70-411 - MCSA: Administering Windows Server 2012 - Exam 4

Description

This exam measures your ability to accomplish the technical tasks listed below: Deploy, Manage, and Maintain Servers Configure File and Print Services Configure Network Services and Access Configure a Network Policy Server Infrastructure Configure and Manage Active Directory Configure and Manage Group Policy
Mike M
Quiz by Mike M, updated more than 1 year ago
Mike M
Created by Mike M about 6 years ago
220
1

Resource summary

Question 1

Question
Your network contains a RADIUS server named Server1. You install a new server named Server2 that runs Windows Server 2012 and has Network Policy Server (NPS) installed. You need to ensure that all accounting requests for Server2 are forwarded to Server1. On Server2, you create a new remote RADIUS server group named Group1 that contains Server1. What should you configure next on Server2?
Answer
  • NPS (Local) - RADIUS Clients and Servers - Radius Clients
  • NPS (Local) - RADIUS Clients and Servers - Remote RADIUS Server Groups
  • NPS (Local) - Policies - Connection Request Policies
  • NPS (Local) - Policies - Network Policies
  • NPS (Local) - Policies - Health Policies
  • NPS (Local) - Network Access Protection - System Health Validators
  • NPS (Local) - Network Access Protection - Remediation Server Groups
  • NPS (Local) - Accounting
  • NPS (Local) - Templates Management

Question 2

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a RADIUS server named Server1 that runs Windows Server 2012. You add a VPN server named Server2 to the network. On Server1, you create several network policies. You need to configure Server1 to accept authentication requests from Server2. Which tool should you use on Server1?
Answer
  • Connection Manager Administration Kit (CMAK)
  • Routing and Remote Access
  • Network Policy Server (NPS)
  • Set-RemoteAccessRADIUS

Question 3

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 has the DHCP Server server role and the Network Policy Server role service installed. Server1 contains three non-overlapping scopes named Scope1, Scope2, and Scope3. Server1 currently provides the same Network Access Protection (NAP) settings to the three scopes. You modify the settings of Scope1 as shown in the exhibit. (Click the Exhibit button.) You need to configure Server1 to provide unique NAP enforcement settings to the NAP non- compliant DHCP clients from Scope1. What should you create?
Answer
  • A network policy that has the MS-Service Class condition
  • A network policy that has the Identity Type condition
  • A connection request policy that has the Identity Type condition
  • A connection request policy that has the Service Type condition

Question 4

Question
You have a server named Server1 that runs Windows Server 2012. Server1 has the Remote Access server role installed. You have a client named Client1 that is configured as an 802.1X supplicant. You need to configure Server1 to handle authentication requests from Client1. The solution must minimize the number of authentication methods enabled on Server1. Which authentication method should you enable?
Answer
  • Extensible Authentication Protocol (EAP)
  • Microsoft encrypted authentication version 2 (MS-CHAP v2)
  • Encrypted Authentication (CHAP)
  • Unencrypted password (PAP)
  • Allow machine certificate authentication for IKEv2
  • Allow systems to connect without authentication

Question 5

Question
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server. You need to log all DHCP clients that have Windows Firewall disabled. Which three actions should you perform in sequence?
Answer
  • Create a connection request policy
  • Create a network policy
  • Create a remediation server group
  • Create a Window Security Health Validator (WSHV) configuration
  • Create a health policy

Question 6

Question
You have a server named Server1 that runs Windows Server 2012. Server1 has the Remote Access server role installed. Server1 is located in the perimeter network. The IPv4 routing table on Server1 is configured as shown in the following exhibit. (Click the Exhibit button.) Your company purchases an additional router named Router1. Router1 has an interface that connects to the perimeter network and an interface that connects to the Internet. The IP address of the interface that connects to the perimeter network is 172.16.0.2. You need to ensure that Server1 will route traffic to the Internet by using Router1 if the current default gateway is unavailable. How should you configure the static route on Server1?

