[Lead2pass Official] Download Free Microsoft 70-411 Exam Questions And Answers From Lead2pass (301-320)

Lead2pass 2017 September New Microsoft 70-411 Exam Dumps!

100% Free Download! 100% Pass Guaranteed!

Lead2pass dumps for 70-411 exam are written to the highest standards of technical accuracy, provided by our certified subject matter experts and published authors for development. We guarantee the best quality and accuracy of our products. We hope you pass the exams successfully with our practice test. With our Microsoft 70-411 dumps, you will pass your exam easily at the first attempt. You can also enjoy 365 days free update for your product.

Following questions and answers are all new published by Microsoft Official Exam Center: https://www.lead2pass.com/70-411.html

QUESTION 301
Your network contains an Active Directory domain named contoso.com.
All domain controllers run Windows Server 2012.
You pre-create a read-only domain controller (P.QDC) account named RODC1.
You export the settings of RODC1 to a file named Filel.txt.
You need to promote RODC1 by using File1.txt.
Which tool should you use?

A.    The Install-WindowsFeature cmdlet
B.    The Add-WindowsFeature cmdlet
C.    The Dism command
D.    The Install-ADDSDomainController cmdlet
E.    the Dcpromo command

Answer: E
Explanation:
Dcpromo.exe deprecated in Windows Server 2012 Design.
You can use it for unattended installations but still.
If you’re in Windows Server 2012 “dcpromo.exe” run (with no parameters) from a command prompt, you will be redirected via a message to Server Manager, where Active Directory Domain Services with the wizard can install the Add Roles.
If you /dcpromo unattend run from a command prompt, you can still perform automatic installations with Dcpromo.exe.
So organizations can continue to use automated installation routines with dcpromo.exe for Active Directory Domain Services (AD DS), to write these routines with new Windows PowerShell.

QUESTION 302
You deploy a windows Server Update (WSUS) server named Server01.
You need to ensure that you can view update reports and computer reports on server01.
Which two components should you install? Each correct answer presents part of the solution.

A.    Microsoft Report Viewer 2008 Redistributable Package
B.    Microsoft .Net Framework 2.0
C.    Microsoft SQL Server 2008 R2 Builder 3.0
D.    Microsoft XPS Viewer
E.    Microsoft SQL Server 2012 reporting Services (SSRS)

Answer: AB
Explanation:
The Microsoft Report Viewer 2008 Redistributable Package includes Windows Forms and ASP.NET Web server controls for viewing reports that have been created for the Microsoft reporting technology.
The Windows Server Update Services (WSUS) require the .Net Framework 2.0 and this extension to display the reports. To distribute updates of the extension is not needed. In the later installation of a subsequent restart of the management console is required.

QUESTION 303
You deploy a windows Server Update (WSUS) server named Server01.
You need to prevent the WSUS service on Server01 from being updated automatically.
What should you do from the update service console?

A.    From the Product and Classification options, modify the Products setting.
B.    From the Automatic Approvals options, modify the Advanced settings.
C.    From the Product and Classification options, modify the Classifications setting.
D.    From the Automatic Approvals options, modify the Default Automatic Approval rule.

Answer: B

QUESTION 304
You have a group managed Service Account name Account01.
Only three servers named Server01, Server02 and Server03 are allowed to use Account01 service account.
You plan to decommission Server01.
You need to prevent Server01 from using the Account01 service account.
The solution must ensure that Server02 and Server03 continue to use the Account01 service account.
What command should you run? To answer, select the appropriate options in the answer area.

Answer Area:
Drop Down

Remove-ADServiceAccount
Reset-ADServiceAccount
Set- ADServiceAccount
Account01>>

-DNSHomeName
-PrincipalsAllowedToRetrieveManagedPassword
-SAMAccountName
-Server

>>>
Server01
Server01$
Server02, Server 03
Server02$, Server03$

Answer:
Set- ADServiceAccount
PrincipalsAllowedToRetrieveManagedPassword
Server02$, Server03$

QUESTION 305
Note: This Question is part of series of question that use the same or similar answer choices.
An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question.
You network contains one Active Directory domain named contoso.com.
The forest functional level is Windows Server 2012.
All servers run Windows Server 2012 R2. All client computer run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify which domain controller must be online when cloning a domain controller.
Which cmdlet should you use?

