[Free] Download New Updated (October 2016) Microsoft 70-411 Real Exam 181-190

Ensurepass

QUESTION 181

Your network contains a single Active Directory domain named contoso.com. The domain contains a member server named Server1 that runs Windows Server 2012 R2.

 

Server1 has the Windows Server updates Services server role installed and is configured to download updates from the Microsoft Update servers.

 

You need to ensure that Server1 downloads express installation files from the Microsoft Update servers.

 

What should you do from the Update Services console?

 

A.

From the Update Files and Languages options, configure the Update Files settings.

B.

From the Automatic Approvals options, configure the Update Rules settings.

C.

From the Products and Classifications options, configure the Products settings.

D.

From the Products and Classifications options, configure the Classifications settings.

 

Correct Answer: A

Explanation:

To specify whether express installation files are downloaded during synchronization

 

In the left pane of the WSUS Administration console, click Options.

 

In Update Files and Languages, click the Update Files tab.

 

If you want to download express installation files, select the Download express installation files check box. If you do not want to download express installation files, clear the check box.

 

clip_image001

 

http://technet.microsoft.com/en-us/library/cc708431.aspx

http://technet.microsoft.com/en-us/library/cc708431.aspx

 

 

QUESTION 182

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.

 

On Server1, you create a network policy named Policy1.

 

You need to configure Policy1 to ensure that users are added to a VLAN.

 

Which attributes should you add to Policy1?

 

A.

Tunnel-Tag, Tunnel-Password, Tunnel-Medium-Type, and Tunnel-Preference

B.

Tunnel-Tag, Tunnel-Server-Auth-ID, Tunnel-Preference, and Tunnel-Pvt-Group-ID

C.

Tunnel-Type, Tunnel-Tag, Tunnel-Medium-Type, and Tunnel-Pvt-Group-ID

D.

Tunnel-Type, Tunnel-Password, Tunnel-Server-Auth-ID, and Tunnel-Pvt-Group-ID

 

Correct Answer: C

Explanation:

VLAN attributes used in network policy

When you use network hardware, such as routers, switches, and access controllers that support virtual local area networks (VLANs), you can configure Network Policy Server (NPS) network policy to instruct the access servers to place members of Active Directory?groups on VLANs.

Before configuring network policy in NPS for VLANs, create groups of users in Active Directory Domain Services (AD DS) that you want to assign to specific VLANs. Then when you run the New Network Policy wizard, add the Active Directory group as a condition of the network policy.

You can create a separate network policy for each group that you want to assign to a VLAN. For more information, see Create a Group for a Network Policy. When you configure network policy for use with VLANs, you must configure the RADIUS standard attributes Tunnel-Medium-Type, Tunnel-Pvt-Group-ID, and Tunnel-Type. Some hardware vendors also require the use of the RADIUS standard attribute Tunnel-Tag. To configure these attributes in a network policy, use the New Network Policy wizard to create a network policy. You can add the attributes to the network policy settings while running the wizard or after you have successfully created a policy with the wizard.

Tunnel-Medium-Type. Select a value appropriate to the previous selections you made while running the New Network Policy wizard. For example, if the network policy you are configuring is a wireless policy, in Attribute Value, select 802 (Includes all 802 media plus Ethernet canonical format).

Tunnel-Pvt-Group-ID. Enter the integer that represents the VLAN number to which group members will be assigned. For example, if you want to create a Sales VLAN for your sales team by assigning team members to VLAN 4, type the number 4.

Tunnel-Type. Select the value Virtual LANs (VLAN).

Tunnel-Tag. Some hardware devices do not require this attribute. If your hardware device requires this attribute, obtain this value from your hardware documentation.

 

 

QUESTION 183

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed. You need to enable trace logging for Network Policy Server (NPS) on Server1. Which tool should you use?

 

A.

The tracert.exe command

B.

The Network Policy Server console

C.

The Server Manager console

D.

