Answer: A
Explanation:
Priority. Priority specifies the order of importance of the RADIUS server to the NPS proxy
server. Priority level must be assigned a value that is an integer, such as 1, 2, or 3. The lower
the number, the higher priority the NPS proxy gives to the RADIUS server. For example, if
the RADIUS server is assigned the highest priority of 1, the NPS proxy sends connection
requests to the RADIUS server first; if servers with priority 1 are not available, NPS then
sends connection requests to RADIUS servers with priority 2, and so on. You can assign the
same priority to multiple RADIUS servers, and then use the Weight setting to load balance
between them.
QUESTION: 101
YournetworkcontainsanActiveDirectorydomainnamedadatum.com.Thedomain
contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured
as a Network Policy Server (NPS) server and as a DHCP server. The network contains two
subnets named Subnet1 and Subnet2. Server1 has a DHCP scope for each subnet. You need
to ensure that noncompliant computers on Subnet1 receive different network policies than
noncompliantcomputersonSubnet2.Whichtwosettingsshouldyouconfigure?(Each
correct answer presents part of the solution. Choose two.)
A. The NAP-Capable Computers conditions
B. The NAS Port Type constraints
C. The Health Policies conditions
D. The MS-Service Class conditions
E. The Called Station ID constraints
Answer: C, D
Explanation:
The NAP health policy server uses the NPS role service with configured health policies and
systemhealthvalidators(SHVs)toevaluateclienthealthbasedonadministrator-defined
requirements. Based on results of this evaluation, NPS instructs the DHCP server to provide
full access to compliant NAP client computers and to restrict access to client computers that
are noncompliant with health requirements. If policies are filtered by DHCP scope, then MS-
Service Class is configured in policy conditions.
QUESTION: 102
Your network is configured as shown in the exhibit. (Click the Exhibit button.)
134
Server1 regularly accesses Server2. You discover that all of the connections from Server1 to
Server2 are routed through Router1. You need to optimize the connection path from Server1
to Server2. Which route command should you run on Server1?
A. Route add -p 10.10.10.0 MASK 255.255.255.0 172.23.16.2 METRIC 100
B. Route add -p 10.10.10.0 MASK 255.255.255.0 10.10.10.1 METRIC 50
C. Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.1 METRIC 100
D. Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.0 METRIC 50
Answer: A
Explanation:
Destination -specifies either an IP address or host name for the network or host.
specifies a subnet mask to be associated with this route entry. If subnetmask is
subnetmask -
not specified, 255.255.255.255 is used.
gateway -specifies either an IP address or host name for the gateway or router to use when
forwarding.
costmetric - assignsanintegercostmetric(rangingfrom1through9,999)tobeusedin
calculatingthefastest,mostreliable,and/orleastexpensiveroutes.Ifcostmetricisnot
specified, 1 is used.
interface -specifies the interface to be used for the route that uses the interface number. If an
interfaceisnotspecified,theinterfacetobeusedfortherouteisdeterminedfromthe
gateway IP address.
References:
http: //support. microsoft. com/kb/299540/en-us
http: //technet. microsoft. com/en-us/library/cc757323%28v=ws. 10%29. aspx
QUESTION: 103
YournetworkcontainsanActiveDirectorydomainnamedcontoso.com.Thedomain
contains a RADIUS servernamed Server1 that runs Windows Server 2012 R2. You add a
VPN server named Server2 to the network. On Server1, you create several network policies.
You need to configure Server1 to accept authentication requests from Server2. Which tool
should you use on Server1?
