Welcome to download the newest pass4itsure 350-060 VCE dumps: https://www.pass4itsure.com/350-060.html
FLYDUMPS offer you detailed Microsoft 070-417 exam sample questions. Our experts come from different parts of the Industry and are most experienced and qualified to have the opportunity to write the Microsoft 070-417 exam for us. Microsoft 070-417 exam sample questions are even more difficult than the actual test. Our Microsoft 070-417 exam PDF is a mock up of the actual certification exam questions. This technique has been used for a longest time and it is 100% guaranteed. Microsoft 070-417 exam sample questions provides you everything you will need to take your Microsoft 070-417 Exam. The Microsoft 070-417 Exam details are researched and produced by Professional Certification Experts who are constantly using industry experience to produce precise, and logical.
QUESTION 1
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
On Server1, you create and start a virtual machine named VM1. VM1 is configured as shown in the following table.
You plan to create a checkpoint of VM1.
You need to recommend a solution to minimize the amount of disk space used for the checkpoint of VM1.
What should you do before you create the checkpoint?
A. Decrease the Maximum RAM.
B. Convert Disk1.vhd to a dynamically expanding disk.
C. Run the Stop-VM cmdlet.
D. Run the Resize-VHD cmdlet.
Correct Answer: C Explanation
Explanation/Reference:
Explanation: For checkpoints created when the virtual machine is stopped The checkpoint contains the state of the hard disks only. For checkpoints created when the virtual machine is running The checkpoint contains the state of the hard disks and the data in memory. Note: A checkpoint saves the state of each virtual hard disk that is attached to a virtual machine and all of the hard disk’s contents, including application data files. For virtual machines on Hyper-V and VMware ESX Server hosts, a checkpoint also saves the hardware configuration information. By creating checkpoints for a virtual machine, you can restore the virtual machine to a previous state.
QUESTION 2
Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.
You install a network monitoring application on VM2.
You need to ensure that all of the traffic sent to VM3 can be captured on VM2.
What should you configure?
A. NUMA topology
B. Resource control
C. Resource metering
D. Virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Correct Answer: J Explanation
Explanation/Reference:
Explanation: With Hyper-V Virtual Switch port mirroring, you can select the switch ports that are monitored as well as the switch port that receives copies of all the traffic. And since Port mirroring allows the network traffic of a virtual machine to be monitored by copying the traffic and forwarding it to another virtual machine that is configured for monitoring, you should configure port mirroring on VM2. References: http://technet.microsoft.com/en-us/library/jj679878.aspx#bkmk_portmirror
QUESTION 3
Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.
You plan to schedule a complete backup of Server1 by using Windows Server Backup.
You need to ensure that the state of VM1 is saved before the backup starts.
What should you configure?
A. NUMA topology
B. Resource control
C. Resource metering
D. Virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Correct Answer: I Explanation
Explanation/Reference:
Explanation: The Integration Services settings on virtual machines include services such as operating system shutdown, time synchronization, data exchange, Heartbeat, and Backup (volume snapshot services). This snapshot will ensure that the state of VM1 is saved prior to backup. References: http://msdn.microsoft.com/en-us/library/dd405549(v=vs.85).aspx Exam Ref 70-410, Installing and Configuring Windows Server 2012, Chapter 3: Configure Hyper-V, Objective 3.1: Create and Configure virtual machine settings, p. 144
QUESTION 4
Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.
VM3 is used to test applications.
You need to prevent VM3 from synchronizing its clock to Server1.
What should you configure?
A. NUMA topology
B. Resource control
C. Resource metering
D. Virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Correct Answer: I Explanation
Explanation/Reference:
Explanation:
Integration Services settings on virtual machines includes services such as operating system shutdown,
time synchronization, data exchange, Heart beat, and Backup (volume snapshot services. Thus you
should disable the time synchronization using Integration Services.
References:
http://blogs.technet.com/b/virtualization/archive/2008/08/29/backing-up-hyper-v-virtual- machines.aspx
Exam Ref 70-410, Installing and Configuring Windows Server 2012, Chapter 3: Configure Hyper-V,
Objective 3.1: Create and Configure virtual machine settings, p. 144
QUESTION 5
Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.
