You work as a Network Administrator at Site.com. Site.com has an Active Directory Domain Services (AD DS) domain named Site.com. All servers in the Site.com
domain have Microsoft Windows Server 2012 R2 installed.
Site.com has a main office and a branch office. The two offices are connected by a WAN link.
Site.com has five domain controllers named Site-DC01, Site-DC02, Site-DC03, Site-DC04 and Site-DC05. All domain controllers are configured as DNS servers
and host an Active Directory integrated zone for Site.com. Site-DC01, Site-DC03 and Site-DC05 are located in the main office. Site-DC02 and Site-DC04 are
located in the branch office. Site.com has a Development department located in the main office. The manager of the Development department has asked you to
configure a new Active Directory integrated zone named SiteDev.com.
You need to ensure that the SiteDev.com zone is replicated to only the domain controllers in the main office.
What should you do?
A. You should create the SiteDev.com zone and add the main office domain controllers on the Zone Transfers tab.
B. You should create the SiteDev.com zone and modify the replication scope.
C. You should create an application directory partition that contains the main office domain controllers before creating the SiteDev.com.
D. You should create a global security group that contains the main office domain controllers before creating the SiteDev.com.
Answer: C
You work as a Network Administrator at Site.com. Site.com has an Active Directory Domain Services (AD DS) domain named Site.com. All servers in the Site.com
domain have Microsoft Windows Server 2012 R2 installed and all client computers have Windows 8 Pro installed.
Site.com has users that often work away from the office at customer sites or from home. You have been asked to implement a remote access solution to enable
remote users to connect to the network when they are working away from the office. The remote access solution must ensure that users can connect to the network using TCP port 443.
You install the Routing and Remote Access role on a Windows Server 2012 R2 server.
Which VPN solution should you implement?
A. Point-to-Point Tunneling Protocol (PPTP).
B. Layer 2 Tunneling Protocol (L2TP).
C. Secure Socket Tunneling Protocol (SSTP).
D. DirectAccess.
Answer: C
Tuesday 28 January 2020
Sunday 29 September 2019
Microsoft 70-411 Question Answer
You work as a Network Administrator at Site.com. Site.com has an Active Directory Domain Services (AD DS) domain named Site.com. All servers in the Site.com
domain have Microsoft Windows Server 2012 R2 installed.
A technician has created a vhdx file containing Windows Server 2012 R2 installation images. You need to view information about the images contained in the vhdx
file. You plan to use Deployment Image Servicing and Management (DISM.exe).
Which parameter should you use with DISM.exe?
A. You should use the get-imageinfo parameter.
B. You should use the get-mountedwiminfo parameter.
C. You should use the list-image parameter.
D. You should use the mount-image parameter.
Answer: A
You work as a Network Administrator at Site.com. Site.com has an Active Directory Domain Services (AD DS) domain named Site.com. All servers in the Site.com
domain have Microsoft Windows Server 2012 R2 installed and all client computers have either Windows 7 Professional or Windows 8 Pro installed.
A group policy object (GPO) is assigned to an organizational unit (OU) named Sales. The GPO assigns several settings to the computers in the Sales department.
Some users complain that it takes a long time for their computers to start up or shut down. You suspect that group policy processing may be the cause of the issue.
You want to configure the computers in the Sales department to display status messages that reflect each step in the process of starting, shutting down, logging on, or logging off the system. How can you configure the computers to display the required information?
A. You should enable the "Activate Shutdown Event Tracker System State Data feature" setting in the GPO.
B. You should enable the "Display Shutdown Event Tracker" setting in the GPO.
C. You should disable the "Remove Boot / Shutdown / Logon / Logoff status messages" setting in the GPO.
D. You should enable the "Display Highly Detailed Status Messages" setting in the GPO.
Answer: D
domain have Microsoft Windows Server 2012 R2 installed.
A technician has created a vhdx file containing Windows Server 2012 R2 installation images. You need to view information about the images contained in the vhdx
file. You plan to use Deployment Image Servicing and Management (DISM.exe).
Which parameter should you use with DISM.exe?
