70-411 Dumps 70-411 Exam Questions 70-411 New Questions 70-411 PDF 70-411 VCE Microsoft

[Lead2pass Official] Pass 70-411 Exam By Exercising Lead2pass Latest 70-411 VCE And PDF Dumps (261-280)

Lead2pass 2017 September New Microsoft 70-411 Exam Dumps!

100% Free Download! 100% Pass Guaranteed!

There are many companies that provide 70-411 braindumps but those are not accurate and latest ones. Preparation with Lead2pass 70-411 new questions is a best way to pass this certification exam in easy way.

Following questions and answers are all new published by Microsoft Official Exam Center: https://www.lead2pass.com/70-411.html

QUESTION 261
You wants to change the memory of a virtual machine that is currently powered up.
What does he need to do?

A.    Shut down the virtual machine, use the virtual machine’s settings to change the memory, and start it again.
B.    Use the virtual machine’s settings to change the memory
C.    Pause the virtual machine, use the virtual machine’s settings to change the memory, and resume it.
D.    Save the virtual machine, use the virtual machine’s settings to change the memory, and resume it.

Answer: A
Explanation:
The memory of a virtual machine, you can only change if the VM is powered off. If the VM is running, is stopped or saved, the settings for the memory can not be changed. A hard disk or a DVD drive, however, you can also add a virtual machine during operation.

 

QUESTION 262
You need to stop an application from running in Task Manager.
Which tab would you use to stop an application from running?

A.    Performance
B.    Users
C.    Options
D.    Details

Answer: D

QUESTION 263
You upgraded all of your locations to Windows Server 2012 R2 and implemented the routing capability built into the servers.
You chose to implement RIP. After implementing the routers, you discover that routes that you don’t want your network to consider are updating your RIP routing tables.
What can you do to control which networks the RIP routing protocol will communicate with on your network?

A.    Configure TCP/IP filtering
B.    Configure RIP route filtering
C.    Configure IP packet filtering
D.    Configure RIP peer filtering
E.    There is no way to control this behavior

Answer: B
Explanation:
RIP route filters allow you to configure your routers to either ignore or accept updates from specific network addresses or a range of addresses. TCP/IP filtering is configured at each individual host to control the traffic at a granular level, such as a specific address, UDP port, or TCP port. IP packet filtering is used on the router interface to control IP traffic based on subnet masks, IP address, or port.
RIP peer filtering is used to control communication between individual routers rather than control the entire network address.

QUESTION 264
Your company has offices in five locations around the country. Most of the users’ activity is local to their own network. Occasionally, some of the users in one location need to send confidential information to one of the other four locations or to retrieve information from one of them. The communication between the remote locations is sporadic and relatively infrequent, so you have configured RRAS to use demand-dial lines to set up the connections. Management’s only requirement is that any communication between the office locations be appropriately secured. Which of the following steps should you take to ensure compliance with this requirement? (Choose all that apply.)

A.    Configure CHAP on all the RRAS servers.
B.    Configure PAP on all the RRAS servers.
C.    Configure MPPE on all the RRAS servers.
D.    Configure L2TP on all the RRAS servers.
E.    Configure MS-CHAPv2 on all the RRAS servers.

Answer: CE
Explanation:
For dial-up and PPTP dial-in site-to-site scenarios, authentication protocols EAP-TLS or MS-CHAP v2 are recommended. For encryption, the Microsoft Point-to-Point Encryption (MPPE) protocol recommended. See also: Choosing MPPE or IPSec Encryption

QUESTION 265
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
In a remote site, a support technician installs a server named DC10 that runs Windows Server 2012 R2. DC10 is currently a member of a workgroup.
You plan to promote DC10 to a read-only domain controller (RODC).
You need to ensure that a user named Contoso\User1 can promote DC10 to a RODC in the contoso.com domain. The solution must minimize the number of permissions assigned to User1.
What should you do?

A.    From Dsmgmt, run the local roles command.
B.    From Active Directory Administrative Center, modify the security settings of the Domain Controllers
organizational unit (OU).
C.    From Active Directory Users and Computers, run the Delegation of Control Wizard on the contoso.com
domain object.
D.    From Active Directory Users and Computers, pre-create an RODC computer account.

