[Lead2pass Official] Pass 70-411 Exam By Training Lead2pass New VCE And PDF Dumps (361-380)

Lead2pass 2017 September New Microsoft 70-411 Exam Dumps!

100% Free Download! 100% Pass Guaranteed!

70-411 dumps free share: Lead2pass presents the highest quality of 70-411 exam dump which helps candidates to pass the 70-411 exams in the first attempt.

Following questions and answers are all new published by Microsoft Official Exam Center: https://www.lead2pass.com/70-411.html

QUESTION 361
You have three Windows Server Update Services (WSUS) Servers named Server01 Server02 and Server03.
Server01 synchronizes form Microsoft Update.
You need to ensure that only Server02 and Server03 can Synchronize updates from Server01.
What should you do?

A.    Modify %ProgramFiles%\Update Services\WebServices\Serversyncgwevservice\SimpleAuth.asmx.
B.    From the Update Services console, modify the Update Source and Proxy Server options.
C.    From the Update Services console, modify the Automatic Approvals Options.
D.    Modify %ProgramFiles%\Update Services\WebServices\Serversyncgwevservice\Web.config.

Answer: D
Explanation:
“The question is asking how to harden WSUS, i.e. limit the servers that can get updates from Server01 to only Server02 and Server03. This is done by modifying the web.config. ” https://technet.microsoft.com/en-us/library/Cc708550(v=WS.10).aspx

QUESTION 362
Your corporate network includes an Active Directory Domain Services (AD DS) domain certbase.de named.
The domain contains a Windows Server 2012 R2 computer named Server3. Server3 performs the role Windows Deployment Services.
They have a virtual Windows Server 2012 R2 creates computer named VM1.
On VM1 several industry-specific applications are installed.
To use the Windows Deployment Services to create an image of VM1.
What image type you will add Server3?

A.    Capture
B.    Install
C.    Discovery
D.    Boot

Answer: A
Explanation:
The main image types used in Windows Deployment Services are installation and boot images.

Install images
Install images are the operating system images that you deploy to the client computer. You can use the default install image (install.wim) located on the DVD of Windows Vista or Windows Server 2008 in the \ Sources directory.
You can also create custom install images from reference computers and deploy them to client computers. First, you boot a computer (which has been prepared with Sysprep) into a capture image. Then the capture image an install image of the computer is created.

Boot images
Boot images are the images with which you start a client computer before installing the operating system image. The boot image presents a boot menu that contains the images that users can install on their computers.
These images contain Windows PE 2.0 and the Windows Deployment Services client. You can use the default boot image included in the \ Sources directory of the Windows Server 2008 installation media (boot.wim).
This file must be only in advanced scenarios (for example, if you must add the image driver) to be changed. Important Only use the Boot.wim file on the Windows Server 2008 DVD.
If you boot.wim file to use on the Windows Vista DVD, you can not use all the functionality of Windows Deployment Services (for example, multicasting). There are also two image types that you can create from boot images:. Capture images and discover images.

Capture Images
Capture Images are boot images that allow the utility starts to record the Windows Deployment Services in place of the setup. If a reference computer (which has been prepared with Sysprep) start with a capture image, an install image of the reference computer is created and saved as a WIM file with an assistant. You can also create a medium (eg, CD, DVD or USB drive) that contains a capture image, and then boot a computer to the media. After you create the install image, you can use the image for PXE boot deployment Add the server. These images provide an alternative to command-line tool ImageX.exe.

Discover images
Discover images search images are boot images, which is enforced by that Setup.exe in Windows Deployment Services mode is started. Subsequently, a Windows Deployment Services server will be searched.
These images are typically used to deploy images to computers that are not configured for PXE or that are in networks where PXE is not allowed. If you create a discover image and apply it to the medium (eg, CD, DVD or Save USB drive), you can then boot a computer to the media.

The discover image on the media of the Windows Deployment Services server will be searched. The installation image is provided by the server for the computer. You can configure discover images so that a specific Windows Deployment Services server is used as a target. This means that you can create a discover image when a plurality of servers in your environment for each server and then can name each based on the name of the server.

