It is impossible to pass Microsoft 70-411 exam without any help in the short term. Come to Ucertify soon and find the most advanced, correct and guaranteed Microsoft 70-411 practice questions. You will get a surprising result by our Update Administering Windows Server 2012 practice guides.
2021 Mar 70-411 free draindumps
Q61. Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that runs Windows Server 2012 R2.
You enable and configure Routing and Remote Access (RRAS) on Server1.
You create a user account named User1.
You need to ensure that User1 can establish VPN connections to Server1.
What should you do?
A. Modify the members of the Remote Management Users group.
B. Add a RADIUS client.
C. Modify the Dial-in setting of User1.
D. Create a connection request policy.
Answer: C
Explanation:
Access permission is also granted or denied based on the dial-in properties of each user account.
http://technet.microsoft.com/en-us/library/cc772123.aspx
Q62. Your network contains an Active Directory domain named contoso.com. The domain contains three servers. The servers are configured as shown in the following table.
You need to ensure that end-to-end encryption is used between clients and Server2 when the clients connect to the network by using DirectAccess.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. From the Remote Access Management Console, reload the configuration.
B. Add Server2 to a security group in Active Directory.
C. Restart the IPSec Policy Agent service on Server2.
D. From the Remote Access Management Console, modify the Infrastructure Servers settings.
E. From the Remote Access Management Console, modify the Application Servers settings.
Answer: B,E
Explanation:
Unsure about these answers:
A public key infrastructure must be deployed.
Windows Firewall must be enabled on all profiles.
ISATAP in the corporate network is not supported. If you are using ISATAP, you should remove it and use native IPv6.
Computers that are running the following operating systems are supported as DirectAccess clients:
Windows Server. 2012 R2
Windows 8.1 Enterprise
Windows Server. 2012
Windows 8 Enterprise
Windows Server. 2008 R2
Windows 7 Ultimate
Windows 7 Enterprise
. Force tunnel configuration is not supported with KerbProxy authentication.
. Changing policies by using a feature other than the DirectAccess management console or Windows PowerShell cmdlets is not supported.
. Separating NAT64/DNS64 and IPHTTPS server roles on another server is not supported.
Q63. You have a server named Server1 that runs Windows Server 2012 R2.
An administrator creates a quota as shown in the Quota exhibit. (Click the Exhibit button.)
You run the dir command as shown in the Dir exhibit. (Click the Exhibit button.)
You need to ensure that D:\Folder1 can only consume 100 MB of disk space.
What should you do?
A. From File Server Resource Manager, create a new quota.
B. From File Server Resource Manager, edit the existing quota.
C. From the Services console, set the Startup Type of the Optimize drives service to Automatic.
D. From the properties of drive D, enable quota management.
Answer: A
Explanation:
1. In Quota Management, click the Quota Templates node.
2. In the Results pane, select the template on which you will base your new quota.
3. Right-click the template and click Create Quota from Template (or select Create Quota from Template from the Actions pane). This opens the Create Quota dialog box with the summary properties of the quota template displayed.
4. Under Quota path, type or browse to the folder that the quota will apply to.
5. Click the Create quota on path option. Note that the quota properties will apply to the entire folder.
Note: To create an auto apply quota, click the Auto apply template and create quotas on existing and new subfolders option. For more information about auto apply quotas, see Create an Auto Apply Quota.
6. Under Drive properties from this quota template, the template you used in step 2 to create your new quota is preselected (or you can select another template from the list). Note that the template's properties are displayed under Summary of quota properties.
7. Click Create.
Create a new Quota on path, without using the auto apply template and create quota on existing and new subfolders.
Reference: http: //technet.microsoft.com/en-us/library/cc755603(v=ws.10).aspx
Q64. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
Client computers run either Windows 7 or Windows 8. All of the client computers have an application named App1 installed.
The domain contains a Group Policy object (GPO) named GPO1 that is applied to all of the client computers.
You need to add a system variable named App1Data to all of the client computers.
Which Group Policy preference should you configure?
A. Environment
B. Ini Files
C. Data Sources
D. Services
Answer: A
Explanation:
Environment Variable preference items allow you to create, update, replace, and delete user and system environment variables or semicolon-delimited segments of the PATH variable. Before you create an Environment Variable preference item, you should review the behavior of each type of action possible with this extension.
Q65. Your network contains multiple Active Directory sites.
You have a Distributed File System (DFS) namespace that has a folder target in each site.
You discover that some client computers connect to DFS targets in other sites.
You need to ensure that the client computers only connect to a DFS target in their respective site.
What should you modify?
A. The properties of the Active Directory sites
B. The properties of the Active Directory site links
C. The delegation settings of the namespace
D. The referral settings of the namespace
Answer: D
Reference:
http://www.windowsnetworking.com/articles_tutorials/Configuring-DFS-Namespaces.html
Avant-garde 70-411 test question:
Q66. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
An organizational unit (OU) named ResearchServers contains the computer accounts of all research servers.