A.    Get-ADGroupMember
B.    Get-ADDomainControllerPasswordReplicationPolicy
C.    Get-ADDomainControllerPasswordReplicationPolicyUsage
D.    Get-ADDomain
E.    Get-ADOptionalFeature
F.    Get-ADAccountAuthorizationGroup
G.    Get-ADAuthenticationPolicySlio
H.    Get-ADAuthenticationPolicy

Answer: D
Explanation:
One requirement for cloning a domain controller is an existing Windows Server 2012 DC that hosts the PDC emulator role. You can run the Get-ADDomain and retrieve which server has the PDC emulator role.
Example: Command Prompt: C:\PS>
Get-ADDomain
Output wouldinclude a line such as: PDCEmulator : Fabrikam-DC1.Fabrikam.com
Incorrect:
Not A: The Get-ADGroupMember cmdlet gets the members of an Active Directory group.
Members can be users, groups, and computers.
Not E: The Get-ADOptionalFeature cmdlet gets an optional feature or performs a search to retrieve multiple optional features from an Active Directory. Not F: The Get-ADAuthorizationGroup cmdlet gets the security groups from the specified user, computer or service accounts token.
Reference: Step-by-Step: Domain Controller Cloning
http://blogs.technet.com/b/canitpro/archive/2013/06/12/step-by-step-domain-controller-cloning.aspx
Reference: Get-ADDomain
https://technet.microsoft.com/en-us/library/ee617224.aspx

QUESTION 306
Note: This Question is part of series of question that use the same or similar answer choices.
An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question.
You network contains one Active Directory domain named contoso.com.
The forest functional level is Windows Server 2012.
All servers run Windows Server 2012 R2. All client computer run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify whether deleted objects can be recovered from the Active Directory Recycle Bin.
Which cmdlet should you use?

A.    Get-ADGroupMember
B.    Get-ADDomainControllerPasswordReplicationPolicy
C.    Get-ADDomainControllerPasswordReplicationPolicyUsage
D.    Get-ADDomain
E.    Get-ADOptionalFeature
F.    Get-ADAccountAuthorizationGroup
G.    Get-ADAuthenticationPolicySlio
H.    Get-ADAuthenticationPolicy

Answer: E
Explanation:
The Get-ADOptionalFeature cmdlet gets an optional feature or performs a search to retrieve multiple optional features from an Active Directory.
Example: Get-ADOptionalFeature ‘Recycle Bin Feature’ Get the optional feature with the name ‘Recycle Bin Feature’.
Reference: Get-ADOptionalFeature
https://technet.microsoft.com/en-us/library/ee617218.aspx

QUESTION 307
Note: This Question is part of series of question that use the same or similar answer choices.
An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question.
You network contains one Active Directory domain named contoso.com.
The forest functional level is Windows Server 2012.
All servers run Windows Server 2012 R2. All client computer run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify whether the members of the protected Users group will be prevented from authenticating by using NTLM.
Which cmdlet should you use?

A.    Get-ADGroupMember
B.    Get-ADDomainControllerPasswordReplicationPolicy
C.    Get-ADDomainControllerPasswordReplicationPolicyUsage
D.    Get-ADDomain
E.    Get-ADOptionalFeature
F.    Get-ADAccountAuthorizationGroup
G.    Get-ADAuthenticationPolicySlio
H.    Get-ADAuthenticationPolicy

Answer: D

QUESTION 308
Note: This Question is part of series of question that use the same or similar answer choices.
An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question.
You network contains one Active Directory domain named contoso.com.
The forest functional level is Windows Server 2012.
All servers run Windows Server 2012 R2.
All client computer run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify which user accounts were authenticated by RODC1.
Which cmdlet should you use?

A.    Get-ADGroupMember
B.    Get-ADDomainControllerPasswordReplicationPolicy
C.    Get-ADDomainControllerPasswordReplicationPolicyUsage
D.    Get-ADDomain
E.    Get-ADOptionalFeature
F.    Get-ADAccountAuthorizationGroup
G.    Get-ADAuthenticationPolicySlio
H.    Get-ADAuthenticationPolicy

Answer: C
Explanation:
https://technet.microsoft.com/en-us/library/ee617194.aspx

QUESTION 309
Your Company is testing DirectAccess on Windows Server 2012 R2. Users report that when they connect to the corporate network by using DirectAccess, access to Internet websites and Internet hosts is slow. The users report that when they disconnect from DirectAccess, acces to the internet websites and the internet hosts is much faster.
You need to identify the most likely cause of the performance issue.
What should you identify?

A.    DirectAccess uses a self-signed certificate.
B.    The corporate firewall blocks TCP port 8080.
C.    Force tunneling is enabled.
D.    The DNS suffix list is empty

Answer: C
Explanation:
If Direct Access is configured for Force tunneling, compounds of the DirectAccess client to the internal network and the Internet via the remote access server are routed. The “detour” via the company network, can slow down access to websites and hosts on the Internet.

