Category: Windows Server 2012

Microsoft 070-680 Exam Questions, Offer Microsoft 070-680 Practice Exam With Accurate Answers

Welcome to download the newest Dumpsoon CISA dumps: http://www.dumpsoon.com/CISA.html

To comprehend prospect can come employment progress and better shell out. Microsoft 070-680 exam sample questions give Technological innovation individuals having little if any Microsoft 070-680 have the understanding in addition to expertise necessary to break into the particular really beneficial in addition to challenging Enterasys 070-680 exam sample questions. To move the particular Microsoft 070-680 exam isn’t a difficult job. You’ve just got a desire to have particular procedures regarding accomplishing good results. Microsoft 070-680 exam sample questions are certainly useful when you are always keeping your preparation very efficient and ascend into the level. Concerning Microsoft 070-680 exam, a myriad of certificates examinations usually are computer-based therefore the examinees may possibly learn their own test success soon after test. With a lot more Microsoft 070-680 option are provided work growing and pay back.

QUESTION 21
You have a computer named Computer1 that runs Windows 7.
You need to ensure that Computer1 can connect to File Transfer Protocol (FTP) servers only while it is connected to a private network.
What should you do?
A. From Windows Firewall with Advanced Security, create a new rule.
B. From the local Group Policy, modify the application control policies.
C. From Windows Firewall, modify the Allowed Programs and Features list.
D. From Network and Sharing Center, modify the Advanced Sharing settings.

Correct Answer: A Explanation
Explanation/Reference:
Explanation: Creating WFAS Rules The process for configuring inbound rules and outbound rules is essentially the same: In the WFAS console, select the node that represents the type of rule that you want to create and then click New Rule. This opens the New Inbound (or Outbound) Rule Wizard. The first page, shown in Figure 7-7, allows you to specify the type of rule that you are going to create. You can select between a program, port, predefined, or custom rule. The program and predefined rules are similar to what you can create using Windows Firewall. A custom rule allows you to configure a rule based on criteria not covered by any of the other options. You would create a custom rule if you wanted a rule that applied to a particular service rather than a program or port. You can also use a custom rule if you want to create a rule that involves both a specific program and a set of ports. For example, if you wanted to allow communication to a specific program on a certain port but not other ports, you would create a custom rule.
QUESTION 22
You work in an international company which is named Wiikigo. Before entering this company, you have two years of experience in the IT field, as well as experience implementing and administering any Windows client operating system in a networked environment. You are professional in installing, upgrading and migrating to Windows 7, deploying Windows 7, and configuring Hardware and Applications and son on. You use a computer that runs Windows 7. Now your company assigns a task to you. You are asked to prevent users from copying unencrypted files to removable drives. What action should you perform?
A. The Trusted Platform Module (TPM) settings should be modified from a local Group Policy.
B. TPM should be initialized from the Trusted Platform Module (TPM) snap-in.
C. The BitLocker Drive Encryption settings should be modified from Control Panel.
D. The BitLocker Drive Encryption settings should be modified from a local Group Policy.

Correct Answer: D Explanation
Explanation/Reference:
QUESTION 23
Your network has a main office and a branch office. The branch office has computers that run Windows 7. A network administrator enables BranchCache in the main office. You run Netsh on your computer as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that other computers in the branch office can access the cached content on your computer.
What should you do?
A. Turn on Internet Information Services (IIS).
B. Configure the computer as a hosted cache client.
C. Configure the BranchCache service to start automatically.
D. Modify the Windows Firewall with Advanced Security rules. Correct Answer: D

Explanation Explanation/Reference:
Explanation:
Distributed Cache Mode

Distributed Cache mode uses peer caching to host the branch office cache among clients running Windows 7 on the branch office network. This means that each Distributed Cache mode client hosts part of the cache, but no single client hosts all the cache. When a client running Windows 7 retrieves content over the WAN, it places that content into its own cache. If another BranchCache client running Windows 7 attempts to access the same content, it is able to access that content directly from the first client rather than having to retrieve it over the WAN link. When it accesses the file from its peer, it also copies that file into its own cache.
When you configure BranchCache in distributed cache mode, BranchCache client computers use the Hypertext Transfer Protocol (HTTP) for data transfer with other client computers. BranchCache client computers also use the Web Services Dynamic Discovery (WS-Discovery) protocol when they attempt to discover content on client cache servers. You can use this procedure to configure client firewall exceptions to allow incoming HTTP and WS-Discovery traffic on client computers that are configured for distributed cache mode.
You must select Allow the connection for the BranchCache client to be able to send traffic on this port.
QUESTION 24
You have a computer that runs Windows 7.
A printer is installed on the computer.
You remove the Everyone group from the access control list (ACL) for the printer, and then you share the printer.
You need to ensure that members of the Sales group can modify all the print jobs that they submit.
You must prevent Sales group members from modifying the print jobs of other users.
What should you do?
A. From the printer’s properties, assign the Print permission to the Sales group.
B. From the printer’s properties, assign the Manage Documents permission to the Sales group.
C. From the local Group Policy, assign the Increase scheduling priority user right to the Sales group.
D. From the local Group Policy, assign the Take ownership of files or other objects user right to the Sales group.

Correct Answer: A Explanation
Explanation/Reference:
Explanation:
The available permissions are:

-Print This permission allows a user to print to the printer and rearrange the documents that they have submitted to the printer.

Manage This Printer Users assigned the Manage This Printer permission can pause and restart the printer, change spooler settings, adjust printer permissions, change printer properties, and share a printer.


Manage Documents This permission allows users or groups to pause, resume, restart, cancel, or reorder the documents submitted by users that are in the current print queue.
QUESTION 25
You work in an international company which is named Wiikigo. Before entering this company, you have two years of experience in the IT field, as well as experience implementing and administering any Windows client operating system in a networked environment. You are professional in installing, upgrading and migrating to Windows 7, deploying Windows 7, and configuring Hardware and Applications and son on. You have a computer that runs Windows 7.
You run Runas and specify the /savecred parameter to start an application.
The stored password needs to be deleted.
What action should you perform?
A. The Windows credentials should be modified from Credential Manager.
B. The Authorization Manager options should be modified from Authorization Manager.
C. Del should be run and the /p parameter should be specified.
D. Runas should be run and the /noprofile parameter should be specified. Correct Answer: A

Explanation Explanation/Reference:
QUESTION 26
You have a computer that runs Windows 7. The computer has System Protection enabled.
You need to retain only the last System Protection snapshot of the computer. All other snapshots must be
deleted.
What should you do?

A. Run Disk Cleanup for Programs and features.
B. Run Disk Cleanup for System Restore and Shadow Copies.
C. From the System Protection Restore settings, select Turn off System Restore.
D. From the System Protection Restore settings, select Only restore previous versions of files. Correct Answer: B

Explanation Explanation/Reference:
Explanation:

Shadow info:
Shadow copies are automatically saved as part of a restore point. If system protection is enabled,
Windows 7 automatically creates shadow copies of files that have been modified since the last restore
point was created. By default, new restore points are created every seven days or whenever a significant
system change (such as a driver or application installation) occurs.

QUESTION 27
You have a reference computer that runs Windows 7.
You plan to deploy an image of the computer.
You create an answer file named answer.xml.
You need to ensure that the installation applies the answer file after you deploy the image.
Which command should you run before you capture the image?
A. Imagex.exe /append answer.xml /check
B. Imagex.exe /mount answer.xml /verify
C. Sysprep.exe /reboot /audit /unattend:answer.xml
D. Sysprep.exe /generalize /oobe /unattend:answer.xml
Correct Answer: D Explanation

Explanation/Reference:
Explanation: To prepare the reference computer for the user, you use the Sysprep utility with the /generalize option to remove hardware-specific information from the Windows installation and the /oobe option to configure the computer to boot to Windows Welcome upon the next restart. Open an elevated command prompt on the reference computer and run the following command: c:\windows\system32\sysprep\sysprep.exe /oobe /generalize /shutdown Sysprep prepares the image for capture by cleaning up various user-specific and computer-specific settings, as well as log files. The reference installation now is complete and ready to be imaged.
QUESTION 28
You have a Virtual Hard Disk (VHD) and a computer that runs Windows 7. The VHD has Windows 7 installed.
You need to start the computer from the VHD.
What should you do?
A. From Diskpart.exe, run Select vdisk.
B. From Disk Management, modify the active partition.
C. Run Bootcfg.exe and specify the /default parameter.
D. Run Bcdedit.exe and modify the Windows Boot Manager settings.

Correct Answer: D Explanation
Explanation/Reference:
Explanation:
When you have created a VHD and installed a system image on it, you can use the BCDEdit tool
Bcdedit.exe to add a boot entry for the VHD file in your computer running Windows 7.

QUESTION 29
You have a computer that runs Windows 7. Your company has a corporate intranet Web site. You open Windows Internet Explorer as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that you can access Web pages on both the Internet and the intranet. What should you do?
A. From the Files menu, click Work Offline.
B. From the Safety menu, click InPrivate Filtering.
C. From the Security tab, add the intranet Web site to the Trusted sites zone.
D. From the Safety menu, click InPrivate Browsing. Correct Answer: A

Explanation Explanation/Reference:
Explanation: Working Offline is activated On Internet Explorer’s File menu is a “Work Offline” item that toggles Internet Explorer between online and offline modes of operation.
(The question originally stated the Tools menu, maybe in a different version of IE this is the case, but for me and in the TechNet documentation it was under Files, so I’m choosing to believe Tools was a mistake and it should be Files, this has been amended in the question). InPrivate is turned on (does not prevent browsing the internet) InPrivate Browsing helps prevent Internet Explorer from storing data about your browsing session. This includes cookies, temporary Internet files, history, and other data. Toolbars and extensions are disabled by default.
QUESTION 30
You have a wireless access point that is configured to use Advanced Encryption Standard (AES) security. A pre-shared key is not configured on the wireless access point.
You need to connect a computer that runs Windows 7 to the wireless access point.
Which security setting should you select for the wireless connection?
A. 802.1x
B. WPA-Personal
C. WPA2-Enterprise
D. WPA2-Personal

Correct Answer: C Explanation
Explanation/Reference:
Explanation:
WPA and WPA2 indicate compliance with the security protocol created by the Wi-Fi Alliance to secure
wireless computer networks. WPA2 enhances WPA, which in turn addresses weaknesses in the previous
system, WEP. WPA was intended as an intermediate measure to take the place of WEP while an IEEE
802.11i standard was prepared. 802.1X provides port-based authentication, which involves
communications between a supplicant (a client computer), an authenticator (a wired Ethernet switch or
WAP), and an authentication server (typically a Remote Authentication Dial In User Service, or RADIUS,
server).

WPA2-Enterprise
WPA-Enterprise and WPA2-Enterprise authenticate through the Extensible Authentication Protocol (EAP)
and require computer security certificates rather than PSKs. The following EAP types are included in the
certification program:

-EAP-TLS
-EAP-TTLS/MSCHAPv2
-PEAPv0/EAP-MSCHAPv2
-PEAPv1/EAP-GTC
-EAP-SIM
If you want to use AES and to use computer certificates rather than a PSK, you would choose WPA2-Enterprise.
WPA2-Personal If you have a small network that is not in a domain and cannot access a CA server, but you install a modern WAP that supports AES, you would use WPA2-Personal (with a PSK).
WPA-Personal If you have a small network that is not in a domain and cannot access a CA server and your WAP does not support AES, you would use WPA-Personal.
802.1x If you have a RADIUS server on your network to act as an authentication server and you want the highest possible level of security, you would choose 802.1X.

Try Microsoft 070-680 exam free demo before you decide to buy it in Flydumps.com. After you buy Flydumps Microsoft 070-680 exam dumps, you will get free update for ONE YEAR!

Welcome to download the newest Dumpsoon CISA dumps: https://www.pass4itsure.com/cisa.html

Microsoft 070-680 Exam Questions, Offer Microsoft 070-680 Practice Exam With Accurate Answers

Microsoft 070-410 Cert Exam, Download Latest Microsoft 070-410 Real Exam Questions And Answers Online Sale

Welcome to download the newest Examwind 1y0-a26 VCE dumps: https://www.pass4itsure.com/1y0-a26.html

Microsoft 70-410 exam sample questions are written to the highest standards of technical accuracy which can make you succeed in the Microsoft 070-410. Microsoft 070-410 practice questions and Microsoft 070-410 pdf test material are backed by one year of free updates, meaning that you will always get the latest updates for your Microsoft 070-410. As soon as the Microsoft 070-410 Objectives change, FLYDUMPS Microsoft 070-410 exam sample questions change as well. We know your needs and we will help you in passing your Microsoft 070-410 with confidence.

QUESTION 11
You have a server named Server1 that has a Server Core installation of Windows Server 2008 R2. Server1 has the DHCP Server server role and the File Server server role installed. You need to upgrade Server1 to Windows Server 2012 R2 with the graphical user interface (GUI). The solution must meet the following requirements:
· Preserve the server roles and their configurations. · Minimize Administrative effort.
What should you do?
A. On Server1, run setup.exe from the Windows Server 2012 R2 installation media and select Server with a GUI.
B. Start Server1 from the Windows Server 2012 R2 installation media and select Server Core Installation. When the installation is complete, add the Server Graphical Shell feature.
C. Start Server1 from the Windows Server 2012 R2 installation media and select Server with a GUI.
D. On Server1, run setup.exe from the Windows Server 2012 R2 installation media and select Server Core Installation. When the installation is complete, add the Server Graphical Shell feature
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
A. Server is on 2008 R2 core, must install 2012 R2 core and then GUI B. Not least effort C. Not least effort
D. Upgrade to 2012 R2 and install GUI shell http://technet.microsoft.com/en-us/library/jj574204.aspx Upgrades that switch from a Server Core installation to the Server with a GUI mode of Windows Server 2012 R2 in one step (and vice versa) are not supported. However, after upgrade is complete, Windows Server 2012 R2 allows you to switch freely between Server Core and Server with a GUI modes. For more information about these installation options, how to convert between them, and how to use the new Minimal Server Interface and Features on Demand, see http://technet.microsoft.com/library/hh831786.
QUESTION 12
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. You need to install the Remote Desktop Services server role on Server2 remotely from Server1. Which tool should you use?
A. The dsadd.exe command
B. The Server Manager console
C. The Remote Desktop Gateway Manager console
D. The Install-RemoteAccess cmdlet
Correct Answer: B Section: (none)Explanation
Explanation/Reference:
Explanation:
A. Adds specific types of objects to the directory
B. You can manage remote server by Server Manager and install roles/features C. Remote Desktop Gateway (RD Gateway) is a role service that enables authorized remote users to connectto resources on an internal corporate or private network, from any Internet-connected device that can run theRemote Desktop Connection (RDC) client. D. Performs prerequisite checks for DirectAccess (DA) to ensure that it can be installed, installs DA for remoteaccess (RA) (includes management of remote clients) or for management of remote clients only, and installsVPN (both Remote Access VPN and siteto-site VPN).

http://technet.microsoft.com/en-us/library/cc753708(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh831456.aspx http://technet.microsoft.com/en-us/library/cc725706.aspx http://technet.microsoft.com/en-us/library/hh918408(v=wps.620).aspx
QUESTION 13
You have a server named Server1 that runs a full installation of Windows Server 2012 R2. You need to uninstall the graphical user interface (GUI) on Server1. You must achieve this goal by using the minimum amount of Administrative effort. What should you do?
A. Reinstall Windows Server 2012 R2 on the server.
B. From Server Manager, uninstall the User Interfaces and Infrastructure feature.
C. From Windows PowerShell, run Uninstall-WindowsFeature PowerShell-ISE
D. From Windows PowerShell, run Uninstall-WindowsFeature Desktop-Experience.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
A. Not least effort
B. Quick and Easy
C. Uninstalls PS-ISE
D. Doesn’t remove all GUI components

http://www.petri.co.il/switching-gui-server-core-windows-server-2012.htm
QUESTION 14
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4. Server1 is configured as shown in the following table.

You install Windows Server 2012 R2 on VM2 by using Windows Deployment Services (WDS). You need to ensure that the next time VM2 restarts, you can connect to the WDS server by using PXE.
Which virtual machine setting should you configure for VM2?
A. NUMA topology
B. Resource control
C. Resource metering
D. Virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Correct Answer: G Section: (none)Explanation
Explanation/Reference:
Explanation:
G. Configure the BIOS of the computer to enable PXE boot, and set the boot order so that it is booting from the network is first

http://technet.microsoft.com/en-us/library/cc766320(v=ws.10).aspx
QUESTION 15
Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.

In the perimeter network, you install a new server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. You need to join Server1 to the contoso.com domain.
What should you use?
A. The New-ADComputer cmdlet
B. The djoin.exe command
C. The dsadd.exe command
D. The Add-Computer cmdlet
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
A. Creates a new Active Directory computer.
B. Use djoin for offline join in the perimeter network
C. Adds specific types of objects to the directory.
D. Add the local computer to a domain or workgroup.
http://technet.microsoft.com/en-us/library/ee617245.aspx
http://technet.microsoft.com/en-us/library/ff793312(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc753708(v=ws.10).aspx http://technet.microsoft.com/
en-us/library/hh849798.aspx

QUESTION 16
Your network contains an Active Directory domain named adatum.com. The domain contains three domain DC3 loses network connectivity due to a hardware failure. You plan to remove DC3 from the domain. You log on to DC3. You need to identify which service location (SRV) records are registered by DC3. What should you do?

A. Open the %windir%\system32\config\netlogon.dns file.
B. Run dcdiag /test:dns
C. Open the %windir%\system32\dns\backup\adatum.com.dns file.
D. Run ipconfig /displaydns.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
A. Netlogon service creates a log file that contains all the locator resource records and places the logfile in the following location:

B. Analyzes the state of domain controllers in a forest or enterprise and reports any problems to help introubleshooting.

C. dns backup file

D. used to display current resolver cache content You can verify SRV locator resource records by viewing netlogon.dns, located in the
%systemroot%\System32\Config folder.
The SRV record is a Domain Name System (DNS) resource record that is used to identify computers that hostspecific services.
SRV resource records are used to locate domain controllers for Active Directory.
You can use Notepad, to view this file.
The first record in the file is the domain controller’s Lightweight Directory Access Protocol (LDAP) SRV record.
This record should appear similar to the following:
_ldap._tcp.Domain_Name
http://support.microsoft.com/kb/816587/en-us http://technet.microsoft.com/en-us/library/cc959303.aspx http://technet.microsoft.com/en-us/library/cc731968(v=ws.10).aspx
QUESTION 17
Your network contains an Active Directory forest that contains three domains. A group named Group1 is configured as a domain local distribution group in the
forest root domain. You plan to grant Group1 read-only access to a shared folder named Share1. Share1 is located in a child domain.
You need to ensure that the members of Group1 can access Share1.
What should you do first?

A. Convert Group1 to a global distribution group.
B. Convert Group1 to a universal security group.
C. Convert Group1 to a universal distribution group.
D. Convert Group1 to a domain local security group
Correct Answer: B Section: (none)Explanation
Explanation/Reference:
Explanation:
A. Distribution Groups only used for email B, Universal can be used for any domain or forest
C. Distribution Groups only used for email
D. Permissions can be assigned only within the same domain as the parent domain local group Group scope Universal can be assigned permissions in any domain or forest.

http://technet.microsoft.com/en-us/library/cc781446(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc755692(v=ws.10).aspx
QUESTION 18
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2008 R2. One of the domain controllers is
named DCI. The network contains a member server named Server1 that runs Windows Server 2012 R2. You need to promote Server1 to a domain controller by
using install from media (IFM).
What should you do first?

A. Create a system state backup of DC1.
B. Create IFM media on DC1.
C. Upgrade DC1 to Windows Server 2012 R2.
D. Run the Active Directory Domain Services Configuration Wizard on Server1.
E. Run the Active Directory Domain Services Installation Wizard on DC1.
Correct Answer: C Section: (none)Explanation
Explanation/Reference:
Explanation:
A. Backs up system state data to be restored
C. Only valid option. You could install ADDS role on Server 1 and run ADDS configuration wizard andadd DC to existing domain
D. Need to add ADDS role first
E. Wrong server Installation from media does not work across different operating system versions. In other words, you must use a Windows Server 2012 R2 domain controller to generate installation media to usefor another Windows Server 2012 R2 domain controller installation. We can use the Install from media (IFM) option to install an Additional Domain Controller in an existing domainis the best option such as a branch office scenario where network is slow, unreliable and costly. IFM will minimize replication traffic during the installation because it uses restored backup files to populate theAD DS database. This will significantly reduce the amount of traffic copied over the WAN link. Things to remember: If you are deploying your first Domain Controller in the domain, you cannot use IFM. The OS will need to match the IFM media. (If you create a 2008 R2 IFM, promote a 2008 R2 DC) If you are creating a DC that will be a Global Catalog Server, create your IFM on a Global Catalog Server. If you are creating a DC that will be a DNS Server, create your IFM on a DNS Server. If you want to copy the SYSVOL, the DC on which you generate the installation media and the new DC mustbe at least running Windows Server 2008 with Service Pack 2 or Windows Server 2008 R2. Membership of the Domain Admins group is the minimum required to complete IFM.
http://www.brandonlawson.com/active-directory/deploying-domain-controllers-with-installfrom- media-ifm/ http://technet.microsoft.com/en-us/library/jj574166.aspx http://technet.microsoft.com/en-us/library/cc770654%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/jj574134.aspx Media used by the IFM option is created with Windows Server Backup or Ntdsutil.exe from another existingWindows Server 2012 R2 computer only You cannot use a Windows Server 2008 R2 or previous operating system to create media for a Windows Server 2012 R2 domain controller.
QUESTION 19
Your network contains an Active Directory domain named contoso.com. The domain contains 100 servers. The servers are contained in a organizational unit (OU)
named ServersOU. You need to create a group named Group1 on all of the servers in the domain.
You must ensure that Group1 is added only to the servers.
What should you configure?

A. a Local Users and Groups preferences setting in a Group Policy linked to the Domain Controllers OU
B. a Restricted Groups setting in a Group Policy linked to the domain
C. a Local Users and Groups preferences setting in a Group Policy linked to ServersOU
D. a Restricted Groups setting in a Group Policy linked to ServersOU
Correct Answer: C Section: (none)Explanation
Explanation/Reference:
Explanation:
A. This would add the group to the wrong OU
B. This would affect the whole domain and would effect member of the group C. allows you to centrally manage local users and groups on domain member computers and is this isthe correct OU for the GPO change
D. Restricted Groups defines what member or groups should exist as part of a group Why use Group Policy preferences? Unlike Group Policy settings, which App1y to both local computer policy and Active Directory policy, GroupPolicy preferences only App1y to Active Directory policy. You use preferences to configure many areas of theOS, including: System devices, such as USB ports, floppy drives and removable media Network shares and mapping network shares to drive letters System and user environment variables User and group accounts for the local computer VPN and dial-up networking connections Printer configuration and mapping Registry settings, schedule tasks and system services Settings for Folder Options, Internet Options and Regional and Language Options Settings for power schemes and power management Start Menu properties and menu items

http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure- localadministrator-groups/ http://technet.microsoft.com/en-us/magazine/hh848751.aspx http://technet.microsoft.com/en-us/library/cc957640.aspx http://technet.microsoft.com/en-us/library/cc731972.aspx
QUESTION 20
Your network contains an Active Directory domain named adatum.com. The domain contains several thousand member servers that run Windows Server 2012
R2. All of the computer accounts for the member servers are in an organizational unit (OU) named ServersAccounts.
Servers are restarted only occasionally.
You need to identify which servers were restarted during the last two days.
What should you do?

A. Run dsquery computerand specify the -staiepwdpara meter.
B. Run Get-ADComputerand specify the SearchScope parameter.
C. Run Get-ADComputerand specify the IastLogonproperty.
D. Run dsquery serverand specify the -oparameter
Correct Answer: C Section: (none)Explanation
Explanation/Reference:
QUESTION 21
Your network contains an Active Directory domain named contoso.com. You log on to a domain controller by using an account named Admin1. Admin1 is a member of the Domain Admins group. You view the properties of a group named Group1 as shown in the exhibit. (Click the Exhibit button.) Group1 is located in an organizational unit (OU) named OU1.
You need to ensure that you can modify the Security settings of Group1 by using Active Directory Users and Computers. What should you do from Active Directory Users and Computers?

A. From the View menu, select Users, Contacts, Groups, and Computers as containers.
B. Right-click OU1 and select Delegate Control
C. From the View menu, select Advanced Features.
D. Right-click contoso.com and select Delegate Control.
Correct Answer: C Section: (none) Explanation

Explanation/Reference:
Explanation: From ADUC select view toolbar then select advanced features When you open up the ADUC in a default installation of Active Directory, you are only presented with the basiccontainers. These basic containers include the only organizational unit (OU), which is the Domain Controllers OU, as wellas the other containers such as Users and Computers. To see more in-depth containers, you need to configure the ADUC by going to the View option on thetoolbar, then selecting Advanced Features. This will refresh the view within the ADUC and add some new containers. There are no hidden (or Advanced)OUs that will show up when you configure the ADUC in this way. Viewing ADUC Advanced Settings:

http://searchwindowsserver.techtarget.com/tip/Viewing-advanced-settings-in-ActiveDirectory- Users-and-Computers
QUESTION 22
Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2. You install Windows Server 2012 on a new computer named DC3. You need to manually configure DC3 as a domain controller. Which tool should you use?
A. Server Manager
B. winrm.exe
C. Active Directory Domains and Trusts
D. dcpromo.exe
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
A. using the Add Roles Wizard in Server Manager, followed by the Active Directory Domain Services Configuration Wizard
B. winrm is the server side service for remote managment
C. used for trust between multiple domains
D. Dcpromo.exe has been deprecated. In Windows Server 2012 R2, if you run dcpromo.exe (without anyparameters) from a command prompt, you receive a message directing you to Server Manager http://technet.microsoft.com/en-us/library/hh472162.aspx#BKMK_GUI http://technet.microsoft.com/en-us/library/dd163506.aspx http://technet.microsoft.com/en-us/library/hh831568.aspx

QUESTION 23
You have a server named Core1 that has a Server Core Installation of Windows Server 2012 R2. Core1 has the Hyper-V server role installed Core1 has two
network adapters from different third- party hardware vendors.
You need to configure network traffic failover to prevent connectivity loss if a network adapter fails.
What should you use?