VM2 sends and receives large amounts of data over the network.
You need to ensure that the network traffic of VM2 bypasses the virtual switches of the parent partition.
What should you configure?
A. NUMA topology
B. Resource control
C. Resource metering
D. Virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Correct Answer: K Explanation
Explanation/Reference:
Explanation:
Single-root I/O virtualization -capable network adapters can be assigned directly to a virtual machine to
maximize network throughput while minimizing network latency and the CPU overhead required for
processing network traffic.
References:
http://technet.microsoft.com/en-us/library/cc766320(v=ws.10).aspx http://technet.microsoft.com/en-us/
library/hh831410.aspx Exam Ref 70-410, Installing and Configuring Windows Server 2012, Chapter 3:
Configure Hyper-V, Objective 3.1: Create and Configure virtual machine settings, p. 144 Training Guide:
Installing and Configuring Windows Server 2012: Chapter 7: Hyper-V Virtualization, Lesson 2: Deploying
and configuring virtual machines, p. 335
QUESTION 6
You perform a Server Core Installation of Windows Server 2012 R2 on a server named Server1.
You need to add a graphical user interface (GUI) to Server1.
Which tool should you use?
A. The imagex.exe command
B. The ocsetup.exe command
C. The setup.exe command
D. The dism.exe command
Correct Answer: D Explanation
Explanation/Reference:
The DISM command is called by the Add-WindowsFeature command. Here is the systax for DISM: Dism /online /enable-feature /featurename:ServerCore-FullServer /featurename:Server- Gui- Shell / featurename:Server-Gui-Mgmt
QUESTION 7
You have a server named Server1 that runs Windows Server 2012 R2.
You plan to create an image of Server1.
You need to remove the source files for all server roles that are not installed on Server1.
Which tool should you use?
A. dism.exe
B. servermanagercmd.exe
C. ocsetup.exe
D. imagex.exe
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
The Dism utility can be used to create and mount an image of Server1.
References:
http://technet.microsoft.com/en-us/library/cc749447(v=ws.10).aspx http://technet.microsoft.com/en-us/
library/dd744382(v=ws.10).aspx Training Guide: Installing and Configuring Windows Server 2012: Chapter
2: Deploying Servers, p. 44 Exam Ref 70-410: Installing and Configuring Windows Server 2012: Chapter 1: Installing and Configuring Servers, p. 19-22
QUESTION 8
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has following storage spaces:
Data
Users
Backups
Primordial
You add an additional hard disk to Server1.
You need to identify which storage space contains the new hard disk.
Which storage space contains the new disk?
A. Primordial
B. Data
C. Backups
D. Users
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
New Disks (Unallocated space) added to Primordial space.
References:
http://blogs.technet.com/b/canitpro/archive/2012/12/13/storage-pools-dive-right-in.aspx
QUESTION 9
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012.
You create a group Managed Service Account named gservice1.
You need to configure a service named Service1 to run as the gservice1 account.
How should you configure Service1?
A. From a command prompt, run ss.exe and specify the config parameter.
B. From a command prompt, run ss.exe and specify the sdset parameter.
C. From the Services console, configure the General settings.
D. From Windows PowerShell, run Set-Service and specify the -PassThrough parameter.
Correct Answer: C Explanation
Explanation/Reference:
*
Services are often run with default settings — for example, a service might be disabled automatically at
startup. You can use the Services snap-in to change the default settings for a service.
*
To configure how a service is started using the Windows interface
1.
ClickStart , click in theStart Search box, typeservices.msc , and then press ENTER.
2.
Optionally, export and save a list of the existing settings. To do this, right-clickServices , selectExport
List , and save the settings list.
3.
In the details pane, right-click the service that you want to configure, and then clickProperties .
4.
On theGeneral tab, inStartup type , clickAutomatic ,Manual ,Disabled , orAutomatic (Delayed Start) .
5.
To specify the user account that the service can use to log on, click theLog On tab, and then do one of
the following:
Etc.
http://technet.microsoft.com/en-us/library/ee176963.aspx http://technet.microsoft.com/en-us/library/ cc990290(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc738230(v=ws.10).aspx
QUESTION 10
You have a server named Data1 that runs a Server Core Installation of Windows Server 2012 R2 Standard.