Answer: D
Explanation:
A staged read only domain controller (RODC) installation works in two discrete phases:
1.Staging an unoccupied computer account
2.Attaching an RODC to that account during promotion

QUESTION 266
Which of the following features is available when Windows Server 2012 R2 is installed using the GUI option but without the desktop experience feature installed?

A.    Metro-style Start screen
B.    Built-in help system
C.    All of these
D.    Windows Media Player

Answer: AB
Explanation:
Here is description of Desktop Experience:
http://technet.microsoft.com/en-us/library/cc772567.aspx

QUESTION 267
Your network contains two servers named Server1 and Server 2.
Both servers run Windows Server 2012 R2 and have the DNS Server server role installed.
On Server1, you create a standard primary zone named contoso.com.
You plan to create a standard primary zone for ad.contoso.com on Server2.
You need to ensure that Server1 forwards all queries for ad.contoso.com to Server2.
What should you do from Server1?

A.    Create a trust anchor named Server2.
B.    Create a conditional forward that points to Server2
C.    Create a zone delegation that points to Server2.
D.    Add Server2 as a name server.

Answer: C
Explanation:
You can divide your Domain Name System (DNS) namespace into one or more zones.
You can delegate management of part of your namespace to another location or department in your organization by delegating the management of the corresponding zone.
For more information, see Understanding Zone Delegation

 

 

QUESTION 268
Your network contains an Active Directory domain named adatum.com. The domain contains a member server named Server1 and 10 web servers. All of the web servers are in an organizational unit (OU) named WebServers_OU. All of the servers run Windows Server 2012 R2.
On Server1, you need to collect the error events from all of the web servers. The solution must ensure that when new web servers are added to WebServers_OU, their error events are collected automatically on Server1.
What should you do?

A.    On Server1, create a source computer initiated subscription.
From a Group Policy object (GPO), configure the Configure forwarder resource usage setting
B.    On Server1, create a source computer initiated subscription.
From a Group Policy object (GPO), configure the Configure target Subscription Manager setting
C.    On Server1, create a collector initiated subscription.
From a Group Policy object (GPO), configure the Configure target Subscription Manager setting
D.    On Server1, create a collector initiated subscription.
From a Group Policy object (GPO), configure the Configure forwarder resource usage setting.

Answer: B
Explanation:
Source-initiated subscriptions allow you to define a subscription on an event collector computer without defining the event source computers, and then multiple remote event source computers can be set up (using a group policy setting) to forward events to the event collector computer. This differs from a collector initiated subscription because in the collector initiated subscription model, the event collector must define all the event sources in the event subscription.
1. Run the following command from an elevated privilege command prompt on the
Windows Server domain controller to configure Windows Remote Management:
winrm qc – q
2. Start group policy by running the following command:
%SYSTEMROOT%\System32\gpedit. msc
3. Under the Computer Configuration node, expand the Administrative Templates node, then expand the Windows Components node, then select the Event Forwarding node.
4. Right-click the SubscriptionManager setting, and select Properties. Enable the SubscriptionManager setting, and click the Show button to add a server address to the setting. Add at least one setting that specifies the event collector computer. The SubscriptionManager Properties window contains an Explain tab that describes the syntax for the setting.
5. After the SubscriptionManager setting has been added, run the following command to ensure the policy is applied: gpupdate /force.
If you want to configure a source computer-initiated subscription, you need to configure the following group policies on the computers that will act as the event forwarders:
* (A) Configure Target Subscription Manager This policy enables you to set the location of the collector computer.

QUESTION 269
You have a DNS server named DN51 that runs Windows Server 2012 R2.
On DNS1, you create a standard primary DNS zone named adatum.com.
You need to change the frequency that secondary name servers will replicate the zone from DNS1.
Which type of DNS record should you modify?

A.    start of authority (SOA)
B.    name server (NS)
C.    service location (SRV)
D.    host information (HINFO)

Answer: A
Explanation:
The time to live is specified in the Start of Authority (SOA) record
Note: TTL (time to live) – The number of seconds a domain name is cached locally before expiration and return to authoritative nameservers for updated information.