The netsh.exe command

 

Correct Answer: D

Explanation:

NPS trace logging files

You can use log files on servers running Network Policy Server (NPS) and NAP client computers to help troubleshoot NAP problems. Log files can provide the detailed information required for troubleshooting complex problems.

 

You can capture detailed information in log files on servers running NPS by enabling remote access tracing. The Remote Access service does not need to be installed or running to use remote access tracing. When you enable tracing on a server running NPS, several log files are created in %windir%tracing.

 

The following log files contain helpful information about NAP:

IASNAP. LOG: Contains detailed information about NAP processes, NPS authentication, and NPS authorization.

IASSAM. LOG: Contains detailed information about user authentication and authorization.

 

Membership in the local Administrators group, or equivalent, is the minimum required to enable tracing. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).

 

To create tracing log files on a server running NPS

 

Open a command line as an administrator.

Type netshras set tr * en.

Reproduce the scenario that you are troubleshooting.

Type netshras set tr * dis.

Close the command prompt window.

 

http://technet.microsoft.com/en-us/library/dd348461%28v=ws.10%29.aspx

 

 

QUESTION 184

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 has the DHCP Server server role and the Network Policy Server role service installed.

 

Server1 contains three non-overlapping scopes named Scope1, Scope2, and Scope3. Server1 currently provides the same Network Access Protection (NAP) settings to the three scopes.

 

You modify the settings of Scope1 as shown in the exhibit. (Click the Exhibit button.)

 

clip_image003

 

You need to configure Server1 to provide unique NAP enforcement settings to the NAP non-compliant DHCP clients from Scope1.

 

What should you create?

 

A.

A connection request policy that has the Service Type condition

B.

A connection request policy that has the Identity Type condition

C.

A network policy that has the Identity Type condition

D.

A network policy that has the MS-Service Class condition

 

Correct Answer: D

Explanation:

MS-Service Class

Restricts the policy to clients that have received an IP address from a DHCP scope that

 

matches the specified DHCP profile name. This condition is used only when you are deploying NAP with the DHCP enforcement method. To use the MS-Service Class attribute, in Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile.

 

Open the NPS console, double-click Policies, click Network Policies, and then double-click the policy you want to configure.

In policy Properties, click the Conditions tab, and then click Add. In Select condition, scroll to the Network Access Protection group of conditions. If you want to configure the Identity Type condition, click Identity Type, and then click Add. In Specify the method in which clients are identified in this policy, select the items appropriate for your deployment, and then click OK.

 

The Identity Type condition is used for the DHCP and Internet Protocol security (IPsec) enforcement methods to allow client health checks when NPS does not receive an Access- Request message that contains a value for the User-Name attribute; in this case, client health checks are performed, but authentication and authorization are not performed.

 

If you want to configure the MS-Service Class condition, click MS-Service Class, and then click Add. In Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile, and then click Add.

 

clip_image004

 

The MS-Service Class condition restricts the policy to clients that have received an IP address from a DHCP scope that matches the specified DHCP profile name. This condition is used only when you are deploying NAP with the DHCP enforcement method.

 

http://technet.microsoft.com/en-us/library/cc731560(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx

 

 

 

 

 

 

 

 

QUESTION 185

HOTSPOT

Your network contains an Active Directory domain named contoso.com. All client computers are configured as DHCP clients.

 

You link a Group Policy object (GPO) named GPO1 to an organizational unit (OU) that contains all of the client computer accounts.

 

You need to ensure that Network Access Protection (NAP) compliance is evaluated on all of the client computers.

 

Which two settings should you configure in GPO1?

 

To answer, select the appropriate two settings in the answer area.

 

clip_image006

 

Correct Answer:

clip_image008

 

 

QUESTION 186

Your network contains a Network Policy Server (NPS) server named Server1. The network contains a server named SQL1 that has Microsoft SQL Server 2008 R2 installed. All servers run Windows Server 2012 R2.

 

You configure NPS on Server1 to log accounting data to a database on SQL1.

 

You need to ensure that the accounting data is captured if SQL1 fails. The solution must minimize cost.