Question 7

Question
Force an authoritative and non-authoritative synchronization for FRS-Replicated SYSVOL
Answer
  • dfsgui.msc
  • ultrasound
  • rplmon
  • ntfrsutil

Question 8

Question
I am using a Domain Admins account to run the console and the service is running under local system. I try approve Requests from Pending devices, then I got notice Access Denied, (Windows Server 2003 R2). And why Architecture x64, clients are x86 ? Is that the reason and how to fix it?
Answer
  • Open WDS and right click on the server and select Properties. Click on the tab PXE Response settings and select respond to all (known and unknown) client. Also select the little checkbox below.
  • You need to grant permission on the OU in which you want to create machine accounts for the WDS Server Machine Account
  • To grant permission to approve a pending computer: Open Active Directory Users and Computers, right-click the OU where you are creating prestaged computer accounts, select Delegate Control, click Next, change the object type to include computers, add the computer object of the Windows Deployment Services server, click next, create a custom task to delegate, select only the following objects in the folder, then select the computer objects, check box, select create selected objects in this folder and click next
  • Define the OU path to add systems in WDS, delegate computer object create or greater rights to the WDS server for the OU, and delegate computer object create rights to your account or simply use a domain account to login

Question 9

Question
Force an authoritative and non-authoritative synchronization for DFSR-Replicated SYSVOL
Answer
  • LDP
  • ultrasound
  • rplmon
  • frsutil
  • dfsrdiag

Question 10

Question
How to give the minimum required permission to a user who wants to promote a RODC?
Answer
  • Member of the Domain Admins group
  • Allowed to attach the server to the RODC computer account
  • Local Admin
  • Organizational admin

Question 11

Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. A domain controller named DC1 has the ADMX Migrator tool installed. You have a custom Administrative Template file on DC1 named Template1.adm. You need to add a custom registry entry to Template1.adm by using the ADMX Migrator tool. Which action should you run first?
Answer
  • New Category
  • Load Template
  • New Policy Setting
  • Generate ADMX from ADM

Question 12

Question
Your network contains an Active Directory domain named contoso.com. You need to audit access to removable storage devices. Which audit category should you configure?
Answer
  • Account Logon
  • Account Management
  • Detailed Tracking
  • DS Access
  • Logon/Logoff
  • Object Access
  • Policy Change
  • Privilege Use
  • System
  • Global Object Access Auditing

Question 13

Question
Your network contains an Active Directory domain named adatum.com. You need to audit changes to the files in the SYSVOL shares on all of the domain controllers. The solution must minimize the amount of SYSVOL replication traffic caused by the audit. Which two settings should you configure? (Each correct answer presents part of the solution. (Choose two.)
Answer
  • Audit Policy\Audit System Events
  • Advanced Audit Policy Configuration\DS Access
  • Advanced Audit Policy Configuration\Global Object Access Auditing
  • Audit Policy\Audit object access
  • Audit Policy\Audit directory service access
  • Advanced Audit Policy Configuration\Object Access

Question 14

Question
Your network contains an Active Directory domain named contoso.com. You have several Windows PowerShell scripts that execute when client computers start. When a client computer starts, you discover that it takes a long time before users are prompted to log on. You need to reduce the amount of time it takes for the client computers to start. The solution must not prevent scripts from completing successfully. Which setting should you configure?
Answer
  • Allow logon scripts when NetBIOS or WINS is disabled
  • Specify maximum wait time for Group Policy scripts
  • Run Windows PowerShell scripts first at computer startup, synchronously
  • Run logon scripts synchronously
  • Display instructions in shutdown scripts as they run
  • Run startup scripts asynchronously
  • Display instructions in startup scripts as they run
  • Run Windows PowerShell scripts first at user logon, logoff

Question 15

Question
You are a network administrator of an Active Directory domain named contoso.com. You have a server named Server1 that runs Windows Server 2012. Server1 has the Web Server (IIS) server role installed. Server1 will host a web site at URL https://secure.contoso.com. The application pool identity account of the web site will be set to a domain user account named AppPool1. You need to identify the setspn.exe command that you must run to configure the appropriate Service Principal Name (SPN) for the web site. What should you run?
Answer
  • Run setspn.exe and specify the /l parameter
  • From the properties of User1, open the Delegation tab, and add the HOST service
  • From the properties of User1, open the Delegation tab and select Trust this user for delegation to any service (Kerberos only)
  • From the properties of User1, open the Delegation tab, select Trust this user for delegation to specified services only
  • Run the setspn.exe and specify the -s parameter

Question 16

Question
Your network contains an Active Directory domain named contoso.com. You deploy a web-based application named App1 to a server named Server1. App1 uses an application pool named AppPool1. AppPool1 uses a domain user account named User1 as its identity. You need to configure Kerberos constrained delegation for User1. Which three actions should you perform?
Answer
  • Run setspn.exe and specify the -l parameter
  • From the properties of User1, open the Delegation tab, and add the HOST service.
  • From the properties of User1, open the Delegation tab and select Trust this user for delegation to any service (Kerberos only)
  • From the properties of User1, open the Delegation tab, select Trust this user for delegation to specified services only
  • Run the setspn.exe and specify the -s parameter

