QUESTION 161
Your network contains an Active Directory forest.
The forest contains one domain named contoso.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.
DC1 has all of the operations master roles installed. You transfer all of the operations master roles to DC2, and then you uninstall Active Directory from DC1. You need to ensure that you can use Password Settings objects (PSOs) in the domain.
What should you do?
A. Change the domain functional level.
B. Upgrade DC2.
C. Run the dcgpofix.exe command.
D. Transfer the schema master role.
Answer: A
Explanation:
A. The domain functional level must be Windows Server 2008 to use PSO’s B. DC1 needs to be upgraded
C. Recreates the default Group Policy Objects (GPOs) for a domain D. Schema isn’t up to right level
http://technet.microsoft.com/en-us/library/cc770394(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh875588(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc753104.aspx
QUESTION 162
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server3 that runs Windows Server 2012 R2 and has the DHCP Server server role installed. DHCP is configured as shown in the exhibit.
You need to ensure that only Scope1, Scope3, and Scope5 assign the same DNS servers to DHCP clients. The solution must minimize administrative effort.
What should you do?
A. Create a superscope and scope-level policies.
B. Configure the Scope Options.
C. Create a superscope and a filter.
D. Configure the Server Options.
Answer: B
Explanation:
B. Any DHCP scope options configured for assignment to DHCP clients
http://technet.microsoft.com/en-us/library/dd759218.aspx
http://technet.microsoft.com/en-us/library/cc757682(v=WS.10).aspx
QUESTION 163
You have a server named Server1 that runs Windows Server 2012 R2. Server1 fails. You identify that the master
boot record (MBR) is corrupt. You need to repair the MBR. Which tool should you use?
A. Bcdedit
B. Bcdboot
C. Bootrec
D. Fixmbr
Answer: C
Explanation:
A. BCDEdit is a command-line tool for managing BCD stores. It can be used for a variety of purposes, including creating new stores, modifying existing stores, adding boot menu options, and so on. BCDEdit serves essentially the same purpose as Bootcfg.exe on earlier versions of Windows B. The BCDboot tool is a command-line tool that enables you to manage system partition files.
C. Bootrec.exe tool to troubleshoot "Bootmgr Is Missing" issue. The /ScanOs option scans all disks for installations that are compatible with Windows Vista or Windows 7. Additionally, this option displays the entries that are currently not in the BCD store. Use this option when there are Windows Vista or Windows 7 installations that the Boot Manager menu does not list.
D. Repairs the master boot record of the boot disk. The fixmbr command is only available when you are using the Recovery Console. Fixmbr option in Server 2008 and 2012 is a bootrec option
http://technet.microsoft.com/en-us/library/cc709667(v=ws.10).aspx http://technet.microsoft.com/en-us/library/dd744347(v=ws.10).aspx http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/enus/bootcons_fix mbr.mspx?mfr=true
http://www.youtube.com/watch?v=kFU8kngy6O0
http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/bbf4f440-50ce4ea2- a3eaa96dc2500352
QUESTION 164
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
You configure a user named User1 as a delegated administrator of DC10.
You need to ensure that User1 can log on to DC10 if the network link between the Main site and the Branch site fails. What should you do?
A. Add User1 to the Domain Admins group.
B. On DC10, run ntdsutil and configure the settings in the Roles context.
C. Run repadmin and specify the /prp parameter.
D. On DC1, modify the User Rights Assignment in Default Domain Controllers Group Policy object (GPO).
Answer: D
Explanation:
Modify the following policy:
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights
Assignment\Allow log on locally
Note:
* User Rights Assignment policies determines which users or groups have logon rights or privileges on the computer.
* Delegated administrator accounts gain local administrative permissions to the RODC. These users can operate with privileges equivalent to the local computer’s Administrators group. They are not members of the Domain Admins or the domain built-in Administrators groups. This option is useful for delegating branch office administration without giving out domain administrative permissions. Configuring delegation of administration is not required.
QUESTION 165
You perform a full installation of Windows Server 2012 R2 on a virtual machine named Server1. You plan to use Server1 as a reference image. You need to minimize the amount of storage space used by the Windows Server 2012 R2 installation. Which cmdlet should you use?
A. Remove-Module
B. Optimize-VHD
C. Optimize-Volume
D. Uninstall-WindowsFeature
Answer: B
Explanation:
The Optimize-VHD cmdlet optimizes the allocation of space in or more virtual hard disk files, except for fixed virtual hard disks. The Compact operation is used to optimize the files. This operation reclaims unused blocks as well as rearranges the blocks to be more efficiently packed, which reduces the size of a virtual hard disk file.
Reference: Optimize-VHD
http://technet.microsoft.com/en-us/library/hh849732.aspx
http://technet.microsoft.com/en-us/library/hh848458.aspx
http://technet.microsoft.com/en-us/library/hh848675.aspx
http://technet.microsoft.com/en-us/library/jj205471.aspx
QUESTION 166
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
Server1 has a scope named Scope1. A policy named Policy1 is configured for Scope1. Policy1 is configured to provide Hyper-V virtual machines a one-day lease. All other computers receive an eight-day lease.
You implement an additional DHCP server named Server2 that runs Windows Server 2012 R2.
On Server1, you configure Scopel for DHCP failover.
You discover that virtual machines that receive IP addresses from Server2 have a lease duration of eight days.
