301q practice test is available now, welcome to choose.

PassLeader-70-411-Exam-Dumps16

QUESTION 61
Hotspot Question
Your network contains an Active Directory named contoso.com. You have users named User1 and user2. The Network Access Permission for User1 is set to Control access through NPS Network Policy. The Network Access Permission for User2 is set to Allow access. A policy named Policy1 is shown in the Policy1 exhibit. (Click the Exhibit button.)
611_thumb1
A policy named Policy2 is shown in the Policy2 exhibit. (Click the Exhibit button.)

612_thumb4
A policy named Policy3 is shown in the Policy3 exhibit. (Click the Exhibit button.)
613_thumb1
For each of the following statements, select Yes if the statement is true. Otherwise, select No. Each correct selection is worth one point.
614_thumb1

Answer:
615_thumb3

QUESTION 62
Drag and Drop Question
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server. You need to log all DHCP clients that have windows Firewall disabled. Which three actions should you perform in sequence? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
621_thumb1

Answer:
622_thumb2
Explanation:
http://technet.microsoft.com/es-es/library/dd314198%28v=ws.10%29.aspx
http://technet.microsoft.com/es-es/magazine/2009.05.goat.aspx
http://technet.microsoft.com/es-es/library/dd314173%28v=ws.10%29.aspx
http://ripusudan.wordpress.com/2013/03/19/how-to-configure-nap-enforcement-for-dhcp/
http://technet.microsoft.com/es-es/magazine/2009.05.goat.aspx
http://technet.microsoft.com/en-us/library/dd125379%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc772356%28v=ws.10%29.aspx

QUESTION 63
Your network contains an Active Directory domain named contoso.com. You have several Windows PowerShell scripts that execute when client computers start. When a client computer starts, you discover that it takes a long time before users are prompted to log on. You need to reduce the amount of time it takes for the client computers to start. The solution must not prevent scripts from completing successfully. Which setting should you configure? To answer, select the appropriate setting in the answer area.
631_thumb1

Answer:
632_thumb1
Explanation:
Lets the system run startup scripts simultaneously rather than waiting for each to finish.
http://technet.microsoft.com/en-us/library/cc939423.aspx

QUESTION 64
Drag and Drop Question
You are a network administrator of an Active Directory domain named contoso.com. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Web Server (IIS) server role installed. Server1 will host a web site at URL https:// secure.contoso.com. The application pool identity account of the web site will be set to a domain user account named AppPool1. You need to identify the setspn.exe command that you must run to configure the appropriate Service Principal Name (SPN) for the web site. What should you run? To answer, drag the appropriate objects to the correct location. Each object may be used once, more than once, or not at all.
641_thumb1

Answer:
642_thumb1
Explanation:
Note:
* -s <SPN>
Adds the specified SPN for the computer, after verifying that no duplicates exist.
Usage: setspn -s SPN accountname
For example, to register SPN “http/daserver” for computer “daserver1”:
setspn -S http/daserver daserver1
http://technet.microsoft.com/en-us/library/cc731241(v=ws.10).aspx

QUESTION 65
Your network contains a server named Server1 that has the Network Policy and Access Services server role installed. All of the network access servers forward connection requests to Server1. You create a new network policy on Server1. You need to ensure that the new policy applies only to connection requests from the 192.168.0.0/24 subnet. What should you do?

A.    Set the Client IP4 Address condition to 192.168.0.0/24.
B.    Set the Client IP4 Address condition to 192.168.0.
C.    Set the Called Station ID constraint to 192.168.0.0/24.
D.    Set the Called Station ID constraint to 192.168.0.

Answer: B
Explanation:
Called Station ID condition specifies the network access server telephone number dialed by access client. Client IPv4 Address condition specifies the Internet Protocol (IP) version 4 address of the RADIUS client that forwarded the connection request to the NPS server.

QUESTION 66
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8 Enterprise. You implement a Group Policy central store. You have an application named Appl. Appl requires that a custom registry setting be deployed to all of the computers. You need to deploy the custom registry setting. The solution must minimize administrator effort. What should you configure in a Group Policy object (GPO)?