You need to configure Data1 to run a Server Core Installation of Windows Server 2012 R2 Datacenter. You want to achieve this goal by using the minimum amount of administrative effort.
What should you perform?
A. An online servicing by using Dism
B. An offline servicing by using Dism
C. An upgrade installation of Windows Server 2012 R2
D. A clean installation of Windows Server 2012 R2
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
There are a couple of ways to install the GUI from the command prompt, although both use the same tool -DISM (Deployment Image Service Manager). When you are doing it for a single (local) server, the
command is:
Dism /online /enable-feature /featurename:ServerCore-FullServer /featurename:…
References:
Training Guide: Installing and Configuring Windows Server 2012: Chapter 2: Deploying Servers, p. 44
Exam Ref 70-410: Installing and Configuring Windows Server 2012: Chapter 1: Installing and Configuring
Servers, p. 19-22
QUESTION 11
Your network contains an Active Directory forest named contoso.com.
The forest contains two domains named contoso.com and child.contoso.com and two sites named Site1 and Site2. The domains and the sites are configured as shown in following table.
When the link between Site1 and Site2 fails, users fail to log on to Site2.
You need to identify what prevents the users in Site2 from logging on to the child.contoso.com domain.
What should you identify?
A. The placement of the infrastructure master
B. The placement of the global catalog server
C. The placement of the domain naming master
D. The placement of the PDC emulator
Correct Answer: D Explanation
Explanation/Reference:
The exhibit shows that Site2 does not have a PDC emulator. This is important because of the close interaction between the RID operations master role and the PDC emulator role The PDC emulator processes password changes from earlier-version clients and other domain controllers on a best-effort basis; handles password authentication requests involving passwords that have recently changed and not yet been replicated throughout the domain; and, by default, synchronizes time. If this domain controller cannot connect to the PDC emulator, this domain controller cannot process authentication requests, it may not be able to synchronize time, and password updates cannot be replicated to it.
QUESTION 12
Your network contains an Active Directory forest that contains two domains. The forest contains five domain controllers.
The domain controllers are configured as shown in the following table.
You need to configure DC5 as a global catalog server.
Which tool should you use?
A. Active Directory Administrative Center
B. Active Directory Users and Computers
C. Active Directory Sites and Services
D. Active Directory Domains and Trusts
Correct Answer: C Explanation
Explanation/Reference:
Explanation:
Active Directory Sites and Services can be used to Add or remove the global catalog read-only directory
partitions from a domain controller in the site. Confirm that all read-only directory partitions have been
replicated to the new global catalog server. As well as verify that the global catalog server is being
advertised in Domain Name System (DNS).
References:
http://technet.microsoft.com/en-us/library/cc730868.aspx http://technet.microsoft.com/en-us/library/
cc770674.aspx
QUESTION 13
Your network contains an Active Directory forest. The forest contains a single domain named contoso.com. The domain contains four domain controllers.
The domain controllers are configured as shown in the following table.
All domain controllers are DNS servers.
You plan to deploy a new domain controller named DC5 in the contoso.com domain.
You need to identify which domain controller must be online to ensure that DC5 can be promoted successfully to a domain controller.
Which domain controller should you identify?
A. DC1
B. DC2
C. DC3
D. DC4
Correct Answer: C Explanation
Explanation/Reference:
Explanation:
In order to add a Domain Controller to corp.contoso.com, you need PDC and RID of that domain, not of the
root domain. The Domain Naming Master is needed to add, remove and rename domains in the forest, i.e.
not for individual Domain Controllers.
QUESTION 14
Your network contains an Active Directory forest named contoso.com. All domain controllers currently run Windows Server 2008 R2.
You plan to install a new domain controller named DC4 that runs Windows Server 2012 R2.
The new domain controller will have the following configurations:
Schema master
Global catalog server
DNS Server server role
Active Directory Certificate Services server role
You need to identify which configurations cannot be fulfilled by using the Active Directory Domain Services Configuration Wizard.