QUESTION 270
In Windows Server 2012 R2, you can remove the Server Graphical Shell, resulting in the “Minimal Server Interface.” This is similar to a Server with a GUI installation except that some features are not installed.
Which of the following features is not installed in this scenario?

A.    MMC
B.    Windows Explorer
C.    Control Panel (subset)
D.    Server Manager

Answer: B
Explanation:
When you choose the minimal server interface option Internet Explorer 10, Windows Explorer, the desktop, and the Start screen are not installed. Microsoft Management Console (MMC), Server Manager, and a subset of Control Panel are still present.

QUESTION 271
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2012 R2.
Server1 has the Remote Desktop Session Host role service installed.
The computer account of Server1 resides in an organizational unit (OU) named OU1.
You create and link a Group Policy object (GPO) named GPO1 to OU1.
GPO1 is configured as shown in the exhibit. (Click the Exhibit button.)

 

You need to prevent GPO1 from Applying to your user account when you log on to Server1. GPO1 must Apply to every other user who logs on to Server1.
What should you configure?

A.    WMI Filtering
B.    Item-level Targeting
C.    Block Inheritance
D.    Security Filtering

Answer: D

QUESTION 272
Your network contains an Active Directory domain named contoso.com.
The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.
DC1 is backed up daily.
The domain has the Active Directory Recycle Bin enabled.
During routine maintenance, you delete 500 inactive user accounts and 100 inactive groups.
One of the deleted groups is named Group1.
Some of the deleted user accounts are members of some of the deleted groups.
For documentation purposes, you must provide a list of the members of Group1 before the group was deleted.
You need to identify the names of the users who were members of Group1 prior to its deletion.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you do first?

A.    Mount the most recent Active Directory backup.
B.    Perform an authoritative restore of Group1.
C.    Use the Recycle Bin to restore Group1.
D.    Reactivate the tombstone of Group1.

Answer: A
Explanation:
Note:
The Active Directory Recycle Bin does not have the ability to track simple changes to objects.
If the object itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the future. In other words, there is no rollback capacity for changes to object properties, or, in other words, to the values of these properties.
Note 2:
It is not about the restoration of Group1. There are only the membership of the group will be consulted at an earlier stage. For this purpose, an Active Directory snapshot can be used allows read access to a previous state of the Active Directory database.

QUESTION 273
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2.
For Server2, you are configuring constrained delegation to a third-party service named Service1 on Server1.
When you attempt to add Service1 from Server1 to the delegation setting of Server2, you discover that Service1 is not listed in the Available services list.
You need to ensure that you can add Service1 for constrained delegation.
What should you do first?

A.    From the Services console, modify the properties of Service1
B.    From ADSI Edit, create a serviceConnectionPoint (SCP) object
C.    From a command prompt, run the setspn.exe command
D.    From Active Directory Users and Computers, enable the Advanced Features option.

Answer: A
Explanation:
An SPN (SPN) is a unique identifier for a service in a network with Kerberos authentication. SPNs are made up of a service class, a host name and a port. In a network with Kerberos authentication an SPN must be registered for the server under an integrated computer account such as Network Service or Local System or a user account.
SPNs are automatically registered for built-in accounts. If you run a service under a domain user account, you must register the SPN manually for the account that you want to use.
In order to make the service Service1, which runs on Server1, on other computers of the domain “visible”, has a service account be established, which can be used over the range of the local computer addition (domain user account).

QUESTION 274
You have a file server named Server1 that runs Windows Server 2012 R2.
Server1 has the File Server Resource Manager role service installed.
Files created by users in the human resources department are assigned the Department classification property automatically.
You are configuring a file management task named Task1 to remove user files that have not been accessed for 60 days or more.
You need to ensure that Task1 only removes files that have a Department classification property of human resources. The solution must minimize administrative effort.
What should you configure on Task1?

A.    Create a custom action.
B.    Configure a file screen.
C.    Create a classification rule.
D.    Create a condition.

Answer: D
Explanation:
Create a File Expiration Task
The following procedure guides you through the process of creating a file management task for expiring files. File expiration tasks are used to automatically move all files that match certain criteria to a specified expiration directory, where an administrator can then back those files up and delete them. Property conditions. Click Add to create a new condition based on the file’s classification. This will open the Property Condition dialog box, which allows you to select a property, an operator to perform on the property, and the value to compare the property against. After clicking OK, you can then create additional conditions, or edit or remove an existing condition.

