★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-411 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/70-411-dumps.html


Want to know {brand} 70-411 Exam practice test features? Want to lear more about Microsoft Administering Windows Server 2012 certification experience? Study 100% Correct Microsoft 70-411 answers to Latest 70-411 questions at {brand}. Gat a success with an absolute guarantee to pass Microsoft 70-411 (Administering Windows Server 2012) test on your first attempt.

2021 Jun exam collections 70-411:

Q91. Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed. 

Server1 hosts 10 virtual machines. A virtual machine named VM1 runs Windows Server 2012 R2 and hosts a processor-intensive application named App1. 

Users report that App1 responds more slowly than expected. 

You need to monitor the processor usage on VM1 to identify whether changes must be made to the hardware settings of VM1. 

Which performance object should you monitor on Server1? 

A. Processor 

B. Hyper-V Hypervisor Virtual Processor 

C. Hyper-V Hypervisor Logical Processor 

D. Hyper-V Hypervisor Root Virtual Processor 

E. Process 

Answer: C 

Explanation: 

In the simplest way of thinking the virtual processor time is cycled across the available logical processors in a round-robin type of fashion. Thus all the processing power gets used over time, and technically nothing ever sits idle. To accurately measure the processor utilization of a guest operating system, use the “\Hyper-V Hypervisor Logical Processor (Total)\% Total Run Time” performance monitor counter on the Hyper-V host operating system. 


Q92. Your network contains an Active Directory domain named contoso.com. 

All user accounts reside in an organizational unit (OU) named OU1. 

You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU1. You 

configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop of each user. 

You discover that when a user deletes Link1, the shortcut is removed permanently from the desktop. 

You need to ensure that if a user deletes Link1, the shortcut is added to the desktop again. What should you do? 

A. Enforce GPO1. 

B. Modify the Link1 shortcut preference of GPO1. 

C. Enable loopback processing in GPO1. 

D. Modify the Security Filtering settings of GPO1. 

Answer: B 

Explanation: 

Replace Delete and recreate a shortcut for computers or users. The net result of the Replace action is to overwrite the existing shortcut. If the shortcut does not exist, then the Replace action creates a new shortcut. 

This type of preference item provides a choice of four actions: Create, Replace, Update, and Delete. The behavior of the preference item varies with the action selected and whether the shortcut already exists. 


Refernces: http: //technet.microsoft.com/en-us/library/cc753580.aspx http: //technet.microsoft.com/en-us/library/cc753580.aspx 


Q93. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. 

A local account named Admin1 is a member of the Administrators group on Server1. 

You need to generate an audit event whenever Admin1 is denied access to a file or folder. 

What should you run? 

A. auditpol.exe /set /userradmin1 /failure: enable 

B. auditpol.exe /set /user: admin1 /category: "detailed tracking" /failure: enable 

C. auditpol.exe /resourcesacl /set /type: file /user: admin1 /failure 

D. auditpol.exe /resourcesacl /set /type: key /user: admin1 /failure /access: ga 

Answer: C 

Explanation: 

http: //technet. microsoft. com/en-us/library/ff625687. aspx 

To set a global resource SACL to audit successful and failed attempts by a user to perform 

generic read and write functions on files or folders: 

auditpol /resourceSACL /set /type: File /user: MYDOMAINmyuser /success /failure /access: 

FRFW 

http: //technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx 

Syntax 

auditpol /resourceSACL 

[/set /type: <resource> [/success] [/failure] /user: <user> [/access: <access flags>]] 

[/remove /type: <resource> /user: <user> [/type: <resource>]] 

[/clear [/type: <resource>]] 

[/view [/user: <user>] [/type: <resource>]] 

References: 

http: //technet. microsoft. com/en-us/library/ff625687%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/ff625687%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/ff625687. aspx 

http: //technet. microsoft. com/en-us/library/ff625687%28v=ws. 10%29. aspx 


Q94. DRAG DROP 

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. 

You need to create an Active Directory snapshot on DC1. 

Which four commands should you run? 

To answer, move the four appropriate commands from the list of commands to the answer 

area and arrange them in the correct order. 


Answer: 



Q95. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed. 

Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DL1. 

You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder 1. 

You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages. 

What should you do? 

A. From File Explorer, modify the Classification tab of Folder1. 

B. From the File Server Resource Manager console, modify the Email Notifications settings. 

C. From the File Server Resource Manager console, set a folder management property. 

D. From File Explorer, modify the Customize tab of Folder1. 

Answer: C 

Explanation: 

When using the email model each of the file shares, you can determine whether access requests to each file share will be received by the administrator, a distribution list that represents the file share owners, or both. 

You can use the File Server Resource Manager console to configure the owner distribution list by editing the management properties of the classification properties. 

Reference: http://technet.microsoft.com/en-us/library/jj574182.aspx#BKMK_12 


70-411 free practice questions

Refresh 70-411:

Q96. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed. 

Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DLL. 

You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder1. 

You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages. 

What should you do? 

A. From the File Server Resource Manager console, create a local classification property. 

B. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share - Applications option. 

C. From the File Server Resource Manager console, modify the Access-Denied Assistance settings. 

D. From the File Server Resource Manager console, set a folder management property. 

Answer: D 


Q97. Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1. 

The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. 

You need to identify which user accounts were authenticated by RODC1. 

