★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 70-417 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/70-417-dumps.html
Cause all that matters here is passing the Microsoft 70-417 exam. Cause all that you need is a high score of 70-417 Upgrading Your Skills to MCSA Windows Server 2012 exam. The only one thing you need to do is downloading Pass4sure 70-417 exam study guides now. We will not let you down with our money-back guarantee.
2021 Jul test question 70-417:
Q91. Your network contains a perimeter network and an internal network. The internal network contains an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as the attribute store.
You plan to deploy a federation server proxy to a server named Server2 in the perimeter network.
You need to identify which value must be included in the certificate that is deployed to Server2.
What should you identify?
A. The name of the Federation Service
B. The name of the Active Directory domain
C. The FQDN of the AD FS server
D. The public IP address of Server2
Answer: C
Explanation:
A. It must contain the FQDN http://technet.microsoft.com/en-us/library/cc776786(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc782620(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc759635(v=ws.10).aspx
Q92. OTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. Server1 is configured to resolve single-label names for DNS clients.
You need to view the number of queries for single-label names that are resolved by Server1.
What command should you run?
To answer, select the appropriate options in the answer area.
Answer:
Q93. Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. The File Server Resource Manager role service is installed on Server1. All servers run Windows Server 2012 R2.
A Group Policy object (GPO) named GPO1 is linked to the organizational unit (OU) that contains Server1. The following graphic shows the configured settings in GPO1.
Server1 contains a folder named Folder1. Folder1 is shared as Share1.
You attempt to configure access-denied assistance on Server1, but the Enable access-
denied assistance option cannot be selected from File Server Resource Manager.
You need to ensure that you can configure access-denied assistance on Server1 manually by using File Server Resource Manager.
What should you do?
A. Set the Customize message for Access Denied errors policy setting to Enabled for GPO1.
B. Set the Enable access-denied assistance on client for all file types policy setting to Disabled for GPO1.
C. Set the Enable access-denied assistance on client for all file types policy setting to Enabled for GPO1.
D. Set the Customize message for Access Denied errors policy setting to Not Configured for GPO1.
Answer: D
Explanation:
Ensure that you can configure access-denied assistance http://technet.microsoft.com/en-us/library/hh831402.aspx#BKMK_1
Q94. Your network contains an Active Directory domain named contoso.com. All user accounts
reside in an organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1.
You link GPO1 to OU1.
You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop of each user.
You discover that when a user deletes Link1, the shortcut is removed permanently from the desktop.
You need to ensure that if a user deletes Link1, the shortcut is added to the desktop again.
What should you do?
A. Modify the Link1 shortcut preference of GPO1
B. Enable loopback processing in GPO1
C. Enforce GPO1
D. Modify the Security Filtering settings of GPO1
Answer: A
Q95. Your network contains an Active Directory domain named contoso.com. The network contains a file server named Server1 that runs Windows Server 2012 R2. You create a folder named Folder1. You share Folder1 as Share1.
The NTFS permissions on Folder1 are shown in the Folder1 exhibit. (Click the Exhibit button.)
The Everyone group has the Full control Share permission to Folder1.
You configure a central access policy as shown in the Central Access Policy exhibit. (Click the Exhibit button.)
Members of the IT group report that they cannot modify the files in Folder1. You need to
ensure that the IT group members can modify the files in Folder1. The solution must use central access policies to control the permissions. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. On the Security tab of Folder1, remove the permission entry for the IT group.