QUESTION 363
Your corporate network includes an Active Directory Domain Services (AD DS) domain Lead2pass.com named.
The domain contains two Windows Server Update Services (WSUS) server with the name and WSUS1 WSUS2.
WSUS2 is a replica of WSUS1.
You must configure the Windows Server Update Services so that WSUS2 report sends data to WSUS1.
What you configure?

A.    Update Reports
B.    Synchronization Options
C.    Computer Groups
D.    Reporting rollup

Answer: D
Explanation:

 

QUESTION 364
Your network contains an Active Directory domain named contoso.com.
The domain contains a file server named Server1.
On Server1 the operating system Windows Server 2012 R2 is installed.
Check the RSoP of Server1.
The effective settings are shown in the picture (click on the button drawing).
You must ensure that an entry is recorded in the event log when it is on Server1 created or deleted a local user account.
How do you proceed?

 

You need to ensure that an entry is added to the event log whenever a local user account is created or deleted on Server1.
What should you do?

A.    Change the settings of the audit policy in Group Policy Object (GPO) ServersGPO
B.    On Server1, attach a task to the security log.
C.    Add the System log on Server1 a task.
D.    Change the settings of the Advanced Audit Policy Configuration in Group Policy Object (GPO) ServersGPO

Answer: D
Explanation:
When you use Advanced Audit Policy Configuration settings, you need to confirm that these settings are not overwritten by basic audit policy settings. The following procedure shows how to prevent conflicts by blocking the application of any basic audit policy settings.

Enabling Advanced Audit Policy Configuration

Basic and advanced audit policy configurations should not be mixed. As such, it’s best practice to enable Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings in Group Policy to make sure that basic auditing is disabled. The setting can be found under Computer Configuration\Policies\Security Settings\Local Policies\Security Options, and sets the SCENoApplyLegacyAuditPolicy registry key to prevent basic auditing being applied using Group Policy and the Local Security Policy MMC snap-in.
In Windows 7 and Windows Server 2008 R2, the number of audit settings for which success and failure can be tracked has increased to 53. Previously, there were nine basic auditing settings under Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Audit Policy. These 53 new settings allow you to select only the behaviors that you want to monitor and exclude audit results for behaviors that are of little or no concern to you, or behaviors that create an excessive number of log entries. In addition, because Windows 7 and Windows Server 2008 R2 security audit policy can be applied by using domain Group Policy, audit policy settings can be modified, tested, and deployed to selected users and groups with relative simplicity.

Audit Policy settings
Any changes to user account and resource permissions.
Any failed attempts for user logon.
Any failed attempts for resource access.
Any modification to the system files.

Advanced Audit Configuration SettingsAudit compliance with important business-related and security-related rules by tracking precisely defined activities, such as:
A group administrator has modified settings or data on servers that contain finance information.
An employee within a defined group has accessed an important file. The correct system access control list (SACL) is applied to every file and folder or registry key on a computer or file share as a verifiable safeguard against undetected access.

In Servers GPO, modify the Audit Policy settings – enabling audit account management setting will generate events about account creation, deletion and so on.

Advanced Audit Configuration SettingsAdvanced Audit Configuration Settings ->Audit Policy -> Account Management -> Audit User Account Management

 

In Servers GPO, modify the Audit Policy settings – enabling audit account management setting will generate events about account creation, deletion and so on.

 

http://blogs.technet.com/b/abizerh/archive/2010/05/27/tracing-down-user-and-computer-account-deletion-in- active-directory.aspx
http://technet.microsoft.com/en-us/library/dd772623%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/dd408940%28v=ws.10%29.aspx#BKMK_step2 http://technet.microsoft.com/en-us/library/jj852202(v=ws.10).aspx http://www.petri.co.il/enable-advanced-audit-policy-configuration-windows-server.htm

QUESTION 365
Your corporate network includes an Active Directory Domain Services (AD DS) domain contoso.local named.
On all servers Windows Server 2012 R2 is installed.
You want a read-only domain controller (RODC) to remove from the domain.
Which rule must be observed with respect to the removal RODC?