 

What should you do?

 

A.

Implement Failover Clustering.

B.

Implement database mirroring.

C.

Run the Accounting Configuration Wizard.

D.

Modify the SQL Server Logging properties.

 

Correct Answer: C

Explanation:

In Windows Server 2008 R2, an accounting configuration wizard is added to the Accounting node in the NPS console. By using the Accounting Configuration wizard, you can configure the following four accounting settings:

SQL logging only. By using this setting, you can configure a data link to a SQL Server that allows NPS to connect to and send accounting data to the SQL server. In addition, the wizard can configure the database on the SQL Server to ensure that the database is compatible with NPS SQL server logging. Text logging only. By using this setting, you can configure NPS to log accounting data to a text file.

Parallel logging. By using this setting, you can configure the SQL Server data link and database. You can also configure text file logging so that NPS logs simultaneously to the text file and the SQL Server database. SQL logging with backup. By using this setting, you can configure the SQL Server data link and database. In addition, you can configure text file logging that NPS uses if SQL Server logging fails.

 

 

QUESTION 187

Your network has a router named Router1 that provides access to the Internet. You have a server named Server1 that runs Windows Server 2012 R2. Server1 to use Router1 as the default gateway.

 

A new router named Router2 is added to the network. Router2 provides access to the Internet. The IP address of the internal interface on Router2 is 10.1.14.254.

 

You need to configure Server1 to use Router2 to connect to the Internet if Router1 fails.

 

What should you do on Server1?

 

A.

Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 1.

B.

Add 10.1.14.254 as a gateway and set the metric to 1.

C.

Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 500.

D.

Add 10.1.14.254 as a gateway and set the metric to 500.

 

Correct Answer: D

Explanation:

The keyword’s here are “internet access”

 

Metric 1 would give it a primary roll for routing trafic, which is NOT asked.

 

So this rules out A AND B.

 

Metric 500 gives it a secondary roll for routing trafic.

 

C is not the answer bcz: it only routes addresses 10.1.14.0/24 (which is a NONE routable/”life” range on the internet! (10…(A-Class), 127…(B-Class), 192…(C-Class)). The solution however should route ALL trafic comming in to the internet.

 

So the only logical answer is D.

 

http://windows.microsoft.com/en-us/windows/configuring-multiple-network-gateways#1TC=windows-7

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 188

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. DC1 is a DNS server for contoso.com. The properties of the contoso.com zone are configured as shown in the exhibit. (Click the Exhibit button.)

 

clip_image010

 

The domain contains a server named Server1 that is part of a workgroup named Workgroup. Server1 is configured to use DC1 as a DNS server.

 

You need to ensure that Server1 dynamically registers a host (A) record in the contoso.com zone.

 

What should you configure?

 

A.

The workgroup name of Server1

B.

The Security settings of the contoso.com zone

C.

The Dynamic updates setting of the contoso.com zone

D.

The primary DNS suffix of Server1

 

Correct Answer: D

Explanation:

When any computer or a standalone server is added to a domain as a member, the network identifies that computer with its Fully Qualified Domain Name or FQDN. A Fully Qualified Domain Name consist of a hostname and the DNs suffix separated by a “. ” called period. An example for this can be server01. msftdomain.com where “server01 is the hostname of the computer and “msftdomain.com” is the DNS suffix which follows the hostname. A complete FQDN of a client computer or a member server uniquely identifies that computer in the entire domain.

 

Primary DNS suffix must manually be added in Windows 8 computer to change its hostname to Fully Qualified Domain Name so that it becomes eligible to send queries and receive responses from the DNS server. Following are the steps which can be implemented to add primary DNS suffix to a Windows 8 computer hostname:

Log on to Windows 8 computer with administrator account. From the options available on the screen click Control Panel. On the opened window click More Settings from the left pane. On the next window click System and Security category and on the appeared window click System.

On View basic information about your computer window click Change settings under Computer name, domain, and workgroup settings section. On System Properties box make sure that Computer Name tab is selected and click Change button.

