This dump is 100% valid to pass Microsoft 70-411 exam. The only tips is please do not just memorize the questions and answers, you need to get through understanding of it because the question changed a little in the real exam. Follow the instructions in the CertBus 70-411 Administering Windows Server 2012 PDF and VCEs. All CertBus materials will help you pass your Microsoft exam successfully.
We CertBus has our own expert team. They selected and published the latest 70-411 preparation materials from Microsoft Official Exam-Center: http://www.certgod.com/70-411.html
QUESTION NO:: 27
Your network contains an Active Directory domain named contoso. com. The domain
contains a server named Server1 that runs Windows Server 2012 R2.
A local account named Admin1 is a member of the Administrators group on Server1.
You need to generate an audit event whenever Admin1 is denied access to a file or folder.
What should you run?
A. auditpol. exe /set /userradmin1 /failure: enable
B. auditpol. exe /set /user: admin1 /category: “detailed tracking” /failure: enable
C. auditpol. exe /resourcesacl /set /type: file /user: admin1 /failure
D. auditpol. exe /resourcesacl /set /type: key /user: admin1 /failure /access: ga
Answer: C
Explanation:
http: //technet. microsoft. com/en-us/library/ff625687. aspx
To set a global resource SACL to audit successful and failed attempts by a user to perform
generic read and write functions on files or folders:
auditpol /resourceSACL /set /type: File /user: MYDOMAINmyuser /success /failure /access:
FRFW
http: //technet. microsoft. com/en-us/library/ff625687(v=ws. 10). aspx
Syntax
auditpol /resourceSACL
[/set /type: [/success] [/failure] /user: [/access: ]]
[/remove /type: /user: [/type: ]]
[/clear [/type: ]]
[/view [/user: ] [/type: ]]
http: //technet. microsoft. com/en-us/library/ff625687(v=ws. 10). aspx
http: //technet. microsoft. com/en-us/library/ff625687(v=ws. 10). aspx
http: //technet. microsoft. com/en-us/library/ff625687. aspx
http: //technet. microsoft. com/en-us/library/ff625687(v=ws. 10). aspx
QUESTION NO:: 22
Your network contains an Active Directory domain named adatum. com. The domain
contains a member server named Server1 and 10 web servers. All of the web servers are
in an organizational unit (OU) named WebServers_OU. All of the servers run Windows
Server 2012 R2.
On Server1, you need to collect the error events from all of the web servers. The solution
must ensure that when new web servers are added to WebServers_OU, their error events
are collected automatically on Server1.
What should you do?
A. On Server1, create a source computer initiated subscription. From a Group Policy object
(GPO), configure the Configure target Subscription Manager setting.
B. On Server1, create a source computer initiated subscription. From a Group Policy object
(GPO), configure the Configure forwarder resource usage setting.
C. On Server1, create a collector initiated subscription. From a Group Policy object (GPO),
configure the Configure forwarder resource usage setting.
D. On Server1, create a collector initiated subscription. From a Group Policy object (GPO),
configure the Configure target Subscription Manager setting.
Answer: A
Explanation:
Source-initiated subscriptions allow you to define a subscription on an event collector
computer without defining the event source computers, and then multiple remote event
source computers can be set up (using a group policy setting) to forward events to the
event collector computer. This differs from a collector initiated subscription because in the
collector initiated subscription model, the event collector must define all the event sources
in the event subscription.
1. Run the following command from an elevated privilege command prompt on the
Windows Server domain controller to configure Windows Remote Management: winrm qc q
2. Start group policy by running the following command:
%SYSTEMROOT%System32gpedit. msc
3. Under the Computer Configuration node, expand the Administrative Templates node,
then expand the Windows Components node, then select the Event Forwarding node.
4. Right-click the SubscriptionManager setting, and select Properties. Enable the
SubscriptionManager setting, and click the Show button to add a server address to the
setting. Add at least one setting that specifies the event collector computer. The
SubscriptionManager Properties window contains an Explain tab that describes the syntax
for the setting.
5. After the SubscriptionManager setting has been added, run the following command to
ensure the policy is applied: gpupdate /force.
If you want to configure a source computer-initiated subscription, you need to
configure the following group policies on the computers that will act as the event
forwarders:
* (A) Configure Target Subscription Manager This policy enables you to set the location
of the collector computer.
QUESTION NO:: 37
Your network contains an Active Directory domain named contoso. com. The domain
contains six domain controllers. The domain controllers are configured as shown in the
following table.
The network contains a server named Server1 that has the Hyper-v server role installed.
DC6 is a virtual machine that is hosted on Server1.
You need to ensure that you can clone DC6.
Which FSMO role should you transfer to DC2?