A. New-NetSwitchTeam
B. Add-NetSwitchTeamMember
C. Install-Feature
D. netsh.exe
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
A. Creates a new switch team
B. Adds a network adapter member to an existing switch team C. Not a valid cmdlet
D. Network shell (netsh) is a command-line utility that allows you to configure and display the status of various network communications server role

http://technet.microsoft.com/en-us/library/jj553814.aspx http://technet.microsoft.com/en-us/library/jj553811(v=wps.620).aspx http://technet.microsoft.com/en-us/library/cc725935(v=ws.10).aspx
QUESTION 24
You have a server named Server1 that runs Windows Server 2012 R2. You connect three new hard disks to Server1. You need to create a storage space that contains the three disks. The solution must meet the following requirements:
-Provide fault tolerance if a single disk fails.
-Maximize the amount of files that can be stored in the storage space.
What should you create?
A. A simple space
B. A spanned volume
C. A mirrored space
D. A parity space
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
A. Stripes data across a set of pool disks, and is not resilient to any disk failures. B. A spanned volume is a dynamic volume consisting of disk space on more than one physical disk and not fault tolerant
C. Fault tolerant but Not max space
D. Fault tolerant and better space ratio Parity spaces are designed for capacity efficiency and increased resiliency. Parity spaces are best suited for archival data and streaming media, such as music and videos. http://social.technet.microsoft.com/wiki/contents/articles/11382.storage-spaces-frequently-asked- questions-faq.aspx http://social.technet.microsoft.com/wiki/contents/articles/15198.storage-spaces-overview.aspx http://technet.microsoft.com/en-us/library/cc772180.aspx
QUESTION 25
You perform a Server Core Installation of Windows Server 2012 R2 on a server named Server1. You need to add a graphical user interface (GUI) to Server1. Which tool should you use?
A. The setup.exe command
B. The dism.exe command
C. The imagex.exe command
D. The Add-WindowsPackage cmdlet
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
The DISM command is called by the Add-WindowsFeature command. Here is the systax for DISM:
Dism /online /enable-feature /featurename:ServerCore-FullServer /featurename:ServerGui-Shell /featurename:Server-Gui-Mgmt
QUESTION 26
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has five network adapters. Three of the network adapters an connected to a
network named LAN1. The two other network adapters are connected to a network named LAN2.
You need to create a network adapter team from the three network adapters connected to LAN 1.
Which tool should you use?

A. Routing and Remote Access
B. Network and Sharing Center
C. Server Manager
D. Network Load Balancing Manager
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: http://technet.microsoft.com/en-us/library/hh831648.aspx
QUESTION 27
You have a server named Server1 that runs Windows Server 2012 R2. You need to remove Windows Explorer, Windows Internet Explorer, and all related components and files from Server1. What should you run on Server1?
A. Uninstall-WindowsFeature Server-Gui-Mgmt-Infra Remove
B. Uninstall-WindowsFeature Server-Gui-Shell Remove
C. msiexec.exe /uninstall iexplore.exe /x
D. msiexec.exe /uninstall explorer.exe /x
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
A. Would be a server core install
B. No IE or taskbar, explorer or control panel
C. Would leave components
D. Would leave components
In Windows Server 2012 R2, you can remove the Server Graphical Shell, resulting in the “Minimal ServerInterface”.
This is similar to a Server with a GUI installation, but Internet Explorer 10, Windows Explorer, the desktop, andthe Start screen are not installed.
Microsoft Management Console (MMC), Server Manager, and a subset of Control Panel are still present.
If the server has a full installation of Windows Server, and I need to bring the server down to minimal serverinterface, I only need to remove the Server-GUI-Shell.
http://technet.microsoft.com/en-us/library/hh831786(v=ws.11).aspx
QUESTION 28
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. On Server1, you create a virtual machine
named VM1. VM1 has a legacy network adapter. You need to assign a specific amount of available network bandwidth to VM1.
What should you do first?

A. Remove the legacy network adapter, and then run the Set-VMNetworkAdaptercmdlet.
B. Add a second legacy network adapter, and then run the Set-VMNetworkAdoptercmdlet
C. Add a second legacy network adapter, and then configure network adapter teaming.
D. Remove the legacy network adapter, and then add a network adapter
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
A. Set-VMNetworkAdaptercmdlet configures features of the virtual network adapter in a virtual machine or the management operating system
B. The legacy network adapter doesn’t support bandwidth management C. The legacy network adapter doesn’t support bandwidth management D. Add a New network adapter The legacy network adapter doesn’t support bandwidth management

http://technet.microsoft.com/en-us/library/hh848457(v=wps.620).aspx http://www.techrepublic.com/blog/networking/set-bandwidth-limits-for-hyper-v-vms-withwindows- server-2012/5924
QUESTION 29
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
On a server named Core1, you perform a Server Core Installation of Windows Server 2012 R2.
You join Core1 to the adatum.com domain.
You need to ensure that you can use Event Viewer on Server1 to view the event logs on Core1.
What should you do on Core1?

A. Run the Enable-NetFirewallRulecmdlet.
B. Run sconfig.exeand configure remote management
C. Run the Disable-NetFirewallRulecmdlet.
D. Run sconfiq.exeand configure the network settings.
Correct Answer: A Section: (none)Explanation
Explanation/Reference:
Explanation:
A. Allows MMC snap in for Event Viewer.

B. Modifies service entries

C. Would Disable a firewall rule which was enabled

D. Modifies service entries
Enable-NetFirewallRule -DisplayGroup “Remote Event Log Management”
http://technet.microsoft.com/en-us/library/cc990290(v=ws.10).aspx http://technet.microsoft.com/en-us/library/jj574205.aspx http://mikefrobbins.com/2013/02/28/use-powershell-to-remotely-enable-firewall-exceptions-on- windows-server-2012/
QUESTION 30
Your network contains a file server named Server1 that runs Windows Server 2012 R2. All client computers run Windows 8.
You need to ensure that when users are connected to the network, they always use local offline files that are cached from Server1.
Which Group Policy setting should you configure?

A. Configure slow-link mode.
B. Configure Slow link speed
C. Enable file synchronization on costed networks
D. Turn on economical application of Administratively assigned Offline Files.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
A. Offline Files to provide faster access to cached files and redirected folders. B. Defines a slow connection for purposes of App1ying and updating Group Policy.
C. automatically tracks roaming and bandwidth usage limits while on metered connections D. Lists network files and folders that are always available for offline use. This policy makes the specified filesand folders available offline to users of the computer. When Offline Files is operating in the slow-link mode, all network file requests are satisfied from the OfflineFiles cache. This is similar to a user working offline. If you enable this policy setting, Offline Files uses the slow-link mode if the network throughput between theclient and the server is below (slower than) the Throughput threshold parameter, or if the round-trip networklatency is above (slower than) the Latency threshold parameter.

http://technet.microsoft.com/en-us/library/hh968298.aspx http://technet.microsoft.com/en-us/library/cc957631.aspx http://technet.microsoft.com/en-us/library/jj127408.aspx http://www.group-policy.com/ref/policy/2229/Configure_slow-link_mode

QUESTION 31
Your network contains an Active Directory domain named contoso.com. All servers run either Windows Server 2008 R2 or Windows Serve 2012 R2. All client
computers run either Windows 7 or Windows 8. The domain contains a member server named Server1 that runs Windows Server 2012 R2. Server1 has the File
and Storage Services server role installed. On Server1, you create a share named Share1.
You need to ensure that users can use Previous Versions to restore the files in Share1.
What should you configure on Server1?

A. The Shadow Copies settings
B. A Windows Server Backup schedule
C. A data recovery agent
D. The Recycle Bin properties
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
A. Enable and schedule shadow copies for Share1
B. The backup doesn’t give users access until files are restored D. No settings for file version http://technet.microsoft.com/en-us/library/cc786104(v=ws.10).aspx
QUESTION 32
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Print and Document Services server role installed. Server1 is connected to
two identical print devices. You need to ensure that users can submit print jobs to the print devices. The solution must ensure that if one print device fails, the print
jobs will print automatically on the other print device.
What should you do on Server1?

A. Add two printers and configure the priority of each printer.
B. Add one printer and configure printer pooling.
C. Install the Network Load Balancing (NLB) feature, and then add one printer.
D. Install the Failover Clustering feature, and then add one printer
Correct Answer: B Section: (none)Explanation
Explanation/Reference:
Explanation:
A. expedite documents that need to be printed immediately
B. A printing pool is one logical printer connected to multiple printers through multiple ports of theprint server. The printer that is idle receives the next document sent to the logical printer. Whenprinting to a printer pool, the spooler will send waiting jobs to alternate ports. If the original or alternateports are not available
C. NLB for printing is not supported
D. Would need 2 nodes A printing pool is one logical printer connected to multiple printers through multiple ports of the print server. The printer that is idle receives the next document sent to the logical printer. This is useful in a network with a high volume of printing because it decreases the time users wait for theirdocuments. A printing pool also simplifies administration because multiple printers can be managed from the same logicalprinter on a server. If one device within a pool stops printing, the current document is held at that device. The succeedingdocuments print to other devices in the pool, while the delayed document waits until the nonfunctioningprinter is fixed. Efficient printer pools have the following characteristics: All printers in the pool are the same model. Printer ports can be of the same type or mixed (parallel, serial, and network). It is recommended that all printers be in one location. Because it is impossible to predict which printer willreceive the document, keep all printers in a pool in a single location. Otherwise, users might have a hard timefinding their printed document. http://technet.microsoft.com/en-us/library/cc757086(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc784619(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc958172.aspx You can create a printing pool to automatically distribute print jobs to the next available printer. A printing poolis one logical printer connected to multiple printers through multiple ports of the print server. The printer that isidle receives the next document sent to the logical printer.

Each Answers in Microsoft 070-410 study guides are checked by the concerned professional to provide you the best quality dumps. If you are looking to get certified in short possible time, you will never find quality product than Flydumps.com.

Welcome to download the newest Examwind 1y0-a26 VCE dumps: https://www.pass4itsure.com/1y0-a26.html

Microsoft 070-410 Cert Exam, Download Latest Microsoft 070-410 Real Exam Questions And Answers Online Sale

Microsoft 070-417 Certification Exams, First-hand Microsoft 070-417 Vce Files With High Quality

Welcome to download the newest pass4itsure 350-060 VCE dumps: https://www.pass4itsure.com/350-060.html

FLYDUMPS offer you detailed Microsoft 070-417 exam sample questions. Our experts come from different parts of the Industry and are most experienced and qualified to have the opportunity to write the Microsoft 070-417 exam for us. Microsoft 070-417 exam sample questions are even more difficult than the actual test. Our Microsoft 070-417 exam PDF is a mock up of the actual certification exam questions. This technique has been used for a longest time and it is 100% guaranteed. Microsoft 070-417 exam sample questions provides you everything you will need to take your Microsoft 070-417 Exam. The Microsoft 070-417 Exam details are researched and produced by Professional Certification Experts who are constantly using industry experience to produce precise, and logical.

QUESTION 1
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
On Server1, you create and start a virtual machine named VM1. VM1 is configured as shown in the following table.

You plan to create a checkpoint of VM1.
You need to recommend a solution to minimize the amount of disk space used for the checkpoint of VM1.
What should you do before you create the checkpoint?
A. Decrease the Maximum RAM.
B. Convert Disk1.vhd to a dynamically expanding disk.
C. Run the Stop-VM cmdlet.
D. Run the Resize-VHD cmdlet.
Correct Answer: C Explanation
Explanation/Reference:
Explanation: For checkpoints created when the virtual machine is stopped The checkpoint contains the state of the hard disks only. For checkpoints created when the virtual machine is running The checkpoint contains the state of the hard disks and the data in memory. Note: A checkpoint saves the state of each virtual hard disk that is attached to a virtual machine and all of the hard disk’s contents, including application data files. For virtual machines on Hyper-V and VMware ESX Server hosts, a checkpoint also saves the hardware configuration information. By creating checkpoints for a virtual machine, you can restore the virtual machine to a previous state.
QUESTION 2
Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.

You install a network monitoring application on VM2.
You need to ensure that all of the traffic sent to VM3 can be captured on VM2.
What should you configure?
A. NUMA topology
B. Resource control
C. Resource metering
D. Virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Correct Answer: J Explanation
Explanation/Reference:
Explanation: With Hyper-V Virtual Switch port mirroring, you can select the switch ports that are monitored as well as the switch port that receives copies of all the traffic. And since Port mirroring allows the network traffic of a virtual machine to be monitored by copying the traffic and forwarding it to another virtual machine that is configured for monitoring, you should configure port mirroring on VM2. References: http://technet.microsoft.com/en-us/library/jj679878.aspx#bkmk_portmirror
QUESTION 3
Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.

You plan to schedule a complete backup of Server1 by using Windows Server Backup.
You need to ensure that the state of VM1 is saved before the backup starts.
What should you configure?
A. NUMA topology
B. Resource control
C. Resource metering
D. Virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Correct Answer: I Explanation
Explanation/Reference:
Explanation: The Integration Services settings on virtual machines include services such as operating system shutdown, time synchronization, data exchange, Heartbeat, and Backup (volume snapshot services). This snapshot will ensure that the state of VM1 is saved prior to backup. References: http://msdn.microsoft.com/en-us/library/dd405549(v=vs.85).aspx Exam Ref 70-410, Installing and Configuring Windows Server 2012, Chapter 3: Configure Hyper-V, Objective 3.1: Create and Configure virtual machine settings, p. 144
QUESTION 4
Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.

VM3 is used to test applications.
You need to prevent VM3 from synchronizing its clock to Server1.
What should you configure?
A. NUMA topology
B. Resource control
C. Resource metering
D. Virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Correct Answer: I Explanation
Explanation/Reference:
Explanation:
Integration Services settings on virtual machines includes services such as operating system shutdown,
time synchronization, data exchange, Heart beat, and Backup (volume snapshot services. Thus you
should disable the time synchronization using Integration Services.

References:
http://blogs.technet.com/b/virtualization/archive/2008/08/29/backing-up-hyper-v-virtual- machines.aspx
Exam Ref 70-410, Installing and Configuring Windows Server 2012, Chapter 3: Configure Hyper-V,
Objective 3.1: Create and Configure virtual machine settings, p. 144

QUESTION 5
Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.

VM2 sends and receives large amounts of data over the network.
You need to ensure that the network traffic of VM2 bypasses the virtual switches of the parent partition.
What should you configure?
A. NUMA topology
B. Resource control
C. Resource metering
D. Virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Correct Answer: K Explanation
Explanation/Reference:
Explanation:
Single-root I/O virtualization -capable network adapters can be assigned directly to a virtual machine to
maximize network throughput while minimizing network latency and the CPU overhead required for
processing network traffic.

References:
http://technet.microsoft.com/en-us/library/cc766320(v=ws.10).aspx http://technet.microsoft.com/en-us/
library/hh831410.aspx Exam Ref 70-410, Installing and Configuring Windows Server 2012, Chapter 3:
Configure Hyper-V, Objective 3.1: Create and Configure virtual machine settings, p. 144 Training Guide:
Installing and Configuring Windows Server 2012: Chapter 7: Hyper-V Virtualization, Lesson 2: Deploying
and configuring virtual machines, p. 335

QUESTION 6
You perform a Server Core Installation of Windows Server 2012 R2 on a server named Server1.
You need to add a graphical user interface (GUI) to Server1.
Which tool should you use?
A. The imagex.exe command
B. The ocsetup.exe command
C. The setup.exe command
D. The dism.exe command

Correct Answer: D Explanation
Explanation/Reference:
The DISM command is called by the Add-WindowsFeature command. Here is the systax for DISM: Dism /online /enable-feature /featurename:ServerCore-FullServer /featurename:Server- Gui- Shell / featurename:Server-Gui-Mgmt

QUESTION 7
You have a server named Server1 that runs Windows Server 2012 R2.
You plan to create an image of Server1.
You need to remove the source files for all server roles that are not installed on Server1.

Which tool should you use?

A. dism.exe
B. servermanagercmd.exe
C. ocsetup.exe
D. imagex.exe
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
The Dism utility can be used to create and mount an image of Server1.

References:
http://technet.microsoft.com/en-us/library/cc749447(v=ws.10).aspx http://technet.microsoft.com/en-us/
library/dd744382(v=ws.10).aspx Training Guide: Installing and Configuring Windows Server 2012: Chapter

2: Deploying Servers, p. 44 Exam Ref 70-410: Installing and Configuring Windows Server 2012: Chapter 1: Installing and Configuring Servers, p. 19-22
QUESTION 8
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has following storage spaces:

Data
Users

Backups

Primordial
You add an additional hard disk to Server1.
You need to identify which storage space contains the new hard disk.
Which storage space contains the new disk?
A. Primordial
B. Data
C. Backups
D. Users

Correct Answer: A Explanation
Explanation/Reference:
Explanation:
New Disks (Unallocated space) added to Primordial space.
References:
http://blogs.technet.com/b/canitpro/archive/2012/12/13/storage-pools-dive-right-in.aspx

QUESTION 9
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012.
You create a group Managed Service Account named gservice1.
You need to configure a service named Service1 to run as the gservice1 account.
How should you configure Service1?
A. From a command prompt, run ss.exe and specify the config parameter.
B. From a command prompt, run ss.exe and specify the sdset parameter.
C. From the Services console, configure the General settings.
D. From Windows PowerShell, run Set-Service and specify the -PassThrough parameter.
Correct Answer: C Explanation
Explanation/Reference:
*
Services are often run with default settings — for example, a service might be disabled automatically at
startup. You can use the Services snap-in to change the default settings for a service.
*
To configure how a service is started using the Windows interface

1.
ClickStart , click in theStart Search box, typeservices.msc , and then press ENTER.
2.
Optionally, export and save a list of the existing settings. To do this, right-clickServices , selectExport
List , and save the settings list.
3.
In the details pane, right-click the service that you want to configure, and then clickProperties .
4.
On theGeneral tab, inStartup type , clickAutomatic ,Manual ,Disabled , orAutomatic (Delayed Start) .
5.
To specify the user account that the service can use to log on, click theLog On tab, and then do one of
the following:
Etc.

http://technet.microsoft.com/en-us/library/ee176963.aspx http://technet.microsoft.com/en-us/library/ cc990290(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc738230(v=ws.10).aspx
QUESTION 10
You have a server named Data1 that runs a Server Core Installation of Windows Server 2012 R2 Standard.
You need to configure Data1 to run a Server Core Installation of Windows Server 2012 R2 Datacenter. You want to achieve this goal by using the minimum amount of administrative effort.
What should you perform?
A. An online servicing by using Dism
B. An offline servicing by using Dism
C. An upgrade installation of Windows Server 2012 R2
D. A clean installation of Windows Server 2012 R2

Correct Answer: A Explanation
Explanation/Reference:
Explanation:
There are a couple of ways to install the GUI from the command prompt, although both use the same tool -DISM (Deployment Image Service Manager). When you are doing it for a single (local) server, the
command is:

Dism /online /enable-feature /featurename:ServerCore-FullServer /featurename:…

References:
Training Guide: Installing and Configuring Windows Server 2012: Chapter 2: Deploying Servers, p. 44
Exam Ref 70-410: Installing and Configuring Windows Server 2012: Chapter 1: Installing and Configuring
Servers, p. 19-22

QUESTION 11
Your network contains an Active Directory forest named contoso.com.
The forest contains two domains named contoso.com and child.contoso.com and two sites named Site1 and Site2. The domains and the sites are configured as shown in following table.

When the link between Site1 and Site2 fails, users fail to log on to Site2.
You need to identify what prevents the users in Site2 from logging on to the child.contoso.com domain.
What should you identify?

A. The placement of the infrastructure master
B. The placement of the global catalog server
C. The placement of the domain naming master
D. The placement of the PDC emulator
Correct Answer: D Explanation
Explanation/Reference:
The exhibit shows that Site2 does not have a PDC emulator. This is important because of the close interaction between the RID operations master role and the PDC emulator role The PDC emulator processes password changes from earlier-version clients and other domain controllers on a best-effort basis; handles password authentication requests involving passwords that have recently changed and not yet been replicated throughout the domain; and, by default, synchronizes time. If this domain controller cannot connect to the PDC emulator, this domain controller cannot process authentication requests, it may not be able to synchronize time, and password updates cannot be replicated to it.
QUESTION 12
Your network contains an Active Directory forest that contains two domains. The forest contains five domain controllers.
The domain controllers are configured as shown in the following table.

You need to configure DC5 as a global catalog server.
Which tool should you use?
A. Active Directory Administrative Center
B. Active Directory Users and Computers
C. Active Directory Sites and Services
D. Active Directory Domains and Trusts
Correct Answer: C Explanation
Explanation/Reference:
Explanation:
Active Directory Sites and Services can be used to Add or remove the global catalog read-only directory
partitions from a domain controller in the site. Confirm that all read-only directory partitions have been
replicated to the new global catalog server. As well as verify that the global catalog server is being
advertised in Domain Name System (DNS).

References:
http://technet.microsoft.com/en-us/library/cc730868.aspx http://technet.microsoft.com/en-us/library/
cc770674.aspx

QUESTION 13
Your network contains an Active Directory forest. The forest contains a single domain named contoso.com. The domain contains four domain controllers.
The domain controllers are configured as shown in the following table.

All domain controllers are DNS servers.
You plan to deploy a new domain controller named DC5 in the contoso.com domain.
You need to identify which domain controller must be online to ensure that DC5 can be promoted successfully to a domain controller.
Which domain controller should you identify?
A. DC1
B. DC2
C. DC3
D. DC4
Correct Answer: C Explanation
Explanation/Reference:
Explanation:
In order to add a Domain Controller to corp.contoso.com, you need PDC and RID of that domain, not of the
root domain. The Domain Naming Master is needed to add, remove and rename domains in the forest, i.e.
not for individual Domain Controllers.

QUESTION 14
Your network contains an Active Directory forest named contoso.com. All domain controllers currently run Windows Server 2008 R2.
You plan to install a new domain controller named DC4 that runs Windows Server 2012 R2.
The new domain controller will have the following configurations:
Schema master

Global catalog server

DNS Server server role

Active Directory Certificate Services server role
You need to identify which configurations cannot be fulfilled by using the Active Directory Domain Services Configuration Wizard.
Which two configurations should you identify? (Each correct answer presents part of the solution. Choose two.)
A. Enable the global catalog server.
B. Transfer the schema master.
C. Install the Active Directory Certificate Services role.
D. Install the DNS Server role.
Correct Answer: BC Explanation
Explanation/Reference:
Explanation:
AD Installation Wizard will automatically install DNS and allows for the option to set it as a global catalog
server. ADCS and schema must be done separately.
QUESTION 15
You have a server named Server1 that runs Windows Server 2012.
You promote Server1 to a domain controller.
You need to view the service location (SRV) records that Server1 registers in DNS.
What should you do on Server1?
A. Open the Netlogon.dns file.
B. Run ipconfig /displaydns.
C. Run Get-DnsServerDiagnostics.
D. Open the SrC. sys file.
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
Netlogon.dns – If you are using non-Microsoft DNS servers to support Active Directory, you can verify SRV
locator resource records by viewing Netlogon.dns. Netlogon.dns is located in the %systemroot%\System32
\Config folder. You can use a text editor, such as Microsoft Notepad, to view this file.
The first record in the file is the domain controller’s Lightweight Directory Access Protocol (LDAP) SRV
record.
References:
http://support.microsoft.com/kb/816587/en-us

QUESTION 16
Your network contains an Active Directory domain named adatum.com. The domain contains a member server named Server1 and a domain controller named DC2. All servers run Windows Server 2012 R2.
On DC2, you open Server Manager and you add Server1 as another server to manage.
From Server Manager on DC2, you right-click Server1 as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that when you right-click Server1, you see the option to run the DHCP console. What should you do?
A. On DC2, install the Role Administration Tools.
B. On DC2 and Server1, run winrmquickconfig.
C. In the domain, add DC2 to the DHCP Administrators group.
D. On Server1, install the Feature Administration Tools. Correct Answer: A
Explanation Explanation/Reference:
Explanation:
You need to install the feature administrations tools for the dhcp . Need to install DHCP management tools
on DC2 then you will have access to dhcp management.

