Skip Navigation Links
 

Microsoft - 70-411: Administering Windows Server 2012

Sample Questions

Question: 352
Measured Skill: Deploy, manage, and maintain servers (15–20%)

Your network contains a single Active Directory domain named contoso.com. The domain contains a member server named Server1 that runs Windows Server 2012 R2.

Server1 has the Windows Server Updates Services server role installed and is configured to download updates from the Microsoft Update servers.

You need to ensure that Server1 only downloads Critical Updates from the Microsoft Update servers.

What should you do from the Update Services console?

AFrom the Update Files and Languages options, configure the Update Files settings.
B From the Automatic Approvals options, configure the Update Rules settings.
C From the Products and Classifications options, configure the Products settings.
D From the Products and Classifications options, configure the Classifications settings.

Correct answer: D

Explanation:

In the "Products and Classifications" options, the "Classifications" tab can be used to define the classifications of the updates to be synchronized:



Question: 353
Measured Skill: Configure and manage Active Directory (10–15%)

Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2.

You discover that client computers authenticate to both domain controllers.

You need to ensure that client computers only authenticate to DC2 if DC1 fails. The solution must be persistent.

What should you do?

AFrom Registry Editor, create the LdapSrvPriority value.
B From Registry Editor, create the LdapSrvWeight value.
C From DNS Manager, modify the priority value of the service location (SRV) records.
D From DNS Manager, modify the weight value of the service location (SRV) records.

Correct answer: C

Explanation:

Active Directory’s domain controller installation process creates several Service Records (SRV) in the DNS Server. The SRV records are used by the Windows clients and applications to find a suitable domain controller in the Active Directory forest. Active Directory clients contact local DNS Server to get a list of domain controllers. However, when returning a list of domain controllers, the DNS Server might return a list of domain controllers based on the priority and weight assigned to the SRV records of the domain controllers. By default, domain controllers weight are configured at 100 and a priority of 0. Since all the domain controllers weight and priority are configured the same, a DNS Server can return a list of all available domain controllers based upon the type of query.

The heavier-weight domain controllers are referred more often and lowest priority domain controllers are set first in the list. For example, if a domain controller is assigned with a weight of 200 and the other domain controllers are configured with a weight of 100, the domain controller that is assigned with a weight of 200 is referred often. If a domain controller is configured with a priority of 0 and the other domain controllers are configured with a different priority, the domain controller assigned with lowest priority will receive all authentication requests unless it is unavailable.

Question: 354
Measured Skill: Configure a Network Policy Server (NPS) infrastructure (10–15%)

You are an administrator for your company. Your network contains an Active Directory named contoso.com.

You have users named User1 and user2.

The Network Access Permission for User1 is set to Control access through NPS Network Policy. The Network Access Permission for User2 is set to Deny access.

A policy named Policy1 is shown below.



A policy named Policy2 is configured as shown below.



A policy named Policy3 is shown below.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AUser1 will be able to establish a VPN connection on Thursday: Yes
User1 will be able to establish a VPN connection on Friday: Yes
User2 will be able to establish a VPN connection on Monday: Yes
B User1 will be able to establish a VPN connection on Thursday: Yes
User1 will be able to establish a VPN connection on Friday: Yes
User2 will be able to establish a VPN connection on Monday: No
C User1 will be able to establish a VPN connection on Thursday: No
User1 will be able to establish a VPN connection on Friday: Yes
User2 will be able to establish a VPN connection on Monday: No
D User1 will be able to establish a VPN connection on Thursday: Yes
User1 will be able to establish a VPN connection on Friday: No
User2 will be able to establish a VPN connection on Monday: No
E User1 will be able to establish a VPN connection on Thursday: No
User1 will be able to establish a VPN connection on Friday: No
User2 will be able to establish a VPN connection on Monday: Yes
F User1 will be able to establish a VPN connection on Thursday: No
User1 will be able to establish a VPN connection on Friday: No
User2 will be able to establish a VPN connection on Monday: No

Correct answer: D

Explanation:

If multiple network policies are configured, they will be processed by the Network Policy Server as follows:

  1. NPS starts with the highest priority policy (which is the least numerical value for the processing order, and usually the first policy in the list). NPS compares the properties of the connection request with the conditions of the policy.