Which two configurations should you identify? (Each correct answer presents part of the solution. Choose two.)
A. Enable the global catalog server.
B. Transfer the schema master.
C. Install the Active Directory Certificate Services role.
D. Install the DNS Server role.
Correct Answer: BC Explanation
Explanation/Reference:
Explanation:
AD Installation Wizard will automatically install DNS and allows for the option to set it as a global catalog
server. ADCS and schema must be done separately.
QUESTION 15
You have a server named Server1 that runs Windows Server 2012.
You promote Server1 to a domain controller.
You need to view the service location (SRV) records that Server1 registers in DNS.
What should you do on Server1?
A. Open the Netlogon.dns file.
B. Run ipconfig /displaydns.
C. Run Get-DnsServerDiagnostics.
D. Open the SrC. sys file.
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
Netlogon.dns – If you are using non-Microsoft DNS servers to support Active Directory, you can verify SRV
locator resource records by viewing Netlogon.dns. Netlogon.dns is located in the %systemroot%\System32
\Config folder. You can use a text editor, such as Microsoft Notepad, to view this file.
The first record in the file is the domain controller’s Lightweight Directory Access Protocol (LDAP) SRV
record.
References:
http://support.microsoft.com/kb/816587/en-us
QUESTION 16
Your network contains an Active Directory domain named adatum.com. The domain contains a member server named Server1 and a domain controller named DC2. All servers run Windows Server 2012 R2.
On DC2, you open Server Manager and you add Server1 as another server to manage.
From Server Manager on DC2, you right-click Server1 as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that when you right-click Server1, you see the option to run the DHCP console. What should you do?
A. On DC2, install the Role Administration Tools.
B. On DC2 and Server1, run winrmquickconfig.
C. In the domain, add DC2 to the DHCP Administrators group.
D. On Server1, install the Feature Administration Tools. Correct Answer: A
Explanation Explanation/Reference:
Explanation:
You need to install the feature administrations tools for the dhcp . Need to install DHCP management tools
on DC2 then you will have access to dhcp management.
QUESTION 17
Your network contains an Active Directory domain named contoso.com. The domain contains three
servers named Server1, Server2, and Server3.
You create a server group named ServerGroup1.
You discover the error message shown in the following exhibit. (Click the Exhibit button.)
You need to ensure that Server2 can be managed remotely by using Server Manager.
What should you do?
A. On Server2, run the netdom.exe command.
B. On Server2, run the net stop netlogon command, and then run the net start netlogon command.
C. On DC1, run the Enable-PSSessionConfigurationcmdlet.
D. On Server2, modify the membership of the Remote Management Users group.
Correct Answer: D Explanation
Explanation/Reference:
Explanation:
This is a security issue. To be able to access Server2 remotely through Server Manager the user need to
be a member of the Remote Management Users group.
References:
Training Guide: Installing and Configuring Windows Server 2012, Chapter 3 Server Remote Management,
Lesson 1: Server Manager, p. 90-92
QUESTION 18
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a server named Server1.
You install the Windows PowerShell Web Access gateway on Server1.
You need to provide administrators with the ability to manage the servers in the domain by using the Windows PowerShell Web Access gateway.
Which two cmdlets should you run on Server1? (Each correct answer presents part of the solution. Choose two.)
A. Install PswaWebApplication
B. Add PswaAuthorizationRule
C. Set-WSManlnstance
D. Set-WSManQuickConfig
E. Set-BCAuthentication
Correct Answer: AB Explanation
Explanation/Reference:
Configure PowerShell Web Access Gateway using the following PowerShell Cmdlet. Install-PswaWebApplication UseTestCertificate Running the cmdlet installs the Windows PowerShell Web Access web application within the IIS Default Web Site container. The cmdlet creates the infrastructure required to run Windows PowerShell Web Access on the default website, https://<server_name>/pswa. Add-PswaAuthorizationRule Adds a new authorization rule to the Windows PowerShell Web Access authorization rule set. Parameters: ComputerGroupName ComputerName ConfigurationName RuleName UserGroupName UserName Credential (Windows Server 2012 R2 and later) References: http://technet.microsoft.com/en-us/library/hh849867.aspx http://technet.microsoft.com/en-us/library/ hh849875.aspx http://technet.microsoft.com/en-us/library/jj592890(v=wps.620).aspx http:// technet.microsoft.com/en-us/library/hh848404(v=wps.620).aspx http://technet.microsoft.com/en-us/library/ jj592894(v=wps.620).aspx
QUESTION 19
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 and a server named Server2 that runs Windows Server 2008 R2 Service Pack 1 (SP1). Both servers are member servers.