QUESTION 17
Your network contains an Active Directory domain named contoso.com. The domain contains three
servers named Server1, Server2, and Server3.
You create a server group named ServerGroup1.
You discover the error message shown in the following exhibit. (Click the Exhibit button.)
You need to ensure that Server2 can be managed remotely by using Server Manager.
What should you do?
A. On Server2, run the netdom.exe command.
B. On Server2, run the net stop netlogon command, and then run the net start netlogon command.
C. On DC1, run the Enable-PSSessionConfigurationcmdlet.
D. On Server2, modify the membership of the Remote Management Users group.
Correct Answer: D Explanation
Explanation/Reference:
Explanation:
This is a security issue. To be able to access Server2 remotely through Server Manager the user need to
be a member of the Remote Management Users group.
References:
Training Guide: Installing and Configuring Windows Server 2012, Chapter 3 Server Remote Management,
Lesson 1: Server Manager, p. 90-92

QUESTION 18
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a server named Server1.
You install the Windows PowerShell Web Access gateway on Server1.
You need to provide administrators with the ability to manage the servers in the domain by using the Windows PowerShell Web Access gateway.
Which two cmdlets should you run on Server1? (Each correct answer presents part of the solution. Choose two.)
A. Install PswaWebApplication
B. Add PswaAuthorizationRule
C. Set-WSManlnstance
D. Set-WSManQuickConfig
E. Set-BCAuthentication

Correct Answer: AB Explanation
Explanation/Reference:
Configure PowerShell Web Access Gateway using the following PowerShell Cmdlet. Install-PswaWebApplication UseTestCertificate Running the cmdlet installs the Windows PowerShell Web Access web application within the IIS Default Web Site container. The cmdlet creates the infrastructure required to run Windows PowerShell Web Access on the default website, https://<server_name>/pswa. Add-PswaAuthorizationRule Adds a new authorization rule to the Windows PowerShell Web Access authorization rule set. Parameters: ComputerGroupName ComputerName ConfigurationName RuleName UserGroupName UserName Credential (Windows Server 2012 R2 and later) References: http://technet.microsoft.com/en-us/library/hh849867.aspx http://technet.microsoft.com/en-us/library/ hh849875.aspx http://technet.microsoft.com/en-us/library/jj592890(v=wps.620).aspx http:// technet.microsoft.com/en-us/library/hh848404(v=wps.620).aspx http://technet.microsoft.com/en-us/library/ jj592894(v=wps.620).aspx
QUESTION 19
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 and a server named Server2 that runs Windows Server 2008 R2 Service Pack 1 (SP1). Both servers are member servers.
On Server2, you install all of the software required to ensure that Server2 can be managed remotely from Server Manager.
You need to ensure that you can manage Server2 from Server1 by using Server Manager.
Which two tasks should you perform on Server2? (Each correct answer presents part of the solution. Choose two.)
A. Run the Enable-PSRemotingcmdlet.
B. Run the Configure-SMRemoting.psl script.
C. Run the Enable-PSSessionConfigurationcmdlet.
D. Run the Set-ExecutionPolicycmdlet.
E. Run the systempropertiesremote.exe command.

Correct Answer: BD Explanation
Explanation/Reference:
Explanation:
To configure Server Manager remote management by using Windows PowerShell On the computer that
you want to manage remotely, open a Windows PowerShell session with elevated user rights.
In the Windows PowerShell session, type the following, and then press Enter. Set-ExecutionPolicy –
ExecutionPolicyRemoteSigned (D) Type the following, and then press Enter to enable all required firewall
rule exceptions.

Configure-SMRemoting.ps1 -force enable (B)
QUESTION 20
Your network contains an Active Directory domain named contoso.com. The domain contains two member
servers named Server1 and Server2 that run Windows Server 2012 R2.
You log on to Server1.

You need to retrieve the IP configurations of Server2.

Which command should you run from Server1?

A. winrm get server2
B. dsquery · -scope base -attrip/server2
C. winrs -r:server2ipconfig
D. ipconfig> server2.ip

Correct Answer: C Explanation
Explanation/Reference:
Explanation:
Windows Remote Management allows you to manage and execute programs remotely References:
Exam Ref 70-410: Installing and Configuring Windows Server 2012: Objective 4.3: Deploy and Configure
the DNS service, Chapter 4 Deploying and Configuring core network services, p. 246 http://
technet.microsoft.com/en-us/library/dd349801(v=ws.10).aspx

QUESTION 21
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 has the DHCP Server server role and the Network Policy Server role service installed.
Server1 contains three non-overlapping scopes named Scope1, Scope2, and Scope3. Server1 currently provides the same Network Access Protection (NAP) settings to the three scopes.
You modify the settings of Scope1 as shown in the exhibit. (Click the Exhibit button.)

You need to configure Server1 to provide unique NAP enforcement settings to the NAP non- compliant DHCP clients from Scope1.
What should you create?
A. A network policy that has the MS-Service Class condition
B. A connection request policy that has the Service Type condition
C. A network policy that has the Identity Type condition
D. A connection request policy that has the Identity Type condition

Correct Answer: A Explanation
Explanation/Reference:
Explanation:
A. Restricts the policy to clients that have received an IP address from a DHCP scope that matches the specified DHCP profile name. This condition is used only when you are deploying NAP with the DHCP enforcement method. To use the MS-Service Class attribute, in Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile. http://technet.microsoft.com/en-us/library/ cc731220(v=ws.10).aspx
QUESTION 22
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server role service installed.
You plan to configure Server1 as a Network Access Protection (NAP) health policy server for VPN enforcement by using the Configure NAPwizard.
You need to ensure that you can configure the VPN enforcement method on Server1 successfully. What should you install on Server1 before you run the Configure NAP wizard?
A. A computer certificate
B. A system health validator (SHV)
C. The Remote Access server role
D. The Host Credential Authorization Protocol (HCAP) Correct Answer: A

Explanation Explanation/Reference:
http://technet.microsoft.com/en-us/library/cc732681.aspx http://technet.microsoft.com/en-us/library/ dd125396(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh831416.aspx http:// technet.microsoft.com/en-us/library/dd125301(v=ws.10).aspx
QUESTION 23
Your network contains an Active Directory domain named contoso.com. The domain contains client
computers that run Either Windows XP, Windows 7, or Windows 8.
Network Policy Server (NPS) is deployed to the domain.
You plan to create a system health validator (SHV).

You need to identify which policy settings can be applied to all of the computers.
Which three policy settings should you identify? (Each correct answer presents part of the solution.
Choose three.)

A. Automatic updating is enabled.
B. A firewall is enabled for all network connections.
C. An antispyware application is on.
D. Antispyware is up to date.
E. Antivirus is up to date. Correct Answer: ABE

Explanation Explanation/Reference:
http://technet.microsoft.com/en-us/library/cc731260.aspx
QUESTION 24
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server.
The network contains two subnets named Subnet1 and Subnet2. Server1 has a DHCP scope for each subnet.
You need to ensure that noncompliant computers on Subnet1 receive different network policies than noncompliant computers on Subnet2.
Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)
A. The NAS Port Type constraints
B. The Health Policies conditions
C. The Called Station ID constraints
D. The NAP-Capable Computers conditions
E. The MS-Service Class conditions

Correct Answer: DE Explanation
Explanation/Reference:
Explanation:
C: The NAP health policy server uses the NPS role service with configured health policies and system health validators (SHVs) to evaluate client health based on administrator-defined requirements. Based on results of this evaluation, NPS instructs the DHCP server to provide full access to compliant NAP client computers and to restrict access to client computers that are noncompliant with health requirements.
D: If policies are filtered by DHCP scope, then MS-Service Class is configured in policy conditions.
QUESTION 25
Your network contains a single Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
The domain contains 400 desktop computers that run Windows 8 and 200 desktop computers that run Windows Vista Service Pack 2(SP2).
All of the desktop computers are located in an organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1. GPO1 contains startup script settings.
You link GPO1 to OU1.
You need to ensure that GPO1 is applied only to computers that run Windows 8.
What should you do?
A. Modify the Security settings of OU1.
B. Create and link a WMI filter to GPO1.
C. Run the Set-GPInheritancecmdlet and specify the -target parameter.
D. Run the Set-GPLinkcmdlet and specify the -target parameter.

Correct Answer: B Explanation
Explanation/Reference:
Explanation:
WMI Filtering is used to get information of the system and apply the GPO on it with the condition is
met.Security filtering: apply a GPO to a specific group (members of the group)

QUESTION 26
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012. Server1 has the Remote Desktop Session Host role service installed. The computer account of Server1 resides in an organizational unit (OU) named OU1.
You create and link a Group Policy object (GPO) named GPO1 to OU1. GPO1 is configured as shown in the exhibit. (Click the Exhibit button.)

You need to prevent GPO1 from applying to your user account when you log on to Server1. GPO1 must apply to every other user who logs on to Server1.
What should you configure?
A. Item-level targeting
B. Security Filtering
C. Block Inheritance
D. WMI Filtering

Correct Answer: B Explanation
Explanation/Reference:
Security filtering is a way of refining which users and computers will receive and apply the settings in a Group Policy object (GPO). Using security filtering, you can specify that only certain security principals within a container where the GPO is linked apply the GPO. Security group filtering determines whether the GPO as a whole applies to groups, users, or computers; it cannot be used selectively on different settings within a GPO.
QUESTION 27
Your network contains an Active Directory domain named contoso.com. All domain controllers run

Windows Server 2012 R2.
An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A
Group Policy object (GPO) named GPO1 is linked to OU1.

You make a change to GPO1.

You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The
solution must minimize administrative effort.
Which tool should you use?

A. TheSecedit command
B. The Invoke-GpUpdatecmdlet
C. Group Policy Object Editor
D. Server Manager Correct Answer: B

Explanation Explanation/Reference:
QUESTION 28
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012.
The domain contains an Edge Server named Server1. Server1 is configured as a DirectAccess server. Server1 has the following settings:

Internal DNS name: Server1.contoso.com External DNS name:

dal.contoso.com Internal IPv6 address: 2002:cla8:6a:3333::l

External IPv4 address: 65.55.37.62
Your company uses split-brain DNS for the contoso.com zone.
You run the Remote Access Setup wizard as shown in the following exhibit. (Click the Exhibit button.)

You need to ensure that client computers on the Internet can establish DirectAccess connections to Server1.
Which additional name suffix entry should you add from the Remote Access Setup wizard?
A. A Name Suffix value of Server1.contoso.com and a blank DNS Server Address value
B. A Name Suffix value of dal.contoso.com and a blank DNS Server Address value
C. A Name Suffix value of Server1.contoso.com and a DNS Server Address value of 65.55.37.62
D. A Name Suffix value of dal.contoso.com and a DNS Server Address value of 65.55.37.62

Correct Answer: A Explanation
Explanation/Reference:
Explanation:
*
In a non-split-brain DNS environment, the Internet namespace is different from the intranet namespace. For example, the Contoso Corporation uses contoso.com on the Internet and corp.contoso.com on the intranet. Because all intranet resources use the corp.contoso.com DNS suffix, the NRPT rule for corp.contoso.com routes all DNS name queries for intranet resources to intranet DNS servers. DNS name queries for names with the contoso.com suffix do not match the corp.contoso.com intranet namespace rule in the NRPT and are sent to Internet DNS servers.

*
Split-brain DNS is a configuration method that enables proper resolution of names (e.g., example.com) from both inside and outside of your local network. Note: For split-brain DNS deployments, you must list the FQDNs that are duplicated on the Internet and intranet and decide which resources the DirectAccess client should reach, the intranet version or the public (Internet) version. For each name that corresponds to a resource for which you want DirectAccess clients to reach the public version, you must add the corresponding FQDN as an exemption rule to the NRPT for your DirectAccess clients. Name suffixes that do not have corresponding DNS servers are treated as exemptions.
Reference: Design Your DNS Infrastructure for DirectAccess
QUESTION 29
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Remote Access server role installed.
DirectAccess is implemented on Server1 by using the default configuration.
You discover that DirectAccess clients do not use DirectAccess when accessing websites on the Internet. You need to ensure that DirectAccess clients access all Internet websites by using their DirectAccess connection.
What should you do?
A. Configure a DNS suffix search list on the DirectAccess clients.
B. Enable the Route all traffic through the internal network policy setting in the DirectAccess Server Settings Group Policy object (GPO).
C. Configure DirectAccess to enable force tunneling.
D. Disable the DirectAccess Passive Mode policy setting in the DirectAccess Client Settings Group Policy object (GPO).

Correct Answer: C Explanation
Explanation/Reference:
QUESTION 30
Your network contains an Active Directory domain named contoso.com. The domain contains a Web server named www.contoso.com. The Web server is available on the Internet.
You implement DirectAccess by using the default configuration.
You need to ensure that users never attempt to connect to www.contoso.com by using DirectAccess. The solution must not prevent the users from using DirectAccess to access other resources in contoso.com.
Which settings should you configure in a Group Policy object (GPO)?
A. DirectAccess Client Experience Settings
B. Name Resolution Policy
C. DNS Client
D. Network Connections

Correct Answer: B Explanation
Explanation/Reference:
Explanation:
For DirectAccess, the NRPT must be configured with the namespaces of your intranet with a leading dot
(for example, .internal.contoso.com or .corp.contoso.com). For a DirectAccess client, any name request
that matches one of these namespaces will be sent to the specified intranet Domain Name System (DNS)
servers.

Include all intranet DNS namespaces that you want DirectAccess client computers to access. There are no
command line methods for configuring NRPT rules. You must use Group Policy settings. To configure the
NRPT through Group Policy, use the Group Policy add-in at Computer Configuration \Policies\Windows
Settings\Name Resolution Policy in the Group Policy object for DirectAccess clients. You can create a new
NRPT rule and edit or delete existing rules. For more information, see Configure the NRPT with Group
Policy.

Microsoft certification Microsoft 070-417 Exam is a milestone in your becoming Microsoft certified professionals. There are hundreds of online sources providing Microsoft 070-417 exam dumps. You can choose Flydumps Microsoft 070-417 exam dumps for your Microsoft 070-417 Certification Exam.Microsoft 070-417 exam dumps provide you the gateway to success in actual Microsoft 070-417 Certification Exam.

Welcome to download the newest pass4itsure 350-060 VCE dumps: https://www.pass4itsure.com/350-060.html

Microsoft 070-417 Certification Exams, First-hand Microsoft 070-417 Vce Files With High Quality

Microsoft 070-412 PDF Exams, First-hand Microsoft 070-412 Exam Questions Latest Version PDF&VCE

Question No : 11 HOTSPOT – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured as nodes in an NLB cluster named Cluster1. Both servers connect to the same switch.
Cluster1 hosts a secure web Application named WebApp1. WebApp1 saves user state information in a central database.
You need to ensure that the connections to WebApp1 are distributed evenly between the nodes. The solution must minimize port flooding.
What should you configure? To answer, configure the appropriate affinity and the appropriate mode for Cluster1 in the answer area.

Answer: Question No : 12 – (Topic 1)
Your network contains two Web servers named Server1 and Server2. Both servers run Windows Server 2012 R2.
Server1 and Server2 are nodes in a Network Load Balancing (NLB) cluster. The NLB cluster contains an application named App1 that is accessed by using the URL http://app1.contoso.com.
You plan to perform maintenance on Server1.
You need to ensure that all new connections to App1 are directed to Server2. The solution must not disconnect the existing connections to Server1.
What should you run?
A. The Set-NlbCluster cmdlet
B. The Set-NlbClusterNode cmdlet
C. The Stop-NlbCluster cmdlet
D. The Stop-NlbClusterNode cmdlet

Answer: D
Explanation: The Stop-NlbClusterNode cmdlet stops a node in an NLB cluster. When you use the stop the nodes in the cluster, client connections that are already in progress are interrupted. To avoid interrupting active connections, consider using the -drain parameter, which allows the node to continue servicing active connections but disables all new traffic to that node.
-Drain <SwitchParameter>
Drains existing traffic before stopping the cluster node. If this parameter is omitted, existing
traffic will be dropped.
Question No : 13 – (Topic 1)
Your network contains two servers named HV1 and HV2. Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed.
HV1 hosts 25 virtual machines. The virtual machine configuration files and the virtual hard disks are stored in D:\VM.
You shut down all of the virtual machines on HV1.
You copy D:\VM to D:\VM on HV2.
You need to start all of the virtual machines on HV2. You want to achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. Run the Import-VMInitialReplication cmdlet.
B. From HV1, export all virtual machines to D:\VM. Copy D:\VM to D:\VM on HV2 and overwrite the existing files. On HV2, run the Import Virtual Machine wizard.
C. From HV1, export all virtual machines to D:\VM. Copy D:\VM to D:\VM on HV2 and overwrite the existing files. On HV2, run the New Virtual Machine wizard.
D. Run the Import-VM cmdlet.
Answer: D

Question No : 14 HOTSPOT – (Topic 1)
Your network contains two Hyper-V hosts that are configured as shown in the following table.

You create a virtual machine on Server1 named VM1.
You plan to export VM1 from Server1 and import VM1 to Server2.
You need to ensure that you can start the imported copy of VM1 from snapshots.
What should you configure on VM1?
To answer, select the appropriate node in the answer area.
Answer:
Question No : 15 DRAG DROP – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains four member servers named Server1, Server2, Servers, and Server4. All servers run Windows Server 2012 R2.
Server1 and Server2 are located in a site named Site1. Server3 and Server4 are located in a site named Site2. The servers are configured as nodes in a failover cluster named Cluster1.
Cluster1 is configured to use the Node Majority quorum configuration.
You need to ensure that Server1 is the only server in Site1 that can vote to maintain quorum.
What should you run from Windows PowerShell?
To answer, drag the appropriate commands to the correct location. Each command may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Answer:
Question No : 16 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a cluster disk resource.
A developer creates an application named App1. App1 is NOT a cluster-aware application. App1 runs as a service. App1 stores date on the cluster disk resource.
You need to ensure that App1 runs in Cluster1. The solution must minimize development effort.
Which cmdlet should you run?
A. Add-ClusterGenericServiceRole
B. Add-ClusterGenericApplicationRole
C. Add-ClusterScaleOutFileServerRole
D. Add-ClusterServerRole

Answer: B
Explanation: Configure high availability for an application that was not originally designed to run in a failover cluster. If you run an application as a Generic Application, the cluster software will start the application, then periodically query the operating system to see whether the application appears to be running. If so, it is presumed to be online, and will not be restarted or failed over.
Ref: http://technet.microsoft.com/en-us/library/ee460976.aspx

Question No : 17 HOTSPOT – (Topic 1)
Your network contains an Active Directory domain named contoso.com.
You have a failover cluster named Cluster1 that contains two nodes named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed.
You plan to create two virtual machines that will run an application named App1. App1 will store data on a virtual hard drive named App1data.vhdx. App1data.vhdx will be shared by both virtual machines.
The network contains the following shared folders:
An SMB file share named Share1 that is hosted on a Scale-Out File Server. An SMB file share named Share2 that is hosted on a standalone file server. An NFS share named Share3 that is hosted on a standalone file server.
You need to ensure that both virtual machines can use App1data.vhdx simultaneously.
What should you do?
To answer, select the appropriate configurations in the answer area.

Answer:
Question No : 18 HOTSPOT – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and configured.
For all users, you are deploying smart cards for logon. You are using an enrollment agent to enroll the smart card certificates for the users.
You need to configure the Contoso Smartcard Logon certificate template to support the use of the enrollment agent.
Which setting should you modify? To answer, select the appropriate setting in the answer area.

Answer: Question No : 19 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. The system properties of Server1 are shown in the exhibit. (Click the Exhibit button.)

You need to configure Server1 as an enterprise subordinate certification authority (CA).
What should you do first?
A. Add RAM to the server.
B. Set the Startup Type of the Certificate Propagation service to Automatic.
C. Install the Certification Authority Web Enrollment role service.
D. Join Server1 to the contoso.com domain.

Answer: D
Explanation:
A new CA can be the root CA of a new PKI or subordinate to another in an existing PKI. Enterprise subordinate certification authority An enterprise subordinate CA must get a CA certificate from an enterprise root CA but can then issue certificates to all users and computers in the enterprise. These types of CAs are often used for load balancing of an enterprise root CA.
Enterprise CAs can be used to issue certificates to support such services as digital signatures, Secure Multipurpose Internet Mail Extensions (S/MIME) secure mail, Secure Sockets Layer (SSL) or Transport Layer Security (TLS) secured web access and smart card authentication. Enterprise CAsare used to provide certificate services to internal users who have user accounts in the domain.
Requiring Active Directory, an Enterprise subordinate CA obtains its certificate from an already existing CA.
These types of CAs are used to provide smart-card-enabled logons by Windows XP and other Windows Server 2003 machines.
After a root certification authority (CA) has been installed, many organizations will install one or more subordinate CAs to implement policy restrictions on the public key infrastructure (PKI) and to issue certificates to end clients. Using at least one subordinate CA can help protect the root CA from unnecessary exposure. If a subordinate CA will be used to issue certificates to users or computers with accounts in an Active Directory domain, installing the subordinate CA as an enterprise CA allows you to use the client’s existing account data in Active Directory Domain Services (AD DS) to issue and manage certificates and to publish certificates to AD DS. Membership in local Administrators, or equivalent, is the minimum required to complete this procedure. If this will be an enterprise CA, membership in Domain Admins, or equivalent, is the minimum required to complete this procedure.
Question No : 20 – (Topic 1)
Your network contains a perimeter network and an internal network. The internal network contains an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as the attribute store.
You plan to deploy a federation server proxy to a server named Server2 in the perimeter network.
You need to identify which value must be included in the certificate that is deployed to Server2.
What should you identify?
A. The FQDN of the AD FS server
B. The name of the Federation Service
C. The name of the Active Directory domain
D. The public IP address of Server2
Answer: A

Explanation:
A. It must contain the FQDN http://technet.microsoft.com/en-us/library/cc776786(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc782620(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc759635(v=ws.10).aspx

Question No : 21 – (Topic 1)
Your network contains an Active directory forest named contoso.com. The forest contains two child domains named east.contoso.com and west.contoso.com.
You install an Active Directory Rights Management Services (AD RMS) cluster in each child domain.
You discover that all of the users in the contoso.com forest are directed to the AD RMS cluster in east.contoso.com.
You need to ensure that the users in west.contoso.com are directed to the AD RMS cluster in west.contoso.com and that the users in east.contoso.com are directed to the AD RMS cluster in east.contoso.com.
What should you do?
A. Modify the Service Connection Point (SCP).
B. Configure the Group Policy object (GPO) settings of the users in the west.contoso.com domain.
C. Configure the Group Policy object (GPO) settings of the users in the east.contoso.com domain.
D. Modify the properties of the AD RMS cluster in west.contoso.com.

Answer: B
Explanation: The west.contoso.com are the ones in trouble that need to be redirected to the west.contoso.com not the east.contoso.com.

Question No : 22 – (Topic 1)
You have a server named Server1 that runs Windows Server 2012 R2.

From Server Manager, you install the Active Directory Certificate Services server role on
Server1.
A domain administrator named Admin1 logs on to Server1.
When Admin1 runs the Certification Authority console, Admin1 receive the following error

message.
You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error message does not appear.
What should you do?
A. Install the Active Directory Certificate Services (AD CS) tools.
B. Run the regsvr32.exe command.
C. Modify the PATH system variable.
D. Configure the Active Directory Certificate Services server role from Server Manager.

Answer: D
Explanation: The error message is related to missing role configuration.

Question No : 23 – (Topic 1)
Your network contains an Active Directory domain named contoso.com.
A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS). After the proof of concept was complete, the Active Directory Rights Management Services
server role was removed. You attempt to deploy AD RMS.
During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service Connection Point (SCP) was found.
You need to remove the existing AD RMS SCP.
Which tool should you use?
A. Active Directory Users and Computers
B. Authorization Manager
C. Active Directory Domains and Trusts
D. Active Directory Sites and Services

Answer: D
Question No : 24 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that has the Active Directory Federation Services server role installed. All servers run Windows Server 2012.d
You complete the Active Directory Federation Services Configuration Wizard on Server1.
You need to ensure that client devices on the internal network can use Workplace Join.
Which two actions should you perform on Server1? (Each correct answer presents part of the solution. Choose two.)
A. Run Enable-AdfsDeviceRegistration -PrepareActiveDirectory.
B. Edit the multi-factor authentication global authentication policy settings.
C. Run Enable-AdfsDeviceRegistration.
D. Run Set-AdfsProxyProperties HttpPort 80.
E. Edit the primary authentication global authentication policy settings.

Answer: C,E
Explanation: * To enable Device Registration Service On your federation server, open a Windows PowerShell command window and type: Enable-AdfsDeviceRegistration Repeat this step on each federation farm node in your AD FS farm.. Enable seamless second factor authentication Seamless second factor authentication is an enhancement in AD FS that provides an added level of access protection to corporate resources and applications from external devices that are trying to access them. When a personal device is Workplace Joined, it becomes a ‘known’ device and administrators can use this information to drive conditional access and gate access to resources. To enable seamless second factor authentication, persistent single sign-on (SSO) and conditional access for Workplace Joined devices In the AD FS Management console, navigate to Authentication Policies. Select Edit Global Primary Authentication. Select the check box next to Enable Device Authentication, and then click OK.

Question No : 25 DRAG DROP – (Topic 1)
Your network contains an Active Directory domain named contoso.com.
You need to ensure that third-party devices can use Workplace Join to access domain resources on the Internet.
Which four actions should you perform in sequence?
To answer, move the appropriate four actions from the list of actions to the answer area
and arrange them in the correct order.
Answer:
Question No : 26 HOTSPOT – (Topic 1)
Your company has a primary data center and a disaster recovery data center.
The network contains an Active Directory domain named contoso.com. The domain contains a server named that runs Windows Server 2012 R2. Server1 is located in the primary data center.
Server1 has an enterprise root certification authority (CA) for contoso.com.
You deploy another server named Server2 to the disaster recovery data center.
You plan to configure Server2 as a secondary certificate revocation list (CRL) distribution point.
You need to configure Server2 as a CRL distribution point (CDP).
Which tab should you use to configure the required CDP entry? To answer, select the appropriate tab in the answer area.

Answer:
Question No : 27 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as an enterprise certification authority (CA).
You need to ensure that all of the users in the domain are issued a certificate that can be used for the following purposes:

Email security
Client authentication
Encrypting File System (EFS)

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. From a Group Policy, configure the Certificate Services Client – Auto-Enrollment settings.
B. From a Group Policy, configure the Certificate Services Client – Certificate Enrollment Policy settings.
C. Modify the properties of the User certificate template, and then publish the template.
D. Duplicate the User certificate template, and then publish the template.
E. From a Group Policy, configure the Automatic Certificate Request Settings settings.