You need to ensure that when Server2 assigns IP addresses to the Hyper-V virtual machines, the lease duration is one day. The solution must ensure that other computers that receive IP addresses from Server2 have a lease duration of eight days.
What should you do?
A. On Server2, right-click Scope1, and then click Reconcile.
B. On Server1, right-click Scope1, and then click Replicate Scope.
C. On Server2, create a new DHCP policy.
D. On Server1, delete Policy1, and then recreate the policy.
Answer: B
Explanation:
Scope 1 has been set up for DHCP failover. Now we need to replicate it from Server1 to Server2.
http://technet.microsoft.com/en-us/library/dd183579(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc772101.aspx
QUESTION 167
You deploy an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as the attribute store. Some users report that they fail to authenticate to the AD FS infrastructure. You discover that only users who run third-party web browsers experience issues. You need to ensure that all of the users can authenticate to the AD FS infrastructure successfully. Which Windows PowerShell command should you run?
A. Set-ADFSProperties -ProxyTrustTokenLifetime 1:00:00
B. Set-ADFSProperties -AddProxyAuthenticationRules None
C. Set-ADFSProperties -SSOLifetime 1:00:00
D. Set-ADFSProperties -ExtendedProtectionTokenCheck None
Answer: A
Explanation:
A. Sets the valid token lifetime for proxy trust tokens (in minutes). This value is used by the federation server proxy to authenticate with its associated federation server. B. Specifies a policy rule set that can be used to establish authorization permissions for setting up trust proxies. The default value allows the AD FS 2.0 service user account or any member of BUILTIN\Administrators to register a federation server proxy with the Federation Service. C. Specifies the duration of the single sign-on (SSO) experience for Web browser clients (in minutes). D. pecifies the level of extended protection for authentication supported by the federation server. Extended Protection for Authentication helps protect against man-in-the-middle (MITM) attacks, in which an attacker intercepts a client’s credentials and forwards them to a server.
http://technet.microsoft.com/zh-cn/library/ee892317.aspx
QUESTION 168
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a file server named Server1. The domain contains a domain controller named DC1.
Server1 contains three shared folders. The folders are configured as shown in the following table.
Folder2 has a conditional expression of User.Department= = MMarketing".
You discover that a user named User1 cannot access \\Server1\folder2. User1 can access \\Server1\folderl and \\Server1\folder3. You verify the group membership of User1 as shown in the Member Of exhibit. (Click the Exhibit button.)
You verify the organization information of User1 as shown in the Organization exhibit.
(Click the Exhibit button.)
You verify the general properties of User1 as shown in the General exhibit. (Click the Exhibit button.)
You need to ensure that User1 can access the contents of \\Server1\folder2. What should you do?
A. From a Group Policy object (GPO), set the Support for Dynamic Access Control and Kerberos armoring
setting to Always provide claims.
B. Change the department attribute of User1.
C. Grant the Full Control NTFS permissions on Folder2 to User1.
D. Remove Userl1from the Accounting global group.
Answer: B
Explanation:
B. Conditional Expression and users Department must match http://technet.microsoft.com/en-us/library/jj134043.aspx
QUESTION 169
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
The Branch site contains a perimeter network.
For security reasons, client computers in the perimeter network can communicate with client computers in the Branch site only. You plan to deploy a new RODC to the perimeter network in the Branch site. You need to ensure that the new RODC will be able to replicate from DC10. What should you do first on DC10?
A. Enable the Bridge all site links setting.
B. Run the Active Directory Domain Services Configuration Wizard.
C. Create an Active Directory site link bridge.
D. Create an Active Directory site.
Answer: C
Explanation:
A. Site link transitivity is controlled by the Bridge all site links option on the properties pages of transport folders (such as IP or SMTP) in the Active Directory Sites and Services snapin. Site link transitivity is enabled by default.
B.
C.
If you cannot place a writable Windows Server 2008 domain controller in the nearest site to the RODC, RODC replication depends on a site link bridge between the site links that contain the site of the RODC and the site of the writable Windows Server 2008 domain controller.
D.
AD Site not readed for RODC
http://technet.microsoft.com/en-us/library/dd736189(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc738789(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc732632(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc778718(v=WS.10).aspx
QUESTION 170
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has Microsoft SQL Server 2012 installed.
You install the Active Directory Federation Services server role on Server2. You need to configure Server2 as the first Active Directory Federation Services (AD FS) server in the domain. The solution must ensure that the AD FS database is stored in a SQL Server database on Server1.
What should you do on Server2?
A. From a command prompt, run fsutil.exe.
B. From Windows PowerShell, run Install-ADFSFarm.
C. From Server Manager, install the Federation Service Proxy.
D. From Server Manager, install the AD FS Web Agents.
Answer: B
Explanation:
A. Performs tasks that are related to file allocation table (FAT) and NTFS file systems, such as managing reparse points, managing sparse files, or dismounting a volume.
B. Creates the first node of a new federation server farm
C. Not installing Proxy
D. Not Installing web agents
http://technet.microsoft.com/en-us/library/cc753059(v=ws.10).aspx http://technet.microsoft.com/en-us/library/jj553792.aspx Parameter: -SQLConnectionString<String>
Specifies the SQL Server database that will store the AD FS configuration settings. If not specified, the AD FS installer uses the Windows Internal Database to store configuration settings.
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html