Amazing,100% candidates have passed the 70-417 exam by practising the preparation material of GreatExam, because the braindumps are the latest and cover every aspect of 70-417 exam. Download the braindumps for an undeniable success in 70-417 exam.
QUESTION 421
Complete the missing word from the sentence below that is describing one of the new roles in Server 2012:
By using ___, you can augment an organization’s security strategy by protecting information through persistent usage policies, which remain with the information, no matter where it is moved.
A. ADFS
B. RODC
C. ADLDS
D. AD RMS
Answer: D
Explanation:
https://technet.microsoft.com/en-us/library/ee221010(v=ws.10).aspx
QUESTION 422
You have a server named Server1. that runs Windows Server 2012 R2. Server1 has live network adapters. Three of the network adapters are connected to a network named LAN1. The two other network adapters are connected to a network named LAN2.
You create a network adapter team named Team1 from two of all the adapters connected to LAN1.
You create a network adapter team named Team2 from the two adapters connected to LAN2.
A company policy states that all server IP addresses must he assigned by using a reserved address in DHCP.
You need to identify how many DHCP reservations you must create for Server1.
How many reservations should you identify?
A. 2
B. 3
C. 5
D. 7
Answer: B
QUESTION 423
You create an OU named tempusers. you add several test users to that OU.
You want to delete the ou and receive an error.
remove-adorganizationunit -identity “ou=tempusrs, dc=contoso,dc=com” – recursive.
A. Remove all the users from ou
B. Modify the rights to your user account
C. Set the confirm parameters to $true
D. Set the protectfromaccidential deletion to $false
Answer: D
QUESTION 424
You have a server that runs server core of windows 2012 r2 server. you need to ensure that windows updates are installed only by using manual installation on server1. which 3 steps will you perform.
scregedit.wsf /au 1
wuauclt /selfupdatemanaged
uninstall-windowsfeature
netstop wuauserv
wuauclt /selfupdateunmanaged
net start wuauserv
Answer:
1) netstop wuauserv
2) scregedit.wsf /au 1
3) net start wuauserv
Explanation:
https://technet.microsoft.com/en-us/library/jj574100.aspx
QUESTION 425
Your network has ipsec policy configured.
You need to exempt icmp and router discovery traffic from ipsec policy rule in windows firewall.
which command will you use
A. disable-netadapterbinding
B. update-netipsecrule
C. remove-netfirewallrule
D. set-netfirewallsetting
Answer: D
QUESTION 426
Your network contains one Active Directory domain named contoso.com.
You deploy a new virtual machine in microsoft azure and then you run the active directory domain configuration wizard as show in the exhibit. (click the exhibit button).
You need to ensure that all of the users in contoso.com are replicated to the new domain controller in azure.
What should you do?
A. Modify the Deployment Configuration.
B. Set up directory integration.
C. Configuration Azure Active Directory Connect.
D. Select the Domain Name System (DNS) server check box.
Answer: D
QUESTION 427
DC3 loses network connectivity due to a hardware failure.
You log on to DC3.
You need to identify which service location (SRV) records are registered by DC3.
What should you do?
A. Run ipconfig /displaydns.
B. Run dcdiag /test:dns.
C. Open the %windir%\system32\config\netlogon.dns file.
D. Open the %windir%\system32\dns\backup\adatum.com.dns file.
Answer: C
QUESTION 428
You have 10 domain controller in a domain. you need to prevent several members of domain admin groups from logging on the domain controller.
Which two object shoudl you create and configure.
A. GPO to the domain
B. authentication policy
C. authentication policy silo
D. a central access policy
E. a user certificate
Answer: AB
QUESTION 429
You deploy a windows Server Update (WSUS) server named Server01.
You need to ensure that you can view update reports and computer reports on server01.
Which two components should you install? Each correct answer presents part of the solution.
A. Microsoft Report Viewer 2008 Redistributable Package
B. Microsoft .Net Framework 2.0
C. Microsoft SQL Server 2008 R2 Builder 3.0
D. Microsoft XPS Viewer
E. Microsoft SQL Server 2012 reporting Services (SSRS)
Answer: AB
Explanation:
The Microsoft Report Viewer 2008 Redistributable Package includes Windows Forms and ASP.NET Web server controls for viewing reports that have been created for the Microsoft reporting technology.
