[Free] Download New Updated (October 2016) Microsoft 70-411 Real Exam 151-160

Ensurepass

QUESTION 151

Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.

 

Server1 and Server2 are nodes in a Hyper-V cluster named Cluster1. Cluster1 hosts 10 virtual machines. All of the virtual machines run Windows Server 2012 R2 and are members of the domain.

 

You need to ensure that the first time a service named Service1 fails on a virtual machine, the virtual machine is moved to a different node.

 

You configure Service1 to be monitored from Failover Cluster Manager.

 

What should you configure on the virtual machine?

 

A.

From the General settings, modify the Startup type.

B.

From the General settings, modify the Service status.

C.

From the Recovery settings of Service1, set the First failure recovery action to Take No Action.

D.

From the Recovery settings of Service1, set the First failure recovery action to Restart the Service.

 

Correct Answer: C

Explanation:

Configure the virtual machine to take no action through Hyper-V if the physical computer shuts down by modifying the Automatic Stop Action setting to None. Virtual machine state must be managed through the Failover Clustering feature.

 

Virtual machine application monitoring and management In clusters running Windows Server 2012, administrators can monitor services on clustered virtual machines that are also running Windows Server 2012. This functionality extends the high-level monitoring of virtual machines that is implemented in Windows Server 2008 R2 failover clusters. If a monitored service in a virtual machine fails, the service can be restarted, or the clustered virtual machine can be restarted or moved to another node (depending on service restart settings and cluster failover settings). This feature increases the uptime of high availability services that are running on virtual machines within a failover cluster.

 

Windows Server 2012 Failover Cluster introduces a new capability for Hyper-V virtual machines (VMs), which is a basic monitoring of a service within the VM which causes the VM to be rebooted should the monitored service fail three times. For this feature to work the following must be configured:

Both the Hyper-V servers must be Windows Server 2012 and the guest OS running in theVM must be Windows Server 2012.

The host and guest OSs are in the same or at least trusting domains. The Failover Cluster administrator must be a member of the local administrator’s group inside the VM.

Ensure the service being monitored is set to Take No Action (see screen shot below) within the guest VM for Subsequent failures (which is used after the first and second failures) and is set via the Recovery tab of the service properties within the Services application (services. msc).

 

clip_image002

 

Within the guest VM, ensure the Virtual Machine Monitoring firewall exception is enabled for the Domain network by using the Windows Firewall with Advanced Security application or by using the Windows PowerShell command below: Set-NetFirewallRule -DisplayGroup “Virtual Machine Monitoring” -Enabled True

 

After the above is true, enabling the monitoring is a simple process:

Launch the Failover Cluster Manager tool.

Navigate to the cluster – Roles.

Right click on the virtual machine role you wish to enable monitoring for and under More Actions select Configure Monitoring. . .

 

clip_image004

 

The services running inside the VM will be gathered and check the box for the services that should be monitored and click OK.

 

clip_image006

 

You are done!

 

Monitoring can also be enabled using the Add-ClusterVMMonitoredItemcmdlet and – VirtualMachine, with the -Service parameters, as the example below shows: PS

C:Windowssystem32> Add-ClusterVMMonitoredItem -VirtualMachine savdaltst01 – Service spooler

 

http://sportstoday.us/technology/windows-server-2012-continuous-availability-%28part-4%29-failover-clustering-enhancements-virtual-machine-monitoring.aspx

http://windowsitpro.com/windows-server-2012/enable-windows-server-2012-failover-cluster-hyper-v-vm-monitoring

http://technet.microsoft.com/en-us/library/cc742396.aspx

 

 

QUESTION 152

You have a DNS server named Server1 that runs Windows Server 2012 R2. On Server1, you create a DNS zone named contoso.com.

 

You need to specify the email address of the person responsible for the zone.

 

Which type of DNS record should you configure?

 

A.

Start of authority (SOA)

B.

Host information (HINFO)

C.

Mailbox (MB)

D.

Mail exchanger (MX)

 

Correct Answer: A

Explanation:

A SOA-record defines the responsible person for an entire zone, but a zone may contain many individual hosts / domain names for which different people are responsible. The RP- record type makes it possible to identify the responsible person for individual host names contained within the zone.

 

clip_image008

clip_image010

 

QUESTION 153

Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2.

 

The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link.

 

Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com.

 

You need to configure Server1 to resolve names in fabrikam.com. The solution must NOT require that changes be made to the fabrikam.com zone on Server2.

 

What should you create?

 

A.

A trust anchor

B.

A stub zone

C.

A zone delegation

D.

A secondary zone

 

Correct Answer: B

Explanation:

A stub zone is a copy of a zone that contains only those resource records necessary to identify the authoritative Domain Name System (DNS) servers for that zone. A stub zone is used to resolve names between separate DNS namespaces. This type of resolution may be necessary when a corporate merger requires that the DNS servers for two separate DNS namespaces resolve names for clients in both namespaces.