Answer: A,D
Explanation:
The default user template supports all of the requirements EXCEPT auto enroll as shown below:

However a duplicated template from users has the ability to autoenroll:

The Automatic Certificate Request Settings GPO setting is only available to Computer, not user.
http://technet.microsoft.com/en-us/library/dd851772.aspx
Question No : 28 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server3 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
DHCP is configured as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that only Scope1, Scope3, and Scope5 assign the same DNS servers to DHCP clients. The solution must minimize administrative effort.
What should you do?
A. Create a superscope and scope-level policies.
B. Configure the Scope Options.
C. Create a superscope and a filter.
D. Configure the Server Options.
Answer: B

Explanation:
B. Any DHCP scope options configured for assignment to DHCP clients http://technet.microsoft.com/en-us/library/dd759218.aspx http://technet.microsoft.com/en-us/library/cc757682(v=WS.10).aspx
Question No : 29 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DNS Server server role installed.
Server1 has a zone named contoso.com. The zone is configured as shown in the exhibit. (Click the Exhibit button.)

You need to assign a user named User1 permission to add and delete records from the contoso.com zone only.
What should you do first?
A. Enable the Advanced view from DNS Manager.
B. Add User1 to the DnsUpdateProxy group.
C. Run the New Delegation Wizard.
D. Configure the zone to be Active Directory-integrated.

Answer: D
Question No : 30 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
An administrator installs the IP Address Management (IPAM) Server feature on a server named Server2. The administrator configures IPAM by using Group Policy based provisioning and starts server discovery.
You plan to create Group Policies for IPAM provisioning.
You need to identify which Group Policy object (GPO) name prefix must be used for IPAM Group Policies.
What should you do on Server2?
A. From Server Manager, review the IPAM overview.
B. Run the ipamgc.exe tool.
C. From Task Scheduler, review the IPAM tasks.
D. Run the Get-IpamConfiguration cmdlet.

Answer: D

Flydumps.com never believes in second chances and hence bring you the best Microsoft 070-412 exam preparation materials which will make you pass in the first attempt. Flydumps.com experts have complied the fail proof Microsoft 070-412 exam content to help you pass your Microsoft 070-412 certification exam in the first attempt and score the top possible grades too.

Microsoft 74-409 Practice, Latest Upload Microsoft 74-409 Certification Exams Are Based On The Real Exam

Flydumps just published the newest Microsoft 74-409 Dumps with all the new updated exam questions and answers. We provide the latest version of Microsoft 74-409 PDF and VCE files with up-to-date questions and answers to ensure your exam 100% pass,on our website you will get the Microsoft 74-409 free new version VCE Player along with your VCE dumps

QUESTION 1
You administer a Windows Server 2012 R2 server that has the Hyper-V role installed. You deploy a new virtual machine. You add two virtual network adapters to
the virtual machine. You need to ensure that the virtual machine maintains network connectivity if one virtual network adapter fails.
What should you do?

A. Run the Windows PowerShell cmdlet Enable-VMReplication.
B. Enable Dynamic Host Configuration Protocol (DHCP) Guard.
C. Run the Windows PowerShell cmdlet Set-VMHost.
D. Run the Windows PowerShell cmdlet Set-VMNetworkAdapter.

Correct Answer: D Explanation
Explanation/Reference:
Ref: http://technet.microsoft.com/en-us/library/hh848457.aspx

QUESTION 2
You administer a server that runs Windows Server 2012 R2 that has the Hyper-V role installed. You plan to apply an update to a virtual machine (VM). You have the following requirements:
You must be able to quickly revert back to a pre-update state.

The solution must minimize storage requirements on the server.
You need to apply the update. What should you do?
A. Run the Windows PowerShell cmdlet New-VirtualDiskClone.
B. Create a checkpoint of the VM.
C. Run the Windows PowerShell cmdlet Export-VMSnapshot.
D. Export the VM.

Correct Answer: B Explanation
Explanation/Reference:
Ref: http://technet.microsoft.com/en-us/library/cc956044.aspx

QUESTION 3
A company has Windows Server 2012 R2 servers that have the Hyper-V role installed. The guest virtual machines are configured as follows:

You need to ensure that the environment supports online virtual hard disk resizing. What should you do?
A. Convert the virtual machines to Generation 2 virtual machines.
B. Deploy clustered storage spaces.
C. Convert the drive format of the virtual machines to the VHDX file format.
D. Deploy Serial Attached SCSI (SAS).

Correct Answer: C Explanation
Explanation/Reference:
Ref: http://technet.microsoft.com/en-us/library/dn282286.aspx

Requirements
The following functionality is required for resizing a virtual hard disk:
· A server capable of running Hyper-V. The server must have processor support for hardware virtualization. The Hyper-V role must be installed.
· A user account that is a member of the local Hyper-V Administrators group or the Administrators group.
The following functionality is required for resizing a virtual hard disk:
· VHDX – the ability to expand and shrink virtual hard disks is exclusive to virtual hard disks that are using the .vhdx file format. Online resizing is supported for
VHDX disk types, including fixed, differencing, and dynamic disks. Virtual hard disks that use the .vhd file format are not supported for resizing operations.
· SCSI controller – the ability to expand or shrink the capacity of a virtual hard disk is exclusive to .vhdx files that are attached to a SCSI controller. VHDX files that
are attached to an IDE controller are not supported.
QUESTION 4
A Windows Server 2012 R2 Hyper-V host server has four network adapters that are connected to two different network switches. The server contains a virtual machine named NYC-WEB.
You have the following requirements:
increase the available bandwidth for NYC-WEB

implement network fault tolerance for NYC-WEB without modifying network switch configurations

use the least amount of administrative effort
You need to configure the Hyper-V environment. What should you do first?
A. Enable NIC teaming. Configure the team to use Static Teaming mode.
B. Enable NIC teaming. Configure the team to use Switch Independent mode.
C. Enable Bandwidth Management on NYC-WEB.
D. Run the Windows PowerShell command Set-NetLbfoTeam -Name Team1 -TeamingMode Static.

Correct Answer: B Explanation
Explanation/Reference:
Ref: http://blogs.technet.com/b/privatecloud/archive/2012/06/19/nic-teaming-in-windows-server- 2012-brings-simple-affordable-traffic-reliability-and-load-balancing-to-your-cloud- workloads.aspx

QUESTION 5
A company plans to create a Hyper-V environment that will contain three virtual machines (VMs). A limited amount of storage space is available to host the VMs. The VMs will be configured as follows:

You must maximize disk performance.
You need to recommend a storage solution.
Which type of virtual disk type should you configure for each VM?

A. pass-through
B. fixed
C. dynamically expanding
D. differencing

Correct Answer: B Explanation
Explanation/Reference:
Ref: http://www.petri.co.il/choosing-hyper-v-storage-virtual-hard-disks-2.htm#

Virtual Disk Types
There are considerations for using virtual disks, and what types of virtual disks are available:
· Fixed–The VHD image file is pre-allocated on the backing store for the maximum size requested.
· Expandable–Also known as “dynamic”, “dynamically expandable”, and “sparse”, the VHD image file uses only as much space on the backing store as needed to
store the actual data the virtual disk currently contains. When creating this type of virtual disk, the VHD API does not test for free space on the physical disk based
on the maximum size requested, therefore it is possible to successfully create a dynamic virtual disk with a maximum size larger than the available physical disk
free space.

Note The maximum size of a dynamic virtual disk is 2,040 GB. · Differencing–A parent virtual disk is used as the basis of this type, with any subsequent writes
written to the virtual disk as differences to the new differencing VHD image file, and the parent VHD image file is not modified. For example, if you have a clean-
install system boot operating system virtual disk as a parent and designate the differencing virtual disk as the current virtual disk for the system to use. then the
operating system on the parent virtual disk stays in its original state for quick recovery or for quickly creating more boot images based on additional differencing
virtual disks.

Note The maximum size of a differencing virtual disk is 2,040 GB.
All virtual disk types have a minimum size of 3 MB.
With Pass-through disks, you lose all of the benefits of VHD files such as portability, snap- shotting and thin provisioning.
Performance is marginally better than that of VHD files. Reference: http://clusteringformeremortals.com/2009/09/25/hyper-v-pass-through-disk- performance-vs-fixedsize-vhd-files-and-dynamic-vhd-files-in-windows-server-2008-r2/
QUESTION 6
A company has servers that run Windows Server 2012 R2. The company has one Active Directory Domain Services (AD DS) domain.
A user reports that USB devices are not redirected when he uses the Virtual Machine Connection tool to connect to a virtual machine. USB device redirection
works for other users that connect to this VM.
You need to ensure that USB devices are redirected for all users when they connect to this VM.
What should you do?

A. Add the user as a member of the Administrators group on the VM.
B. Ensure that the Allow enhanced session mode setting is set to Enabled on the VM.
C. Ensure that the Remote Desktop Services service is running on the VM.
D. Add the user as a member of the Administrators group on the AD DS domain.

Correct Answer: A Explanation
Explanation/Reference:
Ref: http://technet.microsoft.com/en-us/library/dn282274.aspx
Re-direction works for other users on this VM. This means that Enhanced Session Mode is already enabled on the server and VM.
Additionally, Remote Desktop Services needs to be running, and the user account you use to sign in to the virtual machine needs to be a member of the Remote Desktop Users local group or the local Administrators group.
QUESTION 7
A company has seven Windows Server 2012 R2 virtual machines (VMs). The VMs are running and are accessible over the network. You plan to copy a large .ISO
file from the host server to each of the VMs.
The copy operations must meet the following requirements:

The VMs must remain accessible over the network during the copy operations.

The copy operations must NOT use a network connection.
You need to configure the VMs. What should you do on each VM?
A. Enable the Guest services integration service.
B. Enable the Data Exchange integration service.
C. Add a network adapter, and then enable the virtual machine queue (VMQ) option on the adapters.
D. Set the value of the Smart Paging File Location property to %SYSTEMROOT%\temp.

Correct Answer: A Explanation
Explanation/Reference:
Ref: http://technet.microsoft.com/en-us/library/dn282278.aspx
Q: What is the new Guest services integration service in Windows Server 2012 R2 Hyper-V?
A: Several integration services are available for virtual machines (VMs) such as time synchronization, heartbeat, backup, OS shutdown, and data exchange. In Windows Server 2012 R2, a new integration service has been added, Guest services. Guest services enables the copying of files to a VM using WMI APIs or using the new Copy-VMFile Windows PowerShell cmdlet.
QUESTION 8
A company has one central data center and five branch offices. Each office has three Hyper-V host servers that run Windows Server 2012 R2 Datacenter edition.
Each branch office has a system administrator. You plan to deploy virtual machines (VMs) that run Windows Server 2012 R2 Standard edition to each branch
office.
You have the following requirements:

The VMs must be activated at the branch offices, even if the branch office has no Internet connectivity.

Activation keys must NOT be shared with the branch office administrators.

You must be able to track license usage from the central location, even without access rights to the VMs.

You must be able to verify license compliance and perform real time reporting on license usage from a central location.
You need to configure licensing and activation for the VMs. Which feature or tool should you use?
A. Multiple Activation Key (MAK)
B. Volume Activation Management Tool (VAMT)
C. Key Management Service (KMS)
D. Automatic Virtual Machine Activation (AVMA)

Correct Answer: D Explanation
Explanation/Reference:
Ref: http://technet.microsoft.com/en-us/library/dn303421.aspx

Automatic Virtual Machine Activation (AVMA) acts as a proof-of-purchase mechanism, helping to ensure that Windows products are used in accordance with the
Product Use Rights and Microsoft Software License Terms.
AVMA lets you install virtual machines on a properly activated Windows server without having to manage product keys for each individual virtual machine, even in
disconnected environments. AVMA binds the virtual machine activation to the licensed virtualization server and activates the virtual machine when it starts up.
AVMA also provides real-time reporting on usage and historical data on the license state of the virtual machine.
Reporting and tracking data is available on the virtualization server.

QUESTION 9
A company consolidates multiple data centers into a single centralized datacenter by using a Windows Server 2012 R2 server that has the Hyper-V role installed. You must be able to support chargeback based on the usage of the following resources:
average CPU usage per virtual machine (VM)

average physical memory used by a VM over a period of time

highest amount of memory assigned to a VM over a period of time

highest amount of disk spaced assigned to a VM over a period of time
You need to track the resources without installing any additional tools. Which tool should you use?
A. Process Explorer
B. Resource Metering
C. Reliability Monitor
D. Resource Monitor

Correct Answer: B Explanation
Explanation/Reference:
Ref: http://technet.microsoft.com/en-us/library/hh831661.aspx
QUESTION 10
A company has a Windows Server 2012 R2 Hyper-V host server named NYC-HOST1 that hosts a virtual machine (VM) named NYC-VM1.
A critical security update must be applied immediately to NYC-VM1. There is no time to test the update before deployment. You must minimize the amount of time
needed to restore the VM. You need to capture the state of NYC-VM1 before you install the critical security update.
What should you do?

A. From Hyper-V Manager, select NYC-VM1, and then create a checkpoint.
B. Run the Windows PowerShell command Save-VM NYC-VM1.
C. Run the Windows PowerShell command Get-VMSnapshot NYC-VM1.
D. Run the Windows PowerShell command Export-VMSnapshot NYC-VM1.
Correct Answer: A Explanation

Explanation/Reference:
Explanation: A checkpoint is the Windows Server 2012 R2 Hyper-V name for a snapshot. A snapshot will save the state of the VM.
http://technet.microsoft.com/en-us/library/cc956044.aspx http://www.interweb.org.uk/2011/03/21/understanding-hyper-v-virtual-machine- snapshotscheckpoints/ http://technet.microsoft.com/en-us/library/dd560637(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh848539.aspx
QUESTION 11
You administer a Windows Server 2012 R2 Hyper-V host server that contains production and test virtual machines (VMs). You plan to optimize the performance of
the VMs.
The following settings must be applied to the VMs:

You must set a maximum value for the input/output operations per second (IOPS) on the test VMs.

You must set a minimum value for the IOPS on the production VMs.
You need to configure the environment. What should you do?
A. On all VMs, enable Network Quality of Service (QoS).
B. Create a shared virtual hard disk (VHD).
C. On the Hyper-V host server, enable Resource Metering.
D. On all VMs, enable Storage Quality of Service (QoS).

Correct Answer: D Explanation
Explanation/Reference:
Ref: http://technet.microsoft.com/en-us/library/dn282281.aspx
QUESTION 12
A company has a Windows Server 2012 R2 server that has the Hyper-V role installed. The server has a single processor and a single 10-gigabit network interface card (NIC). 12 virtual machines (VMs) run on the server.
You need to configure Hyper-V to allow higher network throughput and reduce processing overhead related to network operations. What should you do?
A. Run the Windows PowerShell command Set-VMNetworkAdapter -VmqWeight 0 on the VMs.
B. In Hyper-V Manager, disable the protected network option for all NICs on the VMs.
C. in Hyper-V Manager, enable the Single Root I/O Virtualization (SR-IOV) option on the VMs.
D. Disable Internet Protocol security (IPsec) task offloading on the VMs.

Correct Answer: C Explanation
Explanation/Reference:
What is SR-IOV
Requires support in network adapter Provides Direct Memory Access to virtual machines Increases network throughput Reduces network latency Reduces CPU overhead on the Hyper-V server Virtual machine bypasses virtual switch Supports Live Migration, even when different SR_IOV adapters are used
QUESTION 13
You administer an environment that uses a Windows Server 2012 R2 Hyper-V cluster and System Center 2012 R2 Virtual Machine Manager (VMM). You plan to
deploy two virtual machines (VMs) that host a line-of-business (LOB) application. The VMs must reside on the same Hyper-V host server at all times. The LOB
application does NOT require high availability.
You need to deploy the VMs.
What should you do?

A. Add a custom property to both VMs, and assign the same value to each property. Configure the Hyper-V host cluster to use the same custom property and value. Configure a custom placement rule that uses filters that are based on the custom property and value.
B. Configure the VMs to use the same VM network.
C. Configure the VMs to reside on the same storage area networks (SANs).
D. Add a custom property to both VMs, and assign the same value to each property. Configure the VMs as members of the same availability set.

Correct Answer: A Explanation
Explanation/Reference:
Ref: http://blogs.technet.com/b/scvmm/archive/2013/03/11/custom-placement-rules-and- availability-sets-in-scvmm-2012-sp1.aspx
QUESTION 14
You administer two Windows 2012 R2 servers that have the Hyper-V role installed. You plan to deploy a new Hyper-V cluster. The cluster instance must NOT be
added to Active Directory.
You need to deploy the cluster. What should you do?

A. Use Hyper-V Manager to deploy the cluster.
B. Use Failover Cluster Manager to deploy the cluster.
C. Run the Windows PowerShell cmdlet New-Cluster. Specify ActiveDirectoryAndDNS for the AdministrativeAccessPoint parameter.
D. Run the Windows PowerShell cmdlet New-Cluster. Specify DNS for the AdministrativeAccessPoint parameter.

Correct Answer: D Explanation
Explanation/Reference:
Ref: http://technet.microsoft.com/en-us/library/dn265970.aspx To deploy an Active Directory-detached cluster, you must use Windows PowerShell. You cannot
use Failover

Cluster Manager.
To create the failover cluster, start Windows PowerShell as an administrator, and then use the New-Cluster cmdlet with the AdministrativeAccessPoint parameter
set to a value of DNS.

QUESTION 15
You are the virtualization administrator for an organization that manages private and public cloud-based resources. The organization uses Windows Server 2008
R2 SP1 Hyper-V. All Hyper-V host servers are configured as nodes in a four-node cluster. The organization also uses System Center 2012 R2.

Operating system updates to each host server require a system reboot. You need to ensure that the virtual machines remain online during any reboots required by
the updates.
What should you do?

A. Apply updates by using the Virtual Machine Servicing Tool (VMST).
B. Configure orchestrated updates of Hyper-V host clusters in System Center 2012 R2 Virtual Machine Manager (VMM).
C. Implement cluster-aware updating with the Cluster-Aware Updating (CAU) wizard.
D. In System Center 2012 R2 Configuration Manager, add all of the servers to a collection. Deploy updates to the collection.

Correct Answer: C Explanation
Explanation/Reference:
Explanation: http://technet.microsoft.com/en-us/library/hh831694.aspx
CAU is an automated feature that enables you to update clustered servers with little or no loss of availability during the update process. During an Updating Run, CAU transparently performs the following tasks:
· Puts each node of the cluster into node maintenance mode · Moves the clustered roles off the node · Installs the updates and any dependent updates · Performs a restart if necessary · Brings the node out of maintenance mode · Restores the clustered roles on the node · Moves to update the next node
For many clustered roles (formerly called clustered applications and services) in the cluster, the automatic update process triggers a planned failover, and it can cause a transient service interruption for connected clients. However, in the case of continuously available workloads such as Hyper-V with live migration or file server with SMB Transparent Failover, CAU can coordinate cluster updates with no impact to the service availability.
Note The CAU feature is only compatible with Windows Server 2012 R2 and Windows Server 2012 failover clusters and the clustered roles that are supported on those versions.
QUESTION 16
You have a Windows Server 2012 R2 Hyper-V environment that includes System Center 2012 R2 Virtual Machine Manager (VMM). The environment includes five physical servers. The servers are configured as follows:

You plan to use VMM to migrate physical machines to virtual machines. You must migrate all servers that support physical to virtual (P2V) migration.
You need to migrate the servers.
Which three servers should you migrate? Each correct answer presents part of the solution.

A. NYC-WEB
B. NYC-PR
C. NYC-DEV
D. NYC-FS
E. NYC-EX

Correct Answer: ABC Explanation
Explanation/Reference:
The source computer cannot have any volumes larger than 2040 GB. This disqualifies NYC- FS( not D) and NYC-EX (not E).
Note:
* Requirements on the Source Machine
To perform a P2V conversion, your source computer:
/Must have at least 512 MB of RAM.
/ Cannot have any volumes larger than 2040 GB.

/ Must have an Advanced Configuration and Power Interface (ACPI) BIOS Vista WinPE will not install on a non-ACPI BIOS.
/ Must be accessible by VMM and by the host computer.
/ Cannot be in a perimeter network. A perimeter network, which is also known as a screened subnet, is a collection of devices and subnets placed between an intranet and the Internet to help protect the intranet from unauthorized Internet users. The source computer for a P2V conversion can be in any other network topology in which the VMM server can connect to the source machine to temporarily install an agent and can make Windows Management Instrumentation (WMI) calls to the source computer.
QUESTION 17
An organization has private and public cloud resources. The organization has Windows Server 2012 R2 servers that have the Hyper-V role installed. You have
one four-node cluster of Hyper- V host servers. You use System Center 2012 R2.
The virtual machines that run on the cluster must remain online when you install updates on the Hyper-V host servers.
You need to install updates on the Hyper-V host servers.
What should you do?

A. Configure Windows Server Update Services (WSUS) to provide updates to the Hyper-V host servers in the cluster.
B. Add all the virtual machines hosted on the cluster to a collection in System Center 2012 R2 Configuration Manager. Deploy updates to the collection.
C. Use the Cluster-Aware Updating (CAU) wizard.
D. Configure Windows Update on the Hyper-V host servers to download updates from Microsoft Update.

Correct Answer: C Explanation
Explanation/Reference:
Ref: http://technet.microsoft.com/en-us/library/gg675084.aspx
CAU is an automated feature that enables you to update clustered servers with little or no loss of availability during the update process. During an Updating Run, CAU transparently performs the following tasks:
· Puts each node of the cluster into node maintenance mode · Moves the clustered roles off the node · Installs the updates and any dependent updates · Performs a restart if necessary · Brings the node out of maintenance mode · Restores the clustered roles on the node · Moves to update the next node
For many clustered roles (formerly called clustered applications and services) in the cluster, the automatic update process triggers a planned failover, and it can cause a transient service interruption for connected clients. However, in the case of continuously available workloads such as Hyper-V with live migration or file server with SMB Transparent Failover, CAU can coordinate cluster updates with no impact to the service availability.
Note The CAU feature is only compatible with Windows Server 2012 R2 and Windows Server 2012 failover clusters and the clustered roles that are supported on those versions.
QUESTION 18
Your environment contains one Active Directory Domain Services (AD DS) domain. All domain controllers have Windows Server 2012 R2 installed. All domain
controllers are virtualized domain controllers.
You design a disaster recovery strategy. You have the following requirements:

The domain controllers can be recovered in the event that a Hyper-V host server fails.

The AD DS domain must be restorable to a consistent state.

You must minimize the data loss.
You need to ensure that the domain controllers can be recovered in the event of a failure. What should you do?
A. Clone the domain controller that holds the PDC Emulator role to a different Hyper-V host server. Schedule a Windows PowerShell job to run the Checkpoint-VM cmdlet on each virtual domain controller.
B. Run Windows Azure Hyper-V Recovery Manager.
C. On each guest operating system, run Windows Server Backup.
D. On the host operating system, run Windows Server Backup.
E. Schedule a Windows PowerShell job to back up each domain controller’s virtual hard disk (VHD) file.

Correct Answer: C Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/d2cae85b-41ac-497f-8cd1- 5fbaa6740ffe(v=ws.10)
#backup_and_restore_considerations_for_virtualized_domain_controllers
QUESTION 19
You manage a virtualization environment that contains Windows Server 2012 R2 servers that have the Hyper-V role installed. You manage the host servers by
using Virtual Machine Manager (VMM) in System Center 2012 R2.
You must monitor the virtualization environment, including all virtual machines and service instances.

You need to configure monitoring.
Which three actions should you perform? Each correct answer presents part of the solution.

A. Import the VMM Management Pack and then deploy agents to the Hyper-V host servers and the VMM server. On the Hyper-V host server, enable agent proxy for the Operations Manager agent.
B. In the VMM console, add the name of an Operations Manager server to the management group that will be used to monitor the virtualization infrastructure.
C. On the VMM server, install the Operations Manager console.
D. On the Operations Manager management server, enable Windows Remote Management (WinRM).
E. Import the VMM Management Pack and then deploy agents to Hyper-V host servers and the VMM Server. On the VMM server, enable agent proxy for the Operations Manager agent.
F. Configure the VMM server and the Active Directory computer accounts of the Hyper-V host servers to allow constrained delegation.

Correct Answer: ABC Explanation
Explanation/Reference:
Explanation:
http://blogs.technet.com/b/kevinholman/archive/2012/08/21/integrating-vmm-2012-and-opsmgr- 2012.aspx

Explanation:
Step 1: (C)
The Operations Manager is a requirement.
With System Center Operations Manager 2012 SP1, customers can now monitor Hyper-V Replica using a Management Pack available for free from the SCOM
catalogue.

Step 2: (A)
An Operations Manager agent is a service that is installed on a computer. The agent collects data, compares sampled data to predefined values, creates alerts,
and runs responses.
A management server receives and distributes configurations to agents on monitored computers.

Step 3: (B)
Enter in one of your management server names to provide the SDK connection to VMM. Next we will need two accounts. One for SCVMM to connect to SCOM,
and one for SCOM to connect to SCVMM.

QUESTION 20
A company has Active Directory Domain Services (AD DS) domain controllers that run Windows Server 2012 R2. You prepare a disaster recovery plan for Active Directory. You have the following requirements:

The domain controller restore process must complete as quickly as possible.
After the restore process completes, the Active Directory database on the domain controller must be brought up to date by using replication.
You need to implement the disaster recovery plan. What should you do?
A. Authoritatively restore the domain controllers by using the ntdsutil.exe tool.
B. Restore the domain controllers by using the Active Directory Recycle Bin.
C. Back up and restore the domain controllers by using the wbadmin.exe tool.
D. Back up and restore the domain controllers by using the Idp.exe tool.

