★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 70-417 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/70-417-dumps.html
This is the finest service regarding Testking so that it attracts a lot of new as well as old customers. Testking can be run by professors whove vast experience in IT planet. They are devoted to offering This exam practice materials as well as developing excellent resources for the candidates. Many customers have passed numerous certification exam under the particular guidance of Testking. As well as they recommend their pals or colleagues or perhaps family members consider help coming from Testking. That is why many of us enjoy such a high reputation. Testking continues to success could be the result customers assist and referrals. It can be Testkings efficient as well as official practice materials which makes the particular candidates dont face any difficulty.
2021 Nov mcsa 70-417:
Q251. Your network contains two Active Directory forests named contoso.com and corp.contoso.com
User1 is a member of the DnsAdmins domain local group in contoso.com.
User1 attempts to create a conditional forwarder to corp.contoso.com but receive an error message shown in the exhibit. (Click the Exhibit button.)
You need to configure bi-directional name resolution between the two forests.
What should you do first?
A. Add User1 to the DnsUpdateProxy group.
B. Configure the zone to be Active Directory-integrated
C. Enable the Advanced view from DNS Manager
D. Run the New Delegation Wizard
Answer: B
97. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012.
Server1 is the enterprise root certification authority (CA) for contoso.com. You need to enable CA role separation on Server1.
Which tool should you use?
A. The Certutil command
B. The Authorization Manager console
C. The Certsrv command
D. The Certificates snap-in
Answer: A
Q252. Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers. The domain controllers are configured as shown in the following table.
The network contains a server named Server1 that has the Hyper-V server role installed. DC6 is a virtual machine that is hosted on Server1.
You need to ensure that you can clone DC6.
Which FSMO role should you transfer to DC2?
A. Rid master
B. Domain naming master
C. PDC emulator
D. Infrastructure master
Answer: C
Explanation:
The clone domain controller uses the security context of the source domain controller (the domain controller whose copy it represents) to contact the Windows Server 2012 R2 Primary Domain Controller (PDC) emulator operations master role holder (also known as flexible single master operations, or FSMO). The PDC emulator must be running Windows Server 2012 R2, but it does not have to be running on a hypervisor. http: //technet. microsoft. com/en-us/library/hh831734. aspx
Q253. Your network contains two Hyper-V hosts that run Windows Server 2012 R2. The Hyper-V hosts contains several virtual machines that run Windows Server 2012 R2.
You install the Network Load Balancing feature on the virtual machines.
You need to configure the virtual machines to support Network Load Balancing (NLB).
Which virtual machine settings should you configure?
A. DHCP guard
B. Port mirroring
C. Router guard
D. MAC address
Answer: D
Explanation: http://social.technet.microsoft.com/Forums/windowsserver/en-US/5b3a0a9d-26a2-49ba-bbbe- 29d11fcbb7ce/nlb-on-hyperv?forum=winserverhyperv
For NLB to be configured you need to enable MAC address spoofing.
Q254. Your network contains an Active Directory forest named contoso.com.
The forest contains two domains named contoso.com and childl.contoso.com.
The domains contain three domain controllers.
The domain controllers are configured as shown in the following table.
You need to ensure that the KDC support for claims, compound authentication, and
Kerberos armoring setting is enforced in both domains.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A. Raise the domain functional level of contoso.com.
B. Raise the domain functional level ofchildl.contoso.com
C. Raise the forest functional level of contoso.com
D. Upgrade DC11 to Windows Server 2012 R2
E. Upgrade DC1 to Windows Server 2012 R2
Answer: A,E
Q255. Your network contains an Active Directory domain named adatum.com. The domain contains a member server named Server1 and 10 web servers. All of the web servers are in an organizational unit (OU) named WebServers_OU. All of the servers run Windows Server 2012 R2.
On Server1, you need to collect the error events from all of the web servers. The solution must ensure that when new web servers are added to WebServers_OU, their error events are collected automatically on Server1.