A. Server Manager
135
B. Routing and Remote Access
C. New-NpsRadiusClient
D. Connection Manager Administration Kit (CMAK)
Answer: C
Explanation:
New-NpsRadiusClient-Name"NameOfMyClientGroup"-Address"10.1.0.0/16"-
AuthAttributeRequired0-NapCompatible0-SharedSecret"SuperSharedSecretxyz"-
VendorName "RADIUSStandard"
Reference:
http: //technet. microsoft. com/en-us/library/hh918425(v=wps. 620). aspx
http: //technet. microsoft. com/en-us/library/jj872740(v=wps. 620). aspx
http: //technet. microsoft. com/en-us/library/dd469790. Aspx
QUESTION: 104
YournetworkcontainsanActiveDirectorydomainnamedcontoso.com.Thedomain
containsadomaincontrollernamedDC1thatrunsWindowsServer2012R2.Allclient
computers runWindows 8 Enterprise.DC1 contains a Group Policy object (GPO) named
GPO1. You need to update the PATH variable on all of the client computers. Which Group
Policy preference should you configure?
137
A. Ini Files
B. Services
C. Data Sources
D. Environment
Answer: D
Explanation:
Environment Variable preference items allow you to create, update, replace, and delete user
and system environment variables or semicolon-delimited segments of the PATH variable.
Before you create an Environment Variable preference item, you should review the behavior
of each type of action possible with this extension.
QUESTION: 105
YournetworkcontainsanActiveDirectorydomainnamedcontoso.com.Alldomain
controllers run Windows Server 2012 R2. An organizational unit (OU) named OU1 contains
200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named
GPO1 is linked to OU1. You make a change to GPO1. You need to force all of the computers
inOU1torefreshtheirGroupPolicysettingsimmediately.Thesolutionmustminimize
administrative effort. Which tool should you use?
A. The Secedit command
B. Group Policy Management Console (GPMC)
C. Server Manager
D. The Gpupdate command
Answer: B
Explanation:
InthepreviousversionsofWindows,thiswasaccomplishedbyhavingtheuserrun
GPUpdate.exe on their computer.
StartingwithWindowsServer�2012andWindows�8,youcannowremotelyrefresh
GroupPolicysettingsforallcomputersinanOUfromonecentrallocationthroughthe
Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdatecmdlet to
refresh Group Policy for a set of computers, not limited to the OU structure, for example, if
the computers are located in the default computers container.
http: //technet. microsoft. com/en-us//library/jj134201. aspx
http: //blogs. technet. com/b/grouppolicy/archive/2012/11/27/group-policy-in-windows-
server-2012-using-remote-gpupdate. aspx
QUESTION: 106
HOTSPOT
Yournetworkcontains25WebserversthatrunWindowsServer2012R2.Youneedto
configure auditing policies that meet the following requirements:
? Generate an event each time a new process is created.
? Generate an event each time a user attempts to access a file share.
Which two auditing policies should you configure? To answer, select the appropriate two
auditing policies in the answer area.
QUESTION: 107
141
HOTSPOT
YournetworkcontainsanActiveDirectorydomainnamedcontoso.com.Thedomain
contains a server named Server1 that runs Windows Server 2012 R2 and has the Network
Policy Server role service installed. An administrator creates a Network Policy Server (NPS)
network policy named Policy1. You need to ensure that Policy1 applies to L2TP connections
only. Which condition should you modify? To answer, select the appropriate object in the
answer area.
QUESTION: 108
YournetworkcontainsanActiveDirectorydomainnamedcontoso.com.Alldomain
controllersrunWindowsServer2012R2.Onallofthedomaincontrollers,Windowsis
installed in C:\Windows and the Active Directory database is located in D:\Windows\NTDS\.
All of the domain controllers have a third-party application installed. The operating system
failstorecognizethattheapplicationiscompatiblewithdomaincontrollercloning.You
verify with the application vendor that the application supports domain controller cloning.
You need to prepare a domain controller for cloning. What should you do?
A.InD:\Windows\NTDS\,createanXMLfilenamedDCCloneConfig.xmlandaddthe
application information to the file.
B. In the root of a USB flash drive, add the application information to an XML file named
DefaultDCCIoneAllowList.xml.
C. In D:\Windows\NTDS\, create an XML file named CustomDCCloneAllowList.xml and
add the application information to the file.
D.InC:\Windows\System32\Sysprep\Actionfiles\,addtheapplicationinformationtoan
XML file named Respecialize.xml.