Correct Answer: C Explanation
Explanation/Reference:
Explanation:
Ref: http://technet.microsoft.com/en-us/magazine/dd767786.aspx
wbadmin: Enables you to back up and restore your operating system, volumes, files, folders, and applications from a command prompt. http://technet.microsoft.com/en-us/library/cc754015.aspx ntdsutil: Ntdsutil.exe is a command-line tool that provides management facilities for Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS). You can use the ntdsutil commands to perform database maintenance of AD DS, manage and control single master operations, and remove metadata left behind by domain controllers that were removed from the network without being properly uninstalled. This tool is intended for use by experienced administrators. http:// technet.microsoft.com/en-us/library/cc753343.aspx Active Directory Recycle Bin: Active Directory Recycle Bin helps minimize directory service downtime by enhancing your ability to preserve and restore accidentally deleted Active Directory objects without restoring Active Directory data from backups, restarting Active Directory Domain Services (AD DS), or rebooting domain controllers. http://technet.microsoft.com/en-us/library/dd392261%28v=ws.10%29.aspx ldp: This GUI tool is a Lightweight Directory Access Protocol (LDAP) client that allows users to perform operations (such as connect, bind, search, modify, add, delete) against any LDAP- compatible directory, such as Active Directory. LDP is used to view objects stored in Active Directory along with their metadata, such as security descriptors and replication metadata. http://technet.microsoft.com/en-us/library/cc772839%28v=ws.10%29.aspx

Microsoft 070-410 professional Certification, Pass the Microsoft 070-410 Test Software Are Based On The Real Exam

With Flydumps Microsoft 070-410 practice tests, you can pass the exam easily and go further on Microsoft career path.The Microsoft 070-410 Flydumps are authenticated by expert and covering all aspect of Microsoft 070-410 exam. Visit www.Flydumps.com to get the Microsoft 070-410 100% pass ensure!

QUESTION 1
You have a server named Server2 that runs Windows Server 2012 R2. Server2 has the Hyper-V server role installed. The disks on Server2 are configured as shown in the exhibit. (Click the Exhibit button.) You create a virtual machine on Server2 named VM1.
You need to ensure that you can configure a pass-through disk for VM1. What should you do?

A. Convert Disk 1 to a basic disk.
B. Take Disk 1 offline.
C. Create a partition on Disk 1.
D. Convert Disk 1 to a MBR disk.
Correct Answer: B
QUESTION 2
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. Server1 is connected to two Fibre Channel SANs and is configured as shown in the following table.

You have a virtual machine named VM1. You need to configure VM1 to connect to SAN1. What should you do first?
A. Add one HBA
B. Create a Virtual Fibre Channel SAN.
C. Create a Hyper-V virtual switch.
D. Configure network adapter teaming.
Correct Answer: B QUESTION 3
You work as a senior administrator at L2P.com. The L2P.com network consists of a single domain named L2P.com. All servers on the L2P.com network have
Windows Server 2012 installed, and all workstations have Windows 8 installed.
You are running a training exercise for junior administrators. You are currently discussing the Always Offline Mode.
Which of the following is TRUE with regards to the Always Offline Mode? (Choose all that apply.)

A. It allows for swifter access to cached files and redirected folders.
B. To enable Always Offline Mode, you have to satisfy the forest and domain functional-level requirements, as well as schema requirements.
C. It allows for lower bandwidth usage due to users are always working offline.
D. To enable Always Offline Mode, you must have workstations running Windows 7 or Windows Server 2008 R2.

Correct Answer: AC QUESTION 4
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. You need to configure a central store for the Group Policy Administrative Templates. What should you do on DC1?
A. From Server Manager, create a storage pool.
B. From Windows Explorer, copy the PolicyDefinitions folder to the SYSVOL\contoso.com\policies folder.
C. From Server Manager, add the Group Policy Management feature
D. From Windows Explorer, copy the PolicyDefinitions folder to the NETLOGON share.

Correct Answer: B QUESTION 5
You install Windows Server 2012 R2 on a standalone server named Server1. You configure Server1 as a VPN server.
You need to ensure that client computers can establish PPTP connections to Server1. Which two firewall rules should you create? (Each correct answer presents
part of the solution.Choose two.)

A. An inbound rule for protocol 47
B. An outbound rule for protocol 47
C. An inbound rule for TCP port 1723
D. An inbound rule for TCP port 1701
E. An outbound rule for TCP port 1723
F. An outbound rule for TCP port 1701

Correct Answer: AC
QUESTION 6
Your network contains an Active Directory domain named adatum.com. The computer accounts for all member servers are located in an organizational unit (OU)
named Servers. You link a Group Policy object (GPO) to the Servers OU.
You need to ensure that the domain’s Backup Operators group is a member of the local Backup Operators group on each member server. The solution must not
remove any groups from the local Backup Operators groups.
What should you do?

A. Add a restricted group named adatum\Backup Operators. Add Backup Operators to the This group is a member of list.
B. Add a restricted group named adatum\Backup Operators. Add Backup Operators to the Members of this group list.
C. Add a restricted group named Backup Operators. Add adatum\Backup Operators to the This group is a member of list.
D. Add a restricted group named Backup Operators. Add adatum\Backup Operators to the Members of this group list.
Correct Answer: A
QUESTION 7
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. An application named Appl.exe is installed on all
client computers. Multiple versions of Appl.exe are installed on different client computers. Appl.exe is digitally signed. You need to ensure that only the
latestversion of Appl.exe can run on the client computers.
What should you create?

A. An application control policy packaged app rule
B. A software restriction policy certificate rule
C. An application control policy Windows Installer rule
D. An application control policy executable rule
Correct Answer: D
QUESTION 8
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. You need to ensure that the local Administrator account on all computers is renamed to L_Admin. Which Group Policy settings should you modify?
A. Security Options
B. User Rights Assignment
C. Restricted Groups
D. Preferences
Correct Answer: A
QUESTION 9
You have a server that runs Windows Server 2012 R2. The disks on the server are configured as shown in the exhibit. (Click the Exhibit button.) You need to create a storage pool that contains Disk 1 and Disk 2. What should you do first?

A. Delete volume E
B. Convert Disk 1 and Disk 2 to dynamic disks
C. Convert Disk 1 and Disk 2 to GPT disks
D. Create a volume on Disk 2
Correct Answer: A
QUESTION 10
You have a server named Server1 that runs Windows Server 2012 R2. You add a 4-TB disk named Disk 5 to Server1. You need to ensure that you can create a 3-TB volume on Disk 5. What should you do?
A. Create a storage pool.
B. Convert the disk to a dynamic disk.
C. Create a VHD, and then attach the VHD.
D. Convert the disk to a GPT disk.
Correct Answer: D
QUESTION 11
You have a server named Server1 that has a Server Core installation of Windows Server 2008 R2. Server1 has the DHCP Server server role and the File Server
server role installed. You need to upgrade Server1 to Windows Server 2012 R2 with the graphical user interface (GUI). The solution must meet the following
requirements:
Preserve the server roles and their configurations.
Minimize Administrative effort.
What should you do?

A. On Server1, run setup.exe from the Windows Server 2012 R2 installation media and select Server with a GUI.
B. Start Server1 from the Windows Server 2012 R2 installation media and select Server Core Installation. When the installation is complete, add the Server Graphical Shell feature.
C. Start Server1 from the Windows Server 2012 R2 installation media and select Server with a GUI.
D. On Server1, run setup.exe from the Windows Server 2012 R2 installation media and select Server Core Installation. When the installation is complete, add the Server Graphical Shell feature
Correct Answer: D
QUESTION 12
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. You need to install the Remote Desktop Services server role on Server2 remotely from Server1. Which tool should you use?
A. The dsadd.exe command
B. The Server Manager console
C. The Remote Desktop Gateway Manager console
D. The Install-RemoteAccess cmdlet
Correct Answer: B
QUESTION 13
You have a server named Server1 that runs a full installation of Windows Server 2012 R2. You need to uninstall the graphical user interface (GUI) on Server1. You must achieve this goal by using the minimum amount of Administrative effort. What should you do?
A. Reinstall Windows Server 2012 R2 on the server.
B. From Server Manager, uninstall the User Interfaces and Infrastructure feature.
C. From Windows PowerShell, run Uninstall-WindowsFeature PowerShell-ISE
D. From Windows PowerShell, run Uninstall-WindowsFeature Desktop-Experience.
Correct Answer: B
QUESTION 14
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4. Server1 is configured as shown in the following table.

You install Windows Server 2012 R2 on VM2 by using Windows Deployment Services (WDS). You need to ensure that the next time VM2 restarts, you can connect to the WDS server by using PXE.
Which virtual machine setting should you configure for VM2?
A. NUMA topology
B. Resource control
C. Resource metering
D. Virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Correct Answer: G
QUESTION 15
Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.

In the perimeter network, you install a new server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. You need to join Server1 to the contoso.com domain.
What should you use?
A. The New-ADComputer cmdlet
B. The djoin.exe command
C. The dsadd.exe command
D. The Add-Computer cmdlet
Correct Answer: B QUESTION 16
Your network contains an Active Directory domain named adatum.com. The domain contains three domain DC3 loses network connectivity due to a hardware failure. You plan to remove DC3 from the domain. You log on to DC3. You need to identify which service location (SRV) records are registered by DC3. What should you do?

A. Open the %windir%\system32\config\netlogon.dns file.
B. Run dcdiag /test:dns
C. Open the %windir%\system32\dns\backup\adatum.com.dns file.
D. Run ipconfig /displaydns.

Correct Answer: A
QUESTION 17
Your network contains an Active Directory forest that contains three domains. A group named Group1 is configured as a domain local distribution group in the
forest root domain. You plan to grant Group1 read-only access to a shared folder named Share1. Share1 is located in a child domain.
You need to ensure that the members of Group1 can access Share1.

What should you do first?
A. Convert Group1 to a global distribution group.
B. Convert Group1 to a universal security group.
C. Convert Group1 to a universal distribution group.
D. Convert Group1 to a domain local security group
Correct Answer: B
QUESTION 18
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2008 R2. One of the domain controllers is
named DCI. The network contains a member server named Server1 that runs Windows Server 2012 R2. You need to promote Server1 to a domain controller by
using install from media (IFM).
What should you do first?

A. Create a system state backup of DC1.
B. Create IFM media on DC1.
C. Upgrade DC1 to Windows Server 2012 R2.
D. Run the Active Directory Domain Services Configuration Wizard on Server1.
E. Run the Active Directory Domain Services Installation Wizard on DC1.
Correct Answer: C
QUESTION 19
Your network contains an Active Directory domain named contoso.com. The domain contains 100 servers. The servers are contained in a organizational unit (OU)
named ServersOU. You need to create a group named Group1 on all of the servers in the domain.
You must ensure that Group1 is added only to the servers.
What should you configure?

A. a Local Users and Groups preferences setting in a Group Policy linked to the Domain Controllers OU
B. a Restricted Groups setting in a Group Policy linked to the domain
C. a Local Users and Groups preferences setting in a Group Policy linked to ServersOU
D. a Restricted Groups setting in a Group Policy linked to ServersOU
Correct Answer: C
QUESTION 20
Your network contains an Active Directory domain named adatum.com. The domain contains several thousand member servers that run Windows Server 2012
R2. All of the computer accounts for the member servers are in an organizational unit (OU) named ServersAccounts.
Servers are restarted only occasionally.
You need to identify which servers were restarted during the last two days.
What should you do?

A. Run dsquery computerand specify the -staiepwdpara meter.
B. Run Get-ADComputerand specify the SearchScope parameter.
C. Run Get-ADComputerand specify the IastLogonproperty.
D. Run dsquery serverand specify the -oparameter
Correct Answer: C

All our Cisco products are up to date! When you buy any Microsoft 070-410 product from Certpaper, as “Microsoft 070-410 Questions & Answers with explanations”, you are automatically offered the Microsoft 070-410 updates for a total of 90 days from the day you bought it. If you want to renew your Microsoft 070-410 purchase during the period of these 90 days, your Microsoft 070-410 product is renewed and you are further enabled to enjoy the free Cisco updates.

Microsoft 70-643 Cert Exam, Sale Best Microsoft 70-643 Real Exam Questions And Answers Is Your Best Choice

Flydumps Microsoft 70-643  exam questions and answers in PDF are prepared by our expert, Moreover, they are based on the recommended syllabus covering all the Microsoft 70-643 exam objectives.You will find them to be very helpful and precise in the subject matter since all the Microsoft 70-643 exam content is regularly updated and has been checked for accuracy by our team of Microsoft expert professionals.

QUESTION 1
A server runs Windows Server 2008. The Terminal Services role is installed on the server. You deploy a new application on the server. The application creates files that have an extension of .xyz.
You need to ensure that users can launch the remote application from their computers by double- clicking a file that has the .xyz extension.
What should you do?
A. Configure the Remote Desktop Connection Client on the users’ computers to point to the server.
B. Configure the application as a published application by using a Remote Desktop Program file.
C. Configure the application as a published application by using a Windows Installer package file.
D. Configure the application as a published application by using a Terminal Server Web Access Web site.
Correct Answer: C Explanation
Explanation/Reference:
Explanation:
Launching Apps from the Desktop For users who want to double-click documents to launch the application, terminal services now provides the ability to “install”
the remote application’s link to the desktop. This process effectively wraps the RemoteApp’s RDP file into a Windows Installer package–an MSI file–that is later
installed to desktops in the environment. At the same time, the installed MSI can modify the file extension associations on the desktop to reroute a double-clicked
file to its associated RemoteApp on the terminal server. Figure 3 shows how the file extension associations have been modified on a client system after a Word
RemoteApp is installed. Now, double-clicking any of the common Word file extensions will launch Word via the Remote Desktop Connection.
Figure 3 File extension associations that have been altered to launch the Remote Desktop Connection To create a Windows Installer package out of an existing RemoteApp, first navigate to the TS RemoteApp Manager. Right-click the RemoteApp of interest and select Create Windows Installer Package. By default, all created Windows Installer packages are stored in the location C:\Program Files\Packaged Programs, but this location can be changed from within the RemoteApp Wizard. Also configurable within the wizard are the name and port for the server that will host the RemoteApp, as well as server authentication, certificate settings, and TS Gateway settings. Settings that relate to the application’s location after installation to a candidate desktop are shown in Figure
4. As you can see, it is possible to create a shortcut on the desktop as well as to a location within the Start menu folder. The most important checkbox on this screen is at the very bottom. It’s the checkbox for Take over client settings, and it re-associates any file extension associations for the RemoteApp from the local desktop to the terminal server. This checkbox must be selected if you want users to be able to double-click documents to launch their TS-hosted application. Click Next and Finish to complete the wizard. Please Note: -Since Windows2008R2 Terminal Services (TS) is now rebranded to Remote Desktop Services (RDS)-Source: http://technet.microsoft.com/en-us/query/dd314392
QUESTION 2
You have a server that runs Windows Server 2008 R2. The server has the RD Gateway role service installed.
You need to provide a security group access to the RD Gateway server.
What should you do?
A. Add the security group to the Remote Desktop Users group.
B. Add the security group to the TS Web Access Computers group.
C. Create and configure a Remote Desktop Resource Authorization Policy.
D. Create and configure a Remote Desktop Connection Authorization Policy.
Correct Answer: D Explanation
Explanation/Reference:
Explanation:
Remote Desktop connection authorization policies (RD CAPs) allow you to specify who can connect to an RD Gateway server.
Source: http://technet.microsoft.com/en-us/library/cc753324.aspx

QUESTION 3
Your company uses Public folders and Web Distributed Authoring and Versioning. The company asks you to install Microsoft Windows SharePoint Services (WSS) as a server in a new server farm. You plan to install WSS on a server that runs Windows Server 2008 R2.
You start the Configuration Wizard to begin the installation. You receive an error message as shown in the exhibit.

You need to configure WSS to start SharePoint Services 3.0 SP 2 Central Administration.
What should you do?
A. Install the Windows Internal Database.
B. Install a Microsoft SQL Server 2005 server.
C. Install the Active Directory Rights Management Services role.
D. Install the Active Directory Lightweight Directory Services role.
Correct Answer: B Explanation
Explanation/Reference:
Explanation:
To resolve this problem, you need to install Microsoft SQL Server 2005 server on the farm. This error message occurs when either the SQL Server does not exist
or the SQL Server services id stopped.

The server farm account is used to access your configuration database. It also acts as the application pool identity for the SharePoint Central Administration
application pool, and it is the account under which the Windows SharePoint Services Timer service runs. The SharePoint Products and Technologies
Configuration Wizard adds this account to the SQL Server Logins, the SQL Server Database Creator server role, and the SQL Server Security Administrators
server role. If SQL Server is not available then the above mentioned error message will appear.

Reference: Configuration Wizard – Failed to Connect
http://blogs.msdn.com/neilth/archive/2008/04/25/failed-to-connect-or-database-name-does-not- exist.aspx

QUESTION 4
You manage a member server that runs Windows Server 2008 R2. The server runs the Remote Desktop Gateway (RD Gateway) role service.
You need to find out whether a user named User1 has ever connected to his office workstation through the RD Gateway server.
What should you do?
A. View the events in the Monitoring folder from the RD Gateway Manager console.
B. View the Event Viewer Security log.
C. View the Event Viewer Application log.
D. View the Event Viewer Terminal Services-Gateway log.
Correct Answer: D Explanation
Explanation/Reference:
Explanation: By using TS Gateway Manager, you can specify the types of events that you want to monitor, such as unsuccessful or successful connection attempts to internal network computers through a TS Gateway server. When these events occur, you can monitor the corresponding events by using Windows Event Viewer. TS Gateway server events are stored in Event Viewer under Application and Services Logs\Microsoft\Windows \Terminal Services-Gateway\. Source: http://technet.microsoft.com/en-us/library/cc730618(WS.10).aspx
QUESTION 5
Your company has an Active Directory domain. All the servers in the company run either Windows Server 2008 R2 or Windows Server 2003. A Windows Server 2003 server named Server1 runs Microsoft SQL Server 2005 SP2 and Microsoft Windows SharePoint Services (WSS) 2.0.
The company plans to migrate to WSS 3.0 SP2 on a Windows Server 2008 R2 server named Server2.
You need to migrate the configuration and content from Server1 to Server2.
What should you do?
A. Back up the SharePoint configuration and content from Server1. Install WSS 3.0 SP2 on Server2. Restore the backup from Server1 to Server2.
B. Upgrade Server1 to Windows Server 2008 R2. Back up the SharePoint configuration and content from Server1. Install WSS 3.0 SP2 on Server2. Restore the backup from Server1 to Server2.
C. Back up the SQL Server 2005 configuration and the WSS 2.0 databases from Server1. Install SQL Server 2005 on Server2. Restore the SQL Server 2005 backup from Server1 to Server2.
D. Back up the WSS 2.0 configuration and content from Server1. Install WSS 2.0 on Server2. Restore the backup from Server1 to Server2. Perform an in-place upgrade of WSS 2.0 to WSS 3.0 SP2 on Server2.
Correct Answer: D Explanation
Explanation/Reference:
Explanation:
To migrate to SharePoint Services (WSS) 3.0. from Server1 to Server2 with all the configuration and content, you need to install WSS 2.0 on Server2. Back up the
WSS 2.0 configuration and content from Server1 and restore the backup from Server1 to Server2. Perform an in-place upgrade of WSS 2.0 to WSS 3.0 on
Server2.

When you run an in-place upgrade, all content and configuration data is upgraded in-place, at one time. When you start the in-place upgrade process, the Web
server and Web sites remain offline until the upgrade has been installed. In-place upgrades are best for a stand-alone server and small installations as in this case

Reference: Install and configure Office SharePoint Server for an in-place upgrade http://technet.microsoft.com/en-us/library/cc263212(TechNet.10).aspx

Reference: Determine upgrade approach (Office SharePoint Server) http://technet.microsoft.com/en-us/library/cc263447(TechNet.10).aspx

QUESTION 6
Your company has an Active Directory domain. You have a server named KMS1 that runs Windows Server 2008 R2. You install and configure Key Management Service (KMS) on KMS1. You plan to deploy Windows Server 2008 R2 on 10 new servers. You install the first two servers. The servers fail to activate by using KMS1.
You need to activate the new servers by using the KMS server.
What should you do first?
A. Complete the installation of the remaining eight servers.
B. Configure Windows Management Instrumentation (WMI) exceptions in Windows Firewall on the new servers.
C. Install Volume Activation Management Tool (VAMT) on the KMS server and configure Multiple Activation Key (MAK) Proxy Activation.
D. Install Volume Activation Management Tool (VAMT) on the KMS server and configure Multiple Activation Key (MAK) Independent Activation.
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
Key Management Service
With KMS, IT pros can complete activations on their local network, eliminating the need for individual computers to connect to Microsoft for product activation.
KMS is a lightweight service that does not require a dedicated system and can easily be co-hosted on a system that provides other services. By default, volume
editions of Windows 7 and Windows Server 2008 R2 connect to a system that hosts the KMS service to request activation. No action is required from the user.
KMS requires a minimum number of computers (physical or virtual machines) in a network environment.
The organization must have at least five computers to activate Windows Server 2008 R2 and at least 25 computers to activate clients that are running Windows 7.
These minimums are referred to as activation thresholds.
To use KMS activation with Windows 7, the computer must have the qualifying OS license (often obtained through OEMs as part of the new PC purchase) and
contain a Windows Marker in BIOS.

Source: http://technet.microsoft.com/en-us/library/ff793423.aspx

QUESTION 7
You have four Remote Desktop Session Host Servers that run Windows Server 2008 R2. The Remote Desktop Session Host Servers are named Server1,
Server2, Server3, and Server4.

You install the Remote Desktop Connection Broker role service on Server1.

You need to configure load balancing for the four Remote Desktop Session Host Servers. You must ensure that Server2 is the preferred server for Remote
Desktop Services sessions.
Which tool should you use?

A. Group Policy Management
B. Remote Desktop Session Host Configuration
C. Remote Desktop Connection Manager
D. RD Gateway Manager
Correct Answer: B Explanation
Explanation/Reference:
ExplanationExplanation:
You can configure a Remote Desktop Session Host (RD Session Host) server to join a farm in RD Connection
Broker, and to participate in RD Connection Broker Load Balancing, by using the Remote Desktop Session Host Configuration tool.
To configure RD Connection Broker settings

1.
On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration .

2.
In the Edit settings area, under RD Connection Broker, double-click Member of farm in RD Connection Broker.

3.
On the RD Connection Broker tab of the Properties dialog box, click Change Settings.

4.
In the RD Connection Broker Settings dialog box, click Farm member.

5.
In the RD Connection Broker server name box, type the name of the RD Connection Broker server.

6.
In the Farm name box, type the name of the farm that you want to join in RD Connection Broker.

7.
Click OK to close the RD Connection Broker Settings dialog box.

8.
To participate in RD Connection Broker Load Balancing, select the Participate in Connection Broker Load-Balancing check box.

9.
Optionally, in the Relative weight of this server in the farm box, modify the server weight. By default, the value is 100. The server weight is relative. Therefore, if you assign one server a value of 50, and one a value of 100, the server with a weight of 50 will receive half the number of sessions.

10.
Verify that you want to use IP address redirection. By default, the Use IP address redirection setting is enabled. If you want to use token redirection mode, select Use token redirection. For more information, see About IP Address and Token Redirection.

11.
In the Select IP addresses to be used for reconnection box, select the check box next to each IP address that you want to use.

12.
When you are finished, click OK. Source: http://technet.microsoft.com/en-us/library/cc771383.aspx
QUESTION 8
You have a server that runs Windows Server 2008 R2. The server has Microsoft SharePoint Foundation 2010 installed. The server is configured to accept incoming email.
You create a new document library.
You need to ensure that any user can send e-mail to the document library.

What should you do?

A. Modify the RSS setting for the document library.
B. Modify the permissions for the document library.
C. Modify the incoming email settings for the document library.
D. Enable anonymous authentication for the Web application.
Correct Answer: C Explanation
Explanation/Reference:
Explanation:
Explanation:
Enable and configure email settings for a library
Use this procedure to enable and configure email settings for a library to receive email messages in the
SharePoint document library in a site.
Enable and configure email settings for a library

1. Open the site in which you want to receive email messages by using either of the following methods:
-In Internet Explorer, type the URL o the site.
-On the View Site Collection page, click the site collection that you want to view.
2.
In the left navigation pane of the home page, click View All Site Content.

3.
In the Documents section, click a document library name to open the library for which you want to enable and configure email settings.

4.
On the Settings menu, click Document Library Settings, Picture Library Settings, or Form Library Settings, depending on the kind of library that you are enabling and configuring.

5.
In the Communications section, click Incoming email settings.

6.
In the Email section, select Yes to enable this library to receive email messages.

7.
In the Email address box, type a unique name to use as part of the email address for this library.

8.
In the Email Attachments section, decide where to save and how to group the email attachments in this library, and then choose whether to overwrite files that have the same name. Note: If you decide not to overwrite files that have the same name and then later try to save a file that has the same name as one that already exists in the library, four random digits are appended to the file name for the new attachment. If this action fails, a globally unique identifier (GUID) is appended to the file name. If neither of these actions can produce a unique file name, the attachment is discarded.

9.
In the Email Message section, choose whether to save the original email message in this library. If you select Yes, the original message is saved as a separate item in the library.

10.
In the Email Meeting Invitations section, choose whether to save the attachments to your meeting invitations in this library.

11.
In the Email Security section, choose whether to archive email messages only from members of the site who can write to the library or to archive regardless of who sends the email message.

12.
Click OK to save the changes that you have made in the settings.
Source: http://technet.microsoft.com/en-us/library/cc262800.aspx
QUESTION 9
A server named Server2 runs Windows Server 2008 R2. The Remote Desktop Services server role is installed on Server2.
You plan to deploy an application on Server2. The application vendor confirms that the application can be deployed in a Remote Desktop Services environment.
The application does not use Microsoft Windows Installer packages for installation. The application makes changes to the current user registry during installation.
You need to install the application to support multiple user sessions.

What should you do?