QUESTION 310
Your network contains one Active Directory domain named contoso.com. The domain contains a file server named Server01 that runs Windows Server 2012 R2. Server01 has an operating system drive and a data drive. Server01 has a trusted Platform Module (TPM).
Which cmdlet should you run first?

A.    Enable-TPMAutoProvisioning
B.    Unblock-TPM
C.    Install-WindowsFeature
D.    Lock-BitLocker

Answer: C
Explanation:
The Windows feature BitLocker Drive Encryption is not installed by default. The following call installs the feature with all its components and management tools: Install Windows feature BitLocker -IncludeAllSubFeature -IncludeManagementTools

QUESTION 311
You have the following Windows PowerShell output.

 

You need to create a Managed service Account.
What should you do?

A.    Run Set-KDSConfiguration and then run New-ADServiceAccount -Name “service01” -DNSHostName service01.contoso.com
B.    Run New-AuthenticationPolicySilo, and then run New-ADServiceAccount -Name
“service01” –DNSHostName service01.contoso.com.
C.    Run Add-KDSRootKey, and then run New-ADServiceAccount -Name “service01”
-DNSHostName service01.contoso.com.
D.    Run New-ADServiceAccount – Name “service01” – DNSHostName service01.contoso.com -SAMAccountName service01.

Answer: C
Explanation:
From the exhibit we see that the required key does not exist. First we create this key, then we create the managed service account.
The Add-KdsRootKey cmdlet generates a new root key for the Microsoft Group Key Distribution Service (KdsSvc) within Active Directory (AD). The Microsoft Group KdsSvc generates new group keys from the new root key.
The New-ADServiceAccount cmdlet creates a new Active Directory managed service account.
Reference: New-ADServiceAccount
https://technet.microsoft.com/en-us/library/hh852236(v=wps.630).aspx
Reference: Add-KdsRootKey
https://technet.microsoft.com/en-us/library/jj852117(v=wps.630).aspx

QUESTION 312
Hotspot Question
Your network contains an Active Directory domain named adatum.com.
The domain contains a server named Server1.
Your company implements DirectAccess.
A user named User1 works at a customer’s office.
The customer’s office contains a server named Server1.
When User1 attempts to connect to Server1, User1 connects to Server1 in adatum.com.
You need to provide User1 with the ability to connect to Server1 in the customer’s office.
Which Group Policy option should you configure? To answer, select the appropriate option in the answer area.

 

Answer:

 

QUESTION 313
Hotspot Question
Your network contains a DNS server named Server1. Server1 hosts a DNS zone for contoso.com.
You need to ensure that DNS clients cache records from contoso.com for a maximum of one hour.
Which value should you modify in the Start of Authority (SOA) record? To answer, select the appropriate setting in the answer area.

 

Answer:

 

QUESTION 314
Your network contains two Active Directory forests named contoso.com and adatum.com.
All domain controllers run Windows Server 2012 R2.
The adatum.com domain contains a Group Policy object (GPO) named GPO1.
An administrator from adatum.com backs up GPO1 to a USB flash drive.
You have a domain controller named dc1.contoso.com.
You insert the USB flash drive in dc1.contoso.com.
You need to identify the domain-specific reference in GPO1.
What should you do?

A.    From the Migration Table Editor, click Populate from Backup.
B.    From Group Policy Management, run the Group Policy Modeling Wizard.
C.    From Group Policy Management, run the Group Policy Results Wizard.
D.    From the Migration Table Editor, click Populate from GPO.

Answer: A
Explanation:
https://technet.microsoft.com/en-us/library/cc779961(v=ws.10).aspx

QUESTION 315
Your network contains 25 Web servers that run Windows Server 2012 R2.
You need to configure auditing policies that meet the following requirements:

– Generate an event each time a new process is created.
– Generate an event each time a user attempts to access a file share.

Which two auditing policies should you configure? To answer, select the appropriate two auditing policies in the answer area.

A.    Audit access management (Not Defined)
B.    Audit directory service access (Not Defined)
C.    Audit logon events (Not Defined)
D.    Audit object access(Not Defined)
E.    Audit policy change(Not Defined)
F.    Audit privilege use (Not Defined)
G.    Audit process tracking (Not Defined)
H.    Audit system events(Not Defined)

Answer: DG
Explanation:
* Audit Object Access
Determines whether to audit the event of a user accessing an object (for example, file, folder, registry key, printer, and so forth) which has its own system access control list (SACL) specified.
* Audit Process Tracking
Determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access.
Reference: Audit object access
https://technet.microsoft.com/en-us/library/cc976403.aspx
Reference: Audit Process Tracking
https://technet.microsoft.com/en-us/library/cc976411.aspx

QUESTION 316
You have two Windows Server Update Services (WSUS) servers named Server01 and Server02. Server01 synchronizes from Microsoft Update. Server02 synchronizes updates from Server01. Both servers are members of the same Active Directory domain.
You configure Server01 to require SSL for all WSUS metadata by using a certificate issued by an enterprise root certification authority (CA).
You need to ensure that Server02 synchronizes updates from Server01.
What should you do on Server02?