Which cmdlet should you use? 

A. Get-ADGroupMember 

B. Get-ADDomainControllerPasswordReplicationPolicy 

C. Get-ADDomainControllerPasswordReplicationPolicyUsage 

D. Get-ADDomain 

E. Get-ADOptionalFeature 

F. Get-ADAccountAuthorizationGroup 

Answer: B 

Explanation: Gets the Active Directory accounts that are authenticated by a read-only domain controller or that are in the revealed list of the domain controller. 

Reference: Get-ADDomainControllerPasswordReplicationPolicyUsage 

https://technet.microsoft.com/en-us/library/ee617194.aspx 


Q98. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. 

The domain contains an Edge Server named Server1. Server1 is configured as a DirectAccess server. Server1 has the following settings: 


You run the Remote Access Setup wizard as shown in the following exhibit. (Click the Exhibit button.) 


You need to ensure that client computers on the Internet can establish DirectAccess connections to Server1. 

Which additional name suffix entry should you add from the Remote Access Setup wizard? 

A. A Name Suffix value of dal.contoso.com and a blank DNS Server Address value 

B. A Name Suffix value of Server1.contoso.com and a DNS Server Address value of 65.55.37.62 

C. A Name Suffix value of dal.contoso.com and a DNS Server Address value of 

65.55.37.62 

D. A Name Suffix value of Server1.contoso.com and a blank DNS Server Address value 

Answer: A 

Explanation: 

Split-brain DNS is the use of the same DNS domain for both Internet and intranet resources. For example, the Contoso Corporation is using split brain DNS; contoso.com is the domain name for intranet resources and Internet resources. Internet users use http: //www.contoso.com to access Contoso’s public Web site and Contoso employees on the Contoso intranet use http: //www.contoso.com to access Contoso’s intranet Web site. A Contoso employee with their laptop that is not a DirectAccess client on the intranet that 

accesses http: //www.contoso.com sees the intranet Contoso Web site. When they take their laptop to the local coffee shop and access that same URL, they will see the public Contoso Web site. 

When a DirectAccess client is on the Internet, the Name Resolution Policy Table (NRPT) sends DNS name queries for intranet resources to intranet DNS servers. A typical NRPT for DirectAccess will have a rule for the namespace of the organization, such as contoso.com for the Contoso Corporation, with the Internet Protocol version 6 (IPv6) addresses of intranet DNS servers. With just this rule in the NRPT, when a user on a DirectAccess client on the Internet attempts to access the uniform resource locator (URL) for their Web site (such as http: //www.contoso.com), they will see the intranet version. 

Because of this rule, they will never see the public version of this URL when they are on the Internet. 

For split-brain DNS deployments, you must list the FQDNs that are duplicated on the Internet and intranet and decide which resources the DirectAccess client should reach, the intranet version or the public (Internet) version. For each name that corresponds to a resource for which you want DirectAccess clients to reach the public version, you must add the corresponding FQDN as an exemption rule to the NRPT for your DirectAccess clients. 

Name suffixes that do not have corresponding DNS servers are treated as exemptions. 

References: 

http: //technet. microsoft. com/en-us/library/ee382323(v=ws. 10). aspx 


Q99. Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2. 

The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link. 

Client computers that connect to Server1 for name resolution cannot resolve names in fabnkam.com. 

You need to configure Server1 to support the resolution of names in fabnkam.com. The solution must ensure that users in contoso.com can resolve names in fabrikam.com if the WAN link fails. 

What should you do on Server1? 

A. Create a stub zone. 

B. Add a forwarder. 

C. Create a secondary zone. 

D. Create a conditional forwarder. 

Answer: C 

Explanation: 

http: //technet. microsoft. com/en-us/library/cc771898. aspx 

When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary source for information about this zone. The zone at this server must be obtained from another remote DNS server computer that also hosts the zone. 

With secondary, you have ability to resolve records from the other domain even if its DNS servers are temporarily unavailable. 

While secondary zones contain copies of all the resource records in the corresponding zone on the master name server, stub zones contain only three kinds of resource records: 

A copy of the SOA record for the zone. 

Copies of NS records for all name servers authoritative for the zone. 

Copies of A records for all name servers authoritative for the zone. 

References: 

http: //www. windowsnetworking. com/articles-tutorials/windows-2003/DNS_Stub_Zones. html 

http: //technet. microsoft. com/en-us/library/cc771898. aspx 

http: //redmondmag. com/Articles/2004/01/01/The-Long-and-Short-of-Stub-Zones. aspx?Page=2 


Q100. You have a server named Server 1. 

You enable BitLocker Drive Encryption (BitLocker) on Server 1. 

You need to change the password for the Trusted Platform Module (TPM) chip. 

What should you run on Server1? 

A. Manage-bde.exe 

B. Set-TpmOwnerAuth 

C. bdehdcfg.exe 

D. tpmvscmgr.exe 

Answer: B 

Explanation: 

The Set-TpmOwnerAuthcmdlet changes the current owner authorization value of the Trusted Platform Module (TPM) to a new value. You can specify the current owner authorization value or specify a file that contains the current owner authorization value. If you do not specify an owner authorization value, the cmdlet attempts to read the value from the registry. 

Use the ConvertTo-TpmOwnerAuthcmdlet to create an owner authorization value. You can specify a new owner authorization value or specify a file that contains the new value.