A. Run the mstsc /v:Server2 /admin command from the client computer to log on to Server2. Install the application.
B. Run the change user /execute command on Server2. Install the application and run the change user /install command on Server2.
C. Run the change user /install command on Server2. Install the application and run the change user /execute command on Server2.
D. Run the change logon /disable command on Server2. Install the application and run the change logon /enable command on Server2.
Correct Answer: C Explanation
Explanation/Reference:
Explanation: Change user Changes the install mode for the terminal server

Source: http://technet.microsoft.com/en-us/library/cc730696(WS.10).aspx
QUESTION 10
Your company has an Active Directory domain. A server named Server2 runs Windows Server 2008 R2. All client computers run Windows 7.
You install the Remote Desktop Services server role, RD Web Access role service, and RD Gateway role service on Server2.
You need to ensure that all client computers have compliant firewall, antivirus software, and antispyware.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Configure Network Access Protection (NAP) on a server in the domain.
B. Add the Remote Desktop Services servers to the Windows Authorization Access domain local security group.
C. Add the Remote Desktop Services client computers to the Windows Authorization Access domain local security group.
D. Enable the Request clients to send a statement of health option in the Remote Desktop client access policy. Correct Answer: AD
Explanation
Explanation/Reference:
Explanation To ensure that all client machines have firewall, antivirus software and anti-spyware software installed, you should set the Request clients to sent a health option statement in the Remote Desktop Services client access policy and install and configure Network Access Protection (NAP) on the server in the domain.

Source: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=8e47649e-962c-42f8- 9e6f-21c5ccdcf490&displaylang=en
QUESTION 11
Your network consists of a single Active Directory domain. The domain contains a server that runs Windows Server 2008 R2. The server has Microsoft SharePoint Foundation 2010 installed. You need to allow users to create distribution lists from a SharePoint site. What should you do on the SharePoint Foundation 2010 server?
A. Set the outgoing mail character set to 1200(Unicode).
B. Enable the SharePoint Directory Management Service.
C. Configure the site to accept messages from authenticated users only.
D. Configure the site to use the default Rights Management server in Active Directory Domain Services.
Correct Answer: B Explanation
Explanation/Reference:
Explanation:
To configure WSS server in such a way that it allow users to create distribution lists from a SharePoint site, you need to enable the SharePoint Directory
Management Service on the server. A distribution list contains the email addresses of existing address lists as well as the email addresses of other site members.
Distribution lists are available only if the SharePoint Directory Management Service is enabled in Central Administration.

All new subsites that are created in an email-enabled site collection are automatically email-enabled also. If you choose to use an existing group during site
creation, the distribution list for the parent site (if available) will be associated with the new site

Reference: Introduction to incoming email/ New site creation walkthrough http://office.microsoft.com/en-us/help/HA100823061033.aspx

QUESTION 12
You manage a server that runs Windows Server 2008. The server has the Web Server (IIS) role installed. The server hosts an Internet-accessible Web site that
has a virtual directory named /orders/. A Web server certificate is installed and an SSL listener has been configured for the Web site.

The /orders/ virtual directory must meet the following company policy requirements:
Be accessible to authenticated users only.
Allow authentication types to support all browsers.
Encrypt all authentication traffic by using HTTPS.
All other directories of the Web site must be accessible to anonymous users and be available without SSL

You need to configure the /orders/ virtual directory to meet the company policy requirements.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Configure the Web site to the Require SSL setting.
B. Configure the /orders/ virtual directory to the Require SSL setting.
C. Configure the Digest Authentication setting to Enabled for the /orders/ virtual directory.
D. Configure the Basic Authentication setting to Enabled and the Anonymous Authentication setting to Disabled for the Web site.
E. Configure the Basic Authentication setting to Enabled and the Anonymous Authentication setting to Disabled for the / orders/ virtual directory.
Correct Answer: BE Explanation
Explanation/Reference:
Explanation:
To configure the /salesorders/ virtual directory so that it is accessible to authenticated users only and it should allow authentication types to support all browsers,

you need to configure the Basic Authentication setting to Enabled for the / salesorders / virtual directory, because the Basic authentication is supported by mostly all the browsers.
Next you need to Disable the Anonymous Authentication setting to for the / salesorders / virtual directory, so that only authenticated users can access the virtual directory. Finally, you need to configure only the /salesorders / virtual directory to the Require SSL setting so that only the authentication traffic to this directory is encrypted and all other directories of the Website must be accessible to anonymous users and be available without SSL.
To configure authentication for a virtual directory or a physical directory in a Web site, you need to configure the virtual directory for the Web site and not the website.
Reference: How to configure IIS Web site authentication http://support.microsoft.com/kb/308160
QUESTION 13
You have a Windows Server 2008 R2 server that has the Web Server (IIS) server role installed. The server hosts multiple Web sites.
You need to configure the server to automatically release memory for a single Web site. You must achieve this goal without affecting the other Web sites.
What should you do?
A. Create a new Web site and edit the bindings for the Web site.
B. Create a new application pool and associate the Web site to the application pool.
C. Create a new virtual directory and modify the Physical Path Credentials on the virtual directory.
D. From the Application Pool Defaults, modify the Recycling options.
Correct Answer: B Explanation
Explanation/Reference:
Explanation:
To configure the server to automatically release memory for a single website without affecting the other Web sites, you need to create a new application pool and
associate the Web site to the application pool
An application pool is a group of one or more URLs that are served by a worker process or a set of worker processes. Application pools set boundaries for the
applications they contain, which means that any applications that are running outside a given application pool cannot affect the applications in the application pool.
You can configure the server to automatically release memory or to release memory after reaching maximum used memory.

Reference: IIS 7.0: Managing Application Pools in IIS 7.0 http://technet2.microsoft.com/windowsserver2008/en/library/1dbaa793-0a05-4914-a065-4d109db3b9101033.mspx?mfr=true

Reference: IIS 7.0: Configuring Recycling Settings for an Application Pool http://technet2.microsoft.com/windowsserver2008/en/library/0d5770e3-2f6f-4e11-a47c-9bab6a69ebc71033.mspx?mfr=true

QUESTION 14
You install the Windows Deployment Services (WDS) role on a server that runs Windows Server 2008 R2.
You plan to install Windows 7 on a computer that does not support Preboot Execution Environment (PXE). You have a Windows 7 image that is stored on the WDS server.
You need to start the computer and install the image that is stored on the WDS server.
What should you create?
A. a capture image
B. a CD-ROM that contains PXE drivers
C. a discover image
D. an install image
Correct Answer: C Explanation
Explanation/Reference:
Explanation: To start the computer and install Windows Vista image stored on the WDS server, you should create the Discover image. If you have a computer that is not PXE enabled, you can create a discover image and use it to install an operating system on that computer. When you create a discover image and save it to media (CD, DVD, USB drive, and so on), you can then boot a computer to the media. The discover image on the media locates a Windows Deployment Services server, and the server deploys the install image to the computer. You can configure discover images to target a specific Windows Deployment Services server. This means that if you have multiple servers in your environment, you can create a discover image for each, and then name them based on the name of the server. Reference: http://technet2.microsoft.com/WindowsVista/en/library/9e197135-6711-4c20-bfad- fc80fc2151301033.mspx?mfr=true
QUESTION 15
Your company has an Active Directory domain. The Terminal Services role is installed on a member server named TS01. The Terminal Services Licensing role service is installed on a new test server named TS10 in a workgroup.
You cannot enable the Terminal Services Per User Client Access License (TS Per User CAL) mode in the Terminal Services Licensing role service on TS10.
You need to ensure that you can use TS Per User CAL mode on TS10. What should you do?
A. Join TS10 to the domain.
B. Disjoin TS01 from the domain.
C. Extend the schema to add attributes for Terminal Services Licensing.
D. Create a Group Policy object (GPO) that configures TS01 to use TS10 for licensing.
Correct Answer: A Explanation
Explanation/Reference:
Explanation: To ensure that you could employ Terminal Services per User CAL mode on TK2, you need to connect TK2 to the Active Directory domain because TS Per User CAL tracking and reporting is supported only in domain-joined scenarios. Reference: TS Licensing/Are there any special considerations? http://technet2.microsoft.com/windowsserver2008/en/library/5a4afe2f-5911-4b3f-a98a-338b442b76041033.mspx?mfr=true
QUESTION 16
You have a Windows Server 2008 R2 server that has the Web Server (IIS) server role installed. The server contains a Web site.
You need to ensure that the cookies sent from the Web site are encrypted on users’ computers.
Which Web site feature should you configure?
A. Authorization Rules
B. Machine Key
C. Pages And Controls
D. SSL Settings
Correct Answer: B Explanation
Explanation/Reference:
Explanation:
To encrypt the cookies sent from the website on the users’ computer, you need to use machine key. Encrypting cookies is important to prevent tampering. A
hacker can easily view a cookie and alter it. So to protect the cookie, machine key is used in ASP .NET 2.0. Encryption is based on a hash plus the actual data
encrypted, so that if you try to change the data, it’s pretty difficult. ASP.NET’s ViewState uses the Machinekey config file section to configure the keys and such…
this is important when the application is going to be run on a web farm, where load balancing webservers may be in no affinity mode.
Reference: http://www.codeproject.com/KB/web-security/HttpCookieEncryption.aspx

QUESTION 17
Your company has a server that runs Windows Server 2008 R2. The server has the Web Server (IIS) role installed.
You need to activate SSL for the default Web site.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Obtain and import a server certificate by using the IIS Manager console.
B. Select the Generate Key option in the Machine Key dialog box for the default Web site.
C. Add bindings for the HTTPS protocol to the default Web site by using the IIS Manager console.
D. Install the Digest Authentication component for the Web server role by using the Server Manager console.
Correct Answer: AC Explanation
Explanation/Reference:
Explanation:
To activate SSL for the default Web site on the server, you need to get an appropriate certificate and create an HTTPS binding on a site. On Windows Vista and
Windows Server 2008, HTTP.sys handles SSL encryption/decryption in kernel mode, resulting in up to 20% better performance for secure connections.

Moving SSL to kernel mode requiresstoring SSL binding information in two places. First, the binding is stored in %windir%\system32\inetsrv\applicationHost.config
for your site. When the site starts, IIS 7.0sends the binding to HTTP.sys and HTTP.sys starts listening for requests on the specified IP:Port (this works for all
bindings).

Second, SSL configuration associated with the binding is stored in HTTP.sys configuration.When a client connects and initiates an SSL negotiation, HTTP.sys
looks in its SSL configuration for the
IP:Port pair that the client connected to. The HTTP.sys SSL configuration must include a certificate hash and the name of the certificate’s store for the SSL
negotiation to succeed.

Reference: How to Setup SSL on IIS 7.0
http://learn.iis.net/page.aspx/144/how-to-setup-ssl-on-iis-7/

QUESTION 18
Your network contains a Windows Server 2008 R2 server that has the Web Server (IIS) server role installed.
You have a Web application that uses a custom application pool. The application pool is set to recycle every 1,440 minutes. The Web application does not support multiple worker processes. You need to configure the application pool to ensure that users can access the Web application after the application pool is recycled.
What should you do?
A. Set the Shutdown Executable option to True.
B. Set the Process Orphaning Enabled option to True.
C. Set the Disable Overlapped Recycle option to True.
D. Set the Disable Recycling for Configuration Changes option to True.
Correct Answer: C Explanation
Explanation/Reference:
Explanation: Explanation: Overlapped Recycling In an overlapped recycling scenario, the process targeted for a recycle continues to process all remaining requests while a replacement worker process is created simultaneously. The new process is started before the old worker process stops, and requests are then directed to the new process. This design prevents delays in service, since the old process continues to accept requests until the new process has initialized successfully, and is instructed to shut down only after the new process is ready to handle requests. Considerations When Recycling Applications When applications are recycled, it is possible for session state to be lost. During an overlapped recycle, the occurrence of multi-instancing is also a possibility. Loss of session state: Many IIS applications depend on the ability to store state. IIS 6.0 can cause state to be lost if it automatically shuts down a worker process that has timed out due to idle processing, or if it restarts a worker process during recycling. Occurrence of multi-instancing: In multi-instancing, two or more instances of a process run simultaneously. Depending on how the application pool is configured, it is possible for multiple instances of a worker process to run, each possibly loading and running the same application code. The occurrence of an overlapped recycle is an example of multi-instancing, as is a Web garden in which two or more processes serve the application pool regardless of the recycling settings. If your application cannot run in a multi-instance environment, you must configure only one worker process for an application pool (which is the default value), and disable the overlapped recycling feature if application pool recycling is being used.

Source: http://technet.microsoft.com/en-us/library/ms525803(VS.90).aspx
QUESTION 19
You manage a server that runs Windows Server 2008 R2. The Remote Desktop Services server role is installed on the server. A Remote Desktop Services application runs on the server. Users report that the application stops responding.
You monitor the memory usage on the server for a week. You discover that the application has a memory leak.
A patch is not currently available. You create a new resource-allocation policy in Windows System Resource Manager (WSRM). You configure a Process Matching Criteria named TrackShip and select the application. You need to terminate the application when the application consumes more than half of the available memory on the server.
What should you do?
A. Configure the resource-allocation policy and set the maximum working set limit option to half the available memory on the server. Set the new policy as a Profiling Policy.
B. Configure the resource-allocation policy and set the maximum working set limit option to half the available memory on the server. Set the new policy as a Managing Policy.
C. Configure the resource-allocation policy and set the maximum committed memory option to half the available memory on the server. Set the new policy as a Profiling Policy.
D. Configure the resource-allocation policy and set the maximum committed memory option to half the available memory on the server. Set the new policy as a Managing Policy.
Correct Answer: D Explanation
Explanation/Reference:
Explanation:
To create a memory resource allocation

1.
In the Add or Edit Resource Allocation dialog box, on the General tab, in the Process matching criteria list, select a process matching criterion for the matched
processes that will be managed by the resource allocation.
2.
On the Memory tab, select one or both:
Use maximum committed memory for each process
Use maximum working set limit for each process
3.
If you selected Use maximum committed memory for each process:
In the Maximum committed memory limit per process box, type a value in megabytes (MB). In the If memory is surpassed box, select an action to take when the
limit is reached.
4.
If you selected Use maximum working set limit for each process, in the Maximum working set limit per process box, type a value in MB.
5.
Click OK.
To add additional memory resource allocations, click Add, and then repeat steps 15.

Source: http://technet.microsoft.com/en-us/library/cc771472.aspx
QUESTION 20
You manage a member server that runs Windows Server 2008 R2. The server has the Web Server (IIS) role installed.
The Web server hosts a Web site named Intranet1. Only internal Active Directory user accounts have access to the Web site.

The authentication settings for Intranet1 are configured as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that users authenticate to the Web site by using only the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2) encrypted Active Directory credentials.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Add the Digest Authentication role service and the URL Authorization role service to the server.
B. Add the Windows Authentication role service to IIS. Configure the Windows Authentication setting to Enabled in the Intranet1 properties.
C. Configure the Basic Authentication setting to Disabled in the Intranet1 properties.
D. Configure the Default domain field for the Basic Authentication settings on Intranet1 by adding the name of the Active Directory domain.
E. Configure the Basic Authentication setting to Disabled and the Anonymous Authentication setting to Enabled in the Intranet1 properties.
Correct Answer: BC Explanation
Explanation/Reference:
Explanation: To ensure that the users accessing the website are authenticated through MS-CHAPv2 encrypted Active Directory credentials, you should Add Windows Authentication role service to the IIS server. Enable the Windows Authentication settings in the intranet-e properties and disable the basic authentication setting in the intranet-e properties. Basic authentication is a set of basic rules that authenticate users. To implement MS-CHAPv2, you have to disable the basic authentication and then, add windows authentication role services to the IIS server. After adding it, you should enable it. The Windows Authentication role service will allow the website to be authenticated through MS- CHAPv2.

Microsoft 70-642 Q&A, Buy Microsoft 70-642 Test On Sale

Flydumps Microsoft 70-642 exam questions and answers in PDF are prepared by our expert, Moreover,they are based on the recommended syllabus covering all the Microsoft 70-642 exam objectives.You will find them to be very helpful and precise in the subject matter since all the Microsoft Microsoft 70-642 exam content is regularly updated and has been checked for accuracy by our team of Microsoft expert professionals.

QUESTION 1
Your network contains 100 servers that run Windows Server 2008 R2.
A server named Server1 is deployed on the network. Server1 will be used to collect events from the Security event logs of the other servers on the network.
You need to define the Custom Event Delivery Optimization settings on Server1. Which tool should you use?
A. Event Viewer
B. Task Scheduler
C. Wecutil
D. Wevtutil
Correct Answer: C Explanation
Explanation/Reference:
QUESTION 2
Your network contains a server that runs Windows Server 2008 R2. You plan to create a custom script. You need to ensure that each time the script runs, an entry is added to the Application event log.
Which tool should you use?
A. Eventcreate
B. Eventvwr
C. Wecutil
D. Wevtutil
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
You can create custom events in an event log by using the Eventcreate utility. This can be useful as a diagnostic tool in scripts when you record an error or event
directly into the logs without using VBScript or another language to log the event.
http://support.microsoft.com/kb/324145

QUESTION 3
Your network contains a server that has the SNMP Service installed. You need to configure the SNMP security settings on the server. Which tool should you use?
A. Local Security Policy
B. Scw
C. Secedit
D. Services console
Correct Answer: D Explanation
Explanation/Reference:
QUESTION 4
Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 has the SNMP Service installed.
You perform an SNMP query against Server1 and discover that the query returns the incorrect identification information.
You need to change the identification information returned by Server1.

What should you do?

A. From the properties of the SNMP Service, modify the Agent settings.
B. From the properties of the SNMP Service, modify the General settings.
C. From the properties of the SNMP Trap Service, modify the Logon settings.
D. From the properties of the SNMP Trap Service, modify the General settings.
Correct Answer: A Explanation
Explanation/Reference:
Explanation:

QUESTION 5
You need to capture the HTTP traffic to and from a server every day between 09:00 and 10:00.
What should you do?
A. Create a scheduled task that runs the Netsh tool.
B. Create a scheduled task that runs the Nmcap tool.
C. From Network Monitor, configure the General options.
D. From Network Monitor, configure the Capture options.
Correct Answer: B Explanation
Explanation/Reference:
Explanation: Explanation: nmcap /networks * /capture LDAP /file c:\file.cap If you want a timer add the following /startwhen /timeafter x hours
QUESTION 6
Your network contains a single Active Directory domain. All servers run Windows Server 2008 R2. A DHCP server is deployed on the network and configured to provide IPv6 prefixes. You need to ensure that when you monitor network traffic, you see the interface identifiers derived from the Extended Unique Identifier (EUI)-64 address.
Which command should you run?
A. netsh.exe interface ipv6 set global addressmaskreply=disabled
B. netsh.exe interface ipv6 set global dhcpmediasense=enabled
C. netsh.exe interface ipv6 set global randomizeidentifiers=disabled
D. netsh.exe interface ipv6 set privacy state=enabled
Correct Answer: C Explanation
Explanation/Reference:
Explanation:
Starting Windows Vista, Windows Server 2008 and Windows 7, to prevent address scans of IPv6 addresses based on the known company IDs of network adapter
manufacturers, Windows by default generate random interface IDs for non-temporary autoconfigured IPv6 addresses, including public and link-local addresses. A
public IPv6 address is a global address that is registered in DNS and is typically used by server applications for incoming connections, such as a Web server.
However, this can cause issues with some connection instances in which case you may need to disable this option.
To prevent Windows from using Random Identifiers,

1.
Click Start search “cmd”, right-click and choose “Run as Administrator”. This should launch the command window withe elevated privileges.
2.
Run the following command:
C:\windows\system32> netsh interface ipv6 set global randomizeidentifiers=disabled At anytime later, you can enable this (if requierd) as follows:
C:\windows\system32> netsh interface ipv6 set global randomizeidentifiers=enabled http://www.windowsreference.com/networking/disable-ipv6-random-identifier-in-windows-7-server- 2008-vista/

QUESTION 7
Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 has the Routing and Remote Access service (RRAS) role service installed. You need to view all inbound VPN packets. The solution must minimize the amount of data collected.
What should you do?
A. From RRAS, create an inbound packet filter.
B. From Network Monitor, create a capture filter.
C. From the Registry Editor, configure file tracing for RRAS.
D. At the command prompt, run netsh.exe ras set tracing rasauth enabled.
Correct Answer: B Explanation
Explanation/Reference:
QUESTION 8
Your company is designing its public network. The network will use an IPv4 range of 131.107.40.0/22. The network must be configured as shown in the following exhibit.

You need to configure subnets for each segment. Which network addresses should you assign?
A. Segment A: 131.107.40.0/23 Segment B: 131.107.42.0/24 Segment C: 131.107.43.0/25 Segment D: 131.107.43.128/27
B. Segment A: 131.107.40.0/25 Segment B: 131.107.40.128/26 Segment C: 131.107.43.192/27 Segment D: 131.107.43.224/30
C. Segment A: 131.107.40.0/23 Segment B: 131.107.41.0/24 Segment C: 131.107.41.128/25 Segment D: 131.107.43.0/27
D. Segment A: 131.107.40.128/23 Segment B: 131.107.43.0/24 Segment C: 131.107.44.0/25 Segment D: 131.107.44.128/27
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
1: The corresponding CIDR notation prefix lenth is /22.
2: The next myltiple of 8 that is greater than 22 is 24. Octet 3 is interesting.
3: 24-22 = 2, so the incremental is 2^2 =4.
4: The increments in the third octer are 0,4,8,12,16,20,24,28,32,36,40,44,46, and so on.
QUESTION 9
Your company has an IPv6 network that has 25 segments. You deploy a server on the IPv6 network.
You need to ensure that the server can communicate with all segments on the IPv6 network.
What should you do?
A. Configure the IPv6 address as fd00::2b0:d0ff:fee9:4143/8.
B. Configure the IPv6 address as fe80::2b0:d0ff:fee9:4143/64.
C. Configure the IPv6 address as ff80::2b0:d0ff:fee9:4143/64.
D. Configure the IPv6 address as 0000::2b0:d0ff:fee9:4143/64.
Correct Answer: A Explanation
Explanation/Reference:
QUESTION 10
Your company is designing its network. The network will use an IPv6 prefix of 2001:DB8:BBCC:0000::/53.
You need to identify an IPv6 addressing scheme that will support 2000 subnets.
Which network mask should you use?

A. /61
B. /62
C. /63
D. /64
Correct Answer: D Explanation
Explanation/Reference: QUESTION 11
Your company uses DHCP to lease IPv4 addresses to computers at the main office. A WAN link connects the main office to a branch office. All computers in the branch office are configured with static IP addresses. The branch office does not use DHCP and uses a different subnet. You need to ensure that the portable computers can connect to network resources at the main office and the branch office.
How should you configure each portable computer?
A. Use a static IPv4 address in the range used at the branch office.
B. Use an alternate configuration that contains a static IP address in the range used at the main office.
C. Use the address that was assigned by the DHCP server as a static IP address.
D. Use an alternate configuration that contains a static IP address in the range used at the branch office.
Correct Answer: D Explanation
Explanation/Reference:
QUESTION 12
Your company has computers in multiple locations that use IPv4 and IPv6. Each location is protected by a firewall that performs symmetric NAT. You need to allow peer-to-peer communication between all locations.
What should you do?
A. Configure dynamic NAT on the firewall.
B. Configure the firewall to allow the use of Teredo.
C. Configure a link local IPv6 address for the internal interface of the firewall.
D. Configure a global IPv6 address for the external interface of the firewall.
Correct Answer: B Explanation
Explanation/Reference:
Explanation: In computer networking, Teredo is a transition technology that gives full IPv6 connectivity for Ipv6-capable hosts which are on the IPv4 Internet but which have no direct native connection to an IPv6 network. Compared to other similar protocols its distinguishing feature is that it is able to perform its function even from behind network address translation (NAT) devices such as home routers. http://technet.microsoft.com/en-us/library/ee126159(v=ws.10).aspx
QUESTION 13
You have a Windows Server 2008 R2 computer that has an IP address of 172.16.45.9/21. The server is configured to use IPv6 addressing. You need to test IPv6 communication to a server that has an IP address of 172.16.40.18/21.
What should you do from a command prompt?
A. Type ping 172.16.45.9:::::.
B. Type ping::9.45.16.172.
C. Type ping followed by the Link-local address of the server.
D. Type ping followed by the Site-local address of the server.
Correct Answer: C Explanation
Explanation/Reference:
QUESTION 14
Your network contains a DHCP server named DHCP1 that runs Windows Server 2008 R2. All client computers on the network obtain their network configurations from DHCP1.
You have a client computer named Client1 that runs Windows 7 Enterprise. You need to configure Client1 to use a different DNS server than the other client computers on the network.
What should you do?
A. Configure the scope options.
B. Create a reservation.
C. Create a DHCP filter.
D. Define a user class.
Correct Answer: D Explanation
Explanation/Reference:
Explanation: http://support.microsoft.com/kb/240247/en-us?fr=1
QUESTION 15
Your network contains a domain controller named DC1 and a member server named Server1. You save a copy of the Active Directory Web Services (ADWS)
event log on DC1. You copy the log to Server1.
You open the event log file on Server1 and discover that the event description information is unavailable.
You need to ensure that the event log file displays the same information when the file is open on Server1 and on DC1.

What should you do on Server1?

