[Free] Download New Latest (November) Microsoft 70-417 Actual Tests 101-110

Ensurepass

QUESTION 101

A server named Server01 is running Server Core at your companies IT house. It is already configured with the AD DS role but you also want to add AD CS to the server. What must you do to add Active Directory Certificate Services (AD CS) to this server?

 

A.

Reinstall the server with the full version of Windows Server 2008

B.

Install the AD CS role

C.

Install the RODC role

D.

Install the AD FS role

 

Correct Answer: B

Explanation:

Server 2012 allows AD CS in core mode.

http://technet.microsoft.com/en-us/library/hh831373.aspx

What’s New in AD CS?

New and changed functionality

Several new capabilities are available in the Windows Server 2012 R2 version of AD CS.

They include:

Integration with Server Manager

Deployment and management capabilities from Windows PowerShell?

All AD CS role services run on any Windows Server 2012 R2 version All AD CS role services can be run on Server Core Support for automatic renewal of certificates for non-domain joined computers Enforcement of certificate renewal with same key Support for international domain names Increased security enabled by default on the CA role service AD DS Site Awareness for AD CS and PKI Clients

 

 

QUESTION 102

Your network contains a domain controller named DC1 that runs Windows Server 2012 R2. You create a custom Data Collector Set (DCS) named DCS1.

 

You need to configure DCS1 to collect the following information:

 

clip_image002The amount of Active Directory data replicated between DC1 and the other domain controllers

clip_image002[1]The current values of several registry settings

 

Which two should you configure in DCS1? (Each correct answer presents part of the solution. Choose two.)

 

A.

Event trace data

B.

A Performance Counter Alert

C.

System configuration information

D.

A performance counter

 

Correct Answer: CD

 

 

QUESTION 103

Your network contains an Active Directory domain named contoso.com. The domain contains three servers. The servers are configured as shown in the following table.

 

clip_image004

 

You need to ensure that end-to-end encryption is used between clients and Server2 when the clients connect to the network by using DirectAccess.

 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

 

A.

From the Remote Access Management Console, reload the configuration.

B.

Add Server2 to a security group in Active Directory.

C.

Restart the IPSec Policy Agent service on Server2.

D.

From the Remote Access Management Console, modify the Infrastructure Servers settings.

E.

From the Remote Access Management Console, modify the Application Servers settings.

Correct Answer: BE

Explanation:

Unsure about these answers:

A public key infrastructure must be deployed.

Windows Firewall must be enabled on all profiles.

ISATAP in the corporate network is not supported. If you are using ISATAP, you should remove it and use native IPv6.

Computers that are running the following operating systems are supported as DirectAccess clients:

Windows Server® 2012 R2

Windows 8.1 Enterprise

Windows Server® 2012

Windows 8 Enterprise

Windows Server® 2008 R2

Windows 7 Ultimate

Windows 7 Enterprise

Force tunnel configuration is not supported with KerbProxy authentication.

Changing policies by using a feature other than the DirectAccess management console or Windows PowerShell cmdlets is not supported.

Separating NAT64/DNS64 and IPHTTPS server roles on another server is not supported.

 

 

QUESTION 104

Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.

 

Server1 hosts 10 virtual machines. A virtual machine named VM1 runs Windows Server 2012 R2 and hosts a processor-intensive application named App1.

 

Users report that App1 responds more slowly than expected.

 

You need to monitor the processor usage on VM1 to identify whether changes must be made to the hardware settings of VM1.

 

Which performance object should you monitor on Server1?

 

A.

Hyper-V Hypervisor Logical Processor

B.

Hyper-V Hypervisor Root Virtual Processor

C.

Processor

D.

Hyper-V Hypervisor Virtual Processor

E.

Process

 

Correct Answer: D

Explanation:

A.Traditionally, processor performance can be measured using the “Processor(*)% Processor Time” performance monitor counter. This is not an accurate counter for evaluating processor utilization of a guest operating system though because Hyper-V

B.Shows the percentage of time used by the virtual processor in guest code. This is used to determine the processor utilization of the virtualization stack on the host server.

C.Identifies how much of the physical processor is being used to run the virtual machines. This counter does not identify the individual virtual machines or the amount consumed by each virtual machine.

D.This counter is a natural choice that will give use the amount of time that this particular process spends using the processor resource.

