Microsoft Administering Windows Server 2012 - 070-411 Exam Practice Test
Your network contains an Active Directory domain named adatum.com. The domain contains a domain controller named Server1 that runs Windows Server 2012 R2.
You obtain an English Administrative Template for an application named App1. The Administrative Template includes two files named App1.admx and App1.adml.
You need to be able to configure App1 by using a Group Policy on Server1.
What should you copy?
You obtain an English Administrative Template for an application named App1. The Administrative Template includes two files named App1.admx and App1.adml.
You need to be able to configure App1 by using a Group Policy on Server1.
What should you copy?
Correct Answer: C
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
On all of the domain controllers, Windows is installed in C:\Windows and the Active Directory database is located in D:\Windows\NTDS\.
All of the domain controllers have a third-party application installed.
The operating system fails to recognize that the application is compatible with domain controller cloning.
You verify with the application vendor that the application supports domain controller cloning.
You need to prepare a domain controller for cloning.
What should you do?
On all of the domain controllers, Windows is installed in C:\Windows and the Active Directory database is located in D:\Windows\NTDS\.
All of the domain controllers have a third-party application installed.
The operating system fails to recognize that the application is compatible with domain controller cloning.
You verify with the application vendor that the application supports domain controller cloning.
You need to prepare a domain controller for cloning.
What should you do?
Correct Answer: D
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
HOTSPOT
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1. The solution must NOT require the use of certificates or pre-shared keys.
What should you modify?
To answer, select the appropriate object in the answer area.
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1. The solution must NOT require the use of certificates or pre-shared keys.
What should you modify?
To answer, select the appropriate object in the answer area.
Correct Answer:
The four types of tunneling protocols used with a VPN/RAS server running on Windows Server 2012 include:
Point-to-Point Tunneling Protocol (PPTP): A VPN protocol based on the legacy Point-to-Point protocol used with modems. The PPTP specification does not describeencryption or authentication features and relies on the Point-to-Point Protocol being tunneled to implement security functionality.
Layer 2 Tunneling Protocol (L2TP): Used with IPsec to provide security. L2TP supports either computer certificates or a preshared key as the authentication method for IPsec.
IKEv2: IKE is short for Internet Key Exchange, which is a tunneling protocol that uses IPsec Tunnel Mode protocol. The message is encrypted with one of the following protocols by using encryption keys that are generated from the IKEv2 negotiation process.
Secure Socket Tunneling Protocol (SSTP): Introduced with Windows Server 2008, which uses the HTTPS protocol over TCP port 443 to pass traffic through firewalls References:
http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol
Your network contains an Active Directory forest named contoso.com. The functional level of the forest is Windows Server 2008 R2.
All of the user accounts in the marketing department are members of a group named Contoso\MarketingUsers. All of the computer accounts in the marketing department are members of a group named Contoso\MarketingComputers.
A domain user named User1 is a member of the Contoso\MarketingUsers group. A computer named Computer1 is a member of the Contoso\MarketingComputers group.
You have four Password Settings objects (PSOs). The PSOs are defined as shown in the following table.
When User1 logs on to Computer1 and attempts to change her password, she receives an error message indicating that her password is too short.
You need to tell User1 what her minimum password length is.
What should you tell User1?
All of the user accounts in the marketing department are members of a group named Contoso\MarketingUsers. All of the computer accounts in the marketing department are members of a group named Contoso\MarketingComputers.
A domain user named User1 is a member of the Contoso\MarketingUsers group. A computer named Computer1 is a member of the Contoso\MarketingComputers group.
You have four Password Settings objects (PSOs). The PSOs are defined as shown in the following table.
When User1 logs on to Computer1 and attempts to change her password, she receives an error message indicating that her password is too short.
You need to tell User1 what her minimum password length is.
What should you tell User1?
Correct Answer: B
Vote an answer
Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify which domain controllers are authorized to be cloned by using virtual domain controller cloning.
Which cmdlet should you use?
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify which domain controllers are authorized to be cloned by using virtual domain controller cloning.
Which cmdlet should you use?
Correct Answer: G
Vote an answer
HOTSPOT
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2 and are configured as DNS servers. All DNS zones are Active Directory-integrated. Active Directory Recycle Bin is enabled.
You need to modify the amount of time deleted objects are retained in the Active Directory Recycle Bin.