B. On the Classification tab of Folder1, set the classification to "Information Technology".
C. On the Security tab of Folder1, assign the Modify permission to the Authenticated Users group.
D. On Share1, assign the Change Share permission to the IT group.
E. On the Security tab of Folder1, add a conditional expression to the existing permission entry for the IT group.
Answer: B,C
Explanation:
A: On the Security tab of Folder1, remove the permission entry for the IT group. => tested => it failed of course, users don't even have read permissions anymore
D: On Share1, assign the Change share permission to the IT group =>Everyone already has the full control share permission => won't solve the problem which is about the NTFS Read permission
E: On the Security tab of Folder1, add a conditional expression to the existing permission entry for the IT group => how could a condition, added to a read permission, possibly transform a read to a modify permission? If they had said "modify the permission and add a conditional expression" => ok (even if that's stupid, it works) a condition is Applied to the existing permissions to filter existing access to only matching users or groups so if we Apply a condition to a read permission, the result will only be that less users (only them matching the conditions) will get those read permissions, which actually don't solve the problem neither so only one left:
C: On the Security tab of Folder1, assign the Modify permission to the Authenticated Users group => for sure it works and it's actually the only one which works, but what about security? well i first did not consider this method => "modify" permission for every single authenticated users? But now it looks very clear:
THE MORE RESTRICTIVE PERMISSION IS ALWAYS THE ONE APPLIED!! So "Modify" for Authenticated Users group and this will be filtered by the DAC who only allows IT group. and it matches the current settings that no other user (except admin, creator owner, etc...) can even read the folder. and this link confirms my theory:
http://autodiscover.wordpress.com/2012/09/12/configuring-dynamic-access-controls-andfileclassificationpart4-winservr-2012-dac-microsoft- mvpbuzz/
Configuring Dynamic Access Controls and File Classification
Note:
In order to allow DAC permissions to go into play, allow everyone NTFS full control
permissions and then DAC will overwrite it, if the user doesn't have NTFS permissions he
will be denied access even if DAC grants him access.
And if this can help, a little summary of configuring DAC:
Up to the immediate present trainsignal 70-417:
Q96. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2008 R2. One of the domain controllers is named DC1.
The network contains a member server named Server1 that runs Windows Server 2012 R2.
You need to promote Server1 to a domain controller by using install from media (IFM).
What should you do first?
A. Run the Active Directory Domain Services Installation Wizard on DC1.
B. Upgrade DC1 to Windows Server 2012 R2.
C. Run the Active Directory Domain Services Configuration Wizard on Server1.
D. Create a system state backup of DC1.
E. Create IFM media on DC1.
Answer: B
Explanation: This is the only valid option. You could install ADDS role on Server 1 and run ADDS configuration wizard and add DC to existing domain.
Q97. OTSPOT
Your network contains an Active Directory domain named contoso.com.
Technicians use Windows Deployment Services {WDS) to deploy Windows Server 2012
R2.
The network contains a server named Server1 that runs Windows Server 2012 R2. Server1
has the Hyper-V server role installed.
You need to ensure that you can use WDS to deploy Windows Server 2012 R2 to a virtual machine named VM1.
Which settings should you configure?
To answer, select the appropriate settings in the answer area.
Answer:
Q98. Your network contain an active directory domain named Contoso.com. The domain contains two servers named server1 and server2 that run Windows Server 2012 R2. You create a security template named template1 by using the security template snap-in. You need to apply template1 to server2.
Which tool should you use?
A. Security Configuration and Analysis
B. Server Manager
C. Security Template
D. Computer management
Answer: A
Q99. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.
You add two additional nodes to Cluster1.
You have a folder named Folder1 on Server1 that contains application data.
You plan to provide continuously available access to Folder1.
You need to ensure that all of the nodes in Cluster1 can actively respond to the client requests for Folder1.
What should you configure?
A. Affinity - None
B. Affinity - Single
C. The cluster quorum settings
D. The failover settings
E. A file server for general u
F. The Handling priority
G. The host priority
H. Live migration
I. The possible owner
J. The preferred owner
K. Quick migration
L. The Scale-Out File Server
Answer: L
Explanation:
All of the nodes in Cluster1 can actively respond to the client requests for Folder1 => Scale-Out File Server http://technet.microsoft.com/en- us/library/hh831349.aspx Scale-Out File Server for Application data (Scale-Out File Server) This clustered file server is introduced in Windows Server 2012 R2 and lets you store server Application data, such as Hyper-V virtual machine files, on file shares, and obtain a similar level of reliability, availability, manageability, and high performance that you would expect from a storage area network. All file shares are online on all nodes simultaneously. File shares associated with this type of clustered file server are called scale-out file shares. This is sometimes referred to as active- active. For more information on how to deploy ScaleOut File Server: http://technet.microsoft.com/en-us/library/hh831359.aspx Deploy Scale-Out File Server
Q100. Your network contains a Hyper-V host named Hyperv1. Hyperv1 runs Windows Server 2012 R2.
Hyperv1 hosts four virtual machines named VM1, VM2, VM3, and VM4. All of the virtual machines run Windows Server 2008 R2.
You need to view the amount of memory resources and processor resources that VM4 currently uses.
Which tool should you use on Hyperv1?
A. Task Manager
B. Windows System Resource Manager (WSRM)
C. Hyper-V Manager
D. Resource Monitor
Answer: C