A. Rid master
B. Domain naming master
C. PDC emulator
D. Infrastructure master
Answer: C
Explanation:
The clone domain controller uses the security context of the source domain controller (the
domain controller whose copy it represents) to contact the Windows Server 2012 R2
Primary Domain Controller (PDC) emulator operations master role holder (also known as
flexible single master operations, or FSMO). The PDC emulator must be running Windows
Server 2012 R2, but it does not have to be running on a hypervisor.
http: //technet. microsoft. com/en-us/library/hh831734. aspx
QUESTION NO:: 38
Your network contains an Active Directory domain named contoso. com. All domain
controllers run either Windows Server 2008 or Windows Server 2008 R2.
You deploy a new domain controller named DC1 that runs Windows Server 2012 R2.
You log on to DC1 by using an account that is a member of the Domain Admins group.
You discover that you cannot create Password Settings objects (PSOs) by using Active
Directory Administrative Center.
You need to ensure that you can create PSOs from Active Directory Administrative Center.
What should you do?
A. Modify the membership of the Group Policy Creator Owners group.
B. Transfer the PDC emulator operations master role to DC1.
C. Upgrade all of the domain controllers that run Window Server 2008.
D. Raise the functional level of the domain.
Answer: D
Explanation:
Fine-grained password policies allow you to specify multiple password policies within a
single domain so that you can apply different restrictions for password and account lockout
policies to different sets of users in a domain. To use a fine-grained password policy, your
domain functional level must be at least Windows Server 2008. To enable fine-grained
password policies, you first create a Password Settings Object (PSO). You then configure
the same settings that you configure for the password and account lockout policies. You
can create and apply PSOs in the Windows Server 2012 environment by using the Active
Directory Administrative Center (ADAC) or Windows PowerShell.
Step 1: Create a PSO
Applies To: Windows Server 2008, Windows Server 2008 R2
http: //technet. microsoft. com/en-us//library/cc754461(v=ws. 10). aspx
QUESTION NO:: 58
Your network contains two servers named Server1 and Server2. Both servers run Windows
Server 2012 R2 and have the DNS Server server role installed.
On Server1, you create a standard primary zone named contoso. com.
You need to ensure that Server2 can host a secondary zone for contoso. com.
What should you do from Server1?
A. Add Server2 as a name server.
B. Create a trust anchor named Server2.
C. Convert contoso. com to an Active Directory-integrated zone.
D. Create a zone delegation that points to Server2.
Answer: A
Explanation:
Typically, adding a secondary DNS server to a zone involves three steps:
1. On the primary DNS server, add the prospective secondary DNS server to the list of
name servers that are authoritative for the zone.
2. On the primary DNS server, verify that the transfer settings for the zone permit the zone
to be transferred to the prospective secondary DNS server.
3. On the prospective secondary DNS server, add the zone as a secondary zone.
You must add a new Name Server. To add a name server to the list of authoritative servers
for the zone, you must specify both the server’s IP address and its DNS name. When
entering names, click Resolve to resolve the name to its IP address prior to adding it to the
list.
Secondary zones cannot be AD-integrated under any circumstances.
You want to be sure Server2 can host, you do not want to delegate a zone.
Secondary Domain Name System (DNS) servers help provide load balancing and fault
tolerance. Secondary DNS servers maintain a read-only copy of zone data that is
transferred periodically from the primary DNS server for the zone. You can configure DNS
clients to query secondary DNS servers instead of (or in addition to) the primary DNS
server for a zone, reducing demand on the primary server and ensuring that DNS queries
for the zone will be answered even if the primary server is not available.
How-To: Configure a secondary DNS Server in Windows Server 2012
We need to tell our primary DNS that it is ok for this secondary DNS to pull information
from it. Otherwise replication will fail and you will get this big red X.
Head over to your primary DNS server, launch DNS manager, expand Forward Lookup
Zones, navigate to your primary DNS zone, right-click on it and go to Properties.
Go to
QUESTION NO:: 32
Your network contains an Active Directory domain named contoso. com. The domain
contains a file server named Server1 that runs Windows Server 2012 R2. Server1 has a
share named Share1.
When users without permission to Share1 attempt to access the share, they receive the
Access Denied message as shown in the exhibit. (Click the Exhibit button. )
You deploy a new file server named Server2 that runs Windows Server 2012 R2.
You need to configure Server2 to display the same custom Access Denied message as
Server1.
What should you install on Server2?
A. The Remote Assistance feature
B. The Storage Services server role
C. The File Server Resource Manager role service
D. The Enhanced Storage feature
Answer: C
Explanation:
Access-Denied Assistance is a new role service of the File Server role in Windows Server
2012.
We need to install the prerequisites for Access-Denied Assistance.
Because Access-Denied Assistance relies up on e-mail notifications, we also need to
configure each relevant file server with a Simple Mail Transfer Protocol (SMTP) server
address. Let
QUESTION NO:: 49
Your network contains an Active Directory domain named contoso. com. The domain
contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced
GPOs.
The domain is renamed to adatum. com.
Group Policies no longer function correctly.
You need to ensure that the existing GPOs are applied to users and computers. You want
to achieve this goal by using the minimum amount of administrative effort.
What should you use?
A. Dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gpedit. msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritance
I. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
Answer: C
Explanation:
You can use the gpfixup command-line tool to fix the dependencies that Group Policy
objects (GPOs) and Group Policy links in Active Directory Domain Services (AD DS) have
on Domain Name System (DNS) and NetBIOS names after a domain rename operation.
http: //technet. microsoft. com/en-us/library/hh852336(v=ws. 10). aspx
QUESTION NO:: 73 HOTSPOT
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has two
network adapters and is located in a perimeter network.
You need to install the RIP version 2 routing protocol on Server1.
Which node should you use to add the RIP version 2 routing protocol?
To answer, select the appropriate node in the answer area.
Answer:
QUESTION NO:: 5
You are a network administrator of an Active Directory domain named contoso. com.
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the
DHCP Server server role and the Network Policy Server role service installed.
You enable Network Access Protection (NAP) on all of the DHCP scopes on Server1.
You need to create a DHCP policy that will apply to all of the NAP non-compliant DHCP
clients.
Which criteria should you specify when you create the DHCP policy?
A. The client identifier
B. The user class
C. The vendor class
D. The relay agent information
Answer: B
Explanation:
To configure a NAP-enabled DHCP server
1 On the DHCP server, click Start, click Run, in Open, type dhcpmgmt. smc, and
then press ENTER.
1 In the DHCP console, open IPv4.
1 Right-click the name of the DHCP scope that you will use for NAP client
computers, and then click Properties.
1 On the Network Access Protection tab, under Network Access Protection Settings,
choose Enable for this scope, verify that Use default Network Access Protection
profile is selected, and then click OK.
1 In the DHCP console tree, under the DHCP scope that you have selected, right-
click Scope Options, and then click Configure Options.
1 On the Advanced tab, verify that Default User Class is selected next to User class.
1 1 1
1 1
1
1
1 1
Select the 003 Router check box, and in IP Address, under Data entry, type the IP
address for the default gateway used by compliant NAP client computers, and then
click Add.
Select the 006 DNS Servers check box, and in IP Address, under Data entry, type
the IP address for each router to be used by compliant NAP client computers, and
then click Add.
Select the 015 DNS Domain Name check box, and in String value, under Data
entry, type your organization’s domain name (for example, woodgrovebank. local),
and then click Apply. This domain is a full-access network assigned to compliant
NAP clients.
On the Advanced tab, next to User class, choose Default Network Access
Protection Class.
Select the 003 Router check box, and in IP Address, under Data entry, type the IP
address for the default gateway used by noncompliant NAP client computers, and
then click Add. This can be the same default gateway that is used by compliant
NAP clients.
Select the 006 DNS Servers check box, and in IP Address, under Data entry, type
the IP address for each DNS server to be used by noncompliant NAP client
computers, and then click Add. These can be the same DNS servers used by
compliant NAP clients.
Select the 015 DNS Domain Name check box, and in String value, under Data
entry, type a name to identify the restricted domain (for example, restricted.
woodgrovebank. local), and then click OK. This domain is a restricted-access
network assigned to noncompliant NAP clients.
Click OK to close the Scope Options dialog box.
Close the DHCP console.
http: //technet. microsoft. com/en-us/library/dd296905(v=ws. 10). aspx
QUESTION NO:: 72
Your network contains an Active Directory domain named contoso. com. The domain
contains six domain controllers named DC1, DC2, DC3, DC4, DC5, and DC6. Each domain
controller has the DNS Server server role installed and hosts an Active Directory-integrated
zone for contoso. com.
You plan to create a new Active Directory-integrated zone named litwareinc. com that will
be used for testing.
You need to ensure that the new zone will be available only on DC5 and DCG.
What should you do first?
A. Change the zone replication scope.
B. Create an Active Directory connection object.
C. Create an Active Directory site link.
D. Create an application directory partition.
Answer: D
Explanation:
You can store Domain Name System (DNS) zones in the domain or application directory
partitions of Active Directory Domain Services (AD DS). A partition is a data structure in AD
DS that distinguishes data for different replication purposes. When you create an
application directory partition for DNS, you can control the scope of replication for the zone
that is stored in that partition.
CertBus exam braindumps are pass guaranteed. We guarantee your pass for the 70-411 exam successfully with our Microsoft materials. CertBus Administering Windows Server 2012 exam PDF and VCE are the latest and most accurate. We have the best Microsoft in our team to make sure CertBus Administering Windows Server 2012 exam questions and answers are the most valid. CertBus exam Administering Windows Server 2012 exam dumps will help you to be the Microsoft specialist, clear your 70-411 exam and get the final success.
70-411 Latest questions and answers on Google Drive(100% Free Download): https://drive.google.com/file/d/0B_3QX8HGRR1mNzhvYUxTRFllckU/view?usp=sharing
70-411 Microsoft exam dumps (100% Pass Guaranteed) from CertBus: http://www.certgod.com/70-411.html [100% Exam Pass Guaranteed]
Why select/choose CertBus?
Millions of interested professionals can touch the destination of success in exams by certgod.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material.