Question 17

Question
Your network contains an Active Directory domain called contoso.com. The domain contains a domain controller named DC1 that runs Windows server 2012. The domain contains some test client computers that run either Windows XP, Windows Vista, Windows 7, or Windows 8. The computer accounts for the test computers are located in an organizational unit (OU) named OU1. You have a Group Policy object (GPO) named GPO1 linked to OU1. GPO1 is used to assign several applications to the test computers. You need to ensure that when the test computers in OU1 restart, you can see which application installation is running currently. Which setting should you modify in GPO1?
Answer
  • Download missing COM components
  • Allow Distributed Link Tracking clients to use domain resources
  • Do not turn off system power after a Windows system shutdown has occurred.
  • Enable Persistent Time Stamp
  • Active Shutdown Event Tracker System State Data feature
  • Display Shutdown Event Tracker
  • Specify settings for optional component installation and component repair
  • Turn off Data Execution Prevention for HTML Help Executable
  • Restrict these programs from being launched from help
  • Display highly detailed status messages

Question 18

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012. You create an Active Directory snapshot of DC1 each day. You need to view the contents of an Active Directory snapshot from two days ago. What should you do first?
Answer
  • Run the dsamain.exe command
  • Stop the Active Directory Domain Services (AD DS) service
  • Run the ntdsutil.exe command
  • Start the Volume Shadow Copy Service (VSS)

Question 19

Question
Your network contains an Active Directory domain named adatum.com. All domain controllers run Windows Server 2012. The domain contains a virtual machine named DC2. On DC2, you run Get-ADDCCloningExcludedApplicationList and receive the output shown in the following table. You need to ensure that you can clone DC2. Which two actions should you perform?
Answer
  • Create an empty file named CustomDCClonesAllowList.xml
  • Add the following information to the DCCloneConfigSchema.xsd <Allow List> <Allow> <Name> App1 </Name> <Type> Service </Type> </Allow> </AllowList>
  • Create a filename DCCloneConfig.xml that contains the following information <Allow List> <Allow> <Name> App1 </Name> <Type> Service </Type> </Allow> </AllowList>
  • Create a file named CustomDCCloneAllowList.xml that contains the following information <Allow List> <Allow> <Name> App1 </Name> <Type> Service </Type> </Allow> </AllowList>
  • Create an empty file named DCCloneConfig.xml

Question 20

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 has the Web Server (IIS) server role installed. On Server1, you install a managed service account named Service1. You attempt to configure the World Wide Web Publishing Service as shown in the attachment. (Click the attachment button.) You receive the following error message: "The account name is invalid or does not exist, or the password is invalid for the account name specified." You need to ensure that the World Wide Web Publishing Service can log on by using the managed service account. What should you do?
Answer
  • Specify contoso\service1$ as the account name
  • Specify service1@contoso.com as the account name
  • Reset the password for the account
  • Enter and confirm the password for the account

Question 21

Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. You pre-create a read-only domain controller (RODC) account named RODC1. You export the settings of RODC1 to a file named File1.txt. You need to promote RODC1 by using File1.txt. Which tool should you use?
Answer
  • The dcpromo command
  • The Install-WindowsFeature cmdlet
  • The Install-ADDSDomainController cmdlet
  • The Add-WindowsFeature cmdlet
  • The dism command

Question 22

Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2008 R2. The domain contains three servers that run Windows Server 2012. The servers are configured as shown in the following table. Server1 and Server2 are configured in a Network Load Balancing (NLB) cluster and have the Web Server (IIS) role configured. Server3 has the SQL Server role configured. The NLB cluster hosts a website named Web1 that uses an application pool named App1. Web1 uses a database named DB1 as its data store. You create an account named User1. You configure User1, as the identity of App1. You need to ensure that contoso.com domain users accessing Web1 connect to DB1 by using their own credentials. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
Answer
  • Configure the delegation settings of Server3
  • Create a Service Principal Name (SPN) for User1
  • Configure the delegation settings of User1
  • Create a matching Service Principal Name (SPN) for Server1 and Server2
  • Configure the delegation settings of Server1 and Server2

Question 23

Question
Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012. A support technician accidentally deletes a user account named User1. You need to use tombstone reanimation to restore the User1 account. Which tool should you use?
Answer
  • ntdsutil
  • ldp
  • esentutl
  • Active Directory Administrative Center

Question 24

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC4 that runs Windows Server 2012. You create a DCCloneConfig.xml file. You need to clone DC4. Where should you place DCCloneConfig.xml on DC4?
Answer
  • %Systemroot%\SYSVOL
  • %programdata%\Microsoft
  • %Systemroot%\NTDS
  • %systemdrive%