On Server2, you install all of the software required to ensure that Server2 can be managed remotely from Server Manager.
You need to ensure that you can manage Server2 from Server1 by using Server Manager.
Which two tasks should you perform on Server2? (Each correct answer presents part of the solution. Choose two.)
A. Run the Enable-PSRemotingcmdlet.
B. Run the Configure-SMRemoting.psl script.
C. Run the Enable-PSSessionConfigurationcmdlet.
D. Run the Set-ExecutionPolicycmdlet.
E. Run the systempropertiesremote.exe command.
Correct Answer: BD Explanation
Explanation/Reference:
Explanation:
To configure Server Manager remote management by using Windows PowerShell On the computer that
you want to manage remotely, open a Windows PowerShell session with elevated user rights.
In the Windows PowerShell session, type the following, and then press Enter. Set-ExecutionPolicy –
ExecutionPolicyRemoteSigned (D) Type the following, and then press Enter to enable all required firewall
rule exceptions.
Configure-SMRemoting.ps1 -force enable (B)
QUESTION 20
Your network contains an Active Directory domain named contoso.com. The domain contains two member
servers named Server1 and Server2 that run Windows Server 2012 R2.
You log on to Server1.
You need to retrieve the IP configurations of Server2.
Which command should you run from Server1?
A. winrm get server2
B. dsquery · -scope base -attrip/server2
C. winrs -r:server2ipconfig
D. ipconfig> server2.ip
Correct Answer: C Explanation
Explanation/Reference:
Explanation:
Windows Remote Management allows you to manage and execute programs remotely References:
Exam Ref 70-410: Installing and Configuring Windows Server 2012: Objective 4.3: Deploy and Configure
the DNS service, Chapter 4 Deploying and Configuring core network services, p. 246 http://
technet.microsoft.com/en-us/library/dd349801(v=ws.10).aspx
QUESTION 21
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 has the DHCP Server server role and the Network Policy Server role service installed.
Server1 contains three non-overlapping scopes named Scope1, Scope2, and Scope3. Server1 currently provides the same Network Access Protection (NAP) settings to the three scopes.
You modify the settings of Scope1 as shown in the exhibit. (Click the Exhibit button.)
You need to configure Server1 to provide unique NAP enforcement settings to the NAP non- compliant DHCP clients from Scope1.
What should you create?
A. A network policy that has the MS-Service Class condition
B. A connection request policy that has the Service Type condition
C. A network policy that has the Identity Type condition
D. A connection request policy that has the Identity Type condition
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
A. Restricts the policy to clients that have received an IP address from a DHCP scope that matches the specified DHCP profile name. This condition is used only when you are deploying NAP with the DHCP enforcement method. To use the MS-Service Class attribute, in Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile. http://technet.microsoft.com/en-us/library/ cc731220(v=ws.10).aspx
QUESTION 22
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server role service installed.
You plan to configure Server1 as a Network Access Protection (NAP) health policy server for VPN enforcement by using the Configure NAPwizard.
You need to ensure that you can configure the VPN enforcement method on Server1 successfully. What should you install on Server1 before you run the Configure NAP wizard?
A. A computer certificate
B. A system health validator (SHV)
C. The Remote Access server role
D. The Host Credential Authorization Protocol (HCAP) Correct Answer: A
Explanation Explanation/Reference:
http://technet.microsoft.com/en-us/library/cc732681.aspx http://technet.microsoft.com/en-us/library/ dd125396(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh831416.aspx http:// technet.microsoft.com/en-us/library/dd125301(v=ws.10).aspx
QUESTION 23
Your network contains an Active Directory domain named contoso.com. The domain contains client
computers that run Either Windows XP, Windows 7, or Windows 8.