A.    The Administrative Templates
B.    An application control policy
C.    The Group Policy preferences
D.    Software installation setting

Answer: C
Explanation:
Group Policy preferences provide the means to simplify deployment and standardize configurations. They add to Group Policy a centralized system for deploying preferences (that is, settings that users can change later). You can also use Group Policy preferences to configure applications that are not Group Policy- aware. By using Group Policy preferences, you can change or delete almost any registry setting, file or folder, shortcut, and more. You are not limited by the contents of Administrative Template files. The Group Policy Management Editor (GPME) includes Group Policy preferences.
http://technet.microsoft.com/en-us/library/gg699429.aspx
http://www.unidesk.com/blog/gpos-set-custom-registry-entries-virtual-desktops-disabling-machine-password

QUESTION 67
Your network contains an Active Directory domain named contoso.com. The domain contains a server named NPS1 that has the Network Policy Server server role installed. All servers run Windows Server 2012 R2. You install the Remote Access server role on 10 servers. You need to ensure that all of the Remote Access servers use the same network policies. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Configure each Remote Access server to use the Routing and Remote Access service (RRAS) to authenticate connection requests.
B.    On NPS1, create a remote RADIUS server group. Add all of the Remote Access servers to the remote RADIUS server group.
C.    On NPS1, create a new connection request policy and add a Tunnel-Type and a Service-Type condition.
D.    Configure each Remote Access server to use a RADIUS server named NPS1.
E.    On NPS1, create a RADIUS client template and use the template to create RADIUS clients.

Answer: CD
Explanation:
Connection request policies are sets of conditions and settings that allow network administrators to designate which RADIUS servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting. When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the domain where the user or computer account is located. For example, if you want to forward connection requests to one or more RADIUS servers in untrusted domains, you can configure NPS as a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain. To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages.
http://technet.microsoft.com/en-us/library/cc730866(v=ws.10).aspx

QUESTION 68
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. You create an Active Directory snapshot of DC1 each day. You need to view the contents of an Active Directory snapshot from two days ago. What should you do first?

A.    Run the dsamain.exe command.
B.    Stop the Active Directory Domain Services (AD DS) service.
C.    Run the ntdsutil.exe command.
D.    Start the Volume Shadow Copy Service (VSS).

Answer: A
Explanation:
Dsamain.exe exposes Active Directory data that is stored in a snapshot or backup as a Lightweight Directory Access Protocol (LDAP) server.
http://technet.microsoft.com/en-us/library/cc772168.aspx

QUESTION 69
Your network contains an Active Directory domain named adatum.com. All domain controllers run Windows Server 2012 R2. The domain contains a virtual machine named DC2. On DC2, you run Get-ADDCCloningExcludedApplicationList and receive the output shown in the following table.
691_thumb2
You need to ensure that you can clone DC2. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
692_thumb1

A.    Option A
B.    Option B
C.    Option C
D.    Option D
E.    Option E

Answer: AE

QUESTION 70
Hotspot Question
Your network contains an Active Directory domain named contoso.com. You implement DirectAccess. You need to view the properties of the DirectAccess connection. Which connection properties should you view? To answer, select the appropriate connection properties in the answer area.
701_thumb2

Answer:
702_thumb2
Explanation:
http://technet.microsoft.com/en-us/library/jj613767.aspx


PassLeader-70-411-Exam-Dumps24

http://www.passleader.com/70-411.html

QUESTION 71
Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8.1. The network contains a shared folder named FinancialData that contains five files. You need to ensure that the FinancialData folder and its contents are copied to all of the client computers. Which two Group Policy preferences should you configure? (Each correct answer presents part of the solution. Choose two.)

A.    Shortcuts
B.    Network Shares
C.    Environment
D.    Folders
E.    Files

Answer: DE
Explanation:
Folder preference items allow you to create, update, replace, and delete folders and their contents. (To configure individual files rather than folders, see Files Extension.) Before you create a Folder preference item, you should review the behavior of each type of action possible with this extension. File preference items allow you to copy, modify the attributes of, replace, and delete files. (To configure folders rather than individual files, see Folders Extension.) Before you create a File preference item, you should review the behavior of each type of action possible with this extension.

