Administering Windows Server 2012

نمونه سوالات آزمون
Administering Windows Server 2012 - exam 70-411

QUESTION NO: 101

You work as a Network Administrator at ABC.com. ABC.com has an Active Directory Domain Services (AD DS) domain named ABC.com. All servers in the ABC.com domain have Microsoft Windows Server 2012 R2 installed.
ABC.com has a main office and a branch office. The two offices are connected by a WAN link.
ABC.com has five domain controllers named ABC-DC01, ABC-DC02, ABC-DC03, ABC-DC04 and ABC-DC05.
ABC-DC01, ABC-DC03 and ABC-DC05 are located in the main office. ABC-DC02 and ABC-DC04 are located in the branch office.
ABC.com has a Development department located in the main office. The developers have created an application that runs on domain controllers. You need to ensure that application settings are replicated to only the domain controllers in the main office. You want to create a custom Active Directory application partition that will be used to control which domain controllers the settings are replicated to.
How can you create the Active Directory application partition?

A. You should run Active Directory Sites and Services.
B. You should run the Netdom.exe command.
C. You should run the Ntdsutil.exe command.
D. You should run Active Directory Domains and Trusts.

Answer: C
Explanation:

QUESTION NO: 102

A. You should run the Get-ADDefaultDomainPasswordPolicy cmdlet.
B. You should run the Get- ADAccountPassword cmdlet.
C. You should run the Get-ADFineGrainedPasswordPolicy cmdlet.
D. You should run the Get-ADDefaultDomainPasswordPolicy cmdlet.

Answer: C
Explanation:

QUESTION NO: 103

You work as a Network Administrator at ABC.com. ABC.com has an Active Directory Domain Services (AD DS) domain named ABC.com. All servers in the ABC.com domain have Microsoft Windows Server 2012 R2 installed.
A server named ABC-SR12 runs the DNS Server role and hosts a primary zone for ABC.com.
Mia works as an IT Technician at ABC.com. Mia is not a member of the Domain Admins group.
You need to enable Mia to modify records in the ABC.com DNS zone. Mia must not be able to create or modify other DNS zones on ABC-SR12.
Your solution must minimize the administrative privileges assigned to Mia.
Which of the following actions would achieve the desired result?

A. In DNS Management, go to the properties of the server and modify the permissions on the Security tab.
B. In DNS Management, go to the properties of the ABC.com zone and modify the permissions on the Security tab.
C. In Active Directory Users and Computers, modify Mia’s group membership.
D. In DNS Management, go to the properties of the ABC.com zone and modify the start of authority (SOA) record.

Answer: B

Explanation:

QUESTION NO: 104

You work as a Network Administrator at ABC.com. ABC.com has an Active Directory Domain Services (AD DS) domain named ABC.com. All servers in the ABC.com domain have Microsoft Windows Server 2012 R2 installed.
A server named ABC-SR21 runs the File Services role and hosts several shared folders.
You have created a Data Collector Set (DCS) on ABC-SR21 to collect disk performance data. The DCS has been created with the default name.
You want to change the name of the DCS to “Disk Performance”.
How can you change the name of the DCS?

A. You should right-click on the DCS and selecting Rename.
B. You should modify the settings on the General tab in the properties of the DCS.
C. You should modify the settings on the Directory tab in the properties of the DCS.
D. The name cannot be changed. You should save the DCS as a template and create a new DCS based on the template.

Answer: D
Explanation:

QUESTION NO: 105

You work as a Network Administrator at ABC.com. The ABC.com network has two Active Directory forests. The corporate network is an Active Directory forest with a single Active Directory Domain Services (AD DS) domain named ABC.com. The second forest has a single Active Directory Domain Services (AD DS) domain named weyland.com
The weyland.com domain is used for test purposes including the testing of Group Policy Objects (GPOs).
A group policy object named TestPol has been created in the weyland.com domain. You want to apply TestPol to the ABC.com domain.
You take a backup of TestPol from a domain controller in the weyland.com domain and copy it to a domain controller in the ABC.com domain.
You need to view the domain-specific information in TestPol that will need to be updated before the GPO can be applied in the ABC.com domain.
What should you do?