What should you do?
A. On Server1, create a collector initiated subscription. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.
B. On Server1, create a collector initiated subscription. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting.
C. On Server1, create a source computer initiated subscription. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting.
D. On Server1, create a source computer initiated subscription. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.
Answer: D
Improved learning windows server 2012 jumpstart 70-417:
Q256. RAG DROP
Your network contains an Active Directory forest named contoso.com.
Recently, all of the domain controllers that ran Windows Server 2003 were replaced by domain controllers that run Windows Server 2012 R2.
From Event Viewer, you discover SYSVOL journal wrap errors on a domain controller named dc10.contoso.com.
You need to perform a non-authoritative synchronization of SYSVOL on DC10.
Which three actions should you perform on DC10?
To answer, move the three appropriate actions from the list of actions to the answer area
and arrange them in the correct order.
Answer:
Q257. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC5. DC5 has a Server Core Installation of Windows Server 2012 R2.
You need to uninstall Active Directory from DC5 manually.
Which tool should you use?
A. The Remove-ADComputercmdlet
B. The ntdsutil.exe command
C. The dsamain.exe command
D. The Remove-WindowsFeaturecmdlet
Answer: D
Explanation: http://technet.microsoft.com/en-us/library/hh472163.aspx#BKMK_RemoveSM http://technet.microsoft.com/en-us/library/cc732257.aspx#BKMK_powershell
Q258. Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that runs Windows Server 2012 R2.
You enable and configure Routing and Remote Access (RRAS) on Server1.
You create a user account named User1.
You need to ensure that User1 can establish VPN connections to Server1.
What should you do?
A. Modify the members of the Remote Management Users group
B. Add a RADIUS client
C. Modify the Dial-in setting of User1
D. Create a connection request policy
Answer: C
Q259. You have a failover cluster named Cluster1 that contains four nodes. All of the nodes run Windows Server 2012 R2.
You need to schedule the installation of Windows updates on the cluster nodes.
Which tool should you use?
A. The Add-CauClusterRolecmdlet
B. TheWuauclt command
C. TheWusa command
D. The Invoke-CauScancmdlet
Answer: D
Explanation:
The Invoke-CauScancmdlet performs a scan of cluster nodes for applicable updates and returns a list of the initial set of updates that would be applied to each node in a specified cluster.
http://technet.microsoft.com/en-us/library/hh847235(v=wps.620).aspx http://technet.microsoft.com/en-us/library/cc720477(v=ws.10).aspx http://support.microsoft.com/kb/934307 http://technet.microsoft.com/en-us/library/hh847228(v=wps.620).aspx
Q260. Your network contains an Active Directory domain named contoso.com. The domain contains three servers. The servers are configured as shown in the following table.
You need to ensure that end-to-end encryption is used between clients and Server2 when the clients connect to the network by using DirectAccess.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. From the Remote Access Management Console, reload the configuration.
B. Add Server2 to a security group in Active Directory.
C. Restart the IPSec Policy Agent service on Server2.
D. From the Remote Access Management Console, modify the Infrastructure Servers settings.
E. From the Remote Access Management Console, modify the Application Servers settings.
Answer: B,E
Explanation:
Unsure about these answers:
A public key infrastructure must be deployed.
Windows Firewall must be enabled on all profiles.
ISATAP in the corporate network is not supported. If you are using ISATAP, you
should remove it and use native IPv6.
Computers that are running the following operating systems are supported as
... .
DirectAccess clients: Windows Server. 2012 R2 Windows 8.1 Enterprise Windows Server. 2012 Windows 8 Enterprise Windows Server. 2008 R2 Windows 7 Ultimate Windows 7 Enterprise
. Force tunnel configuration is not supported with KerbProxy authentication. . Changing policies by using a feature other than the DirectAccess management console or Windows PowerShell cmdlets is not supported. . Separating NAT64/DNS64 and IPHTTPS server roles on another server is not supported.