QUESTION 72
Your network contains an Active Directory domain named contoso.com. The domain contains three servers. The servers are configured as shown in the following table.
721_thumb2
You need to ensure that end-to-end encryption is used between clients and Server2 when the clients connect to the network by using DirectAccess. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    From the Remote Access Management Console, reload the configuration.
B.    Add Server2 to a security group in Active Directory.
C.    Restart the IPSec Policy Agent service on Server2.
D.    From the Remote Access Management Console, modify the Infrastructure Servers settings.
E.    From the Remote Access Management Console, modify the Application Servers settings.

Answer: BE
Explanation:
When selecting application servers that require end-to-end encryption and authentication, it is important to note that:
* The selected end-to-end application servers must be members of one or more AD DS security groups.
* The selected end-to-end application servers must run Windows Server 2008 or later.
* The selected end-to-end application servers must be accessible via IPv6 (Native or ISATAP, not NAT64).
* The selected end-to-end application servers can be used with smart cards for an additional level of authorization.

QUESTION 73
Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012 R2. A support technician accidentally deletes a user account named User1. You need to use tombstone reanimation to restore the User1 account. Which tool should you use?

A.    Ntdsutil
B.    Ldp
C.    Esentutl
D.    Active Directory Administrative Center

Answer: D
Explanation:
http://technet.microsoft.com/nl-nl/library/dd379509(v=ws.10).aspx#BKMK_2
http://technet.microsoft.com/en-us/magazine/2007.09.tombstones.aspx
http://technet.microsoft.com/en-us/library/hh875546.aspx
http://technet.microsoft.com/en-us/library/dd560651(v=ws.10).aspx

QUESTION 74
Your network contains an Active Directory domain named contoso.com. You need to install and configure the Web Application Proxy role service. What should you do?

A.    Install the Active Directory Federation Services server role and the Remote Access server role on different servers.
B.    Install the Active Directory Federation Services server role and the Remote Access server role on the same server.
C.    Install the Web Server (IIS) server role and the Application Server server role on the same server.
D.    Install the Web Server (IIS) server role and the Application Server server role on different servers.

Answer: A
Explanation:
AD FS is required to provide authentication and authorization services to Web Application Proxy and to store the Web Application Proxy configuration. Remote Access is the role containing the Web Application Proxy role service.
http://technet.microsoft.com/en-us/library/dn383650.aspx

QUESTION 75
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. You run ntdsutil {as shown in the exhibit}. You need to ensure that you can access the contents of the mounted snapshot. What should you do?
751_thumb1

A.    From a command prompt, run dsamain.exe -dbpath c:\$snap_201204131056_volumec$\windows\ntds\ntds.dit – Idapport 33389.
B.    From a command prompt, run dsamain.exe -dbpath c:\$snap_201204131056_volumec$\windows\ntds\ntds.dit – Idapport 389.
C.    From the snapshot context of ntdsutil, run activate instance “NTDS”.
D.    From the snapshot context of ntdsutil, run mount (79f94f82-5926-4f44-8af0-2f56d827a57d).

Answer: A
Explanation:
A. Custom port needs to be defined when mounting to allow access from ADUC.
B. 389 is used as the standard ldap port.
C. Run prior to mount and after the mount run dsamain Sets NTDS or a specific AD LDS instance as the active instance.
D. mounts a specific snap shot as specified by guid, using the snapshot mounted you needs to run dsamain to start an instance of AD.
http://technet.microsoft.com/en-us/library/cc753609(v=ws.10).aspx

QUESTION 76
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1. You create a global group named RODC_Admins. You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on R0DC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects. What should you do?

A.    From Active Directory Site and Services, configure the Security settings of the RODC1 server object.
B.    From Windows PowerShell, run the Set-ADAccountControlcmdlet.
C.    From a command prompt, run the dsmgmt local roles command.
D.    From Active Directory Users and Computers, configure the Member Of settings of the RODC1 account.