Which naming context should you use? To answer, select the appropriate naming context in the answer area.
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2 and are configured as DNS servers. All DNS zones are Active Directory-integrated. Active Directory Recycle Bin is enabled.
You need to modify the amount of time deleted objects are retained in the Active Directory Recycle Bin.
Which naming context should you use? To answer, select the appropriate naming context in the answer area.
Correct Answer:
Starting in Windows Server 2008 R2, Active Directory now implements a true recycle bin. No longer will you need an authoritative restore to recover deleted users, groups, OU's, or other objects.
Instead, it is now possible to use PowerShell commands to bring back objects with all their attributes, backlinks, group memberships, and metadata.
The amount of time that an object can be recovered is controlled by the Deleted Object Lifetime (DOL). This time range can be set on the msDS-deletedObjectLifetime attribute. By default, it will be the same number of days as the Tombstone Lifetime (TSL). The TSL set for a new forest since Windows Server 2003 SP1 has been 180 days*, and since by default DOL = TSL, the default number of days that an object can be restored is therefore 180 days. If tombstoneLifetime is NOT SET or NULL, the tombstone lifetime is that of the Windows default: 60 days. This is all configurable by the administrator.
Set-ADObject -Identity "CN=Directory Service,CN=Windows
NT,CN=Services,CN=Configuration,DC=contoso,DC=com" -Partition
"CN=Configuration,DC=contoso,DC=com" -Replace: @("msDS-DeletedObjectLifetime" = 365) msDS-deletedObjectLifetime New to Windows Server 2008 R2 Is set on the "CN=Directory Service,CN=Windows NT, CN=Services, CN=Configuration, DC=COMPANY,DC=COM" container Describes how long a deleted object will be restorable To modify the deleted object lifetime by using Ldp.exe To open Ldp.exe, click Start, click Run, and then type ldp.exe.
To connect and bind to the server hosting the forest root domain of your Active Directory environment, under Connections, click Connect, and then click Bind.
In the console tree, right-click the CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration container, and then click Modify.
In the Modify dialog box, in Edit Entry Attribute, type msDS-DeletedObjectLifeTime.
In the Modify dialog box, in Values, type the number of days that you want to set for the tombstone lifetime value. (The minimum is 3 days.) In the Modify dialog box, under Operation click Replace, click Enter, and then click Run.
References:
http://technet.microsoft.com/en-us/library/dd392260%28v=ws.10%29.aspx
http://blogs.technet.com/b/askds/archive/2009/08/27/the-ad-recycle-bin-understanding-implementing-best-practices-and-troubleshooting. aspx
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DL1.
You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder 1.
You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages.
What should you do?
Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DL1.
You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder 1.
You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages.
What should you do?
Correct Answer: C
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. You plan to use fine-grained password policies to customize the password policy settings ofcontoso.com.
You need to identify to which Active Directory object types you can directly apply the fine-grained password policies.
Which two object types should you identify? (Each correct answer presents part of the solution.
Choose two.)
You need to identify to which Active Directory object types you can directly apply the fine-grained password policies.
Which two object types should you identify? (Each correct answer presents part of the solution.
Choose two.)
Correct Answer: D,E
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
A technician installs a new server that runs Windows Server 2012 R2.
During the installation of Windows Server Update Services (WSUS) on the new server, the technician reports that on the Choose Languages page of the Windows Server Update Services Configuration Wizard, the only available language is English.
The technician needs to download updates in French and English.
What should you tell the network technician to do to ensure that the required updates are available?
During the installation of Windows Server Update Services (WSUS) on the new server, the technician reports that on the Choose Languages page of the Windows Server Update Services Configuration Wizard, the only available language is English.
The technician needs to download updates in French and English.
What should you tell the network technician to do to ensure that the required updates are available?
Correct Answer: D
Vote an answer
Your network contains one Active Directory forest named contoso.com.
You create a starter Group Policy object (GPO) named Starter_GPO1.
From the Delegation tab Of Starter_GPO1, you add a group named GPO_Admins and you assign the Edit settings permissions to the group.
You create a new GPO named GPO1 from Starter_GPO1.
You need to identity which action can he performed by the members of the GPO Admins group.
What should you identify?
You create a starter Group Policy object (GPO) named Starter_GPO1.