Answer: C
Explanation:
PlacetheCustomDCCloneAllowList.xmlfileinthesamefolderastheActiveDirectory
143
database (ntds. dit) on the source Domain Controller.
References:
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in-
active-directory-domain-services-in-windows-server-2012-part-13-domain-controller-
cloning. aspx
http://www.thomasmaurer.ch/2012/08/windows-server-2012-hyper-v-how-to-clone-a-
virtual-domain-controller
http: //technet. microsoft. com/en-us/library/hh831734. aspx
QUESTION: 109
YournetworkcontainsanActiveDirectorydomainnamedcontoso.com.Alldomain
controllers run Windows Server 2012 R2. An organizational unit (OU) named OU1 contains
200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named
GPO1 is linked to OU1. You make a change to GPO1. You need to force all of the computers
inOU1torefreshtheirGroupPolicysettingsimmediately.Thesolutionmustminimize
administrative effort. Which tool should you use?
A. Server Manager
B. Active Directory Users and Computers
C. The Gpupdate command
D. Group Policy Management Console (GPMC)
Answer: D
Explanation:
StartingwithWindowsServer�2012andWindows�8,youcannowremotelyrefresh
GroupPolicysettingsforallcomputersinanOUfromonecentrallocationthroughthe
Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdatecmdlet to
refresh Group Policy for a set of computers, not limited to the OU structure, for example, if
the computers are located in the default computers container.
References:
http: //technet. microsoft. com/en-us//library/jj134201. aspx
http://blogs.technet.com/b/grouppolicy/archive/2012/11/27/group-policy-in-windows-
server-2012-using-remote-gpupdate. aspx
QUESTION: 110
YournetworkcontainsanActiveDirectorydomainnamedcontoso.com.Alldomain
controllers run Windows Server 2012 R2. You plan to use fine-grained password policies to
customize the password policy settings ofcontoso.com. You need to identify to which Active
Directory object types you can directly apply the fine-grained password policies. Which two
object types should you identify? (Each correct answer presents part of the solution. Choose
two.)
A. Users
B. Global groups
C. computers
D. Universal groups
E. Domain local groups
Answer: A, B
Explanation:
146
Firstoff,yourdomainfunctionallevelmustbeatWindowsServer2008.Second,Fine-
grained password policies ONLY apply to user objects, and global security groups. Linking
them to universal or domain local groups is ineffective. I know what you�re thinking, what
about OU�s? Nope, Fine-grained password policy cannot be applied to an organizational unit
(OU) directly. The third thing to keep in mind is, by default only members of the Domain
Admins group can set fine-grained password policies. However, you can delegate this ability
to other users if needed.
Fine-grained password policies apply only to user objects (or inetOrgPerson objects if they
are used instead of user objects) and global security groups.
You can apply Password Settings objects (PSOs) to users or global security groups:
References:
http: //technet. microsoft. com/en-us/library/cc731589%28v=ws. 10%29. aspx
http: //technet. microsoft. com/en-us/library/cc731589%28v=ws. 10%29. aspx
http: //technet. microsoft. com/en-us/library/cc770848%28v=ws. 10%29. aspx
http: //www. brandonlawson. com/active-directory/creating-fine-grained-password-policies/
QUESTION: 111
YournetworkcontainsanActiveDirectorydomainnamedcontoso.com.Thedomain
containsaservernamedServer1thatrunsWindowsServer2012R2.Youenableand
configure Routing and Remote Access (RRAS) on Server1. You create a user account named
User1.YouneedtoensurethatUser1canestablishVPNconnectionstoServer1.What
should you do?
A. Create a network policy.
B. Create a connection request policy.
C. Add a RADIUS client.
D. Modify the members of the Remote Management Users group.
Answer: A
Explanation:
Network policies are sets of conditions, constraints, and settings that allow you to designate
who is authorized to connect to the network and the circumstances under which they can or
cannot connect.
Networkpoliciescanbeviewedasrules.Eachrulehasasetofconditionsandsettings.