A. In the Group Policy Management Console, open the Migration Table Editor and select Populate from Backup.
B. In the Group Policy Management Console, right-click on the Group Policy Objects node and select Manage Backups.
C. In the Group Policy Management Console, open the Migration Table Editor and select Populate from GPO.
D. In the Group Policy Management Console run the Group Policy Results Wizard.

Answer: A
Explanation:

QUESTION NO: 106

You work as a Network Administrator at ABC.com. ABC.com has an Active Directory Domain Services (AD DS) domain named ABC.com. All servers in the ABC.com domain have Microsoft Windows Server 2008 R2 installed.
ABC.com is considering migrating to Windows Server 2012 R2. You use a server named ABCSR27 that runs the Hyper-V Host server role. You want to test Windows Server 2012 R2 by installing it on a new virtual machine on ABC-SR27.
You configure a native-boot virtual hard disk (VHD) to on ABC-SR27 to run Windows Server 2012 R2 and use Disk Management to create and attach a VHD.
You plan to use Deployment Image Servicing and Management (DISM) to install Windows Server 2012 R2 onto the VHD and then configure the server to boot from the VHD.
Which parameter should you use with DISM to install Windows Server 2012 R2 onto the VHD?

A. You should use the /mount-image parameter.
B. You should use the /mount-wim parameter.
C. You should use the /append-image parameter.
D. You should use the /apply-image parameter.

Answer: D
Explanation:

QUESTION NO: 107

You work as a Network Administrator at ABC.com. ABC.com has an Active Directory Domain Services (AD DS) domain named ABC.com. All servers in the ABC.com domain have Microsoft Windows Server 2012 R2 installed.
ABC.com has purchased 50 new client computers. You want to deploy Windows 8 Pro on the new computers by using a server named ABC-SR21 that runs Windows Deployment Services (WDS). You configure ABC-SR21 with a Windows 8 image to deploy to client computers.
You want to prestage computer accounts for the client computers in an organizational unit (OU) named Win8 Clients.
You open Active Directory Users and Computers on a domain controller. You discover that when you create a new computer account, there is no option to configure the computer account as a managed computer.
How can you create the computer accounts as managed accounts?

A. In Active Directory Users and Computers, select the View > Advanced Features option and
then create the accounts.
B. Create the computer accounts in the Computers container in Active Directory.
C. Use Active Directory Users and Computers on ABC-SR21 to create the accounts.
D. On the domain controller, install the WDS administration console then create the accounts.

Answer: D
Explanation:

QUESTION NO: 108

You work as a Network Administrator at ABC.com. ABC.com has an Active Directory Domain Services (AD DS) domain named ABC.com. All servers in the ABC.com domain have Microsoft Windows Server 2012 R2 installed. ABC.com has a corporate LAN and a perimeter network.
A Windows Server 2012 R2 server named ABC-SR11 is located in the perimeter network and hosts the corporate website. The website is publicly accessible.
A Windows Server 2012 R2 server named ABC-SR04 is also located in the perimeter network. ABC-SR04 hosts a publicly accessible DNS zone which contains DNS records for the corporate website.
You plan to move the corporate web site to a new server named ABC-SR12.
You need to change the DNS records for the corporate web site to point to ABC-SR12.
To minimize the time it takes for the changed DNS records to propagate to other public DNS servers, you want to reduce the time that the DNS records are cached for.
What action should you take?

A. In the properties of the DNS zone, change the Serial Number value on the Start of Authority (SOA) tab.
B. In the properties of the DNS zone, change the Refresh Interval value on the Start of Authority (SOA) tab.
C. In the properties of the DNS zone, change the Expires After value on the Start of Authority (SOA) tab.
D. In the properties of the DNS zone, change the Minimum (default) TTL value on the Start of Authority (SOA) tab.
E. In the properties of the DNS zone, change the TTL for this record value on the Start of Authority (SOA) tab.

Answer: D
Explanation:

QUESTION NO: 109

You work as a Network Administrator at ABC.com. ABC.com has an Active Directory Domain Services (AD DS) domain named ABC.com. All servers in the ABC.com domain have Microsoft Windows Server 2012 R2 installed.
ABC.com has a Sales department. An OU exists for the Sales department. The OU contains the user and computer accounts for the Sales department.
Mia works as an IT Technician at ABC.com. Mia is not a member of the Domain Admins group.
You have delegated control of the Sales OU to Mia to enable her to manage the user accounts of the Sales users.
A new company security states that the following settings should be applied to Sales users:
Users must change password at next logon.
Minimum password length: 10.
Account is sensitive and cannot be delegated.
Enforce password history.
Password must meet complexity requirements.
Enforce maximum password age.
Mia can configure some of the required settings in the account properties of the user accounts. Other required settings will be configured using a password settings object (PSO).
Which settings can Mia configure? (Choose all that apply).