The Windows Server Update Services (WSUS) require the .Net Framework 2.0 and this extension to display the reports. To distribute updates of the extension is not needed. In the later installation of a subsequent restart of the management console is required.
QUESTION 430
You deploy a windows Server Update (WSUS) server named Server01.
You need to prevent the WSUS service on Server01 from being updated automatically.
What should you do from the update service console?
A. From the Product and Classification options, modify the Products setting.
B. From the Automatic Approvals options, modify the Advanced settings.
C. From the Product and Classification options, modify the Classifications setting.
D. From the Automatic Approvals options, modify the Default Automatic Approval rule.
Answer: B
QUESTION 431
You have a group managed Service Account name Account01.
Only three servers named Server01, Server02 and Server03 are allowed to use Account01 service account.
You plan to decommission Server01.
You need to prevent Server01 from using the Account01 service account.
The solution must ensure that Server02 and Server03 continue to use the Account01 service account.
What command should you run? To answer, select the appropriate options in the answer area.
Answer Area
Account01 Remove-ADServiceAccount -DNSHostName
Server01 Reset-ADServiceAccount -PrincipalsAllowedToReteriveMamagedPassword
Server01$ Set-ADServiceAccount -SAMAccountNAme Server02,Server03 -Server Server02$,Server03$
Answer: Account01 Remove-ADServiceAccount -DNSHostName
QUESTION 432
Note: This Question is part of series of question that use the same or similar answer choices.
An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question.
You network contains one Active Directory domain named contoso.com.
The forest functional level is Windows Server 2012.
All servers run Windows Server 2012 R2. All client computer run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify which domain controller must be online when cloning a domain controller.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy
Answer: D
Explanation:
One requirement for cloning a domain controller is an existing Windows Server 2012 DC that hosts the PDC emulator role. You can run the Get-ADDomain and retrieve which server has the PDC emulator role.
Example: Command Prompt: C:\PS>
Get-ADDomain
Output wouldinclude a line such as: PDCEmulator : Fabrikam-DC1.Fabrikam.com
Incorrect:
Not A: The Get-ADGroupMember cmdlet gets the members of an Active Directory group.
Members can be users, groups, and computers.
Not E: The Get-ADOptionalFeature cmdlet gets an optional feature or performs a search to retrieve multiple optional features from an Active Directory. Not F: The Get-ADAuthorizationGroup cmdlet gets the security groups from the specified user, computer or service accounts token.
Reference: Step-by-Step: Domain Controller Cloning
http://blogs.technet.com/b/canitpro/archive/2013/06/12/step-by-step-domain-controller-cloning.aspx
Reference: Get-ADDomain
https://technet.microsoft.com/en-us/library/ee617224.aspx
QUESTION 433
Note: This Question is part of series of question that use the same or similar answer choices.
An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question.
You network contains one Active Directory domain named contoso.com.
The forest functional level is Windows Server 2012.
All servers run Windows Server 2012 R2. All client computer run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify whether deleted objects can be recovered from the Active Directory Recycle Bin.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy
Answer: E
Explanation:
The Get-ADOptionalFeature cmdlet gets an optional feature or performs a search to retrieve multiple optional features from an Active Directory.
Example: Get-ADOptionalFeature ‘Recycle Bin Feature’ Get the optional feature with the name ‘Recycle Bin Feature’.
Reference: Get-ADOptionalFeature
https://technet.microsoft.com/en-us/library/ee617218.aspx
QUESTION 434
Note: This Question is part of series of question that use the same or similar answer choices.
An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question.
You network contains one Active Directory domain named contoso.com.
The forest functional level is Windows Server 2012.
All servers run Windows Server 2012 R2. All client computer run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify whether the members of the protected Users group will be prevented from authenticating by using NTLM.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy
Answer: D
QUESTION 435
Note: This Question is part of series of question that use the same or similar answer choices.