Network Policy Server (NPS) is deployed to the domain.
You plan to create a system health validator (SHV).
You need to identify which policy settings can be applied to all of the computers.
Which three policy settings should you identify? (Each correct answer presents part of the solution.
Choose three.)
A. Automatic updating is enabled.
B. A firewall is enabled for all network connections.
C. An antispyware application is on.
D. Antispyware is up to date.
E. Antivirus is up to date. Correct Answer: ABE
Explanation Explanation/Reference:
http://technet.microsoft.com/en-us/library/cc731260.aspx
QUESTION 24
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server.
The network contains two subnets named Subnet1 and Subnet2. Server1 has a DHCP scope for each subnet.
You need to ensure that noncompliant computers on Subnet1 receive different network policies than noncompliant computers on Subnet2.
Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)
A. The NAS Port Type constraints
B. The Health Policies conditions
C. The Called Station ID constraints
D. The NAP-Capable Computers conditions
E. The MS-Service Class conditions
Correct Answer: DE Explanation
Explanation/Reference:
Explanation:
C: The NAP health policy server uses the NPS role service with configured health policies and system health validators (SHVs) to evaluate client health based on administrator-defined requirements. Based on results of this evaluation, NPS instructs the DHCP server to provide full access to compliant NAP client computers and to restrict access to client computers that are noncompliant with health requirements.
D: If policies are filtered by DHCP scope, then MS-Service Class is configured in policy conditions.
QUESTION 25
Your network contains a single Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
The domain contains 400 desktop computers that run Windows 8 and 200 desktop computers that run Windows Vista Service Pack 2(SP2).
All of the desktop computers are located in an organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1. GPO1 contains startup script settings.
You link GPO1 to OU1.
You need to ensure that GPO1 is applied only to computers that run Windows 8.
What should you do?
A. Modify the Security settings of OU1.
B. Create and link a WMI filter to GPO1.
C. Run the Set-GPInheritancecmdlet and specify the -target parameter.
D. Run the Set-GPLinkcmdlet and specify the -target parameter.
Correct Answer: B Explanation
Explanation/Reference:
Explanation:
WMI Filtering is used to get information of the system and apply the GPO on it with the condition is
met.Security filtering: apply a GPO to a specific group (members of the group)
QUESTION 26
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012. Server1 has the Remote Desktop Session Host role service installed. The computer account of Server1 resides in an organizational unit (OU) named OU1.
You create and link a Group Policy object (GPO) named GPO1 to OU1. GPO1 is configured as shown in the exhibit. (Click the Exhibit button.)
You need to prevent GPO1 from applying to your user account when you log on to Server1. GPO1 must apply to every other user who logs on to Server1.
What should you configure?
A. Item-level targeting
B. Security Filtering
C. Block Inheritance
D. WMI Filtering
Correct Answer: B Explanation
Explanation/Reference:
Security filtering is a way of refining which users and computers will receive and apply the settings in a Group Policy object (GPO). Using security filtering, you can specify that only certain security principals within a container where the GPO is linked apply the GPO. Security group filtering determines whether the GPO as a whole applies to groups, users, or computers; it cannot be used selectively on different settings within a GPO.
QUESTION 27
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2.
An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A
Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The
solution must minimize administrative effort.
Which tool should you use?
A. TheSecedit command
B. The Invoke-GpUpdatecmdlet
C. Group Policy Object Editor
D. Server Manager Correct Answer: B
Explanation Explanation/Reference:
QUESTION 28
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012.
The domain contains an Edge Server named Server1. Server1 is configured as a DirectAccess server. Server1 has the following settings:
Internal DNS name: Server1.contoso.com External DNS name:
dal.contoso.com Internal IPv6 address: 2002:cla8:6a:3333::l
External IPv4 address: 65.55.37.62
Your company uses split-brain DNS for the contoso.com zone.
You run the Remote Access Setup wizard as shown in the following exhibit. (Click the Exhibit button.)
You need to ensure that client computers on the Internet can establish DirectAccess connections to Server1.
Which additional name suffix entry should you add from the Remote Access Setup wizard?