ConfigureyourVPNservertouseNetworkAccessProtection(NAP)toenforcehealth
requirement policies.
147
References:
http: //technet. microsoft. com/en-us/library/hh831683. aspx
http: //technet. microsoft. com/en-us/library/cc754107. aspx
http: //technet. microsoft. com/en-us/library/dd314165%28v=ws. 10%29. aspx
http: //technet. microsoft. com/en-us/windowsserver/dd448603. aspx
http: //technet. microsoft. com/en-us/library/dd314165(v=ws. 10). aspx
http: //technet. microsoft. com/en-us/library/dd469733. aspx
http: //technet. microsoft. com/en-us/library/dd469660. aspx
http: //technet. microsoft. com/en-us/library/cc753603. aspx
http: //technet. microsoft. com/en-us/library/cc754033. aspx
http: //technet. microsoft. com/en-us/windowsserver/dd448603. Aspx
QUESTION: 112
YournetworkcontainsanActiveDirectorydomainnamedcontoso.com.Thedomain
containsaservernamedServer1thatrunsWindowsServer2012P.2.Server1hasthe
Network Policy and Access Services server role installed. Your company's security policy
requires that certificate-based authentication must be used by some network services. You
need to identify which Network Policy Server (NPS) authentication methods comply with the
securitypolicy.Whichtwoauthenticationmethodsshouldyouidentify?(Eachcorrect
answer presents part of the solution. Choose two.)
A. MS-CHAP
B. PEAP-MS-CHAP v2
C. Chap
D. EAP-TLS
E. MS-CHAP v2
Answer: B, D
Explanation:
PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create
asecureTLStunneltoprotectuserauthentication,andusesserver-sidepublickey
certificates to authenticate the server.
WhenyouuseEAPwithastrong EAPtype,suchasTLS withsmartcards orTLSwith
certificates, both the client and the server use certificates to verify their identities to each
other.
QUESTION: 113
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File
Server Resource Manager role service installed. Each time a user receives an access-denied
messageafterattemptingtoaccessafolderonServer1,anemailnotificationissenttoa
distribution list named DL1. You create a folder named Folder1 on Server1, and then you
configurecustomNTFSpermissionsforFolder1.Youneedtoensurethatwhenauser
receives an access-denied message while attempting to access Folder1, an email notification
is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving
notifications about other access-denied messages. What should you do?
148
A. From File Explorer, modify the Classification tab of Folder1.
B. From the File Server Resource Manager console, modify the Email Notifications settings.
C. From the File Server Resource Manager console, set a folder management property.
D. From File Explorer, modify the Customize tab of Folder1.
Answer: C
Explanation:
Whenusingtheemailmodeleachofthefileshares,youcandeterminewhetheraccess
requeststoeachfilesharewillbereceivedbytheadministrator,adistributionlistthat
represents thefileshareowners,orboth.YoucanusetheFileServerResourceManager
console to configure the owner distribution list by editing the management properties of the
classification properties.
Reference: http://technet.microsoft.com/en-us/library/jj574182.aspx#BKMK12
QUESTION: 114
YournetworkcontainsanActiveDirectorydomainnamedcontoso.com.Thedomain
contains a domain controller named DC1 that runs WindowsServer 2012. You have a Group
Policyobject(GPO)namedGPO1thatcontainsseveralcustom Administrativetemplates.
You need to filter the GPO to display only settings that will be removed from the registry
whentheGPOfallsoutofscope.Thesolutionmustonlydisplaysettingsthatareeither
enabledordisabledandthathaveacomment.Howshouldyouconfigurethefilter?To
answer, select the appropriate options below. Select three.