E.Identifies how much of the virtual processor is being consumed by a virtual machine.

http://msdn.microsoft.com/en-us/library/cc768535(v=bts.10).aspx

http://technet.microsoft.com/en-us/library/cc742454.aspx

http://technet.microsoft.com/en-us/library/ff367892(v=exchg.141).aspx

 

 

QUESTION 105

Your network contains two servers that run Windows Server 2012 R2 named Server1 and Server2. Both servers have the File Server role service installed.

 

On Server2, you create a share named Backups.

 

From Windows Server Backup on Server1, you schedule a full backup to run every night. You set the backup destination to \Server2 Backups.

 

After several weeks, you discover that \Server2Backups only contains the last backup that completed on Server1.

 

You need to ensure that multiple backups of Server1 are maintained.

 

What should you do?

 

A.

Modify the properties of the Windows Store Service (WSService) service.

B.

Change the backup destination.

C.

Modify the Volume Shadow Copy Service (VSS) settings.

D.

Configure the permission of the Backups share.

 

Correct Answer: B

 

 

QUESTION 106

Your network contains an Active Directory forest named adatum.com. The forest contains an Active Directory Rights Management Services (AD RMS) cluster.

 

A partner company has an Active Directory forest named litwareinc.com. The partner company does not have AD RMS deployed.

 

You need to ensure that users in litwareinc.com can consume rights-protected content from adatum.com.

 

Which type of trust policy should you create?

 

A.

At federated trust

B.

A trusted user domain

C.

A trusted publishing domain

D.

Windows Live ID

 

Correct Answer: A

Explanation:

A.In AD RMS rights can be assigned to users who have a federated trust with Active Directory Federation Services (AD FS). This enables an organization to share access to rights-protected content with another organization without having to establish a separate Active Directory trust or Active Directory Rights Management Services (AD RMS) infrastructure.

http://technet.microsoft.com/en-us/library/dd772651(v=WS.10).aspx

http://technet.microsoft.com/en-us/library/cc738707(v=WS.10).aspx

http://technet.microsoft.com/en-us/library/cc757344(v=ws.10).aspx

 

clip_image006

 

 

QUESTION 107

Your network contains an Active Directory forest named contoso.com.

 

The forest contains two domains named contoso.com and child.contoso.com and two sites named Site1 and Site2. The domains and the sites are configured as shown in following table.

 

clip_image008

 

When the link between Site1 and Site2 fails, users fail to log on to Site2.

 

You need to identify what prevents the users in Site2 from logging on to the child.contoso.com domain.

 

What should you identify?

 

A.

The placement of the infrastructure master

B.

The placement of the global catalog server

C.

The placement of the domain naming master

D.

The placement of the PDC emulator

 

Correct Answer: D

Explanation:

The exhibit shows that Site2 does not have a PDC emulator. This is important because of the close interaction between the RID operations master role and the PDC emulator role

The PDC emulator processes password changes from earlier-version clients and other domain controllers on a best-effort basis; handles password authentication requests involving passwords that have recently changed and not yet been replicated throughout the domain; and, by default, synchronizes time. If this domain controller cannot connect to the PDC emulator, this domain controller cannot process authentication requests, it may not be able to synchronize time, and password updates cannot be replicated to it.

 

 

QUESTION 108

You have a server named Print1 that runs Windows Server 2012 R2.On Print1, you share a printer named Printer1.

 

You need to ensure that only the members of the Server Operators group, the Administrators group, and the Print Operators group can send print jobs to Printer1.

 

What should you do?

 

A.

Remove the permissions for the Creator Owner group

B.

Assign the Print permission to the Server Operators group

C.

Remove the permissions for the Everyone group

D.

Assign the Print permission to the Administrators group

 

Correct Answer: C

Explanation:

By default Everyone can print. This permissions need to be removed.

 

 

QUESTION 109

Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.

 

You need to prevent all of the GPOs at the site level and at the domain level from being Applied to users and computers in an organizational unit (OU) named OU1.

 

You want to achieve this goal by using the minimum amount of administrative effort.

 

What should you use?

 

A.

Dcgpofix

B.

Get-GPOReport

C.

Gpfixup

D.

Gpresult

E.

Gptedit.msc

F.

Import-GPO

G.

Restore-GPO

H.

Set-GPInheritance

I.