Question 25

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. You run ntdsutil {as shown in the exhibit}. You need to ensure that you can access the contents of the mounted snapshot. What should you do?
Answer
  • From a command prompt, run dsamain.exe -dbpath C:\$snap_201204131056_volume$\windows\ntds\ntds.dit -ldapport 33389
  • From a command prompt, run dsamain.exe -dbpath C:\$snap_201204131056_volume$\windows\ntds\ntds.dit -ldapport 389
  • From the snapshot context of ntdsutil, run activate instance "NTDS"
  • From the snapshot context of ntdsutil, run mount (79f94f82-5926-4f44-8af0-2f5d827a57d).

Question 26

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. On DC1, you add a new volume and you stop the Active Directory Domain Services (AD DS) service. You run ntdsutil.exe and you set NTDS as the active instance. You need to move the Active Directory database to the new volume. Which Ntdsutil context should you use?
Answer
  • Configurable Settings
  • Partition management
  • IFM
  • Files

Question 27

Question
Your network contains an Active Directory domain named contoso.com. You create a user account named User1. The properties of User1 are shown in the exhibit. (Click the Exhibit button.) You plan to use the User1 account as a service account. The service will forward authentication requests to other servers. You need to ensure that you can view the Delegation tab from the properties of the User1 account. What should you do first?
Answer
  • Modify the Security settings of User1
  • Modify the User Principal Name (UPN) of User1
  • Configure a Service Principal Name (SPN) for User1
  • Configure the Name Mappings of User1

Question 28

Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. On all of the domain controllers, Windows is installed in C:\Windows and the Active Directory database is located in D:\Windows\NTDS\. All of the domain controllers have a third-party application installed. The operating system fails to recognize that the application is compatible with domain controller cloning. You verify with the application vendor that the application supports domain controller cloning. You need to prepare a domain controller for cloning. What should you do?
Answer
  • In D:\Windows\NTDS\, create an XML file named DCCloneConfig.xml and add the application information to the file.
  • In D:\Windows\NTDS\, create an XML file named CustomDCCloneAllowList.xml and add the application information to the file.
  • In the root of a USB flash drive, add the application information to an XML file named DefaultDCCloneAllowList.xml
  • In D:\Windows\NTDS\, create an XML file named DefaultDCCloneAllowList.xml and add the application information to the file.

Question 29

Question
Your network contains an Active Directory domain named adatum.com. The domain contains a domain controller named DC1. On DC1, you create a new volume named E. You restart DC1 in Directory Service Restore Mode. You open ntdsutil.exe and you set NTDS as the active instance. You need to move the Active Directory logs to E:\NTDS\. Which Ntdsutil context should you use?
Answer
  • IFM
  • Configurable Settings
  • Partition management
  • Files

Question 30

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 and has the Hyper-V server role installed. Server1 hosts 10 virtual machines. A virtual machine named VM1 runs Windows Server 2012 and hosts a processor-intensive application names App1. Users report that App1 responds more slowly than expected. You need to monitor the processor usage on VM1 to identify whether changes must be made to the hardware settings of VM1. Which performance object should you monitor on Server1?
Answer
  • Processor
  • Hyper-V Hypervisor Root Virtual Processor
  • Hyper-V Hypervisor Logical Processor
  • Process
  • Hyper-V Hypervisor Virtual Processor

Question 31

Question
You have a RODC named Server1 running Server 2012. You need to add a RODC Administrator. How do you complete the task?
Answer
  • dsmgmt.exe
  • ntdsutil
  • Add user to Local Administrator Group on Server1
  • Use Security Group and modify RODC Delegated Administrator

Question 32

Question
Your network contains an Active Directory domain named contoso.com. You need to create a AD Snapshot. Which four actions should you perform?
Answer
  • create
  • mount
  • snapshot
  • list instance
  • ntdsutil
  • files
  • activate instance ntds

Question 33

Question
Your network contains an Active Directory forest named contoso.com. All domain controllers run Windows Server 2008 R2. The schema is upgraded to Windows Server 2012. Contoso.com contains two servers. Server1 and Server2 have the Web Server (IIS) and Network Load Balancing (NLB) server roles installed. Server 1 and Server2 host a load-balanced application pool named AppPool1. You need to ensure that AppPool1 uses a group Managed Service Account as its identity. Which 3 actions should you perform?
Answer
  • Modify the settings of AppPool1
  • Run the Install-ADServiceAccount cmdlet
  • Run the New-ADServiceAccount cmdlet
  • Install a domain controller that runs Windows Server 2012.
  • Run the Set-ADServiceAccount cmdlet