A. Set Managed to: Yes
B. Set Managed to: No
C. Set Managed to: Any
D. Set Configured to: Yes
E. Set Configured to: No
F. Set Configured to: Any
G. Set Commented to: Yes
H. Set Commented to: No
I. Set Commented to: Any
For More exams visit https://killexams.com
�
Kill your exam at First Attempt....Guaranteed!
https://killexams.com/pass4sure/exam-detail/70-411
Answer: A
Explanation:
Priority. Priority specifies the order of importance of the RADIUS server to the NPS proxy
server. Priority level must be assigned a value that is an integer, such as 1, 2, or 3. The lower
the number, the higher priority the NPS proxy gives to the RADIUS server. For example, if
the RADIUS server is assigned the highest priority of 1, the NPS proxy sends connection
requests to the RADIUS server first; if servers with priority 1 are not available, NPS then
sends connection requests to RADIUS servers with priority 2, and so on. You can assign the
same priority to multiple RADIUS servers, and then use the Weight setting to load balance
between them.
QUESTION: 101
YournetworkcontainsanActiveDirectorydomainnamedadatum.com.Thedomain
contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured
as a Network Policy Server (NPS) server and as a DHCP server. The network contains two
subnets named Subnet1 and Subnet2. Server1 has a DHCP scope for each subnet. You need
to ensure that noncompliant computers on Subnet1 receive different network policies than
noncompliantcomputersonSubnet2.Whichtwosettingsshouldyouconfigure?(Each
correct answer presents part of the solution. Choose two.)
A. The NAP-Capable Computers conditions
B. The NAS Port Type constraints
C. The Health Policies conditions
D. The MS-Service Class conditions
E. The Called Station ID constraints
Answer: C, D
Explanation:
The NAP health policy server uses the NPS role service with configured health policies and
systemhealthvalidators(SHVs)toevaluateclienthealthbasedonadministrator-defined
requirements. Based on results of this evaluation, NPS instructs the DHCP server to provide
full access to compliant NAP client computers and to restrict access to client computers that
are noncompliant with health requirements. If policies are filtered by DHCP scope, then MS-
Service Class is configured in policy conditions.
QUESTION: 102
Your network is configured as shown in the exhibit. (Click the Exhibit button.)
134
Server1 regularly accesses Server2. You discover that all of the connections from Server1 to
Server2 are routed through Router1. You need to optimize the connection path from Server1
to Server2. Which route command should you run on Server1?
A. Route add -p 10.10.10.0 MASK 255.255.255.0 172.23.16.2 METRIC 100
B. Route add -p 10.10.10.0 MASK 255.255.255.0 10.10.10.1 METRIC 50
C. Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.1 METRIC 100
D. Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.0 METRIC 50
Answer: A
Explanation:
Destination -specifies either an IP address or host name for the network or host.
specifies a subnet mask to be associated with this route entry. If subnetmask is
subnetmask -
not specified, 255.255.255.255 is used.
gateway -specifies either an IP address or host name for the gateway or router to use when
forwarding.
costmetric - assignsanintegercostmetric(rangingfrom1through9,999)tobeusedin
calculatingthefastest,mostreliable,and/orleastexpensiveroutes.Ifcostmetricisnot
specified, 1 is used.
interface -specifies the interface to be used for the route that uses the interface number. If an
interfaceisnotspecified,theinterfacetobeusedfortherouteisdeterminedfromthe
gateway IP address.
References:
http: //support. microsoft. com/kb/299540/en-us
http: //technet. microsoft. com/en-us/library/cc757323%28v=ws. 10%29. aspx
QUESTION: 103
YournetworkcontainsanActiveDirectorydomainnamedcontoso.com.Thedomain
contains a RADIUS servernamed Server1 that runs Windows Server 2012 R2. You add a
VPN server named Server2 to the network. On Server1, you create several network policies.
You need to configure Server1 to accept authentication requests from Server2. Which tool
should you use on Server1?