Set-GPLink

J.

Set-GPPermission

K.

Gpupdate

L.

Add-ADGroupMember

 

Correct Answer: H

Explanation:

http://technet.microsoft.com/en-us/library/ee461032.aspx

 

 

 

 

 

QUESTION 110

Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the IP Address Management (IPAM) Server feature installed. You install the IPAM client on Server2.

 

You open Server Manager on Server2 as shown in the exhibit. (Click the Exhibit button.)

 

clip_image010

 

You need to manage IPAM from Server2.

 

What should you do first?

 

A.

On Server2, open Computer Management and connect to Server1.

B.

On Server1, add the Server2 computer account to the IPAM ASM Administrators group.

C.

On Server2, add Server1 to Server Manager.

D.

On Server1, add the Server2 computer account to the IPAM MSM Administrators group.

 

Correct Answer: C

Explanation:

In the exhibit, we can see that only one server is managed with Server Manager on Server2 (itself, as in a Server, Server Manager always contains at least the server itself):

 

So we can be sure that Server1 is not added to Server2 ServerManager Console so if we want to manage IPAM, we should add Server1 to Server2s Server Managerhttp://technet.microsoft.com/en-us/library/hh831622.aspx Step-by-Step: Configure IPAM to Manage Your IP Address Space IP Address Management (IPAM) in Windows Server 2012 is a framework for discovering, monitoring, managing and auditing IP address space on a corporate network. IPAM provides the following features:

 

Automatic IP address infrastructure discovery

Highly customizable IP address space display, reporting, and management Configuration change auditing for DHCP and IPAM services Monitoring and management of DHCP and DNS services

IP address lease tracking

[…]

IPAM security groups

The following local IPAM security groups are created when you install IPAM. IPAM Users:

Members of this group can view all information in server discovery, IP address space, and server management. They can view IPAM and DHCP server operational events, but cannot view IP address tracking information.

 

IPAM MSM Administrators: IPAM multi-server management (MSM) administrators have IPAM Users privileges and can perform IPAM common management tasks and server management tasks. IPAM ASM Administrators:

 

IPAM address space management (ASM) administrators have IPAM Users privileges and can perform IPAM common management tasks and IP address space tasks. (that’s a user group, not a computer group) IPAM IP Audit Administrators:

 

Members of this group have IPAM Users privileges and can perform IPAM common management tasks and can view IP address tracking information. IPAM Administrators:

IPAM Administrators have the privileges to view all IPAM data and perform all IPAM tasks.

http://www.google.fr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&ved=0CDwQ FjAB&url=http%3A%2F%2Fdownload.microsoft.com% 2Fdownload%2FF%2F6%2F9%2FF 69BE7E8-3E99- 4A4AB1898AFADABC6216%2FUnderstand%2520and%2520Troubleshoot%2520IP%2520Address% 2520Management%2520(IPAM)%2520in%2520Windows%2520Server%25208%2520Beta.docx&ei=5xXWUIzRAsaQhQeUz4GQCg&usg=AFQjCNGh5tHzxwcaU9vXDGmPUgtjfPvhn w&bvm=bv.1355534169,d.d2k (download.microsoft.com)

 

Understand and Troubleshoot IP Address Management (IPAM) in Windows Server 8 Beta If you are accessing the IPAM server remotely using ServerManager IPAM client RSAT, then you must be a member of the WinRMRemoteWMIUsers group on the IPAM server, in addition to being a member of the appropriate IPAM security group (or local Administrators group).

 

Installation Process

IPAM Client

Although the IPAM client feature is automatically installed on a Windows Server “8” Beta server, along with installation of the IPAM Server feature, this component can also be installed or uninstalled on its own. Click through the Add roles and features wizard screens to select Role or Feature Based Install and the target server. On the Select Features screen, select Remote Server Administration Tools -> Feature Administration Tools -> IP Address Management (IPAM) Client. Click Add Features when prompted.

 

In order for the IPAM client to connect to an IPAM server, you must ensure that the target IPAM server is added to the Server Manager purview using the Add Servers wizard launched from the Manage menu. If both IPAM client and IPAM server are running on the same server, then by default the IPAM UI connects to the local IPAM server instance.

 

clip_image012

 

Free VCE & PDF File for Microsoft 70-417 Actual Tests

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…