A. You should use the get-imageinfo parameter.
B. You should use the get-mountedwiminfo parameter.
C. You should use the list-image parameter.
D. You should use the mount-image parameter.
Answer: A
You work as a Network Administrator at Site.com. Site.com has an Active Directory Domain Services (AD DS) domain named Site.com. All servers in the Site.com
domain have Microsoft Windows Server 2012 R2 installed and all client computers have either Windows 7 Professional or Windows 8 Pro installed.
A group policy object (GPO) is assigned to an organizational unit (OU) named Sales. The GPO assigns several settings to the computers in the Sales department.
Some users complain that it takes a long time for their computers to start up or shut down. You suspect that group policy processing may be the cause of the issue.
You want to configure the computers in the Sales department to display status messages that reflect each step in the process of starting, shutting down, logging on, or logging off the system. How can you configure the computers to display the required information?
A. You should enable the "Activate Shutdown Event Tracker System State Data feature" setting in the GPO.
B. You should enable the "Display Shutdown Event Tracker" setting in the GPO.
C. You should disable the "Remove Boot / Shutdown / Logon / Logoff status messages" setting in the GPO.
D. You should enable the "Display Highly Detailed Status Messages" setting in the GPO.
Answer: D
Monday 14 January 2019
Microsoft 70-411 Question Answer
You work as a Network Administrator at Site.com. Site.com has an Active Directory Domain Services (AD DS) domain named Site.com. All servers in the Site.com domain have Microsoft Windows Server 2012 R2 installed. A group policy object (GPO) is assigned to an organizational unit (OU) named Sales. The GPO assigns several settings to the computers in the Sales department. You unlink the GPO from the Sales OU. You discover that some of the settings applied by the GPO are still in effect on the Sales computers while other setting applied by the GPO have been removed.
Which of the following statements is true?
A. The Restricted Groups security settings still in effect.
B. The unmanaged Administrative Template settings are still in effect.
C. The managed Administrative Template settings are still in effect.
D. The System Services security settings have been removed.
Answer: B
You work as a Network Administrator at Site.com. Site.com has an Active Directory Domain Services (AD DS) domain named Site.com. All servers in the Site.com domain have Microsoft Windows Server 2012 R2 installed. Site.com has a Production department and a Research department. Each department has a separate subnet in the network.
A server named Site-SR11 and is configured as a Network Policy Server (NPS) server. Site-SR11 also runs the DHCP server role and has a DHCP scope for the Production subnet and the Research subnet. You need to configure NPS to ensure that computers on the Production subnet that do not comply with the NPS requirements receive a restrictive set of network policies. You also need to ensure that computers on the Research subnet that do not comply with the NPS requirements receive a more restrictive set of network policies than the non-compliant Production computers. You configure policies to apply to NAP-Capable Computers. How can you apply different restrictions to computer based on their subnet?
A. You should configure Connection Properties conditions.
B. You should configure NAS Port Type constraints.
C. You should configure MS-Service Class conditions.
D. You should configure Authentication Methods constraints.
Answer: C
Which of the following statements is true?
A. The Restricted Groups security settings still in effect.
B. The unmanaged Administrative Template settings are still in effect.
C. The managed Administrative Template settings are still in effect.
D. The System Services security settings have been removed.
Answer: B
You work as a Network Administrator at Site.com. Site.com has an Active Directory Domain Services (AD DS) domain named Site.com. All servers in the Site.com domain have Microsoft Windows Server 2012 R2 installed. Site.com has a Production department and a Research department. Each department has a separate subnet in the network.
A server named Site-SR11 and is configured as a Network Policy Server (NPS) server. Site-SR11 also runs the DHCP server role and has a DHCP scope for the Production subnet and the Research subnet. You need to configure NPS to ensure that computers on the Production subnet that do not comply with the NPS requirements receive a restrictive set of network policies. You also need to ensure that computers on the Research subnet that do not comply with the NPS requirements receive a more restrictive set of network policies than the non-compliant Production computers. You configure policies to apply to NAP-Capable Computers. How can you apply different restrictions to computer based on their subnet?