A. Server Manager
135
B. Routing and Remote Access
C. New-NpsRadiusClient
D. Connection Manager Administration Kit (CMAK)
Answer: C
Explanation:
New-NpsRadiusClient-Name"NameOfMyClientGroup"-Address"10.1.0.0/16"-
AuthAttributeRequired0-NapCompatible0-SharedSecret"SuperSharedSecretxyz"-
VendorName "RADIUSStandard"
Reference:
http: //technet. microsoft. com/en-us/library/hh918425(v=wps. 620). aspx
http: //technet. microsoft. com/en-us/library/jj872740(v=wps. 620). aspx
http: //technet. microsoft. com/en-us/library/dd469790. Aspx
QUESTION: 104
YournetworkcontainsanActiveDirectorydomainnamedcontoso.com.Thedomain
containsadomaincontrollernamedDC1thatrunsWindowsServer2012R2.Allclient
computers runWindows 8 Enterprise.DC1 contains a Group Policy object (GPO) named
GPO1. You need to update the PATH variable on all of the client computers. Which Group
Policy preference should you configure?
137
A. Ini Files
B. Services
C. Data Sources
D. Environment
Answer: D
Explanation:
Environment Variable preference items allow you to create, update, replace, and delete user
and system environment variables or semicolon-delimited segments of the PATH variable.
Before you create an Environment Variable preference item, you should review the behavior
of each type of action possible with this extension.
QUESTION: 105
YournetworkcontainsanActiveDirectorydomainnamedcontoso.com.Alldomain
controllers run Windows Server 2012 R2. An organizational unit (OU) named OU1 contains
200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named
GPO1 is linked to OU1. You make a change to GPO1. You need to force all of the computers
inOU1torefreshtheirGroupPolicysettingsimmediately.Thesolutionmustminimize
administrative effort. Which tool should you use?
A. The Secedit command
B. Group Policy Management Console (GPMC)
C. Server Manager
D. The Gpupdate command
Answer: B
Explanation:
InthepreviousversionsofWindows,thiswasaccomplishedbyhavingtheuserrun
GPUpdate.exe on their computer.
StartingwithWindowsServer�2012andWindows�8,youcannowremotelyrefresh
GroupPolicysettingsforallcomputersinanOUfromonecentrallocationthroughthe
Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdatecmdlet to
refresh Group Policy for a set of computers, not limited to the OU structure, for example, if
the computers are located in the default computers container.
http: //technet. microsoft. com/en-us//library/jj134201. aspx
http: //blogs. technet. com/b/grouppolicy/archive/2012/11/27/group-policy-in-windows-
server-2012-using-remote-gpupdate. aspx
QUESTION: 106
HOTSPOT
Yournetworkcontains25WebserversthatrunWindowsServer2012R2.Youneedto
configure auditing policies that meet the following requirements:
? Generate an event each time a new process is created.
? Generate an event each time a user attempts to access a file share.
Which two auditing policies should you configure? To answer, select the appropriate two
auditing policies in the answer area.
QUESTION: 107
141
HOTSPOT
YournetworkcontainsanActiveDirectorydomainnamedcontoso.com.Thedomain
contains a server named Server1 that runs Windows Server 2012 R2 and has the Network
Policy Server role service installed. An administrator creates a Network Policy Server (NPS)
network policy named Policy1. You need to ensure that Policy1 applies to L2TP connections
only. Which condition should you modify? To answer, select the appropriate object in the
answer area.
Answer:
QUESTION: 108
YournetworkcontainsanActiveDirectorydomainnamedcontoso.com.Alldomain
controllersrunWindowsServer2012R2.Onallofthedomaincontrollers,Windowsis
installed in C:\Windows and the Active Directory database is located in D:\Windows\NTDS\.
All of the domain controllers have a third-party application installed. The operating system
failstorecognizethattheapplicationiscompatiblewithdomaincontrollercloning.You
verify with the application vendor that the application supports domain controller cloning.
You need to prepare a domain controller for cloning. What should you do?
A.InD:\Windows\NTDS\,createanXMLfilenamedDCCloneConfig.xmlandaddthe
application information to the file.
B. In the root of a USB flash drive, add the application information to an XML file named
DefaultDCCIoneAllowList.xml.
C. In D:\Windows\NTDS\, create an XML file named CustomDCCloneAllowList.xml and
add the application information to the file.
D.InC:\Windows\System32\Sysprep\Actionfiles\,addtheapplicationinformationtoan
XML file named Respecialize.xml.