A.    All read-only domain controllers must be removed from the domain before the last writable domain controller can be downgraded.
B.    All writable domain controllers must be downgraded before a read-only domain controller can be removed from the domain.
C.    The overall structure may contain only read-only domain controller.
D.    There are no rules that must be followed when removing read-only domain controller.

Answer: A
Explanation:
A domain can not only read-only domain controller (RODC) included. A read-only domain controller (RODC) provide, you must deploy at least one writable domain controller for the same domain.
This serves as a replication partner for the RODC. Conversely, you must remove all read-only domain controller, bervor you demote the last writable domain controller.

QUESTION 366
On a server with the operating system Windows Server 2012 R2, you can uninstall the graphical shell for servers and get a server with minimal server user interface.
The user interface is similar to a minimal server installation Server with complete graphical user interface.
Some features are missing, however.
Which of the following features missing?

A.    Microsoft Management Console (MMC)
B.    Windows Explorer
C.    Subset of the Control Panel
D.    Server Manager

Answer: B
Explanation:
In Windows Ser1ver 2012, you can remove the server graphic shell, resulting in the “Minimal Server Interface”. This is similar to a server installation with a graphical user interface, but Internet Explorer 10, the Windows Explorer, the desktop and the Start screen are not installed.
The Microsoft Management Console (MMC), Server Manager, and a subset of the control panel are still available. If you start with a server installation with a graphical user interface, you can switch at any time using the Server Manager to minimum server user.

QUESTION 367
Which of the following features are available when Windows Server 2012 R2 is installed, although with complete graphical user interface but without the Desktop Experience feature presentation? (Select all that apply.)

A.    Modern UI start screen
B.    Integrated help system
C.    Windows Search
D.    Windows Media Player

Answer: AB
Explanation:
Using the Desktop Experience feature You can install a variety of Windows 8.1 features on a server running Windows Server 2012 Design. Thought this possibility is especially useful for providing remote desktop workstations. The Feature Desktop Experience includes uner including the Windows Media Player and Windows Search.

QUESTION 368
You administer a Windows Server 2012 R2 computer that is named Server1.
You want to use the Task Manager to end a running application.
Which register or which menu of Task Manager you use?

A.    power
B.    User
C.    Options
D.    Details

Answer: D
Explanation:
Running applications in Task Manager on the register details are terminated:

 

QUESTION 369
Your corporate network includes an Active Directory Domain Services (AD DS) domain contoso.local named.
Make the Windows Server Update Services (WSUS) on a server named Server1 ready.
You must prevent the Windows Server Update Services (WSUS) are automatically updated on Server1.
What step to run using the console Update Services?

A.    Use the Products and Classifications options, configure the Products settings.
B.    Use the Automatic Approvals options and change the settings on the tab Advanced.
C.    Use the Option Products and Classifications and change the settings in the registry classifications.
D.    Use the Automatic Approvals options and change the settings of the default rule for automatic approval.

Answer: B
Explanation:
In the advanced settings option rubberstamp approvals can be determined whether the updates that are intended for WSUS itself, are automatically approved. By default, this option is enabled.

 

QUESTION 370
Your corporate network includes an Active Directory Domain Services (AD DS) domain certbase.de named.
On all server computers Windows Server 2012 R2 is installed. All client computers Windows 8 is installed.
The domain comprises no certification authority (CA).
You must add in the domain a data recovery agent for the Encrypting File System (EFS). Which two steps you will perform? (Each correct answer presents part of the solution. Choose two.)

A.    Run on the Windows PowerShell cmdlet Get-Certificate from.
B.    Open the Default Domain Controllers Policy and perform the action data recovery agents create from.
C.    Open the Default Domain Policy and perform the action data recovery agents to add from.
D.    Run from the command prompt, the command-line utility Cipher.exe from
E.    Open the Default Domain Policy, and perform the action data recovery agents create from.
F.    Open the Default Domain Controllers Policy and perform the action data recovery agents to add from.

Answer: CD
Explanation:
With the call Cipher.exe/R:DRA we can create a certificate for EFS recovery. The command call creates a PFX file that contains the certificate and private key and a .CER file that contains only the certificate.
Then, the contents of the .cer file to the EFS recovery policy can be added to create the recovery key for users , The PFX file can be imported to restore individual files.