 

 

QUESTION 154

Your network is configured as shown in the exhibit. (Click the Exhibit button.)

 

clip_image012

 

Server1 regularly accesses Server2.

 

You discover that all of the connections from Server1 to Server2 are routed through Router1.

 

You need to optimize the connection path from Server1 to Server2.

 

Which route command should you run on Server1?

 

A.

Route add -p 10.10.10.0 MASK 255.255.255.0 172.23.16.2 METRIC 100

B.

Route add -p 10.10.10.0 MASK 255.255.255.0 10.10.10.1 METRIC 50

C.

Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.1 METRIC 100

D.

Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.0 METRIC 50

 

Correct Answer: A

Explanation:

Destination – specifies either an IP address or host name for the network or host.

 

subnetmask – specifies a subnet mask to be associated with this route entry. If subnetmask is not specified, 255.255.255.255 is used.

 

gateway – specifies either an IP address or host name for the gateway or router to use when forwarding.

 

costmetric – assigns an integer cost metric (ranging from 1 through 9,999) to be used in calculating the fastest, most reliable, and/or least expensive routes. If costmetric is not specified, 1 is used.

 

interface – specifies the interface to be used for the route that uses the interface number. If an interface is not specified, the interface to be used for the route is determined from the gateway IP address.

 

http://support.microsoft.com/kb/299540/en-us

http://technet.microsoft.com/en-us/library/cc757323%28v=ws.10%29.aspx

 

 

QUESTION 155

HOTSPOT

Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1.

 

Your company implements DirectAccess.

 

A user named User1 works at a customer’s office. The customer’s office contains a server named Server1.

 

When User1 attempts to connect to Server1, User1 connects to Server1 in adatum.com.

 

You need to provide User1 with the ability to connect to Server1 in the customer’s office.

 

Which Group Policy option should you configure?

 

To answer, select the appropriate option in the answer area.

 

clip_image014

 

Correct Answer:

clip_image016

 

 

QUESTION 156

Your network contains an Active Directory domain named adatum.com.

 

You have a standard primary zone named adatum.com.

 

You need to provide a user named User1 the ability to modify records in the zone. Other users must be prevented from modifying records in the zone.

 

What should you do first?

 

A.

Run the Zone Signing Wizard for the zone.

B.

From the properties of the zone, modify the start of authority (SOA) record.

C.

From the properties of the zone, change the zone type.

D.

Run the New Delegation Wizard for the zone.

 

Correct Answer: C

Explanation:

The Zone would need to be changed to a AD integrated zone When you use directory- integrated zones, you can use access control list (ACL) editing to secure a dnsZone object container in the directory tree. This feature provides detailed access to either the zone or a specified resource record in the zone. For example, an ACL for a zone resource record can be restricted so that dynamic updates are allowed only for a specified client computer or a secure group, such as a domain administrators group. This security feature is not available with standard primary zones

 

DNS update security is available only for zones that are integrated into Active Directory. After you integrate a zone, you can use the access control list (ACL) editing features that are available in the DNS snap-in to add or to remove users or groups from the ACL for a specific zone or for a resource record.

 

Standard (not an Active Directory integrated zone) has no Security settings:

 

clip_image018

 

You need to firstly change the “Standard Primary Zone” to AD Integrated Zone:

 

clip_image020

 

Now there’s Security tab:

 

clip_image022

 

http://technet.microsoft.com/en-us/library/cc753014.aspx

http://technet.microsoft.com/en-us/library/cc726034.aspx

http://support.microsoft.com/kb/816101

QUESTION 157

Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2.

 

You view the effective policy settings of Server1 as shown in the exhibit. (Click the Exhibit button.)

 

clip_image024

 

You need to ensure that an entry is added to the event log whenever a local user account is created or deleted on Server1.

 

What should you do?

 

A.

In Servers GPO, modify the Advanced Audit Configuration settings.

B.

On Server1, attach a task to the security log.

C.

In Servers GPO, modify the Audit Policy settings.

D.

On Server1, attach a task to the system log.

 

Correct Answer: A

Explanation:

When you use Advanced Audit Policy Configuration settings, you need to confirm that these settings are not overwritten by basic audit policy settings. The following procedure shows how to prevent conflicts by blocking the application of any basic audit policy settings.

 

Enabling Advanced Audit Policy Configuration

 

Basic and advanced audit policy configurations should not be mixed. As such, it’s best practice to enable Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings in Group Policy to make sure that basic auditing is disabled. The setting can be found under Computer ConfigurationPoliciesSecurity SettingsLocal PoliciesSecurity Options, and sets the SCENoApplyLegacyAuditPolicy registry key to prevent basic auditing being applied using Group Policy and the Local Security Policy MMC snap-in.