A.    From a command prompt, run wsusutil.exe configuresslproxy server02 443.
B.    From a command prompt, run wsusutil.exe configuressl server01.
C.    From a command prompt, run wsusutil.exe configuresslproxy server01 443.
D.    From the Update Services console, modify the Update Source and Proxy Server options.

Answer: D

QUESTION 317
Your network contains one Active Directory domain named contoso.com.
The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2.
All client computers run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify which security principals are authorized to have their password cached on RODC1.
Which cmdlet should you use?

A.    Get-ADGroupMember
B.    Get-ADDomainControllerPasswordReplicationPolicy
C.    Get-ADDomainControllerPasswordReplicationPolicyUsage
D.    Get-ADDomain
E.    Get-ADOptionalFeature
F.    Get-ADAccountAuthorizationGroup
G.    Get-ADAuthenticationPolicySlio
H.    Get-ADAuthenticationPolicy

Answer: B

QUESTION 318
You have a group Managed Service Account named Service01.
Three servers named Server01, Server02, and Server03 currently use the Service01 service account.
You plan to decommission Server01.
You need to remove the cached password of the Service01 service account from Server01.
The solution must ensure that Server02 and Server03 continue to use Service01.
Which cmdlet should you run?

A.    Set-ADServiceAccount
B.    Remove-ADServiceAccount
C.    Uninstall-ADServiceAccount
D.    Reset-ADServiceAccountPassword

Answer: A
Explanation:
https://technet.microsoft.com/en-us/library/jj128431.aspx

QUESTION 319
Your network contains an Active Directory domain named adatum.com.
The domain contains 10 domain controllers that run Windows Server 2012 R2.
You plan to create a new Active Directory-integrated zone named contoso.com.
You need to ensure that the new zone will be replicated to only four of the domain controllers.
What should you do first?

A.    Create an application directory partition.
B.    Create an Active Directory connection object.
C.    Create an Active Directory site link.
D.    Change the zone replication scope.

Answer: A
Explanation:
Application directory partitions
An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the replication of a particular application directory partition hosts a replica of that partition. Only domain controllers running Windows Server 2003 can host a replica of an application directory partition.

QUESTION 320
Hotspot Question
Your network contains one Active Directory domain named contoso.com.
The domain contains 10 file servers that run Windows Server 2012 R2.
You plan to enable BitLocker Drive Encryption (BitLocker) for the operating system drives of the file servers.
You need to configure BitLocker policies for the file servers to meet the following requirements:

– Ensure that all of the servers use a startup PIN for operating system drives encrypted with BitLocker.
– Ensure that the BitLocker recovery key and recovery password are stored in Active Directory.

Which two Group Policy settings should you configure? To answer, select the appropriate settings in the answer area.

 

Answer:

 

Explanation:
Choose how BitLocker-protected operating system drives can be recovered: With this policy setting, you can control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information. In Save BitLocker recovery information to Active Directory Domain Services, choose which BitLocker recovery information to store in Active Directory Domain Services (AD DS) for operating system drives. If you select Store recovery password and key packages, the BitLocker recovery password and the key package are stored in AD DS. Storing the key package supports recovering data from a drive that is physically corrupted. If you select Store recovery password only, only the recovery password is stored in AD DS.
Require additional authentication at startup:
With this policy setting, you can configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with a Trusted Platform Module (TPM). This policy setting is applied when you turn on BitLocker. On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use:
– only the TPM for authentication
– insertion of a USB flash drive containing the startup key
– the entry of a 4-digit to 20-digit personal identification number (PIN)
– a combination of the PIN and the USB flash drive
https://technet.microsoft.com/en-us/library/jj679890.aspx

More free Lead2pass 70-411 exam new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDSmRhaVRWcW5Cc1k

We offer standard exam questions of Microsoft 70-411 dumps. The standard exams are important if you have never taken a real exam. The accuracy of the Q&As are fully guaranteed and the number is enough to impact you passing the exam.

2017 Microsoft 70-411 (All 449 Q&As) exam dumps (PDF&VCE) from Lead2pass:

https://www.lead2pass.com/70-411.html [100% Exam Pass Guaranteed]