A. You should configure Connection Properties conditions.
B. You should configure NAS Port Type constraints.
C. You should configure MS-Service Class conditions.
D. You should configure Authentication Methods constraints.
Answer: C
Sunday 23 September 2018
Microsoft 70-411 Question Answer
Your role of Network Administrator at Site.com includes the management of the Active Directory Domain Services (AD DS) domain named Site.com. All servers in the Site.com domain have Microsoft Windows Server 2012 R2 installed. Site.com has a Sales department and a Production department. An OU exists for each department. The OUs contain the user and computer accounts for the respective departments. A shadow group named SalesSG is configured for the Sales OU and contains all objects within the Sales OU. A password settings object (PSO) named SalesPSO is applied to the SalesSG group and applies a minimum password length of 6 characters.
You want to modify the PSO to require a minimum password length of 8 characters.
Which of the following cmdlets should you use?
A. You should use the Get-ADAccountResultantPasswordReplicationPolicy cmdlet.
B. You should use the Set-ADDefaultDomainPasswordPolicy cmdlet.
C. You should use the Set-ADFineGrainedPasswordPolicy cmdlet.
D. You should use the Set-ADAccountPassword cmdlet.
E. You should use the Set-ADDefaultDomainPasswordPolicy cmdlet.
Answer: C
You work as a Network Administrator at Site.com. Site.com has an Active Directory Domain Services (AD DS) domain named Site.com. All servers in the Site.com
domain have Microsoft Windows Server 2012 R2 installed.
Site.com has a main office and a branch office. The two offices are connected by a WAN link.
A server in the main office named Site-SR21 runs the DNS Server role and hosts an Active Directory Integrated primary zone for Site.com. You install a server named Site-SR22 in the branch office. Site-SR22 runs the DNS Server role. You plan to configure a secondary zone for Site.com on Site-SR22. What do you need to do first?
A. You should modify the Site.com zone on Site-SR21 to be a non-Active Directory Integrated primary zone.
B. You should log in to Site-SR21 and configure an MX record for Site-SR22.
C. You should log in to Site-SR21 and configure a zone delegation for Site-SR22.
D. You should log in to Site-SR21 and in the properties of the Site.com zone, add Site-SR22 as a name server.
Answer: D
You want to modify the PSO to require a minimum password length of 8 characters.
Which of the following cmdlets should you use?
A. You should use the Get-ADAccountResultantPasswordReplicationPolicy cmdlet.
B. You should use the Set-ADDefaultDomainPasswordPolicy cmdlet.
C. You should use the Set-ADFineGrainedPasswordPolicy cmdlet.
D. You should use the Set-ADAccountPassword cmdlet.
E. You should use the Set-ADDefaultDomainPasswordPolicy cmdlet.
Answer: C
You work as a Network Administrator at Site.com. Site.com has an Active Directory Domain Services (AD DS) domain named Site.com. All servers in the Site.com
domain have Microsoft Windows Server 2012 R2 installed.
Site.com has a main office and a branch office. The two offices are connected by a WAN link.
A server in the main office named Site-SR21 runs the DNS Server role and hosts an Active Directory Integrated primary zone for Site.com. You install a server named Site-SR22 in the branch office. Site-SR22 runs the DNS Server role. You plan to configure a secondary zone for Site.com on Site-SR22. What do you need to do first?
A. You should modify the Site.com zone on Site-SR21 to be a non-Active Directory Integrated primary zone.
B. You should log in to Site-SR21 and configure an MX record for Site-SR22.
C. You should log in to Site-SR21 and configure a zone delegation for Site-SR22.
D. You should log in to Site-SR21 and in the properties of the Site.com zone, add Site-SR22 as a name server.
Answer: D
Wednesday 21 February 2018
Microsoft Wants Kinect to Die, But This Fan Has a Hack to Keep It Alive
Microsoft has suspended the production of adapters that make its advanced camera work on the new models of Xbox, so this man created his for $ 40.
The Kinect is officially dead. Microsoft first released the advanced motion sensor as a complement to the Xbox 360, but consumers revolted when they tried to make them standard for the Xbox One. Microsoft stopped manufacturing the device in 2017 and made them more difficult to use shortly after .
Users who wish to connect their Kinects to the new Xbox Ones or Xbox One Xs need to buy an adapter, the company is no longer a manufacturer. Those adapters now sell between $ 130 and $ 200 in the secondary market. But an astute Kinect fan has another option.