QUESTION 275
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed.
An administrator creates a Network Policy Server (NPS) network policy named Policy1.
You need to ensure that Policy1 applies to L2TP connections only.
Which condition should you modify?
To answer, select the appropriate object in the answer area.

 

Answer:

 

QUESTION 276
Your network contains two DNS servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 hosts a primary zone for contoso.com. Server2 hosts a secondary zone forcontoso.com.
You need to ensure that Server2 replicates changes to the contoso.com zone every five minutes.
Which setting should you modify in the start of authority (SOA) record?

A.    Retry interval
B.    Minimum (default) TTL
C.    Expires after
D.    Refresh interval

Answer: D
Explanation:
By default, the refresh interval for each zone is set to 15 minutes. The refresh interval is used to determine how often other DNS servers that load and host the zone must attempt to renew the zone.

 

QUESTION 277
Your network contains an Active Directory domain named contoso.com.
All domain controllers run Windows Server 2012 R2.
An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately.
The solution must minimize administrative effort.
Which tool should you use?

A.    The Secedit command
B.    The Set-AdComputer cmdlet
C.    Active Directory Users and Computers
D.    The Invoke-GpUpdate cmdlet

Answer: D
Explanation:
Invoke-GPUpdate
Schedule a remote Group Policy refresh (gpupdate) on the specified computer.
Applies To: Windows Server 2012 R2
The Invoke-GPUpdate cmdlet refreshes Group Policy settings, including security settings that are set on remote computers by scheduling the running of the Gpupdate command on a remote computer. You can combine this cmdlet in a scripted fashion to schedule the Gpupdate command on a group of computers.
The refresh can be scheduled to immediately start a refresh of policy settings or wait for a specified period of time, up to a maximum of 31 days. To avoid putting a load on the network, the refresh times will be offset by a random delay.
Note:
Group Policy is a complicated infrastructure that enables you to apply policy settings to remotely configure a computer and user experience within a domain. When the Resultant Set of Policy settings does not conform to your expectations, a best practice is to first verify that the computer or user has received the latest policy settings. In previous versions of Windows, this was accomplished by having the user run GPUpdate.exe on their computer.
With Windows Server 2012 R2 and Windows 8, you can remotely refresh Group Policy settings for all computers in an organizational unit (OU) from one central location by using the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdate Windows PowerShell cmdlet to refresh Group Policy for a set of computers, including computers that are not within the OU structure–for example, if the computers are located in the default computers container.
The remote Group Policy refresh updates all Group Policy settings, including security settings that are set on a group of remote computers, by using the functionality that is added to the context menu for an OU in the Group Policy Management Console (GPMC). When you select an OU to remotely refresh the Group Policy settings on all the computers in that OU, the following operations happen:
An Active Directory query returns a list of all computers that belong to that OU. For each computer that belongs to the selected OU, a WMI call retrieves the list of signed in users.
A remote scheduled task is created to run GPUpdate.exe /force for each signed in user and once for the computer Group Policy refresh. The task is scheduled to run with a random delay of up to 10 minutes to decrease the load on the network traffic. This random delay cannot be configured when you use the GPMC, but you can configure the random delay for the scheduled task or set the scheduled task to run immediately when you use the Invoke-GPUpdate cmdlet.
Reference: Force a Remote Group Policy Refresh (GPUpdate)

QUESTION 278
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two servers.
The servers are configured as shown in the following table.

 

Server1 and Server2 host a load-balanced website named Web1. Web1 runs by using an application pool named WebApp1. WebApp1 uses a group Managed Service Account named gMSA1 as its identity.
Domain users connect to Web1 by using either the name Web1.contoso.com or the alias myweb.contoso.com.
You discover the following:

– When the users access Web1 by using Web1.contoso.com, they authenticate by using Kerberos.
– When the users access Web1 by using myweb.contoso.com, they authenticate by using NTLM.

You need to ensure that the users can authenticate by using Kerberos when they connect by using myweb.contoso.com.
What should you do?