A. Import a custom view.
B. Copy the SYSVOL folder from DC1.
C. Copy the LocaleMetaData folder from DC1.
D. Create a custom view.
Correct Answer: C Explanation
Explanation/Reference:
Explanation:
The LocaleMetaData contains the description/display information that is missing, and when you “save all events as” you should chose to save and “display
information”.
http://technet.microsoft.com/en-us/library/cc749339.aspx

QUESTION 16
You have a DHCP server that runs Windows Server 2008 R2. You need to reduce the size of the DHCP database.
What should you do?
A. From the DHCP snap-in, reconcile the database.
B. From the folder that contains the DHCP database, run jetpack.exe dhcp.mdb temp.mdb.
C. From the properties of the dhcp.mdb file, enable the File is ready for archiving attribute.
D. From the properties of the dhcp.mdb file, enable the Compress contents to save disk space attribute.
Correct Answer: B Explanation
Explanation/Reference:
Explanation:
To compact the DHCP database:
CD %SYSTEMROOT%\SYSTEM32\DHCP
NET STOP DHCPSERVER
JETPACK DHCP.MDB TMP.MDB
NET START DHCPSERVER
In the examples above, Tmp.mdb is a temporary database that is used by Jetpack.exe. Wins.mdb is the WINS database. Dhcp.mdb is the DHCP database.
Jetpack.exe compacts the WINS or DHCP database by doing the following:
-Copies database information to a temporary database file called Tmp.mdb.
-Deletes the original database file, Wins.mdb or Dhcp.mdb.
-Renames the temporary database files to the original filename.
http://technet.microsoft.com/en-us/library/hh875589(v=ws.10).aspx://support.microsoft.com/kb/145881/en-us

QUESTION 17
You have a DHCP server that runs Windows Server 2008 R2. The DHCP server has two network connections named LAN1 and LAN2.
You need to prevent the DHCP server from responding to DHCP client requests on LAN2. The server must continue to respond to non-DHCP client requests on LAN2.
What should you do?
A. From the DHCP snap-in, modify the bindings to associate only LAN1 with the DHCP service.
B. From the DHCP snap-in, create a new multicast scope.
C. From the properties of the LAN1 network connection, set the metric value to 1.
D. From the properties of the LAN2 network connection, set the metric value to 1.
Correct Answer: A Explanation
Explanation/Reference:
Explanation: Correct answer(s): A By default, the service bindings depend on whether the network connection is configured dynamically or statically for TCP/IP. Based on the method of configuration it uses, reflected by its current settings in Internet Protocol (TCP/IP) properties, the DHCP Server service performs default service bindings as follows: If the first network connection uses a manually specified IP address, the connection is enabled in server bindings. For this to occur, a value for IP address must be configured and the Use the following IP address option selected in Internet Protocol (TCP/IP) properties. In this mode, the DHCP server listens for and provides service to DHCP clients. If the first network connection uses an IP address configured dynamically, the connection is disabled in server bindings. This occurs when the Obtain an IP address automatically option is selected in Internet Protocol (TCP/ IP) properties. For computers running Windows Server 2008 R2 operating systems, this is the default setting. In this mode, the DHCP server does not listen for and provide service to DHCP clients until a static IP address is configured. The DHCP server will bind to the first static IP address configured on each adapter. Note By design, DHCP server bindings are enabled and disabled on a per-connection, not per-address basis. All bindings are based on the first configured IP address for each connection appearing in the Network Connections folder. If additional static IP addresses (for example, as set in Advanced TCP/IP properties) are configured for the applicable connection, these addresses are never used by DHCP servers running Windows Server 2008 R2 and are inconsequential for server bindings. DHCP servers running Windows Server 2008 R2 never bind to any of the NDISWAN or DHCP- enabled interfaces used on the server. These interfaces are not displayed in the DHCP console under the current server bindings list because they are never used for DHCP service. Only additional network connections that have a primary static IP address configured can appear in the server bindings list (or be selectively enabled or disabled there).
http://technet.microsoft.com/en-us/library/ee941100(v=ws.10).aspx
QUESTION 18
Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 is configured as a DNS server.
You need to ensure that Server1 only resolves queries issued from client computers in the same subnet as Server1.
The solution must ensure that Server1 can resolve Internet host names.
What should you do on Server1?
A. Configure Windows Firewall.
B. Create a conditional forwarder.
C. Modify the routing table.
D. Create a trust anchor.

Correct Answer: A Explanation
Explanation/Reference:
QUESTION 19
Your network uses IPv4.
You install a server that runs Windows Server 2008 R2 at a branch office. The server is configured with two network interfaces.
You need to configure routing on the server at the branch office.

Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)

A. Install the Routing and Remote Access Services role service.
B. Run the netsh ras ip set access ALL command.
C. Run the netsh interface ipv4 enable command.
D. Enable the IPv4 Router Routing and Remote Access option.
Correct Answer: AD Explanation
Explanation/Reference:
QUESTION 20
Your company has an IPv4 Ethernet network.
A router named R1 connects your segment to the Internet. A router named R2 joins your subnet with a segment named Private1. The Private1 segment has a
network address of 10.128.4.0/26. Your computer named WKS1 requires access to servers on the Private1 network. The WKS1 computer configuration is as
shown in the following table.
WKS1 is unable to connect to the Private1 network by using the current configuration. You need to add a persistent route for the Private1 network to the routing table on WKS1.
Which command should you run on WKS1?
A. Route add -p 10.128.4.0/22 10.128.4.1
B. Route add -p 10.128.4.0/26 10.128.64.10
C. Route add -p 10.128.4.0 mask 255.255.255.192 10.128.64.10
D. Route add -p 10.128.64.10 mask 255.255.255.192 10.128.4.0
Correct Answer: C Explanation
Explanation/Reference:
Explanation: For example, to add a static route to the 10.0.0.0 network that uses a subnet mask of 255.0.0.0, a gateway of 192.168.0.1, you type the following at a command prompt: route add 10.0.0.0 mask 255.0.0.0 192.168.0.1
Both PDF and software format demos for Microsoft 70-642 exam dumps are offered by Flydumps for free.You can try Microsoft 70-642 free demo before you decide to buy the full version practice test.Microsoft 70-642 exam dumps details are researched and produced by our Professional Certification Experts who are constantly using industry experience to produce precise, and logical.Microsoft 70-642 dumps will not only help you pass in one attempt,but also save your valuable time.

Microsoft 70-647 Real Exam Questions And Answers, Provide Latest Microsoft 70-647 Vce & PDF For Download

NEW DUMPS– How to prepare the Microsoft 70-647 exam and to 100 percent pass it without any problem? Microsoft 70-647 just published the newest Microsoft 70-647 Flydumps with all the new updated exam questions and answers.You can get the free new version on Flydumps.com

Testlet 1
QUESTION 1
Your network consists of one Active directory domain. The functional level of the domain is Windows Server 2008 R2. Your company has three departments
named Sales, Marketing, and Engineering. All users in the domain are in an organizational unit (OU) named AllUsers.
You have three custom applications. You deploy all custom applications by using a Group Policy object (GPO) named AppInstall.
The Sales department purchases a new application that is only licensed for use by the Sales department.

You need to recommend a solution to simplify the distribution of the new application.
The solution must meet the following requirements:
?The application must only be distributed to licensed users. ?The amount of administrative effort required to manage the users must remain unaffected. ?The
three custom applications must be distributed to all existing and new users on the network.

What should you recommend?

A. Create a new child domain for each department and link the AppInstall GPO to each child domain. Create a new GPO. Link the new GPO to the Sales domain.
B. Create a new child OU for each department. Link the AppInstall GPO to the Marketing OU and the Engineering OU. Create a new GPO. Link the new GPO to the Sales OU.
C. Create a new group for each department and filter the AppInstall GPO to each group. Create a new GPO. Link the new GPO to the domain. Filter the new GPO to the Sales group.
D. Create a new group for each department. Filter the AppInstall GPO to the Marketing group and the Engineering group. Create a new GPO. Link the new GPO to the domain. Filter the new GPO to the Sales group.

Correct Answer: C Explanation
Explanation/Reference:
Explanation
To ensure that the other applications are distributed to all existing and new users on the network, you need to create a new group for each department and filter the InstallApp GPO to each group. Filtering allows you to target only specific computers or users. You can create and modify multiple preference items within each GPO, and you can filter each preference item to target only specific computers or users. Finally to simplify the distribution of the licensed application to the users of the sales department, you need to create and link a new GPO to the domain and filter the new GPO to the Sales group. You should not filter the InstallApp GPO to the Marketing group and the Development groups only because all the other applications beside the licensed application need to be installed to the Sales department also. Reference: Group Policy/ Preferences http://technet2.microsoft.com/windowsserver2008/en/library/3b4568bc-9d3c-4477-807d- 2ea149ff06491033.mspx?mfr=true

QUESTION 2
Your network contains servers that run Windows Server 2008 R2 and client computers that run Windows 7.
All network routers support IPsec connections. Client computers and servers use IPsec to connect through network routers.
You have two servers named Server1 and Server2. Server1 has Active Directory Certificate Services (AD CS) installed and is configured as a certification

authority (CA). Server2 runs Internet Information Services (IIS).

You need to recommend a certificate solution for the network routers. The solution must meet the following requirements:
?Use the Simple Certificate Enrollment Protocol (SCEP). ?Enable the routers to automatically request certificates.
What should you recommend implementing?

A. Certification authority Web enrollment services on Server2
B. Network Device Enrollment Service on Server2
C. Online Responder service on Server1
D. Subordinate CA on Server1 Correct Answer: B

Explanation Explanation/Reference:
Explanation
To recommend a certificate solution for the network routers that would enable the routers to automatically request certificates and that would use Simple Certificate Enrollment Protocol (SCEP), you need to implement Network Device Enrollment Service on Server2.
The Network Device Enrollment Service allows routers and other network devices to obtain certificates based on the Simple Certificate Enrollment Protocol (SCEP) from Cisco Systems Inc.
Reference: Windows Server Active Directory Certificate Services Step-by-Step Guide/ AD CS Technology Review http://technet2.microsoft.com/ windowsserver2008/en/library/f7dfccc0-4f65-4d6f-a801- ae6a87fd174c1033.mspx?mfr=true

QUESTION 3
Your network consists of one Active Directory domain.
Your company uses a firewall to connect to the Internet. Inbound TCP/IP port 443 is allowed on the firewall.
You have terminal servers on the internal network. You have one server on the internal network that has Terminal Services Gateway (TS Gateway) deployed. All

servers run Windows Server 2008.
You need to recommend a solution that enables remote users to access network resources by using TS Gateway.
What should you recommend?

A. Change the firewall rules to permit traffic through port 3389 from the Internet.
B. Install the Terminal Services server role with the Terminal Services Web Access (TS Web Access) services role.
C. Install the Terminal Services server role with the Terminal Services Session Broker (TS Session Broker) services role.
D. Create a Terminal Services connection authorization policy (TS CAP) and a Terminal Services resource authorization policy (TS RAP).

Correct Answer: D Explanation
Explanation/Reference:
Explanation
To implement a solution that enables remote users to access network resources by using TS Gateway, you need to create a Terminal Services connection authorization policy (TS CAP) and a Terminal Services resource authorization policy (TS RAP). TS CAPs allow you to specify who can connect to a TS Gateway server. Users are granted access to a TS Gateway server if they meet the conditions specified in the TS CAP. You must also create a Terminal Services resource authorization policy (TS RAP). A TS RAP allows you to specify the internal network resources that users can connect to through TS Gateway. Until you create both a TS CAP and a TS RAP, users cannot connect to internal network resources through this TS Gateway server. Reference: Terminal Services Gateway (TS Gateway) / Why are TS CAPs important? http://technet2.microsoft.com/windowsserver2008/en/library/9da3742f-699d- 4476-b050- c50aa14aaf081033.mspx? mfr=true

QUESTION 4
Your network consists of one Active Directory forest that contains one root domain and 22 child domains.
All domain controllers run Windows Server 2003. All domain controllers run the DNS Server service and host Active Directory-integrated zones.
Administrators report that it takes more than one hour to restart the DNS servers. You need to reduce the time it takes to restart the DNS servers.
What should you do?
A. Upgrade all domain controllers to Windows Server 2008.
B. Upgrade all domain controllers in the root domain to Windows Server 2008, and then set the functional level for the root domain to Windows Server 2008.
C. Deploy new secondary zones on additional servers in each child domain.
D. Change the Active Directory-integrated DNS zones to standard primary zones.

Correct Answer: A Explanation
Explanation/Reference:
Explanation
Sometime DNS server can take an hour or more in companies that have extremely large zones and the DNS data of the company is stored in AD DS. The result is that the DNS server is effectively unavailable to service client requests for the entire time that it takes to load AD DS- based zones. The problem can be solved by upgrading the domain controllers to Windows Server 2008. This is because a DNS server running Windows Server 2008 now loads zone data from AD DS in the background while it restarts so that it can respond to requests for data from other zones.
Reference: DNS Server Role/ Background zone loading http://technet2.microsoft.com/windowsserver2008/en/library/533a1cfc-5173-4248-914c- 433bd018f66d1033.mspx?mfr=true

QUESTION 5
Your network consists of one Active Directory domain. All domain controllers run Windows Server 2008.
You have file servers that run Windows Server 2008. Client computers run Windows Vista and UNIX-based operating systems. All users have both Active Directory user accounts and UNIX realm user accounts. Both environments follow identical user naming conventions.
You need to provide the UNIX-based client computers access to the file servers. The solution must meet the following requirements: ?Users must only log on once to access all resources. ?No additional client software must be installed on UNIX-based client computers.
What should you do?
A. Create a realm trust so that the Active Directory domain trusts the UNIX realm.
B. Install an Active Directory Federation Services (AD FS) server that runs Windows Server 2008 R2
C. Enable the subsystem for UNIX-based applications on the file servers. Enable a Network File System (NFS) component on the client computers.
D. Enable the User Name Mapping component and configure simple mapping. Enable a Network File System (NFS) component on the servers.

Correct Answer: D Explanation
Explanation/Reference:
Explanation
To provide the UNIX-based client computers access to the file servers, you need to enable the User Name Mapping component and configure simple mapping and also enable a Network File System (NFS) component on the servers. User Name Mapping (UNM) bridges the gap between the different user identification used in Windows and UNIX worlds. When UNM is used it in conjunction with Server for NFS, UNM authenticates the incoming NFS access requests. With Client for NFS, it determines the effective UID and GID to be sent with the NFS requests to UNIX NFS servers.
Reference: Configuring User Name Mapping – Part 2 (Simple Mapping) http://blogs.msdn.com/sfu/archive/2007/10/02/configuring-user-name-mapping-part-2-simple- mapping.aspx
QUESTION 6
Your Company has a main office and 10 branch offices.
The network consists of one Active Directory domain. All domain controllers run Windows Server 2008 R2 and are located in the main office.
Each branch office contains one member server. Branch office administrators in each branch office are assigned the necessary rights to administer only their member servers.
You deploy one read-only domain controller (RODC) in each branch office.
You need to recommend a security solution for the branch office Windows Server 2008 R2 domain controllers. The solution must meet the following requirements: ?Branch office administrators must be granted rights on their local domain controller only. ?Branch office administrators must be able to administer the domain controller in their branch office. This includes changing device drivers and running Windows updates.
What should you recommend?
A. Add each branch office administrator to the Administrators group of the domain.
B. Add each branch office administrator to the local Administrators group of their respective domain controller.
C. Grant each branch office administrator Full Control permission on their domain controller computer object in Active Directory.
D. Move each branch office domain controller computer object to a new organizational unit (OU). Grant each local administrator Full Control permission on the new OU.

Correct Answer: B Explanation
Explanation/Reference:
Explanation
To allow branch office administrators to manage their local domain controller only, change device drivers, and run Windows updates, you need to add each branch office administrator to the local Administrators group of their respective domain controller. The users of Local administrator group have administrative rights on their local domain controllers to manage several machines to perform all necessary administrative tasks but they have restricted rights as compared to domain administrators.
Reference: Adding a group to the local administrators group http://blogcastrepository.com/blogs/kim_oppalfenss_systems_management_ideas/archive/2007/0 4/23/adding-a-group-to-the-local-administrators-group.aspx

QUESTION 7
Your network consists of one Active Directory domain. The functional level of the forest is Windows Server 2003. All domain controllers run Windows Server 2003. The relevant portion of the network is configured as shown in the exhibit. (Click the Exhibit button.)

The Bridge all site links option is enabled.

You need to ensure that domain controllers in the spoke sites can replicate with domain controllers in only the hub sites. The solution must ensure that domain
controllers can replicate if a server fails in one of the hub sites.
What should you do?

A. Lower the site link costs between the spoke sites and the hub sites.
B. Disable the Bridge all site links option. Create site link bridges that include the site links between each spoke site and the hub sites.
C. Disable the Bridge all site links option. Install a writable domain controller that runs Windows Server 2008 in each hub site.
D. Enable the global catalog server attribute for all domain controllers in the hub sites. Upgrade all domain controllers in the spoke sites to Windows Server 2008. Correct Answer: B

Explanation Explanation/Reference:
Explanation
By default, all site links are bridged so that all the sites that are not connected by an explicit site link can communicate directly, through a chain of intermediary site links and sites. However, if you want to ensure that domain controllers in the spoke sites do not replicate with other spoke sites when a server fails in one of the hub sites, you need to disable the Bridge all site links option. You need to then create site link bridges to create the site links between each spoke site and the hub sites to ensure that domain controllers in the spoke sites can replicate with domain controllers in the hub sites.
Reference: Configuring site link bridges http://technet2.microsoft.com/windowsserver/en/library/b42bb443-c5cd-4539-8dfa- 917dbddb087a1033.mspx?mfr=true

QUESTION 8
Your company has 5,000 users. The network contains servers that run Windows Server 2008. You need to recommend a collaboration solution for the users to
meet the following requirements:
Support tracking of document version history.
Enable shared access to documents created in Microsoft Office. Enable shared access to documents created by using Web pages.

The solution must be achieved without requiring any additional costs.

What should you recommend?

A. Install servers that run the Web Server role.
B. Install servers that run the Application Server role.
C. Install servers that run Microsoft Windows SharePoint Services (WSS) 3.0.
D. Install servers that run Microsoft Office SharePoint Server (MOSS) 2007. Correct Answer: C

Explanation Explanation/Reference:
Explanation To achieve the desired results without requiring any additional cost, you need to use Microsoft Windows SharePoint Services (WSS) 3.0. Reference: Microsoft Windows SharePoint Services 3.0 and the Mobile Workplace http://download.microsoft.com/download/b/b/6/bb6672dd-252c-4a21-89de-
78cfc8e0b69e/WSS %20Mobile%20Workplace.doc

QUESTION 9
Your Company has 10 offices. Each office has 10 domain controllers that run Windows Server 2008. The network consists of one Active directory domain.
Each office has a local administrator.
You use domain-level Group Policy objects (GPO). Office administrators have the necessary permissions to create and link domain-level Group Policy objects.
You create custom Administrative Template (.admx) files locally on a computer that runs Windows Vista.
You need to implement a GPO management strategy to ensure that the administrators can access the .admx files and any future updates to the .admx files from

each office. The solution must ensure that .admx files remain identical across the company.
What should you do?

A. In the domain, create a central store. Copy the custom .admx files to the central store.
B. In each office, create a central store on a file server. Copy the custom .admx files to the central store.
C. Create a GPO and link it to the domain. Add the .admx files to the GPO.
D. Create a GPO and link it to the Domain Controllers organizational unit (OU). Add the custom .admx files to the GPO. Correct Answer: A

Explanation Explanation/Reference:
Explanation
To implement a GPO management strategy to ensure that the administrators can access the .admx files and any future updates to these files from each office and
to ensure that the .admx files remain identical across the company, you need to create a central store in the domain and copy the custom .admx files to the central
store.
The central store for ADMX files allows all local administrators to edit domain-based GPOs to access the same set of ADMX files. When a central store is created,
the Group Policy tools will use the ADMX files only in the central store, ignoring the locally stored versions. You need to copy the custom .admx files to the central
store and not add them because there need to be only one ADMX file and not multiple versions of the same file in the central store.

Reference: Scenario 2: Editing Domain-Based GPOs Using ADMX Files http://technet2.microsoft.com/WindowsVista/en/library/1494d791-72e1-484b-a67a-22f66fbf9d171033.mspx?mfr=true
QUESTION 10
Your network consists of one Active Directory domain. The network contains one Active Directory site. All domain controllers run Windows Server 2008. You
create a second Active Directory site and plan to install a domain controller that runs Windows Server 2008 in the new site.
You also plan to deploy a new firewall to connect the two sites.
You need to enable the domain controllers to replicate between the two sites.
Which traffic should you permit through the firewall?

A. LDAP
B. NetBIOS
C. RPC

D. SMTP Correct Answer: C
Explanation Explanation/Reference:
Explanation
You should permit RPC traffic through the firewall to enable the domain controllers to replicate between the two sites because the Active Directory relies on remote procedure call (RPC) for replication between domain controllers. You can open the firewall wide to permit RPC’s native dynamic behavior. Reference: Active Directory Replication over Firewalls http://technet.microsoft.com/en-us/library/bb727063.aspx

QUESTION 11
Your network consists of one Active Directory domain. All domain controllers run Windows Server 2008.
You need to prepare the environment to provide a high-availability solution for a back-end Microsoft SQL Server 2005 data store.
What should you do?

A. Install a Windows Server 2003 Network Load Balancing cluster.
B. Install a Windows Server 2008 Network Load Balancing cluster.
C. Install a Windows Server 2008 failover cluster that has shared storage.
D. Install a Windows Server 2008 failover cluster that has direct attached storage. Correct Answer: C

Explanation Explanation/Reference:
Explanation
To ensure the high availability of the data store, you need to use Windows Server 2008 failover cluster having a shared storage. Failover clustering can help you build redundancy into your network and eliminate single points of failure. Administrators have better control and can achieve better performance with storage than was possible in previous releases. Failover clusters now support GUID partition table (GPT) disks that can have capacities of larger than 2 terabytes, for increased disk size and robustness. Administrators can now modify resource dependencies while resources are online, which means they can make an additional disk available without interrupting access to the application that will use it. And administrators can run tools in Maintenance Mode to check, fix, back up, or restore disks more easily and with less disruption to the cluster You should not use Network Load Balancing (NLB) because it only allows you to distribute TCP/IP requests to multiple systems in order to optimize resource utilization, decrease computing time, and ensure system availability.
Reference: High Availability http://www.microsoft.com/windowsserver2008/en/us/high-availability.aspx
QUESTION 12
Your company has one main office and 10 branch offices.
The network consists of one Active Directory domain. All domain controllers run Windows Server 2008 and are located in the main office. You plan to deploy one Windows Server 2008 domain controller in each branch office. You need to recommend a security solution for the branch office domain controllers. The solution must prevent unauthorized users from copying the Active Directory database from a branch office domain controller by starting the server from an alternate startup disk.
What should you recommend on each branch office domain controller?
A. Enable the secure server IPsec policy.
B. Enable the read-only domain controller (RODC) option.
C. Enable Windows BitLocker Drive Encryption (BitLocker).
D. Enable an Encrypting File System (EFS) encryption on the %Systemroot%\NTDS folder.

Correct Answer: C Explanation
Explanation/Reference:
Explanation
To configure domain controller of each branch office to ensure to no unauthorized user should be allowed to copy the Active Directory database from a branch office domain controller by starting the server from an alternate startup disk, you need to use Windows BitLocker Drive Encryption (BitLocker)
BitLocker allows you to encrypt all data stored on the Windows operating system volume and use the security of using a Trusted Platform Module (TPM) that helps protect user data and to ensure that a computer running Windows Vista or Server 2008 have not been tampered with while the system was offline.
In addition, BitLocker offers the option to lock the normal startup process until the user supplies a personal identification number (PIN) or inserts a removable USB device, such as a flash drive, that contains a startup key. This process will ensure that all the users can access all files on the servers if they have the PIN. You cannot use an alternate startup disk to boot the disk.
Reference: BitLocker Drive Encryption Technical Overview http://technet2.microsoft.com/windowsserver2008/en/library/a2ba17e6-153b-4269-bc46-6866df4b253c1033.mspx?mfr=true
QUESTION 13
Your network contains servers that run Windows Server 2008.
Microsoft Windows SharePoint Services (WSS) are available on the network. WSS is only accessible from the internal network. Several users use devices that run Windows Mobile 6.0. The users can establish only HTTP and HTTPS sessions from the Internet.
You need to enable users to access WSS from the Internet by using their Windows Mobile devices. The solution must ensure that all connections from the Internet to WSS are encrypted.
What should you do?
A. Install Microsoft Internet Security and Acceleration (ISA) Server 2006 and create a HTTPS publishing rule.
B. Install Microsoft Internet Security and Acceleration (ISA) Server 2006 and create a Secure RPC publishing rule.
C. Install the Network Policy and Access Services (NPAS) role and enable Secure Socket Tunneling (SSTP) connections. Configure WSS to require Kerberos authentication.
D. Install the Network Policy and Access Services (NPAS) role and enable Secure Socket Tunneling (SSTP) connections. Configure WSS to require IPsec encryption.

Correct Answer: A Explanation
Explanation/Reference:
Explanation
To ensure that mobile users are allowed to access WSS from the Internet by using their Windows Mobile devices securely and to ensure that all the connections from the Internet to WSS are encrypted, you need to use external Firewall solution by using Microsoft Internet Security and Acceleration ISA Server 2006 and create a HTTPS publishing rule on ISA Server. The Firewall will ensure a secure connection to the internal network of the company. When you publish an application through ISA Server 2006, you are protecting the server from direct external access because the name and IP address of the server are not accessible to the user. The user accesses the ISA Server computer, which then forwards the request to the server according to the conditions of the server publishing rule. When you create a secure Web publishing rule, you can configure how SSL requests will be redirected as Hypertext Transfer Protocol (HTTP) requests or as SSL requests.
Reference: Deploying Office SharePoint Server 2007 with ISA Server 2006 / No direct access to the server from the Internet http://technet.microsoft.com/en-us/ library/cc268368.aspx
QUESTION 14
Your company has one main office and 20 branch offices. Each office is configured as an Active Directory site. The network consists of one Active Directory
domain. All servers run Windows Server 2008 R2 and all client computers run Windows 7. The main office contains three domain controllers.