All domain users are configured to have a minimum password length of eight characters.
You need to ensure that the minimum password length of the local user accounts on the research servers in the ResearchServers OU is 10 characters.
What should you do?
A. Configure a local Group Policy object (GPO) on each research server.
B. Create and link a Group Policy object (GPO) to the ResearchServers OU.
C. Create a universal group that contains the research servers. Create a Password Settings object (PSO) and assign the PSO to the group.
D. Create a global group that contains the research servers. Create a Password Settings object (PSO) and assign the PSO to the group.
Answer: B
Explanation:
For a domain, and you are on a member server or a workstation that is joined to the domain
1. Open Microsoft Management Console (MMC).
2. On the File menu, click Add/Remove Snap-in, and then click Add.
3. Click Group Policy Object Editor, and then click Add.
4. In Select Group Policy Object, click Browse.
5. In Browse for a Group Policy Object, select a Group Policy object (GPO) in the appropriate domain, site, or organizational unit--or create a new one, click OK, and then click Finish.
6. Click Close, and then click OK.
7. In the console tree, click Password Policy.
Where?
Group Policy Object [computer name] Policy/Computer Configuration/Windows
Settings/Security Settings/Account Policies/Password Policy
8. In the details pane, right-click the policy setting that you want, and then click Properties.
9. If you are defining this policy setting for the first time, select the Define this policy setting
check box.
10. Select the options that you want, and then click OK.
Q67. DRAG DROP
You are a network administrator of an Active Directory domain named contoso.com.
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Web Server (IIS) server role installed.
Server1 will host a web site at URL https: //secure.contoso.com. The application pool identity account of the web site will be set to a domain user account named AppPool1.
You need to identify the setspn.exe command that you must run to configure the appropriate Service Principal Name (SPN) for the web site.
What should you run?
To answer, drag the appropriate objects to the correct location. Each object may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q68. Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2. Both servers have the File and Storage Services server role, the DFS Namespaces role service, and the DFS Replication role service installed.
Server1 and Server2 are part of a Distributed File System (DFS) Replication group named Group1. Server1 and Server2 are separated by a low-speed WAN connection.
You need to limit the amount of bandwidth that DFS can use to replicate between Server1 and Server2.
What should you modify?
A. The referral ordering of the namespace
B. The staging quota of the replicated folder
C. The cache duration of the namespace
D. The schedule of the replication group
Answer: D
Explanation:
Scheduling allows less bandwidth the by limiting the time interval of the replication
Does DFS Replication throttle bandwidth per schedule, per server, or per connection?
If you configure bandwidth throttling when specifying the schedule, all connections for that replication group will use that setting for bandwidth throttling. Bandwidth throttling can be also set as a connection-level setting using DFS Management.
To edit the schedule and bandwidth for a specific connection, use the following steps:
In the console tree under the Replication node, select the appropriate replication group.
Click the Connections tab, right-click the connection that you want to edit, and then click Properties.
Click the Schedule tab, select Custom connection schedule and then click Edit Schedule.
Use the Edit Schedule dialog box to control when replication occurs, as well as the maximum amount of bandwidth replication can consume.
Q69. HOTSPOT
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2 and are configured as DNS servers. All DNS zones are Active Directory-integrated. Active Directory Recycle Bin is enabled.
You need to modify the amount of time deleted objects are retained in the Active Directory Recycle Bin.
Which naming context should you use? To answer, select the appropriate naming context in the answer area.
Answer:
Q70. Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2.
The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link.
Client computers that connect to Server1 for name resolution cannot resolve names in fabnkam.com.
You need to configure Server1 to support the resolution of names in fabnkam.com. The solution must ensure that users in contoso.com can resolve names in fabrikam.com if the WAN link fails.
What should you do on Server1?
A. Create a stub zone.
B. Add a forwarder.
C. Create a secondary zone.
D. Create a conditional forwarder.
Answer: C
Explanation:
http: //technet. microsoft. com/en-us/library/cc771898. aspx
When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary source for information about this zone. The zone at this server must be obtained from another remote DNS server computer that also hosts the zone.
With secondary, you have ability to resolve records from the other domain even if its DNS servers are temporarily unavailable.
While secondary zones contain copies of all the resource records in the corresponding zone on the master name server, stub zones contain only three kinds of resource records:
A copy of the SOA record for the zone.
Copies of NS records for all name servers authoritative for the zone.
Copies of A records for all name servers authoritative for the zone.
References:
http: //www. windowsnetworking. com/articles-tutorials/windows-2003/DNS_Stub_Zones. html
http: //technet. microsoft. com/en-us/library/cc771898. aspx
http: //redmondmag. com/Articles/2004/01/01/The-Long-and-Short-of-Stub-Zones. aspx?Page=2