QUESTION 371
Your corporate network includes an Active Directory Domain Services (AD DS) domain certbase.de named.
On all server computers Windows Server 2012 R2 is installed. All client computers Windows 8 is running.
You must control access to removable storage devices.
Which category you will configure? (To be configured dialog box shown in the picture. Click the Drawing button.)

 

A.    Account Application
B.    Account Management
C.    DS Access
D.    Object Access
E.    Authorizations
F.    System

Answer: D
Explanation:
What events in detail are affected by the audit policies, can be determined easily by a look at the subcategories of the expanded audit policy:

 

QUESTION 372
Your corporate network includes an Active Directory Domain Services (AD DS) domain named contoso.com .
The domain contains a Windows Server 2012 R2 computer that is named Server1. On Server1 the role Windows Server Update Services is installed.
You have created a new Group Policy object (GPO).
To configure the Windows Update settings of the client computer so that Windows updates are every Wednesday installed at 13:00 clock.
Which policy will configure? (To be configured dialog box shown in the picture. Click the Drawing button.)

 

A.    Configure Automatic Updates
B.    Enable Client-side target allocation
C.    Specify intranet Microsoft update service
D.    Not allow administrators to receive update notifications
E.    Enable Windows Update Power Management to reactivate the system to install scheduled updates automatically
F.    Create new schedule of planned installations

Answer: A
Explanation:
The policy Configure Automatic Updates determines whether the computer security updates and other important downloads obtained via the Windows Automatic Updates service. In addition, you can specify one of the following options and a timetable for the installation:

2 = notify before downloading any updates and notify again before installation. If Windows detects updates that can be applied to the computer, an icon in the status area with a message that informs you that updates are available for download. Clicking the icon or message, you can select to download updates. The selected updates are then downloaded from Windows in the background. After downloading is complete, an icon in the status area again displayed that informs you that the updates can be installed. When you click the icon or message, you can select the updates that you want to install.

Automatically download 3 = (default) updates and notify you of updates installable Windows checks for updates that can be applied to the computer, and loads these automatically in the background without (the user is not notified during the process or disturbed). After downloading has been completed, the status area, the icon is displayed, informing you that the updates can be installed. When you click the icon or message, you can select the updates that you want to install.

Automatically download 4 = Updates and schedule that I specify install Specify the schedule using the options in the Group Policy setting. By default installations are planned daily for 3 clock in the morning, if no timetable is given. The completion of the update installation, if a restart is required, Windows will automatically restart the computer. (If a user is logged on to the computer when Windows is restarted, the user is notified and can delay the restart.)

5 = places allow administrators to select the configuration mode for the update installation through Automatic Updates This option can be enabled with local administrators, on the Control Panel icon “Automatic Updates” option to select a configuration. You can select a date for a planned installation example itself. Local administrators will not be allowed to disable the configuration for “Automatic Updates”.

 

QUESTION 373
Your corporate network includes an Active Directory Domain Services (AD DS) domain certbase.de named.
On all server computers Windows Server 2012 R2 is installed.
The domain contains an organizational unit (OU) named CBDateiserver.
The OU contains the computer accounts of all file servers in the domain.
You need to monitor successful user access to file sharing, file server.
Which audit policy, you will configure?
(To be configured dialog box shown in the picture. Click the Drawing button.)

 

A.    Audit logon events
B.    Audit account logon events
C.    Audit object access
D.    Audit privilege use
E.    Audit privilege use
F.    Audit directory service access

Answer: C
Explanation:
With the security setting Audit object access is determined whether user access be monitored for non-Active Directory objects. Monitoring will be generated only for objects that is specified for its own SACL (System Access Control List, ACL on the system), and only then, if the requested access type (for example, write, read or modify) and the account from which the request originates, correspond to the settings in the SACL.

The administrator can specify whether only successful or failed only or both successful and unsuccessful operations, or basically no operations are monitored (ie neither successful nor unsuccessful operations).

If the monitoring of successful operations enabled is an audit entry for each successful access to a non-Active Directory object that has a matching SACL is indicated, is generated. If the monitoring of failed transactions is enabled, each time failed access to a non-Active Directory object for which a matching SACL specified, an audit entry is generated.