A. Users must change password at next logon.
B. Minimum password length: 10.
C. Account is sensitive and cannot be delegated.
D. Enforce password history.
E. Password must meet complexity requirements.
F. Enforce maximum password age.

Answer: A,B,C
Explanation:

QUESTION NO: 110

You work as a Network Administrator at ABC.com. ABC.com has an Active Directory Domain Services (AD DS) domain named ABC.com. All servers in the ABC.com domain have Microsoft Windows Server 2012 R2 installed.
ABC.com has a Sales department, a Human Resources (HR) department and a Production department. All user accounts in the ABC.com domain are contained in an organizational unit (OU) named ABC-Users.
All users in the Sales department are members of a global group named SalesGroup. All users in the HR department are members of a global group named HRGroup. All users in the Production department are members of a global group named ProductionGroup.
A server named ABC-SR21 runs the File Services role and hosts shared folders named Sales, HR and Production.
You configure a group policy object (GPO) named DrivesGPO and link it to the ABC-Users OU. You want to configure the GPO to map drives on the user’s computers to the shared folders. You want all members of SalesGroup to have their H: drive mapped to \\ABC-SR21\Sales, all members of HRGroup to have their H: drive mapped to \\ABC-SR21\HR and all members of ProductionGroup to have their H: drive mapped to \\ABC-SR21\Production.
What should you configure the GPO?

A. You should apply a WMI filter to the GPO.
B. You should apply Security Filtering to the GPO.
C. You should configure Item-level targeting in the GPO.
D. You should configure Group Policy Precedence for the GPO.
E. You should configure Restricted Groups in the GPO.

Answer: B
Explanation:

QUESTION NO: 111

You work as a Network Administrator at ABC.com. ABC.com has an Active Directory Domain Services (AD DS) domain named ABC.com. All servers in the ABC.com domain have Microsoft Windows Server 2012 R2 installed.
A technician has created a vhd file containing a Windows Server 2012 R2 installation image. The vhd image is offline. You must use DISM to apply updates to the vhd image. You need to mount the vhd image.
Which of the following actions should you take?

A. You should run the DISM utility with the /Get-MountedWinInfo parameter.
B. You should use Diskpart.exe.
C. You run the DISM utility with the /Mount-wim parameter.
D. You should run the DISM utility with the /Append-Image parameter.
E. You should run the DISM utility with the /Apply-Image parameter.

Answer: B
Explanation:

QUESTION NO: 112

You work as a Network Administrator at ABC.com. ABC.com has an Active Directory Domain Services (AD DS) domain named ABC.com. All the domain controllers on the ABC.com network have Windows Server 2012 R2 installed.
You have an Active Directory snapshot that you mount on a domain controller named ABC-DC07. You want to configure the snapshot so that it can be used as an LDAP server.
Which of the following can you use?

A. You should make use of the Dcpromo.exe utility with the /adv parameter.
B. You should make use of the Dsdbutil.exe utility with the activate parameter.
C. You should make use of the of the Dsmain.exe utility with the /dbpath paramater.
D. You should make use of the of the Ntdsutil.exe utility with the snapshot activate paramater.
E. You should make use of the of the Dsmain.exe utility with the /adlds parameter.

Answer: C
Explanation:

QUESTION NO: 113

You work as a Network Administrator at ABC.com. ABC.com has an Active Directory Domain Services (AD DS) domain named ABC.com. All servers in the ABC.com domain have Microsoft Windows Server 2012 R2 installed and all client computers have Windows 8 Enterprise installed.
BitLocker Drive Encryption (Bitlocker) is enabled on all client computers. You are using a client computer named ABC-WS38 that has a BitLocker recovery key on drive C.
When you return from a meeting you discover that drive D is locked. When you attempt to unlock drive D using the recovery key you receive an error message stating: “A valid USB key wasn’t detected …”
Which of the following actions should you take to access drive D?