  2. If the policy conditions are not met, NPS will proceed with the next policy. This process continues until a policy is found whose terms match the connection request. If no policy applies, access is denied.

  3. If the conditions of the policy match the connection request, no further policies are checked. NPS then checks if the restrictions match. If this is not the case, the connection request is rejected. If the connection request profile matches the restrictions, one of the following actions occurs:

    1. If "Deny Access" is specified as the access type, the connection is terminated.

    2. If "Grant Access" was specified as the access type, the connection is accepted.

You can set the user dial-in properties for a user account in Active Directory (Network Access Permission). Three possible values are available: Allow access, deny access, and control access through NPS network policies. If Network Access Permission is set to Deny Access, all connection requests will be denied. If the Allow access option is selected, NPS allows the connection request, even if no matching policy exists.



Question: 355
Measured Skill: Configure a Network Policy Server (NPS) infrastructure (10–15%)

You have a server that runs Windows Server 2012 R2 and has the Network Policy Server role server role installed.

You create two network policies named Policy1 and Policy2.

You need to configure the policies to meet the following requirements:
  • Apply Policy1 to client computers that connect over SSTP by using a Microsoft VPN server only.
  • Apply Policy2 to client computers that connect over a wireless network and have an IPv4 address from the 192.168.10.0/24 subnet only.
Which conditions should you add to each network policy?

(To answer, drag the appropriate conditions to the correct network policies. Each condition may be used once, more than once, or not at all. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

APolicy1: Tunnel-Type
Policy1: Client Vendor
Policy2: NAS Port Type
Policy2: Client IPv4 Address
B Policy1: NAS Port Type
Policy1: Framed Protocol
Policy2: Tunnel-Type
Policy2: Access Client IPv4 Address
C Policy1: NAS Port Type
Policy1: Client Vendor
Policy2: Tunnel-Type
Policy2: Client IPv4 Address
D Policy1: Tunnel-Type
Policy1: Client Vendor
Policy2: NAS Port Type
Policy2: Access Client IPv4 Address

Correct answer: D

Explanation:

Network Policy Server (NPS) allows you to create and enforce organization-wide network access policies for connection request authentication and authorization.

The Tunnel Type condition restricts the policy to only clients that create a specific type of tunnel, such as PPTP, L2TP or SSTP.

The Client Vendor condition specifies the name of the vendor of the RADIUS client that sends connection requests to NPS.

The NAS Port Type specifies the type of media used by the access client, such as analog phone lines, ISDN, tunnels or virtual private networks, IEEE 802.11 wireless and Ethernet switches.

The Access Client IPv4 Address condition specifies the IPv4 address of the Access Client that is requesting access from the RADIUS client.

Question: 356
Measured Skill: Configure File and Print Services (15–20%)

Your network contains one Active Directory forest. The forest contains a server named Server01. Server01 runs Windows Server 2012 R2.

You need to list which global object access auditing entries apply to the files and folders on Server01.

What command should you run?

(To answer, select the appropriate options in the answer area.)

www.cert2brain.com

Aauditpol.exe /resourceSACL /type:File /view
B auditpol.exe /list /type:File /view
C cacls.exe /list /type:File /view
D Get-ACL /get /type:File /view
E Get-ACL -AllCentralAccessPolicies /type:File /view
F secedit.exe /resourceSACL /type:File /view

Correct answer: A

Explanation:

The audit policy command-line tool can be used to:

  • Set and query a system audit policy.
  • Set and query a per-user audit policy.
  • Set and query auditing options.
  • Set and query the security descriptor used to delegate access to an audit policy.
  • Report or back up an audit policy to a comma-separated value (CSV) text file.
  • Load an audit policy from a CSV text file.
  • Configure global resource SACLs.

To list the global object access auditing entries set on files or folders, run:

auditpol /resourceSACL /type:File /view

Reference: auditpol resourceSACL





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2019 by cert2brain.com