Note that you can set a SACL on an Active Directory object on the “Security” tab in the “Properties” of the object. Default:. No supervision order to gain more control over the audit policy, you can use the settings in the node “Advanced Audit Policy Configuration”.

QUESTION 374
Your corporate network includes an Active Directory Domain Services (AD DS) domain named contoso.com .
The domain contains a Windows Server 2012 R2 computer that is named Server1.
On Server1 the role Windows Server Update Services is installed.
You want to use a Group Policy object (GPO) to assign members of a computer group.
Which settings you will configure?

 

A.    Configure Automatic Updates
B.    Specify intranet Microsoft update service
C.    Enable Software Notifications
D.    Enable recommended updates via Automatic Updates
E.    Enable Client-side targeting
F.    Allow signed updates from an intranet Microsoft update service location

Answer: E
Explanation:
Computer can either manually or using the policy setting Client-side target association enable to computer groups of the Windows Server Update Services can be added.

The Directive Enable Client-side target mapping indicates the target group name or the name that will be used to receive updates from Microsoft Update Service on the intranet .

If the status to “Enabled” is set, the specified target group information to the Microsoft Update service will be sent on the intranet. This uses this information to determine which updates will be made available on the computer.

If the Microsoft update service location on the intranet supports multiple audiences, multiple, semicolon-separated group names can be specified by this Directive. Otherwise, a single group must be specified.

If the status is set to “Disabled” or “Not Configured”, no target group information to the Microsoft Update service will be sent on the intranet.

Note:

This policy applies only when the Microsoft Update service on the intranet, which this Computer use is configured to support client-side target allocation.

This policy has no effect when the policy is “intranet specify for Microsoft update service location” is disabled or not configured.

This policy is not supported on Windows RT. Enabling this policy on PCs running Windows RT runs has no effect.

 

QUESTION 375
Your corporate network includes an Active Directory Domain Services (AD DS) domain certbase.de named.
On all domain controllers running Windows Server 2012 R2 is installed.
A support technician installed at an outdoor location Windows Server 2012 R2 on a server named DC10.
DC10 is currently a member of a workgroup.
You plan DC10 to a read-only domain controller (RODC) to change or “elevate”.
You must ensure that a user can promoted to a read-only domain controller with the username contoso \Tom DC10.
Your solution must the permissions that are granted to Tom, minimize.
How do you proceed?

A.    Use the command-line tool Ntdsutil.exe and run the command Local Roles from.
B.    Use Active Directory Users and Computers and create an account for a read-only domain controller.
C.    Use the console Active Directory Users and Computers, and then run the wizard for assigning object management for container Domain Controllers from.
D.    Take DC10 to the domain. And you change the properties of the computer account of DC10.

Answer: B
Explanation:
Use the context menu of the container domain controller you can access an assistant for a preliminary deployment of an account for a read-only domain controller. The wizard asks the name of the RODC, the destination site and the user account of a person from whom the permissions are delegated to install the read-only domain controller. The figure shows the relevant page of the wizard:

QUESTION 376
Your corporate network includes an Active Directory Domain Services (AD DS) domain certbase.de named.
All servers running Windows Server 2012 R2 is installed.
The domain contains a server named Server1. On Server1 the role Windows Deployment Services Windows Deployment Services (WDS) installed.
You have received a list of MAC addresses newly purchased client computers.
You want the command-line utility wdsutil.exe use to provide in advance the new client computers in Active Directory.
What parameters do you use?

A.    /get-AutoAddDevices
B.    /get-Device
C.    /add-Device
D.    /enable

Answer: C
Explanation:
The /add-Device parameter allows the prerelease deployment of computer accounts in Active Directory for the installation of the Windows Deployment Services. The parameter allows you to configure all options that are possible when using the wizard, the console Windows Deployment Services.

