★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-411 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/70-411-dumps.html


Want to know Testking 70-411 Exam practice test features? Want to lear more about Microsoft Administering Windows Server 2012 certification experience? Study Top Quality Microsoft 70-411 answers to Refresh 70-411 questions at Testking. Gat a success with an absolute guarantee to pass Microsoft 70-411 (Administering Windows Server 2012) test on your first attempt.

2021 Nov microsoft free 411:

Q141. Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers. The domain controllers are configured as shown in the following table. 

The network contains a server named Server1 that has the Hyper-v server role installed. DC6 is a virtual machine that is hosted on Server1. 

You need to ensure that you can clone DC6. 

Which FSMO role should you transfer to DC2? 

A. Rid master 

B. Domain naming master 

C. PDC emulator 

D. Infrastructure master 

Answer:

Explanation: 

The clone domain controller uses the security context of the source domain controller (the domain controller whose copy it represents) to contact the Windows Server 2012 R2 Primary Domain Controller (PDC) emulator operations master role holder (also known as flexible single master operations, or FSMO). The PDC emulator must be running Windows 

Server 2012 R2, but it does not have to be running on a hypervisor. 

Reference: 

http: //technet. microsoft. com/en-us/library/hh831734. aspx 


Q142. Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1. 

The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. 

You need to identify whether deleted objects can be recovered from the Active Directory Recycle Bin. 

Which cmdlet should you use? 

A. Get-ADGroupMember 

B. Get-ADDomainControllerPasswordReplicationPolicy 

C. Get-ADDomainControllerPasswordReplicationPolicyUsage 

D. Get-ADDomain 

E. Get-ADOptionalFeature 

F. Get-ADAccountAuthorizationGroup 

Answer:

Explanation: The Get-ADOptionalFeature cmdlet gets an optional feature or performs a search to retrieve multiple optional features from an Active Directory. 

Example: Get-ADOptionalFeature 'Recycle Bin Feature' 

Get the optional feature with the name 'Recycle Bin Feature'. 

Reference: Get-ADOptionalFeature 

https://technet.microsoft.com/en-us/library/ee617218.aspx 


Q143. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 is configured as a VPN server. 

You need to configure Server1 to perform network address translation (NAT). 

What should you do? 

A. From Network Connections, modify the Internet Protocol Version 4 (TCP/IPv4) setting of each network adapter. 

B. From Network Connections, modify the Internet Protocol Version 6 (TCP/IPv6) setting of each network adapter. 

C. From Routing and Remote Access, add an IPv6 routing protocol. 

D. From Routing and Remote Access, add an IPv4 routing protocol. 

Answer:

Explanation: 

To configure an existing RRAS server to support both VPN remote access and NAT routing: 

1. Open Server Manager. 

2. Expand Roles, and then expand Network Policy and Access Services. 

3. Right-click Routing and Remote Access, and then click Properties. 

4. Select IPv4 Remote access Server or IPv6 Remote access server, or both. 


Q144. Your network contains a server named Server1 that has the Network Policy and Access Services server role installed. 

All of the network access servers forward connection requests to Server1. 

You create a new network policy on Server1. 

You need to ensure that the new policy applies only to connection requests from the 192.168.0.0/24 subnet. 

What should you do? 

A. Set the Client IP4 Address condition to 192.168.0.0/24. 

B. Set the Client IP4 Address condition to 192.168.0. 

C. Set the Called Station ID constraint to 192.168.0.0/24. 

D. Set the Called Station ID constraint to 192.168.0. 

Answer:

Explanation: 

RADIUS client properties 

Following are the RADIUS client conditions that you can configure in network policy. 

. Calling Station ID: Specifies the network access server telephone number that was dialed by the dial-up access client. 

. Client Friendly Name: Specifies the name of the RADIUS client that forwarded the connection request to the NPS server. 

. Client IPv4 Address: Specifies the Internet Protocol (IP) version 4 address of the RADIUS client that forwarded the connection request to the NPS server. 

. Client IPv6 Address: Specifies the Internet Protocol (IP) version 6 address of the RADIUS client that forwarded the connection request to the NPS server. 

. Client Vendor: Specifies the name of the vendor or manufacturer of the RADIUS client that sends connection requests to the NPS server. 

. MS RAS Vendor: Specifies the vendor identification number of the network access server that is requesting authentication. 


Q145. DRAG DROP 

You are a network administrator of an Active Directory domain named contoso.com. 