You need to deploy one domain controller in each branch office to meet the following requirements:
Authentication to a main office domain controller must only occur if a local domain controller fails. Client computers in the main office must not authenticate to a
domain controller in a branch office. Client computers in a branch office must not authenticate to a domain controller in another branch office. Client computers in
each branch office must attempt to authenticate to the domain controller at their local site first.

What should you do first?

A. Associate the IP subnet of each branch office to the Active Directory site of the main office.
B. Select the read-only domain controller (RODC) option and the Global Catalog option when deploying the branch office domain controllers.
C. Create a Group Policy object (GPO) that applies to all branch office domain controllers and controls the registration of DNS service location (SRV) records.
D. Configure only the main office domain controllers as global catalog servers. Enable Universal Group Membership Caching in the Active Directory site for each branch office.

Correct Answer: C Explanation
Explanation/Reference:
Explanation
To deploy domain controllers in the branch offices and make sure that the client computers in each branch office must attempt to authenticate to the domain controller at their local site first and the authentication to a main office domain controller must only occur if a local domain controller fails and to meet other specified requirements, you need to create a Group Policy object (GPO) for all branch office domain controllers to control the registration of DNS service location (SRV) records. SRV records are used by Windows Server to locate domain controllers in specific domains, domain controllers in the same site, global catalogue servers, and key distribution centers. Reference: DNS Service Records and Locating Domain Controllers http://www.2000trainers.com/windows-2000/dns-service-records/
QUESTION 15
Your network consists of one Active Directory domain that contains only domain controllers that run Windows Server 2003.
Your company acquires another company.
You need to provide user accounts for the employees of the newly acquired company. The solution must support multiple account lockout policies.
What should you do?
A. Implement Authorization Manager.
B. Implement Active Directory Federation Services (AD FS).
C. Upgrade one domain controller to Windows Server 2008. Raise the functional level of the domain to Windows Server 2003.
D. Upgrade all domain controllers to Windows Server 2008. Raise the functional level of the domain to Windows Server 2008.

Correct Answer: D Explanation
Explanation/Reference:
Explanation
To support multiple account lockout policies, you need to upgrade all domain controllers to Windows Server 2008. In Microsoft?Windows 2000 and Windows Server 2003 Active Directory domains, you could apply only one password and account lockout policy. In Windows Server 2008, you can use fine-grained password policies to specify multiple password policies and apply different password restrictions and account lockout policies to different sets of users within a single domain. Next you need to raise the functional level of the domain to Windows Server 2008 because Windows Server 2003 functional level does not support Windows Server 2008 domain controllers.
Reference: Step-by-Step Guide for Fine-Grained Password and Account Lockout Policy Configuration http://technet2.microsoft.com/windowsserver2008/en/ library/2199dcf7-68fd-4315-87cc- ade35f8978ea1033.mspx?mfr=true
Reference: Appendix of Functional Level Features http://technet2.microsoft.com/windowsserver2008/en/library/34678199-98f1-465f-9156- c600f723b31f1033.mspx?mfr=true
QUESTION 16
Your network consists of one Active Directory forest that contains four Active Directory domains named Sales, Marketing, Finance, and IT.
The Finance domain contains a domain controller that runs Windows Server 2008. The Sales, Marketing, and IT domains contain only domain controllers that run Windows Server 2003. You need to prepare the environment for the deployment of a read-only domain controller (RODC) in the Finance domain and in the IT domain. You must ensure that the RODC can advertise itself as a global catalog server.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Upgrade all DNS servers to Windows Server 2008.
B. Run adprep /domainprep on the Sales, Marketing, and IT domains.
C. Install a Windows Server 2008 writable domain controller in the IT domain.
D. Configure the Windows Server 2008 domain controller in the finance domain as a global catalog server.

Correct Answer: BC Explanation
Explanation/Reference:
Explanation
To deploy the read-only domain controller (RODC) in the Development domain and in the HR domain, you need to run adprep /domainprep on the Sales, Marketing, and HR domains to prepare your infrastructure to upgrade. Because this domain controller is the first Windows Server 2008 domain controller in Windows Server 2003 domains, you must prepare the domains by running adprep /domainprep on the infrastructure master. Before you deploy the read-only domain controller (RODC) in the HR domain, you need to first install a Windows Server 2008 writable domain controller in the HR domain because the first Windows Server 2008 domain controller in an existing Windows Server 2003 domain cannot be created as an RODC. After a Windows Server 2008 domain controller exists in the domain, additional Windows Server 2008 domain controllers can be created as RODCs. Reference: Scenarios for Installing AD DS http://207.46.196.114/windowsserver2008/en/library/708da9f7-aaad-4fa1-bccb- 76ea8569da501033.mspx?mfr=true
QUESTION 17
Your network consists of one Active Directory domain. The domain contains servers that run Windows Server 2008. The relevant servers are configured as shown
in the following table.
(Click the Exhibit)
All client computers run Windows Vista.
You plan to deploy two Java-based applications on all client computers. The two applications each require a different version of the Java Runtime Environment (JRE). After testing, you notice that the two JREs prevent the applications from running on the same computer.
You need to recommend a solution that enables the two Java-based applications to run on all client computers.
What should you recommend?
A. Create two Windows Installer (MSI) packages that each contains one version of the JRE and one compatible application. On Server2, advertise both packages to all client computers.
B. Create two Windows Installer (MSI) packages that each contains one version of the JRE and one compatible application. On Server1, create a Group Policy object (GPO) that assigns both packages to all client computers.
C. Use the SoftGrid Sequencer to create two application packages that each contains one version of JRE and one compatible application. On Server3, stream both application packages to all client computers.
D. Install the two JRE versions and the two Java-based applications on Server4. Configure all client computers to connect to the Java-based applications by using Terminal Services RemoteApp (TS RemoteApp).

Correct Answer: C Explanation
Explanation/Reference:
Explanation
To run two Java-based applications that require different versions of Java Runtime Environment (JRE) on all the client computers of the department you need to create two application packages using the SoftGrid Sequencer. Each package should contain one version of JRE and its compatible application.
SoftGrid packages and virtualizes Windows applications for delivery as network services.
SoftGrid basically insulates an application from other applications such that they don’t conflict with one another. In this scenario, where different versions of the Java Runtime are required to run two applications you can use SoftGrid to”sequence” the required version of the JRE with the application. When the application is executed it sees only the JRE that it needs and not the other JRE that is “sequenced” with the other application.
You need to stream both application packages to all client computers on the Server3 because you need the execution of the application to happen on the Terminal Server so that applications can run on all client computers through Terminal Server. SoftGrid can be used on and Terminal Servers.
Reference: Re: SoftGrid General Queries http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=3266992&SiteID=17
Reference: Application Packaging: The SoftGrid Sequencer http://www.microsoft.com/systemcenter/softgrid/evaluation/sequencer.mspx
QUESTION 18
Your network consists of one Active Directory forest that contains two domains. All domain controllers run Windows Server 2003. The network contains file servers
that run Windows Server 2003 R2. The files servers run DFS Replication. The forest root domain is named contoso.com and the child domain is named
corp.contoso.com. You prepare the forest schema for the installation of domain controllers that run Windows Server 2008. You prepare the corp.contoso.com
domain. You install a new domain controller that runs Windows Server 2008 on corp.contoso.com.

You need to plan an Active Directory implementation to meet the following requirements:
Enable DFS Replication support for SYSVOL on corp.contoso.com. Allow the installation of new domain controllers that run Windows Server 2003 in the forest
root domain.
What should you include in your plan?

A. Upgrade all file servers to Windows Server 2008.
B. Run adprep /domainprep /gpprep on the corp.contoso.com domain and run adprep /domainprep on the contoso.com domain.
C. Upgrade all Windows Server 2003 domain controllers to Windows Server 2008. Raise the functional level of the forest to Windows Server 2008.
D. Upgrade the Windows Server 2003 domain controllers in corp.contoso.com to Windows Server 2008. Raise the corp.contoso.com domain functional level to Windows Server 2008.

Correct Answer: D Explanation
Explanation/Reference:
Explanation
To enable DFS Replication support for SYSVOL on corp.contoso.com and to allow the installation of new domain controllers that run Windows Server 2003 in the forest root domain, you need to Upgrade the Windows Server 2003 domain controllers in corp.contoso.com to Windows Server 2008 and raise the functional level of corp.contoso.com domain to Windows Server 2008.
Upgrade the Windows Server 2003 domain controllers in corp.contoso.com to Windows Server 2008 enables you to use domain-based namespaces.
DFS Replication is an efficient, multiple-master replication engine that you can use to keep folders synchronized between servers across limited bandwidth network connections. It replaces the File Replication Service (FRS) as the replication engine for DFS Namespaces, as well as for replicating the AD DSSYSVOL folder in domains that use the Windows Server 2008 domain functional level.
To facilitate migrating existing SYSVOL folders to DFS Replication, Windows Server 2008 includes a Dcpromo tool that helps to migrate the replication of existing SYSVOL folders from FRS to DFS Replication. The Windows Server 2008 will use DFS Replication for SYSVOL if the domain functional level is Windows Server Reference: Distributed File System http://technet2.microsoft.com/windowsserver2008/en/library/1f0d326d-35af-4193-bda3- 0d1688f90ea71033.mspx?mfr=true
QUESTION 19
Your Company has one main office and 50 branch offices. You have a wide area network (WAN) link that connects all branch offices to the main office. The network consists of 10 Active Directory domains. Users from all domains are located in the branch offices. You plan to configure each branch office as an Active Directory site. The domain is configured as shown in the exhibit. (Click the Exhibit button.)

You need to plan the deployment of domain controllers in the branch offices to meet the following requirements:
Users must be able to log on if a WAN link fails. Minimize replication traffic between offices. What should you include in your plan?
A. Implement a domain controller in each branch office. Enable Universal Group Membership Caching.
B. Implement a domain controller in each branch office. Configure DNS to use a single Active Directory-integrated zone.
C. Implement a domain controller in each branch office. Configure the domain controller as a global catalog server.
D. Implement a read-only domain controller (RODC) in each branch office. Configure the domain controller as a global catalog server. Correct Answer: A

Explanation Explanation/Reference:
Explanation
The replication traffic between the offices can be minimized with the use of Universal Group Membership Caching, which is used to locally cache a user’s membership in universal groups on the domain controller authenticating the user. This can help you to avoid global catalog (GC), which causes the extra WAN traffic that the GC needs to replicate with other domain controllers in the domain. The
cached membership for UGMC can be refreshed every 8 hours to keep it up to date.
RODC cannot be configured in this scenario because it needs to use GC that increases the replication traffic.
Reference: When to use and not use universal group membership caching http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/

ActiveDir ectory/Whentouseandnotuseuniversalgroupmembershipcaching.html

QUESTION 20
Your Company has one main office and four branch offices. Each branch office has a read-only domain controller (RODC).
The network consists of one Active Directory domain. All domain controllers run Windows Server 2008 R2.
Some branch office users work in a department named Sales. Sales department users must be able to log on to all computers in their respective branch offices,

even if a wide area network (WAN) link fails.
The company security policy has the following requirements:

?User account passwords must be replicated to the minimum number of locations. ?A minimum number of passwords must be replicated to the branch office
domain controllers.
You need to configure a password replication policy that supports the company security policy.
What should you do?

A. Install a writable domain controller in all branch offices. Create one global group that contains all Sales department users. Create a fine-grained password policy and apply the policy to the group.
B. Install a writable domain controller in all branch offices. Create one global group that contains the computers of all Sales department users. Add the group to the Allowed RODC Password Replication Group in the domain.
C. Create one global group for each branch office that contains the Sales department users and computers in the corresponding branch office. Add all groups to Windows Authorization Access Group in the domain.
D. Create one global group for each branch office that contains the Sales department users and computers in the corresponding office. Add each group to the Password Replication Policy in the corresponding branch office.

Correct Answer: D Explanation
Explanation/Reference:
Explanation
To configure a password replication policy for the company keeping in mind the security policy of the company, you need to create one global group for each branch office that contains the Sales department users and computers in the corresponding office. This is because the password replication policy must include the appropriate user, computer, and service accounts in order to allow the RODC to satisfy authentication and service ticket requests locally. You need to then add each group to the Password Replication Policy in the corresponding branch office.
The Password Replication Policy acts as an access control list (ACL). It determines if an RODC should be permitted to cache a password. After the RODC receives an authenticated user or computer logon request, it refers to the Password Replication Policy to determine if the password for the account should be cached. The same account can then perform subsequent logons more efficiently
Reference: Password Replication Policy http://technet2.microsoft.com/windowsserver2008/en/library/977fff54-0c7e-46cd-838b- 1161aa09a46c1033.mspx?mfr=true

PDF format– Printable version, print Microsoft 70-647 exam dumps out and study anywhere.Software format– Simulation version, test yourself like Microsoft 70-647 exam real test.Credit Guarantee– Passtcert never sell the useless Microsoft 70-647 exam dumps out.You will receive our Microsoft 70-647 exam dumps in time and get CCIE Certified easily.

Microsoft 70-681 Braindumps, Provide Discount Microsoft 70-681 Practise Questions With Accurate Answers

You have been deploying Windows 7 to client computers by using System Center Configuration Manager 2007 R2 integrated with Microsoft Deployment Toolkit (MDT) 2008 Update 1. You upgrade MDT 2008 to MDT 2010. You create a deployment task sequence that includes a Use Toolkit Package task. You deploy the task sequence to a client computer. The task sequence fails when the Use Toolkit Package task is executed. You need to ensure that the task sequence completes successfully. What should you do?
A. Run Remove WDS PXE Filter from the Start menu.
B. Run Configure ConfigMgr Integration from the Start menu.
C. Update the distribution points.
D. Perform a clean install of MDT 2010.
Answer: C
Question: 2
Your company has a single-domain Active Directory Domain Services (AD DS) forest. All client computers run Windows XP. A Group Policy Object (GPO) is applied that restricts automatic logons on all computers that are joined to the domain. You use Microsoft Deployment Toolkit (MDT) 2010 to prepare an unattended installation of Windows 7 for deployment to all client computers. The deployments do not complete successfully. You need to ensure that the Windows 7 deployments complete successfully.Which file should you edit?
A. Unattend.xml
B. Unattend.txt
C. ZTIConfigure.wsf
D. ZTIDomainJoin.wsf

Answer: A
Question: 3
You are preparing to capture an image from a Windows 7 reference computer. The reference computer has a modem installed, and Windows 7 drivers are installed for the modem. You need to prepare the Windows 7 image so that the image does not contain the modem drivers. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Use the Sysprep tool with the /audit option.
B. Use the Sysprep tool with the /generalize option.
C. Include the shellexecute option in the Oobe.xml file.
D. Set the PersistAllDeviceInstalls option to True in an answer file.

Answer: A,B,
You are using Microsoft Deployment Toolkit (MDT) 2010 to perform a Lite Touch Installation (LTI) of Windows 7 on client computers. You create an LTI boot image. You need to control which device drivers are included in the LTI boot image. What should you do?
A. Modify the Selection profile on the boot image.
B. Modify the Inject Drivers step in the task sequence.
C. Configure the DriverPaths property in the CustomSettings.ini file.
D. Configure the DriverGroup property in the CustomSettings.ini file.

Answer: A
Question: 5
You have an Active Directory Domain Services (AD DS) environment. All client computers run Windows XP Professional with SP3.You are upgrading all client computers to Windows 7 Professional by using automated installation scripts. You need to ensure that client computers are joined to the domain successfully during the deployment of Windows 7. In addition, user credential information must not reside in plain text. What should you do?
A. Add the NetDom.exe add command to a post-installation script.
B. Add the Netsh.exe add command to a post-installation script.
C. Add the <UnsecureJoin>true</UnsecureJoin> setting to the ImageUnattend.xml file.
D. Add the <UnsecureJoin>false</UnsecureJoin> setting to the ImageUnattend.xml file.

Answer: C
Question: 6
You have a single-domain Active Directory Domain Services (AD DS) forest. The network includes a Windows Deployment Services (WDS) server and a separate DHCP server. You set up a multicast transmission of Windows 7 and deploy Windows 7 on 100 new client computers via multicast. The multicast transmission average speed is 512 KBps. You deploy Windows 7 on an additional 50 new client computers and 2 older client computers via multicast. The multicast transmission average speed is 56 KBps. You remove the older client computers and restart the multicast transmission. The multicast transmission average speed is again 512 KBps. You need to ensure that Windows 7 is deployed on all client computers via multicast and that older client computers do not decrease the multicast average transmission speed for new client computers. What should you do?
A. Configure multicast to separate clients into slow, medium, and fast sessions.
B. Configure multicast to automatically disconnect clients below 128 KBps.
C. Configure Multicast Address Dynamic Client Allocation Protocol (MADCAP).
D. Configure the PXE response delay to 0 seconds.

Answer: A
Question: 7
You have a single-domain Active Directory Domain Services (AD DS) forest. You use System Center Configuration Manager 2007 R2 to deploy Windows 7.Your current deployment process performs a Light Touch Installation (LTI) of Windows 7 by using Microsoft Deployment Toolkit (MDT) 2010 with bootable stand-alone medi a.You need to change your deployment process to perform a Zero Touch Installation (ZTI) of Windows 7.What should you do?
A. Use the Task Sequence Media Wizard to create bootable media for use with System Center Configuration Manager 2007 R2.
B. Use the Task Sequence Media Wizard to create stand-alone media.
C. Configure PXE boot as the first option in the boot order for computers.
D. Create a computer association for each client computer.

Answer: C
Question: 8
You capture an image of a Windows 7 client computer to use as a base image. You need to add device drivers to the base image in preparation for deployment to computers in a department that has unique hardware components.What should you do?
A. Run the sysprep /audit command and then add the drivers.
B. Run the sysprep /oobe command and then add the drivers.
C. Run the drvload command and specify the path to each driver’s .inf file.
D. Run the peimg /inf command and specify the path to each driver’s .inf file.

Answer: A
You have a single-domain Active Directory Domain Services (AD DS) forest. All servers run Windows Server 2008 R2. You use Microsoft Deployment Toolkit (MDT) 2010 and System Center Configuration Manager 2007 R2 to deploy Windows 7 using Zero Touch Installation (ZTI). You have a Windows 7 reference computer that is encrypted using BitLocker Drive Encryption. You need to ensure that BitLocker Drive Encryption is disabled on deployed computers. What should you do?
A. Modify the task sequence to disable BitLocker Drive Encryption prior to the Sysprep operations.
B. Modify the task sequence to disable BitLocker Drive Encryption after the Sysprep operations.
C. Use the Sysprep tool with an account that is a BitLocker data recovery agent.
D. Use the Sysprep tool with the local administrator account.

Answer: A
Question: 10
You currently deploy the 32-bit version of Office 2010 to all of your company’s client computers by using a custom settings file. The custom settings file is located in the Updates subfolder within the 32-bit installation folder named Folder1. You need to ensure that the current custom settings are applied when you deploy the 64-bit version of Office 2010 to computers in the engineering department. You create a new folder named Folder2 that contains the 64-bit installation files for Office 2010. What should you do next?
A. Copy the current settings into a new .msp file by using the 32-bit Office Customization Tool, and save the .msp file in the Updates subfolder within Folder1.
B. Copy the current settings into a new .msp file by using the 64-bit Office Customization Tool, and save the .msp file in the Updates subfolder within Folder1.
C. Copy the current settings into a new .msp file by using the 32-bit Office Customization Tool, and save the .msp file in the Updates subfolder within Folder2.
D. Copy the current settings into a new .msp file by using the 64-bit Office Customization Tool, and save the .msp file in the Updates subfolder within Folder2.

Answer: D
Your network has one subnet for servers and one subnet for client computers. The subnets are separated by a router. In the server subnet, Server1 is a Windows Server 2008 R2 server that runs DHCP and DNS. Your deployment infrastructure is configured to allow computers in the client computer subnet to boot by using PXE. However, client computers that attempt to use PXE to boot are not able to connect to the deployment infrastructure.You need to ensure that client computers are able to connect to the deployment infrastructure by using PXE. What should you do?
A. Configure DHCP reservations.
B. Configure an IP Helper Address on the router.
C. Place a DNS server in the client computer subnet.
D. Run the netsh dhcp add server Server1 command.

Answer: B
Question: 12
Your company has a single-domain Active Directory Domain Services (AD DS) forest. All client computers run Windows Vista. You are migrating all client computers to Windows 7 by using User State Migration Tool (USMT) 4.0. You perform several test migrations. You discover that a set of files with the extension .wxv, which should be restricted by NTFS permissions, were accessible to all users after the test migrations were completed. You need to ensure that the .wxv files are migrated with all NTFS permissions intact.What should you do?
A. Edit the MigApp.xml file to include the .wxv files.
B. Edit the MigDocs.xml files to include the .wxv files.
C. Edit the Config.xml file to include the directory that contains the .wxv files.
D. Edit the MigUser.xml file to include the directory that contains the .wxv files.

Answer: D
Question: 13
Your company’s client computers have Office 2007 and the 64-bit version of Windows 7 Professional installed. You are in the process of deploying Office 2010 to all of the client computers. The human resources (HR) department requires both Office 2007 and Office 2010 on their client computers. You need to be able to deploy Office 2010 to client computers in the HR department. What should you do on the HR client computers?
A. Deploy the 32-bit version of Office 2010.
B. Deploy the 64-bit version of Office 2010.
C. Install the Application Compatibility Toolkit.
D. Upgrade to Windows 7 Enterprise.

Answer: A
Question: 14
You install the Windows Automated Installation Kit (Windows AIK). You use the ImageX tool to capture and apply Windows 7 images. You need to reduce the size of your Windows Preinstallation Environment (Windows PE) image. You build a Windows 7 image and a user profile. What should you do next?
A. Use the ImageX tool with the /apply option.
B. Use the ImageX tool with the /cleanup option.
C. Use the Deployment Image Servicing and Management (DISM) tool with the /Cleanup-Wim option.
D. Use the Deployment Image Servicing and Management (DISM) tool with the /Apply-Profiles option.

Answer: D
Question: 15
You have a single-domain Active Directory Domain Services (AD DS) forest. All servers run Windows Server 2008 R2. You have a client computer named Client1 that runs Windows 7 and Office 2010. You begin capturing an image of Client1 by using Windows Deployment Services (WDS). When the WDS Image Capture Wizard prompts you to select the volume to capture, the list of volumes is empty. You need to ensure that you can capture an image of Client1 by using WDS. What should you do?
A. Restart Client1, and run the sysprep /audit /reboot command.
B. Restart Client1, and run the sysprep /oobe /generalize /reboot command.
C. Set the default boot image for x86 architecture to the capture image in WDS.
D. Click the Continue the PXE boot unless the user presses the ESC key option in WDS.

Answer: B
Question: 16
You are preparing for a Zero Touch Installation (ZTI) of Windows 7 using System Center Configuration Manager 2007 R2. You create a base image. You need to add a third-party .msi installer to run during deployment. What should you do?
A. Add a task to the task sequence.
B. Use Group Policy to configure the application to install.
C. Deploy the image, install the application, and then recapture the image.
D. Mount the image by using ImageX, and configure the application to deploy upon first user login.

Answer: A
Question: 17
Your company uses System Center Configuration Manager 2007 R2 for operating system deployments. You create a task sequence to deploy Windows 7 and Office 2010 to client computers. You need to exclude portions of the task sequence for only client computers that are used by administrators. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Edit the task sequence.
B. Create per-computer custom variables.
C. Create a collection for the administrators.
D. Edit the computer associations for the client computers that are used by administrators.

Answer: A,B,
Question: 18
Your company’s client computers run Windows Vista. You are using the Windows Automated Installation Kit (Windows AIK) and Windows Deployment Services (WDS) to prepare and deploy Windows operating systems. You have the following requirements for an in-place migration to Windows 7: Capture user state on each client computer. .Maintain user state data on the source computer. .Maximize performance. .Minimize hard disk utilization. You need to ensure that the requirements are met when you perform the in-place migration. What should you do?
A. Use the ScanState tool with both the /nocompress and /hardlink options.
B. Use the ScanState tool with only the /nocompress option.
C. Use the ScanState tool with both the /vsc and /o options.
D. Use the ScanState tool with only the /vsc option.

Answer: A
You have an Active Directory Domain Services (AD DS) environment. All client computers run Windows XP and Office 2003. You are preparing to deploy Windows 7 and Office 2010 on all client computers. You need to ensure that the default location for saving Office documents for all users is a specific network share. In addition, the location cannot be changed by users. What should you do?
A. Configure Group Policy Object (GPO) policies.
B. Configure Group Policy Object (GPO) preferences.
C. Modify the default user profile.
D. Use the Office Customization Tool.

Answer: A
Question: 20
Your company’s client computers run Windows 7. User Account Control (UAC) is enabled on the client computers. A third-party application fails to install on the client computers. You need to discover which privileges the application requires on Windows 7. What should you use?
A. the Setup Analysis Tool
B. the Standard User Analyzer Tool
C. the Standard User Analyzer Wizard
D. the Compatibility Administrator Tool

Answer: B
Question: 21
You have an Active Directory Domain Services (AD DS) environment. All client computers run Windows XP. You will use Microsoft Deployment Toolkit (MDT) 2010 to deploy Windows 7 to all client computers. The deployment project has the following requirements: User interaction must not be required for any deployment. You must be able to initiate deployments by using Windows Deployment Services (WDS). You need to meet the deployment project requirements when you deploy Windows 7 by using MDT 2010. Which application should you install?
A. Automated Deployment Services
B. Remote Installation Services
C. System Center Configuration Manager
D. System Center Operations Manager
Answer: C
Flydumps only provides Microsoft 70-681 Practice Exams with highest quality for the candidates,because all Microsoft 70-681 questions are written by most experienced experts who are really responsible.