Answer: C
Explanation:
PlacetheCustomDCCloneAllowList.xmlfileinthesamefolderastheActiveDirectory
143
database (ntds. dit) on the source Domain Controller.
References:
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in-
active-directory-domain-services-in-windows-server-2012-part-13-domain-controller-
cloning. aspx
http://www.thomasmaurer.ch/2012/08/windows-server-2012-hyper-v-how-to-clone-a-
virtual-domain-controller
http: //technet. microsoft. com/en-us/library/hh831734. aspx
QUESTION: 109
YournetworkcontainsanActiveDirectorydomainnamedcontoso.com.Alldomain
controllers run Windows Server 2012 R2. An organizational unit (OU) named OU1 contains
200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named
GPO1 is linked to OU1. You make a change to GPO1. You need to force all of the computers
inOU1torefreshtheirGroupPolicysettingsimmediately.Thesolutionmustminimize
administrative effort. Which tool should you use?
A. Server Manager
B. Active Directory Users and Computers
C. The Gpupdate command
D. Group Policy Management Console (GPMC)
Answer: D
Explanation:
StartingwithWindowsServer�2012andWindows�8,youcannowremotelyrefresh
GroupPolicysettingsforallcomputersinanOUfromonecentrallocationthroughthe
Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdatecmdlet to
refresh Group Policy for a set of computers, not limited to the OU structure, for example, if
the computers are located in the default computers container.
References:
http: //technet. microsoft. com/en-us//library/jj134201. aspx
http://blogs.technet.com/b/grouppolicy/archive/2012/11/27/group-policy-in-windows-
server-2012-using-remote-gpupdate. aspx
QUESTION: 110
YournetworkcontainsanActiveDirectorydomainnamedcontoso.com.Alldomain
controllers run Windows Server 2012 R2. You plan to use fine-grained password policies to
customize the password policy settings ofcontoso.com. You need to identify to which Active
Directory object types you can directly apply the fine-grained password policies. Which two
object types should you identify? (Each correct answer presents part of the solution. Choose
two.)
A. Users
B. Global groups
C. computers
D. Universal groups
E. Domain local groups
Answer: A, B
Explanation:
Firstoff,yourdomainfunctionallevelmustbeatWindowsServer2008.Second,Fine-
grained password policies ONLY apply to user objects, and global security groups. Linking
them to universal or domain local groups is ineffective. I know what you�re thinking, what
about OU�s? Nope, Fine-grained password policy cannot be applied to an organizational unit
(OU) directly. The third thing to keep in mind is, by default only members of the Domain
Admins group can set fine-grained password policies. However, you can delegate this ability
to other users if needed.
Fine-grained password policies apply only to user objects (or inetOrgPerson objects if they
are used instead of user objects) and global security groups.
You can apply Password Settings objects (PSOs) to users or global security groups:
References:
http: //technet. microsoft. com/en-us/library/cc731589%28v=ws. 10%29. aspx
http: //technet. microsoft. com/en-us/library/cc731589%28v=ws. 10%29. aspx
http: //technet. microsoft. com/en-us/library/cc770848%28v=ws. 10%29. aspx
http: //www. brandonlawson. com/active-directory/creating-fine-grained-password-policies/
QUESTION: 111
YournetworkcontainsanActiveDirectorydomainnamedcontoso.com.Thedomain
containsaservernamedServer1thatrunsWindowsServer2012R2.Youenableand
configure Routing and Remote Access (RRAS) on Server1. You create a user account named
User1.YouneedtoensurethatUser1canestablishVPNconnectionstoServer1.What
should you do?
A. Create a network policy.
B. Create a connection request policy.
C. Add a RADIUS client.
D. Modify the members of the Remote Management Users group.
Answer: A
Explanation:
Network policies are sets of conditions, constraints, and settings that allow you to designate
who is authorized to connect to the network and the circumstances under which they can or
cannot connect.
Networkpoliciescanbeviewedasrules.Eachrulehasasetofconditionsandsettings.