 

In Windows 7 and Windows Server 2008 R2, the number of audit settings for which success and failure can be tracked has increased to 53. Previously, there were nine basic auditing settings under Computer ConfigurationPoliciesWindows SettingsSecurity SettingsLocal PoliciesAudit Policy. These 53 new settings allow you to select only the behaviors that you want to monitor and exclude audit results for behaviors that are of little or no concern to you, or behaviors that create an excessive number of log entries. In addition, because Windows 7 and Windows Server 2008 R2 security audit policy can be applied by using domain Group Policy, audit policy settings can be modified, tested, and deployed to selected users and groups with relative simplicity.

 

Audit Policy settings

Any changes to user account and resource permissions.

Any failed attempts for user logon.

Any failed attempts for resource access.

Any modification to the system files.

Advanced Audit Configuration SettingsAudit compliance with important business-related and security-related rules by tracking precisely defined activities, such as:

A group administrator has modified settings or data on servers that contain finance information.

An employee within a defined group has accessed an important file. The correct system access control list (SACL) is applied to every file and folder or registry key on a computer or file share as a verifiable safeguard against undetected access.

 

In Servers GPO, modify the Audit Policy settings – enabling audit account management setting will generate events about account creation, deletion and so on.

 

Advanced Audit Configuration SettingsAdvanced Audit Configuration Settings ->Audit Policy -> Account Management -> Audit User Account Management

 

clip_image026

 

In Servers GPO, modify the Audit Policy settings – enabling audit account management setting will generate events about account creation, deletion and so on.

 

clip_image028

 

http://blogs.technet.com/b/abizerh/archive/2010/05/27/tracing-down-user-and-computer-account-deletion-in-active-directory.aspx

http://technet.microsoft.com/en-us/library/dd772623%28v=ws.10%29.aspx

http://technet.microsoft.com/en-us/library/jj852202(v=ws.10).aspx

http://www.petri.co.il/enable-advanced-audit-policy-configuration-windows-server.htm

http://technet.microsoft.com/en-us/library/dd408940%28v=ws.10%29.aspx

http://technet.microsoft.com/en-us/library/dd408940%28v=ws.10%29.aspx#BKMK_step2

 

 

QUESTION 158

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.

 

The network contains several group Managed Service Accounts that are used by four member servers.

 

You need to ensure that if a group Managed Service Account resets a password of a domain user account, an audit entry is created.

 

You create a Group Policy object (GPO) named GPO1.

 

What should you do next?

 

A.

In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User Account Management. Link GPO1 to the Domain Controllers organizational unit (OU).

B.

In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User Account Management. Move the member servers to a new organizational unit (OU). Link GPO1 to the new OU.

C.

In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive Privilege Use. Link GPO1 to the Domain Controllers organizational unit (OU).

D.

In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive Privilege Use. Move the member servers to a new organizational unit (OU). Link GPO1 to the new OU.

Correct Answer: A

Explanation:

Audit User Account Management

This security policy setting determines whether the operating system generates audit events when the following user account management tasks are performed:

A user account is created, changed, deleted, renamed, disabled, enabled, locked out, or unlocked.

A user account password is set or changed.

Security identifier (SID) history is added to a user account.

The Directory Services Restore Mode password is set.

Permissions on accounts that are members of administrators groups are changed.

Credential Manager credentials are backed up or restored.

This policy setting is essential for tracking events that involve provisioning and managing user accounts.

 

 

QUESTION 159

HOTSPOT

Your network contains an Active Director domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2.

 

You have two user accounts named User1 and User2. User1 and User2 are the members of a group named Group1. User1 has the Department value set to Accounting, user2 has the Department value set to Marketing. Both users have the Employee Type value set to Contract Employee.

 

You create the auditing entry as shown in the exhibit. (Click the Exhibit button.)

 

clip_image029

To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.

 

clip_image031

 

Correct Answer:

clip_image033

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 160

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.

 

You configure a quota threshold as shown in the exhibit. (Click the Exhibit button.)

 

clip_image035

 

You need to ensure that a user named User1 receives an email notification when the threshold is exceeded.

 

What should you do?

 

A.

Create a performance counter alert.

B.

Create a classification rule.

C.

Modify the members of the Performance Log Users group.

D.

Configure the File Server Resource Manager Options.

 

Correct Answer: D

Explanation:

When you create quotas and file screens, you have the option of sending e-mail notifications to users when their quota limit is approaching or after they have attempted to save files that have been blocked. If you want to routinely notify certain administrators of quota and file screening events, you can configure one or more default recipients.

 

To send these notifications, you must specify the SMTP server to be used for forwarding the e-mail messages.

 

To configure e-mail options

In the console tree, right-click File Server Resource Manager, and then click Configure options. The File Server Resource Manager Options dialog box opens.

 

clip_image037

 

On the E-mail Notifications tab, under SMTP server name or IP address, type the host name or the IP address of the SMTP server that will forward e-mail notifications.

 

If you want to routinely notify certain administrators of quota or file screening events, under Default administrator recipients, type each e-mail address.

 

Use the format account@domain. Use semicolons to separate multiple accounts.

 

To test your settings, click Send Test E-mail.

 

clip_image038

clip_image040

 

Free VCE & PDF File for Microsoft 70-411 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…