A. You should run the manage-bde –protectors –add cmdlet.
B. You should run the Remove-BitLockerKeyProtector cmdlet.
C. You should run the manage-bde –protectors –get cmdlet.
D. You should run the Unlock-BitLocker -MountPoint "D:" cmdlet.

Answer: C

Explanation:

QUESTION NO: 114

You work as a Network Administrator at ABC.com. ABC.com has an Active Directory Domain Services (AD DS) domain named ABC.com. All servers on the network have Windows Server 2012 R2 installed.
You plan to enable external users to connect to the network using a VPN connection.
You are deploying Network Access Protection to ensure system health compliance for users that connect over a VPN connection.
You install a Windows Server 2012 R2 computer named ABC-SR16 and install the Network Policy Server role. You want to configure ABC-SR16 as a Network Access Protection (NAP) health policy server for the VPN connections.
You run the Configure NAP wizard to create a VPN Enforcement policy. However, you are unable to complete the wizard.
How can you ensure that you are able to complete the Configure NAP wizard to configure VPN Enforcement?

A. You should configure the IPSEC enforcement method first.
B. You should install a computer certificate on ABC-SR16.
C. You should install a System Health Agent on ABC-SR16.
D. You should install a System Health Validator on ABC-SR16.

Answer: B
Explanation:

QUESTION NO: 115

You work as a Network Administrator at ABC.com. ABC.com has an Active Directory Domain Services (AD DS) domain named ABC.com. All servers on the network have Windows Server 2012 R2 installed.
DirectAccess is enabled on the network using the default configuration. You want the DirectAccess clients to use DirectAccess whenever they access the Internet.
Which of the following actions should you take?

A. You should run the Set-DAClientExperienceConfiguration cmdlet.
B. You should run the run the netsh -c advfirewall command.
C. You should modify the external IP address assigned to the Web server.
D. You should configure the force tunneling settings for DirectAccess clients.

Answer: D
Explanation:

QUESTION NO: 116

You work as a Network Administrators at ABC.com. All servers on the ABC.com network have Windows Server 2012 R2 installed. The network has a server named ABC-SR34 that is configured as a Network Policy Server (NPS).
The network contains several wireless access points (WAPs). You want to secure the wireless network by using certificate-based mutual authentication.
Which action should you take?

A. You should configure NPS to use RADIUS authentication.
B. You should configure NPS to use EAP-TLS authentication.
C. You should configure NPS to use EAP-MS-CHAPv2 authentication.
D. You should configure NPS to use PEAP-MS-CHAPv2 authentication.

Answer: B
Explanation:

QUESTION NO: 117

You work as a Network Administrator at ABC.com. ABC.com has an Active Directory Domain Services (AD DS) domain named ABC.com. The ABC.com network has two domain controllers named ABC-SR01 and ABC SR02 that have Windows Server 2008 installed.
You add a new Windows Server 2012 R2 domain controller named ABC-SR06 to the network. You now want to use Active Directory Administrative Center on ABC-SR06 to implement Password Settings objects (PSOs). However, you are unable to create a PSO.
Which of the following actions do you need to take before you can create PSOs?

A. You should seize the operations masters role to ABC-SR06.
B. You should raise the domain functional level.
C. You should upgrade ABC-SR01 and ABC-SR02 to at least Windows Server 2008 R2.
D. You should configure ABC-SR06 as a Read-Only domain controller (RODC).

Answer: B
Explanation:

QUESTION NO: 118

You work as a Network Administrator at ABC.com. ABC.com has an Active Directory Domain Services (AD DS) domain named ABC.com. All servers in the ABC.com domain have Microsoft Windows Server 2012 R2 installed and all client computers have Windows 8 Pro installed.
You connect a new client computer named ABC-WS43 to the domain and want to ping a domain controller named ABC-DC07 from ABC-WS43. However, when you attempt to run the ping ABCdc07 command from the command prompt, you receive “Request timed out” messages.
How can you resolve this problem and allow ABC-WS43 to ping ABC-DC07 successfully?

A. You should run the netsh firewall set icmpsetting all enable command on ABC-DC07.
B. You should configure the inbound firewall rules on ABC-WS43 to allow Echo Requests.
C. You should run the netsh firewall set icmpsetting 4 enable command on ABC-WS43.
D. You should run the netsh advfirewall firewall add rule name="All ICMP V4" dir=in action=allow protocol=icmpv4 command on ABC-DC07.