On Computer Name/Domain Changes box click More button. On DNS Suffix and NetBIOS Computer Name box type in the DNS domain name as the DNS suffix to the Windows 8 computer under Primary DNS suffix of this computer field. Click Ok button on all the boxes and restart the computer to allow changes to take effect.

 

clip_image012

clip_image014

 

For years, Windows DNS has supported dynamic updates, whereas a DNS client host registers and dynamically updates the resource records with a DNS server. If a host’s IP address changes, the resource record (particularly the A record) for the host is automatically updated, while the host utilizes the DHCP server to dynamically update its Pointer (PTR) resource record. Therefore, when a user or service needs to contact a client PC, it can look up the IP address of the host. With larger organizations, this becomes an essential feature, especially for clients that frequently move or change locations and use DHCP to automatically obtain an IP address. For dynamic DNS updates to succeed, the zone must be configured to accept dynamic updates:

 

clip_image016

 

http://technet.microsoft.com/en-us/library/cc778792%28v=ws.10%29.aspx

http://technet.microsoft.com/en-us/library/cc778792%28v=ws.10%29.aspx

http://www.advicehow.com/adding-primary-dns-suffix-in-microsoft-windows-8/

http://technet.microsoft.com/en-us/library/cc959611.aspx

 

 

QUESTION 189

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. One of the domain controllers is named DC1.

 

The DNS zone for the contoso.com zone is Active Directory-integrated and has the default settings.

 

A server named Server1 is a DNS server that runs a UNIX-based operating system.

 

You plan to use Server1 as a secondary DNS server for the contoso.com zone.

 

You need to ensure that Server1 can host a secondary copy of the contoso.com zone.

 

What should you do?

 

A.

From DNS Manager, modify the Advanced settings of DC1.

B.

From DNS Manager, modify the Zone Transfers settings of the contoso.com zone.

C.

From Windows PowerShell, run the Set-DnsServerForwardercmdlet and specify the contoso.com zone as a target.

D.

From DNS Manager, modify the Security settings of DC1.

 

Correct Answer: A

Explanation:

There are two ways that a secondary DNS server can be added. In both scenarios you will need to add the new server to the Forwarders list of the primary Domain Controller.

1. The Set-DnsServerForwarder cmdlet changes forwarder settings on a Domain Name System (DNS) server.

2. From the primary server, open DNS Manager, right click on the server name and select Properties. Click on the Forwarders tab and click the Edit button in the middle of the dialogue box.

 

 

QUESTION 190

Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run Windows Server 2008, Windows Server 2008 R2 Windows Server 2012, and Windows Server 2012 R2.

 

A domain controller named DC1 runs Windows Server 2012 R2. DC1 is backed up daily.

 

During routine maintenance, you delete a group named Group1.

 

You need to recover Group1 and identify the names of the users who were members of Group1 prior to its deletion. You want to achieve this goal by using the minimum amount of administrative effort.

 

What should you do first?

 

A.

Perform an authoritative restore of Group1.

B.

Mount the most recent Active Directory backup.

C.

Use the Recycle Bin to restore Group1.

D.

Reactivate the tombstone of Group1.

 

Correct Answer: A

Explanation:

The Active Directory Recycle Bin does not have the ability to track simple changes to objects. If the object itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the future. In other words, there is no rollback capacity for changes to object properties, or, in other words, to the values of these properties. There is another approach you should be aware of. Tombstone reanimation (which has nothing to do with zombies) provides the only way to recover deleted objects without taking a DC offline, and it’s the only way to recover a deleted object’s identity information, such as its objectGUID and objectSid attributes. It neatly solves the problem of recreating a deleted user or group and having to fix up all the old access control list (ACL) references, which contain the objectSid of the deleted object.

Restores domain controllers to a specific point in time, and marks objects in Active Directory as being authoritative with respect to their replication partners.

 

Free VCE & PDF File for Microsoft 70-411 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…