Question 34

Question
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012. The domain contains two domain controllers. DC1 is a physical server and has a daily task to snapshot Active Directory. DC2 is a Hyper-V virtual machine that has a daily task to snapshot of the VM and daily systemstate backups. Active Directory Recycle Bin is enabled. You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1 an hour ago. What should you do?
Answer
  • Perform a non-authorative restore
  • Modify the is Recycled attribute of Group1
  • Perform an authorative restore
  • Recover the items by using Active Directory Recycle Bin

Question 35

Question
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1. You create a global group named RODC_Admins. You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on RODC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects. What should you do?
Answer
  • From Active Directory Users and Computers, configure the Managed By settings of the RODC1 account
  • From Active Directory Sites and Services, run the Delegation of Control Wizard
  • From Active Directory Users and Computers, run the Delegation of Control Wizard
  • From a command prompt, run the dsadd computer command

Question 36

Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. In a remote site, a support technician installs a server named DC10 that runs Windows Server 2012. DC10 is currently a member of a workgroup. You plan to promote DC10 to a read-only domain controller (RODC). You need to ensure that a user named Contoso/User1 can promote DC10 to a RODC in the contoso.com domain. The solution must minimize the number of permissions assigned to User1. What should you do?
Answer
  • Join DC10 to the domain. Modify the properties of the DC10 computer account.
  • From Active Directory Administrative Center, pre-create an RODC computer account
  • Join DC10 to the domain. Run dsmod and specify the /server switch
  • From Active Directory Administrative Center, modify the security settings of the Domain Controllers organizational unit (OU).

Question 37

Question
Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers. The domain controllers are configured as shown in the following table. The network contains a server named Server1 that has the Hyper-V server role installed. DC6 is a virtual machine that is hosted on Server1. You need to ensure that you can clone DC6. What should you do?
Answer
  • Transfer the schema master to DC6
  • Transfer the schema master to DC4
  • Transfer the PDC emulator to DC2
  • Transfer the PDC emulator to DC5

Question 38

Question
Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2012. You need to create a custom Active Directory application partition. Which tool should you use?
Answer
  • dsadd
  • dsmod
  • netdom
  • ntdsutil

Question 39

Question
Your network contains an Active Directory forest named contoso.com. All domain controllers run Windows Server 2008 R2. The schema is upgraded to Windows Server 2012. Contoso.com contains two servers. Server1 and Server2 have the Web Server (IIS) and Network Load Balancing (NLB) server roles installed. Server1 and Server2 host a load-balanced website named Web1. Web1 runs by using an application pool named WebApp1. WebApp1 uses a group Managed Service Account named gMSA1 as its identity. Domain users connect to Web1 by using either the name web1.contoso.com or the alias myweb.contoso.com. You discover the following: - When the users access Web1 by using web1.contoso.com, they authenticate by using Kerberos. - When the users access Web1 by using myweb.contoso.com, they authenticate by using NTLM. You need to ensure that the users can authenticate by using Kerberos when they connect by using myweb.contoso.com. What should you do?
Answer
  • Modify the properties of the WebApp1 application pool
  • Run the Add-ADComputerServiceAccount cmdlet
  • Modify the properties of the Web1 website
  • Modify the properties of the gMSA1 service account

Question 40

Question
Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers named DC1, DC2, DC3, DC4, DC5, and DC6. Each domain controller has the DNS Server server role installed and hosts an Active Directory-integrated zone for contoso.com. You plan to create a new Active Directory-integrated zone named litwareinc.com that will be used for testing. You need to ensure that the new zone will be available only on DC5 and DC6. What should you do first?
Answer
  • Create an application directory partition
  • Change the zone replication scope
  • Create an Active Directory connection object
  • Create an Active Directory site link
Show full summary Hide full summary

Similar

70-411 - MCSA: Administering Windows Server 2012 - Exam 3
Mike M
70-411 - MCSA: Administering Windows Server 2012 - Exam 5
Mike M
70-411 - MCSA: Administering Windows Server 2012 - Exam 6
Mike M
CCNA Security 210-260 IINS - Exam 3
Mike M
The Internet
Gee_0599
SQL Quiz
R M
Application of technology in learning
Jeff Wall
The SAT Math test essentials list
lizcortland
Innovative Uses of Technology
John Marttila
How to improve your SAT math score
Brad Hegarty
Solutions
Andrea Smith