The following call adds the Windows Deployment Services is a prerelease deployment for the computer Desktop1 with the MAC address 00-B0-56-88-2F -DC without giving added another option:

WDSUTIL /Add-Device /Device:Desktop1 /ID:00-B0-56-88-2F-DC

QUESTION 377
Your corporate network includes an Active Directory Domain Services (AD DS) domain certbase.de named.
All servers running Windows Server 2012 R2 is installed.
The domain contains a server named Server1. On Server1 the role Windows Deployment Services Windows Deployment Services (WDS) installed.
You want the command-line utility wdsutil.exe use to retrieve information about the Active Directory provided in advance computer Desktop1.
What parameters do you use?

A.    /get-AutoAddDevices
B.    /get-Device
C.    /add-Device
D.    /enable

Answer: B
Explanation:
The / Get-Device parameters enables the retrieval of information on one or more devices prestaged. The following call retrieves information for a preliminary deployment of the computer Desktop2:

WDSUTIL / Get-Device / Device: Desktop2

QUESTION 378
Your corporate network includes an Active Directory Domain Services (AD DS) domain certbase.de named.
The domain contains a domain controller that is named DC-1.
You run the command ping dc-1.contoso.local and get the command output shown in the picture (click on the button drawing).
You must ensure that DC-1 responds to a ping. What usually open in the Windows Firewall on DC-1? (This to configure dialog box is shown in the picture. Click the Drawing button.)

A.    Active Directory Domain Controller – Echo Request (ICMPv4-In)
B.    Active Directory Domain Controller – Echo Request (ICMPv6-In)
C.    Active Directory Domain Controller – NetBIOS name resolution (UDP-In)
D.    Core network – Destination Unreachable (ICMPv6-In)
E.    Core network – Destination Unreachable, fragmentation required (ICMPv4-In)
F.    Online Responder Service (DCOM-In)

Answer: A
Explanation:

 

The inbound rule “Active Directory Domain Controller – Echo Request (ICMPv4-In)” determines whether incoming ping requests to allow or block.

 

QUESTION 379
Your company uses an Active Directory Domain Services (AD DS) domain certbase.de named. The domain contains a server named Server1. On Server1 Windows Server 2012 R2 Standard is installed on a Server Core installation.
You need to ensure that Server1 on Windows Server 2012 R2 Datacenter is run in a Server Core installation.
You want to reach your destination with minimal administrative effort.
What do you do?

A.    Perform a clean installation of Windows Server 2012 R2 on Server1.
B.    Update the existing Windows Server 2012 R2 installation.
C.    Use DISM and perform online maintenance.
D.    Use DISM and perform an offline maintenance.

Answer: C
Explanation:

 

This command-line tool DISM.exe (Deployment Image Servicing and Management Tool) was introduced with Windows Server 2008 R2. In addition to numerous other ways can with DISM.exe also an in-place upgrade of Windows Server 2012 R2 Standard Windows Server performed 2012 R2 Datacenter be. The following command calls can be used here:

DISM / online / Get-Current Edition provides the Windows Edition currently used
DISM / online / Get-TargetEditions provides the possible upgrade paths
DISM / online / Set-Edition [ID Edition] / ProductKey: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
performs direct update by the specified edition.

QUESTION 380
You are working as a server administrator for the company CertBase.
To install Windows Server 2012 R2 Server Core on a new server computer that is named Server1.
Once you decide to install the graphical user interface (GUI) on Server1.
Which tool will you use?

A.    PowerShell cmdlet Add-Windows Package
B.    PowerShell Cmdlet Add-WindowsFeature
C.    PowerShell Cmdlet Install-Module
D.    PowerShell Cmdlet Install-RoleService

Answer: B
Explanation:
Among the new features of Windows Server 2012 and Windows Server 2012 R2 include the ability to install them separately or can remove the GUI after the initial installation. In the blog you can find more information on the topic:

More free Lead2pass 70-411 exam new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDSmRhaVRWcW5Cc1k

Lead2pass is now offering Lead2pass 70-411 PDF dumps with 100% passing guarantee. Use Lead2pass 70-411 PDF and pass your exam easily. Download Microsoft 70-411 exam dumps and prepare for exam.

2017 Microsoft 70-411 (All 449 Q&As) exam dumps (PDF&VCE) from Lead2pass:

https://www.lead2pass.com/70-411.html [100% Exam Pass Guaranteed]