Answer: C
Explanation:
RODC: using the dsmgmt.exe utility to manage local administrators One of the benefits of of RODC is that you can add local administrators who do not have full access to the domain administration. This gives them the abiltiy to manage the server but not add or change active directory objects unless those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt.

QUESTION 77
You have a server named Server1 that has the Web Server (IIS) server role installed. You obtain a Web Server certificate. You need to configure a website on Server1 to use Secure Sockets Layer (SSL). To which store should you import the certificate?
771_thumb

Answer:
772_thumb
Explanation:
http://technet.microsoft.com/en-us/library/cc740068(v=ws.10).aspx

QUESTION 78
Your network contains an Active Directory domain named contoso.com. You create a user account named User1. The properties of User1 are shown in the exhibit. (Click the Exhibit button.) You plan to use the User1 account as a service account. The service will forward authentication requests to other servers. You need to ensure that you can view the Delegation tab from the properties of the User1 account. What should you do first?
781_thumb2

A.    Modify the Security settings of User1.
B.    Modify the user principal name (UPN) of User1.
C.    Configure a Service Principal Name (SPN) for User1.
D.    Configure the Name Mappings of User1.

Answer: C
Explanation:
If you cannot see the Delegation tab, do one or both of the following:
Register a Service Principal Name (SPN) for the user account with the Setspn utility in the support tools on your CD. Delegation is only intended to be used by service accounts, which should have registered SPNs, as opposed to a regular user account which typically does not have SPNs. Raise the functional level of your domain to Windows Server 2003.
For more information: http://technet.microsoft.com/en-us/library/cc739474(v=ws.10).aspx

QUESTION 79
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. On all of the domain controllers, Windows is installed in C:\Windows and the Active Directory database is located in D:\Windows\NTDS\. All of the domain controllers have a third-party application installed. The operating system fails to recognize that the application is compatible with domain controller cloning. You verify with the application vendor that the application supports domain controller cloning. You need to prepare a domain controller for cloning. What should you do?

A.    In D:\Windows\NTDS\, create an XML file named DCCloneConfig.xml and add the application information to the file.
B.    In D:\Windows\NTDS\, create an XML file named CustomDCCloneAllowList.xml and add the application information to the file.
C.    In the root of a USB flash drive, add the application information to an XML file named DefaultDCCloneAllowList.xml.
D.    In D:\Windows\NTDS, create an XML file named DefaultDCCloneAllowList.xml and add the application information to the file.

Answer: B
Explanation:
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in-active-directory-domainservices-in-windows-server-2012-part-13-domain-controller-cloning.aspx
Place the CustomDCCloneAllowList.xml file in the same folder as the Active Directory database (ntds.dit) on the source Domain Controller.

QUESTION 80
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. On all of the domain controllers, Windows is installed in C:\Windows and the Active Directory database is located in D:\Windows\NTDS\. All of the domain controllers have a third-party application installed. The operating system fails to recognize that the application is compatible with domain controller cloning. You verify with the application vendor that the application supports domain controller cloning. You need to prepare a domain controller for cloning. What should you do?

A.    In the root of a USB flash drive, add the application information to an XML file named DefaultDCCloneAllowList.xml.
B.    In C:\Windows\system32\sysprep\actionfiles\, add the application information to an XML file named Specialize .xml.
C.    In D:\Windows\NTDS\, create an XML file named CustomDCCloneAllowList.xml and add the application information to the file.
D.    In C:\Windows\system32\sysprep\actionfiles\add the application information to an XML file named Respecialize .xml.

Answer: C
Explanation:
Place the CustomDCCloneAllowList.xml file in the same folder as the Active Directory database (ntds.dit) on the source Domain Controller.
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in-active-directory-domain-services-in-windows-server-2012-part-13-domain-controller-cloning.aspx
http://www.thomasmaurer.ch/2012/08/windows-server-2012-hyper-v-how-to-clone-a-virtual-domain-controller
http://technet.microsoft.com/en-us/library/hh831734.aspx


PassLeader-70-411-Exam-Dumps7

http://www.passleader.com/70-411.html