A. A Name Suffix value of Server1.contoso.com and a blank DNS Server Address value
B. A Name Suffix value of dal.contoso.com and a blank DNS Server Address value
C. A Name Suffix value of Server1.contoso.com and a DNS Server Address value of 65.55.37.62
D. A Name Suffix value of dal.contoso.com and a DNS Server Address value of 65.55.37.62
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
*
In a non-split-brain DNS environment, the Internet namespace is different from the intranet namespace. For example, the Contoso Corporation uses contoso.com on the Internet and corp.contoso.com on the intranet. Because all intranet resources use the corp.contoso.com DNS suffix, the NRPT rule for corp.contoso.com routes all DNS name queries for intranet resources to intranet DNS servers. DNS name queries for names with the contoso.com suffix do not match the corp.contoso.com intranet namespace rule in the NRPT and are sent to Internet DNS servers.
*
Split-brain DNS is a configuration method that enables proper resolution of names (e.g., example.com) from both inside and outside of your local network. Note: For split-brain DNS deployments, you must list the FQDNs that are duplicated on the Internet and intranet and decide which resources the DirectAccess client should reach, the intranet version or the public (Internet) version. For each name that corresponds to a resource for which you want DirectAccess clients to reach the public version, you must add the corresponding FQDN as an exemption rule to the NRPT for your DirectAccess clients. Name suffixes that do not have corresponding DNS servers are treated as exemptions.
Reference: Design Your DNS Infrastructure for DirectAccess
QUESTION 29
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Remote Access server role installed.
DirectAccess is implemented on Server1 by using the default configuration.
You discover that DirectAccess clients do not use DirectAccess when accessing websites on the Internet. You need to ensure that DirectAccess clients access all Internet websites by using their DirectAccess connection.
What should you do?
A. Configure a DNS suffix search list on the DirectAccess clients.
B. Enable the Route all traffic through the internal network policy setting in the DirectAccess Server Settings Group Policy object (GPO).
C. Configure DirectAccess to enable force tunneling.
D. Disable the DirectAccess Passive Mode policy setting in the DirectAccess Client Settings Group Policy object (GPO).
Correct Answer: C Explanation
Explanation/Reference:
QUESTION 30
Your network contains an Active Directory domain named contoso.com. The domain contains a Web server named www.contoso.com. The Web server is available on the Internet.
You implement DirectAccess by using the default configuration.
You need to ensure that users never attempt to connect to www.contoso.com by using DirectAccess. The solution must not prevent the users from using DirectAccess to access other resources in contoso.com.
Which settings should you configure in a Group Policy object (GPO)?
A. DirectAccess Client Experience Settings
B. Name Resolution Policy
C. DNS Client
D. Network Connections
Correct Answer: B Explanation
Explanation/Reference:
Explanation:
For DirectAccess, the NRPT must be configured with the namespaces of your intranet with a leading dot
(for example, .internal.contoso.com or .corp.contoso.com). For a DirectAccess client, any name request
that matches one of these namespaces will be sent to the specified intranet Domain Name System (DNS)
servers.
Include all intranet DNS namespaces that you want DirectAccess client computers to access. There are no
command line methods for configuring NRPT rules. You must use Group Policy settings. To configure the
NRPT through Group Policy, use the Group Policy add-in at Computer Configuration \Policies\Windows
Settings\Name Resolution Policy in the Group Policy object for DirectAccess clients. You can create a new
NRPT rule and edit or delete existing rules. For more information, see Configure the NRPT with Group
Policy.
Microsoft certification Microsoft 070-417 Exam is a milestone in your becoming Microsoft certified professionals. There are hundreds of online sources providing Microsoft 070-417 exam dumps. You can choose Flydumps Microsoft 070-417 exam dumps for your Microsoft 070-417 Certification Exam.Microsoft 070-417 exam dumps provide you the gateway to success in actual Microsoft 070-417 Certification Exam.
Welcome to download the newest pass4itsure 350-060 VCE dumps: https://www.pass4itsure.com/350-060.html
Microsoft 070-417 Certification Exams, First-hand Microsoft 070-417 Vce Files With High Quality