A.    Run the Add-ADComputerServiceAccount cmdlet.
B.    Modify the properties of the gMSA1 service account.
C.    Modify the properties of the Web1 website.
D.    Run the Install-ADServiceAccount cmdlet.

Answer: B
Explanation:
Independent managed service accounts that were introduced in Windows Server 2008 R2 and Windows 7 are managed domain accounts that provide an automatic password management and simplified management of SPN (Service Principal Names SPNs) – including delegation of management to other administrators.

The Group managed service account provides the same functions within the domain, but this also is expanding to multiple servers. When connecting with a service that is hosted in a server farm (for example, a Network Load Balancing), the authentication protocols require with mutual authentication, that all instances of services use the same principal. If group managed service accounts can be used as a service principals, the password for the account from the Windows operating system is managed, rather than leaving the password keeper the Administrator.

The Microsoft Key Distribution Service (“kdssvc.dll”) provides the mechanism for secure retrieval of current key or a certain key ready for an Active Directory account with a key ID. This service is new in Windows Server 2012 and can not run on older versions of the Windows Server operating system. From the key distribution service secret information to create keys for the account are provided. These keys are changed regularly. In one group managed service account to the Windows Server 2012 domain controller calculates the password for the key specified by the Key Distribution Service – just like any other attributes of the group managed service account. Current and older password values can be 8-member hosts accessed by contacting a Windows Server 2012 domain controller of Windows Server 2012- and Windows.

Group Managed Service Accounts provide a single identity solution for services that are running on a server farm or on systems behind a Network Load Balancing. By providing a solution for group managed service accounts (groups-MSA solution) services for the new group MSA principal can be configured, while the password manager of Windows is handled. When using a group managed service account must be managed by services or service administrators no password synchronization between service instances become. The group managed service account supported hosts that are offline for an extended period, as well as the managing member of hosts for all instances of a service. So you can deploy a server farm that supports a single identity, with respect to the can authenticate existing client computer without knowing with which instance of the service a connection is established.

It is most likely that the service account gMSA1 only the name web1.certbase contains .de as registered SPN. To ensure that Kerberos authentication works even when use of the name myweb.certbase.de, must match the service account name myweb.certbase.de be added as additional SPN. This is possible by editing the account properties or by using the Set-ADServiceAccount.

QUESTION 279
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
You create a central store for Group Policy.
You receive a custom administrative template named Template1.admx.
You need to ensure that the settings in Template1.admx appear in all new Group Policy objects (GPOs).
What should you do?

A.    Copy Template1.admx to
\\Contoso.com\SYSVOL\Contoso.com\Policies\PolicyDefinitions\
B.    From the Default Domain Controllers Policy, add Template1.admx to the Administrative Templates.
C.    Copy Template1.admx to \\Contoso.com\NETLOGON
D.    From the Default Domain Policy, add Template1.admx to the Administrative Templates.

Answer: A
Explanation:
Unlike ADM files, ADMX files are not stored in individual GPOs. For domain-based enterprises, administrators can create a central store location of ADMX files that is accessible by anyone with permission to create or edit GPOs.

 

QUESTION 280
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed.
An administrator creates a RADIUS client template named Template1.
You create a RADIUS client named Client1 by using Template1.
You need to modify the shared secret for Client1.
What should you do first?

A.    Clear Select an existing template for Client1
B.    Set the Shared secret setting of Template1 to Manual.
C.    Clear Enable this RADIUS client for Client1.
D.    Configure the Advanced settings of Template1.

Answer: A
Explanation:
Clear checkmark for Select an existing template in the new client wizard.
In New RADIUS Client, in Shared secret, do one of the following:
Ensure that Manual is selected, and then in Shared secret, type the strong password
that is also entered on the RADIUS client.
Retype the shared secret in Confirm shared secret.

More free Lead2pass 70-411 exam new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDSmRhaVRWcW5Cc1k

We give you the proper and complete training with free 70-411 Lead2pass updates. Our braindumps will defiantly make you perfect to that level you can easily pass the exam in first attempt.

2017 Microsoft 70-411 (All 449 Q&As) exam dumps (PDF&VCE) from Lead2pass:

https://www.lead2pass.com/70-411.html [100% Exam Pass Guaranteed]