ConfigureyourVPNservertouseNetworkAccessProtection(NAP)toenforcehealth
requirement policies.
References:
http: //technet. microsoft. com/en-us/library/hh831683. aspx
http: //technet. microsoft. com/en-us/library/cc754107. aspx
http: //technet. microsoft. com/en-us/library/dd314165%28v=ws. 10%29. aspx
http: //technet. microsoft. com/en-us/windowsserver/dd448603. aspx
http: //technet. microsoft. com/en-us/library/dd314165(v=ws. 10). aspx
http: //technet. microsoft. com/en-us/library/dd469733. aspx
http: //technet. microsoft. com/en-us/library/dd469660. aspx
http: //technet. microsoft. com/en-us/library/cc753603. aspx
http: //technet. microsoft. com/en-us/library/cc754033. aspx
http: //technet. microsoft. com/en-us/windowsserver/dd448603. Aspx
QUESTION: 112
YournetworkcontainsanActiveDirectorydomainnamedcontoso.com.Thedomain
containsaservernamedServer1thatrunsWindowsServer2012P.2.Server1hasthe
Network Policy and Access Services server role installed. Your company's security policy
requires that certificate-based authentication must be used by some network services. You
need to identify which Network Policy Server (NPS) authentication methods comply with the
securitypolicy.Whichtwoauthenticationmethodsshouldyouidentify?(Eachcorrect
answer presents part of the solution. Choose two.)
A. MS-CHAP
B. PEAP-MS-CHAP v2
C. Chap
D. EAP-TLS
E. MS-CHAP v2
Answer: B, D
Explanation:
PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create
asecureTLStunneltoprotectuserauthentication,andusesserver-sidepublickey
certificates to authenticate the server.
WhenyouuseEAPwithastrong EAPtype,suchasTLS withsmartcards orTLSwith
certificates, both the client and the server use certificates to verify their identities to each
other.
QUESTION: 113
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File
Server Resource Manager role service installed. Each time a user receives an access-denied
messageafterattemptingtoaccessafolderonServer1,anemailnotificationissenttoa
distribution list named DL1. You create a folder named Folder1 on Server1, and then you
configurecustomNTFSpermissionsforFolder1.Youneedtoensurethatwhenauser
receives an access-denied message while attempting to access Folder1, an email notification
is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving
notifications about other access-denied messages. What should you do?
148
A. From File Explorer, modify the Classification tab of Folder1.
B. From the File Server Resource Manager console, modify the Email Notifications settings.
C. From the File Server Resource Manager console, set a folder management property.
D. From File Explorer, modify the Customize tab of Folder1.
Answer: C
Explanation:
Whenusingtheemailmodeleachofthefileshares,youcandeterminewhetheraccess
requeststoeachfilesharewillbereceivedbytheadministrator,adistributionlistthat
represents thefileshareowners,orboth.YoucanusetheFileServerResourceManager
console to configure the owner distribution list by editing the management properties of the
classification properties.
Reference: http://technet.microsoft.com/en-us/library/jj574182.aspx#BKMK12
QUESTION: 114
YournetworkcontainsanActiveDirectorydomainnamedcontoso.com.Thedomain
contains a domain controller named DC1 that runs WindowsServer 2012. You have a Group
Policyobject(GPO)namedGPO1thatcontainsseveralcustom Administrativetemplates.
You need to filter the GPO to display only settings that will be removed from the registry
whentheGPOfallsoutofscope.Thesolutionmustonlydisplaysettingsthatareeither
enabledordisabledandthathaveacomment.Howshouldyouconfigurethefilter?To
answer, select the appropriate options below. Select three.
A. Set Managed to: Yes
B. Set Managed to: No
C. Set Managed to: Any
D. Set Configured to: Yes
E. Set Configured to: No
F. Set Configured to: Any
G. Set Commented to: Yes
H. Set Commented to: No
I. Set Commented to: Any
Answer: A, F, G
For More exams visit https://killexams.com
�
Kill your exam at First Attempt....Guaranteed!
No comments:
Post a Comment