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Web Server (IIS) server role installed. 

Server1 will host a web site at URL https: //secure.contoso.com. The application pool identity account of the web site will be set to a domain user account named AppPool1. 

You need to identify the setspn.exe command that you must run to configure the appropriate Service Principal Name (SPN) for the web site. 

What should you run? 

To answer, drag the appropriate objects to the correct location. Each object may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. 

Answer: 


Regenerate 70-411 administering windows server 2012 book:

Q146. Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server. 

The network contains two subnets named Subnet1 and Subnet2. Server1 has a DHCP scope for each subnet. 

You need to ensure that noncompliant computers on Subnet1 receive different network policies than noncompliant computers on Subnet2. 

Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.) 

A. The NAP-Capable Computers conditions 

B. The NAS Port Type constraints 

C. The Health Policies conditions 

D. The MS-Service Class conditions 

E. The Called Station ID constraints 

Answer: C,D 

Explanation: 

The NAP health policy server uses the NPS role service with configured health policies and system health validators (SHVs) to evaluate client health based on administrator-defined requirements. Based on results of this evaluation, NPS instructs the DHCP server to provide full access to compliant NAP client computers and to restrict access to client computers that are noncompliant with health requirements. 

If policies are filtered by DHCP scope, then MS-Service Class is configured in policy conditions. 


Q147. HOTSPOT 

You have a server named LON-SVR1 that runs Windows Server 2012 R2. LON-SVR1 has the Remote Access server role installed. LON-SVRl is located in the perimeter network. 

The IPv4 routing table on LON-SVR1 is configured as shown in the following exhibit. (Click the Exhibit button.) 

Your company purchases an additional router named Router1. Router1 has an interface that connects to the perimeter network and an interface that connects to the Internet. The IP address of the interface that connects to the perimeter network is 172.16.0.2. 

You need to ensure that LON-SVR1 will route traffic to the Internet by using Router1 if the current default gateway is unavailable. 

How should you configure the static route on LON-SVR1? To answer, select the appropriate static route in the answer area. 

Answer: 


Q148. Your network contains an Active Directory domain named contoso.com. The domain contains client computers that run either Windows XP or Windows 8. 

Network Policy Server (NPS) is deployed to the domain. 

You plan to create a system health validator (SHV). 

You need to identify which policy settings can be applied to all of the computers. 

Which three policy settings should you identify? (Each correct answer presents part of the solution. Choose three.) 

A. Antispyware is up to date. 

B. Automatic updating is enabled. 

C. Antivirus is up to date. 

D. A firewall is enabled for all network connections. 

E. An antispyware application is on. 

Answer: B,C,D 

Explanation: 

The WSHA on NAP client computers running Windows XP SP3 does not monitor the status of antispyware applications. 


Q149. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. 

All DNS servers host a DNS zone named adatum.com. The adatum.com zone is not Active Directory-integrated. 

An administrator modifies the start of authority (SOA) record for the adatum.com zone. 

After the modification, you discover that when you add or modify DNS records in the 

adatum.com zone, the changes are not transferred to the DNS servers that host secondary 

copies of the adatum.com zone. 

You need to ensure that the records are transferred to all the copies of the adatum.com 

zone. 

What should you modify in the SOA record for the adatum.com zone? To answer, select the appropriate setting in the answer area. 

Answer: 


Q150. Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1. 

The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. 

You need to identify which domain controllers are authorized to be cloned by using virtual domain controller cloning. 

Which cmdlet should you use? 

A. Get-ADGroupMember 

B. Get-ADDomainControllerPasswordReplicationPolicy 

C. Get-ADDomainControllerPasswordReplicationPolicyUsage 

D. Get-ADDomain 

E. Get-ADOptionalFeature 

F. Get-ADAccountAuthorizationGroup 

Answer:

Explanation: One requirement for cloning a domain controller is an existing Windows Server 2012 DC that hosts the PDC emulator role. You can run the Get-ADDomain and retrieve which server has the PDC emulator role. 

Example: Command Prompt: C:\PS> Get-ADDomain 

Output wouldinclude a line such as: PDCEmulator : Fabrikam-DC1.Fabrikam.com 

Reference: Step-by-Step: Domain Controller Cloning 

http://blogs.technet.com/b/canitpro/archive/2013/06/12/step-by-step-domain-controller-cloning.aspx 

Reference: Get-ADDomain 

https://technet.microsoft.com/en-us/library/ee617224.aspx