From the Delegation tab Of Starter_GPO1, you add a group named GPO_Admins and you assign the Edit settings permissions to the group.
You create a new GPO named GPO1 from Starter_GPO1.
You need to identity which action can he performed by the members of the GPO Admins group.
What should you identify?
Correct Answer: B
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
Your network contains an Active Directory domain.
A Group policy object (GPO) named GPO1 is linked to the domain. GPO1 has the setting shown in the following table.
You have backup of a GPO named GPO2. GPO2 has the settings shown In the following table.
You import backup into GPO1.
You need to identify the configuration in GPO1.
What should you identify?
A Group policy object (GPO) named GPO1 is linked to the domain. GPO1 has the setting shown in the following table.
You have backup of a GPO named GPO2. GPO2 has the settings shown In the following table.
You import backup into GPO1.
You need to identify the configuration in GPO1.
What should you identify?
Correct Answer: A
Vote an answer
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
You log on to Server1 by using a user account named User2.
From the Remote Access Management Console, you run the Getting Started Wizard and you receive a warning message as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can configure DirectAccess successfully. The solution must minimize the number of permissions assigned to User2.
To which group should you add User2?
You log on to Server1 by using a user account named User2.
From the Remote Access Management Console, you run the Getting Started Wizard and you receive a warning message as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can configure DirectAccess successfully. The solution must minimize the number of permissions assigned to User2.
To which group should you add User2?
Correct Answer: A
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
Your network contains an Active Directory domain named contoso.com. All domain controllers run either Windows Server 2008 or Windows Server 2008 R2.
You deploy a new domain controller named DC1 that runs Windows Server 2012 R2.
You log on to DC1 by using an account that is a member of the Domain Admins group.
You discover that you cannot create Password Settings objects (PSOs) by using Active Directory Administrative Center.
You need to ensure that you can create PSOs from Active Directory Administrative Center.
What should you do?
You deploy a new domain controller named DC1 that runs Windows Server 2012 R2.
You log on to DC1 by using an account that is a member of the Domain Admins group.
You discover that you cannot create Password Settings objects (PSOs) by using Active Directory Administrative Center.
You need to ensure that you can create PSOs from Active Directory Administrative Center.
What should you do?
Correct Answer: C
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
You enable and configure Routing and Remote Access (RRAS) on Server1.
You create a user account named User1.
You need to ensure that User1 can establish VPN connections to Server1.
What should you do?
You enable and configure Routing and Remote Access (RRAS) on Server1.
You create a user account named User1.
You need to ensure that User1 can establish VPN connections to Server1.
What should you do?
Correct Answer: B
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
HOTSPOT
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1.
Your company implements DirectAccess.
A user named User1 works at a customer's office. The customer's office contains a server named Server1.
When User1 attempts to connect to Server1, User1 connects to Server1 in adatum.com.
You need to provide User1 with the ability to connect to Server1 in the customer's office.
Which Group Policy option should you configure? To answer, select the appropriate option in the answer area.
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1.
Your company implements DirectAccess.
A user named User1 works at a customer's office. The customer's office contains a server named Server1.
When User1 attempts to connect to Server1, User1 connects to Server1 in adatum.com.
You need to provide User1 with the ability to connect to Server1 in the customer's office.
Which Group Policy option should you configure? To answer, select the appropriate option in the answer area.
Correct Answer:
Specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon.
If the user clicks the Disconnect option, NCA removes the DirectAccess rules from the Name Resolution Policy Table (NRPT) and the DirectAccess client computer uses whatever normal name resolution is available to the client computer in its current network configuration, including sending all DNS queries to the local intranet or Internet DNS servers. Note that NCA does not remove the existing IPsec tunnels and users can still access intranet resources across the DirectAccess server by specifying IPv6 addresses rather than names.
The ability to disconnect allows users to specify single-label, unqualified names (such as "PRINTSVR") for local resources when connected to a different intranet and for temporary access to intranet resources when network location detection has not correctly determined that the DirectAccess client computer is connected to its own intranet.
To restore the DirectAccess rules to the NRPT and resume normal DirectAccess functionality, the user clicks Connect.
Note: If the DirectAccess client computer is on the intranet and has correctly determined its network location, the Disconnect option has no effect because the rules for DirectAccess are already removed from the NRPT.
If this setting is not configured, users do not have Connect or Disconnect options.