An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question.
You network contains one Active Directory domain named contoso.com.
The forest functional level is Windows Server 2012.
All servers run Windows Server 2012 R2.
All client computer run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify which user accounts were authenticated by RODC1.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy
Answer: C
Explanation:
https://technet.microsoft.com/en-us/library/ee617194.aspx
QUESTION 436
Your Company is testing DirectAccess on Windows Server 2012 R2. Users report that when they connect to the corporate network by using DirectAccess, access to Internet websites and Internet hosts is slow. The users report that when they disconnect from DirectAccess, acces to the internet websites and the internet hosts is much faster.
You need to identify the most likely cause of the performance issue.
What should you identify?
A. DirectAccess uses a self-signed certificate.
B. The corporate firewall blocks TCP port 8080.
C. Force tunneling is enabled.
D. The DNS suffix list is empty
Answer: C
Explanation:
If Direct Access is configured for Force tunneling, compounds of the DirectAccess client to the internal network and the Internet via the remote access server are routed. The “detour” via the company network, can slow down access to websites and hosts on the Internet.
QUESTION 437
Your network contains one Active Directory domain named contoso.com. The domain contains a file server named Server01 that runs Windows Server 2012 R2. Server01 has an operating system drive and a data drive. Server01 has a trusted Platform Module (TPM).
Which cmdlet should you run first?
A. Enable-TPMAutoProvisioning
B. Unblock-TPM
C. Install-WindowsFeature
D. Lock-BitLocker
Answer: C
Explanation:
The Windows feature BitLocker Drive Encryption is not installed by default. The following call installs the feature with all its components and management tools: Install Windows feature BitLocker -IncludeAllSubFeature -IncludeManagementTools
QUESTION 438
You have the following Windows PowerShell output.
You need to create a Managed service Account.
What should you do?
A. Run Set-KDSConfiguration and then run New-ADServiceAccount -Name “service01” -DNSHostName service01.contoso.com
B. Run New-AuthenticationPolicySilo, and then run New-ADServiceAccount -Name“service01” –DNSHostName service01.contoso.com.
C. Run Add-KDSRootKey, and then run New-ADServiceAccount -Name “service01”-DNSHostName service01.contoso.com.
D. Run New-ADServiceAccount – Name “service01” – DNSHostName service01.contoso.com -SAMAccountName service01.
Answer: C
Explanation:
From the exhibit we see that the required key does not exist. First we create this key, then we create the managed service account.
The Add-KdsRootKey cmdlet generates a new root key for the Microsoft Group Key Distribution Service (KdsSvc) within Active Directory (AD). The Microsoft Group KdsSvc generates new group keys from the new root key.
The New-ADServiceAccount cmdlet creates a new Active Directory managed service account.
Reference: New-ADServiceAccount
https://technet.microsoft.com/en-us/library/hh852236(v=wps.630).aspx
Reference: Add-KdsRootKey
https://technet.microsoft.com/en-us/library/jj852117(v=wps.630).aspx
QUESTION 439
Hotspot Question
Your network contains an Active Directory domain named adatum.com.
The domain contains a server named Server1.
Your company implements DirectAccess.
A user named User1 works at a customer’s office.
The customer’s office contains a server named Server1.
When User1 attempts to connect to Server1, User1 connects to Server1 in adatum.com.
You need to provide User1 with the ability to connect to Server1 in the customer’s office.
Which Group Policy option should you configure? To answer, select the appropriate option in the answer area.
Answer:
QUESTION 440
Hotspot Question
Your network contains a DNS server named Server1. Server1 hosts a DNS zone for contoso.com.
You need to ensure that DNS clients cache records from contoso.com for a maximum of one hour.
Which value should you modify in the Start of Authority (SOA) record? To answer, select the appropriate setting in the answer area.
Answer:
You can pass Microsoft 70-417 exam if you get a complete hold of 70-417 braindumps in GreatExam. What’s more, all the 70-417 Certification exam Q and As provided by GreatExam are the latest.
http://www.greatexam.com/70-417-exam-questions.html