As Hackaday first discovered, Redditor Mitch Davis opened his Kinect and designed his own adapter for the cost of approximately $ 40. All he needed was a 12V AC adapter, a USB 3.0 cable and a soldering iron. Kinect fans who already own the latter can do this project for around $ 20.
Davis is a mechanical engineer, but he does not have much experience with computer hardware. He said the trick was easy. Someone with experience in welding could complete this project in 15 minutes, "he told me in the Reddit message." It took me about 25 years with the practice cable and redoing the job after my first unsuccessful attempt. "
The original Xbox Ones had a special plug for the Kinect that carried signal and power. The adapters work by running that through a USB 3.0 port on the newer systems and feeding it with a 12-volt AC adapter. To keep his Kinect moving, Davis opened it, soldered the 12V cable to the device's plate and resealed it. Once he received power from an external source, the Kinect turned on and his Xbox One X recognized him immediately.
Which is good, because Davis loves the Kinect. "I used my Kinect every day," he said. "It was very convenient in terms of hands-free operations features ... I even took my last successful job interview using Kinect Skype."
Davis is a devotee of Microsoft and bought his new Xbox One X console at launch, and was upset when he did not have the port for his Kinect. "It seemed like a compromise, and an unnecessary one considering that Microsoft had a solution, but inexplicably decided to suspend it basically in line with the launch of One X," he said.
That pushed him to see if he could find his own solution and got a great response. Many players rebelled against the Kinect when it came out, but its fans are devotees. "I know I'm not the only person who was looking for a cheaper solution than the resale market," Davis said.
It was a device that was always more popular among the DIY maker crowd than it was with the players. The designers have used the Kinect to convert their bodies into controllers, such as a 3D scanner to place data in AutoCAD and the input device for a simple hologram projector.
Davis' trick is good news for Kinect fans and, despite Microsoft's apparent desire to bury the previous device, it does not care about the repercussions. "In the worst case, it voids the guarantee," he said.
Wednesday 20 December 2017
Microsoft 70-411 Question Answer
You work as a Network Administrator at Site.com. Site.com has an Active Directory Domain Services (AD DS) domain named Site.com. All servers in the Site.com
domain have Microsoft Windows Server 2012 R2 installed.
Site.com has a Research department.
A server in the Research department named Site-SR25 runs the File and Storage Services role and the File Server Resource Manager role service. Sensitive
information is stored in shared folders on Site-SR25. You want to be notified by e-mail when an executable file is stored in a shared folder on Site-SR25. The
notification must include information about the user who stored the file and the exact location of the file. What should you do?
A. You should enable Encrypted File System (EFS) on Site-SR25.
B. You should modify the permissions of the shared folders on Site-SR25.
C. You should configure a File Screen Exception on Site-SR25.
D. You should configure a File Screen on Site-SR25.
Answer: D
You work as a Network Administrator at Site.com. Site.com has an Active Directory Domain Services (AD DS) domain named Site.com. All servers in the Site.com
domain have Microsoft Windows Server 2012 R2 installed.
Site.com has a Research department. All user and computer accounts in the Research department are located in an organizational unit (OU) named ResearchOU.
A server in the Research department named Site-SR23 runs the File and Storage Services role and the File Server Resource Manager role service. Sensitive
information is stored in shared folders on Site-SR23.
All users in the Research department are members of a global security group named ResearchUsers. The ResearchUsers group has full control access to a folder named D:\Data which is shared as \\Site-SR23\Data. You link a group policy object (GPO) to the ResearchOU. The GPO configures the Audit File System and Audit File Share settings to Success and Failure. You need to ensure that all file deletions in \\Site-SR23\Data by members of the ResearchUsers group are logged. You delete a test file in the shared folder and verify that an event log entry is added. You discover that when a user in the ResearchUsers group deletes a file, no event log entry is added.
What should you modify?
A. You should modify the share permissions of \\Site-SR23\Data.
B. You should modify the audit settings in the GPO.
C. You should modify the discretionary access control list (DACL) D:\Data.
D. You should modify the system access control list (SACL) of D:\Data.
Answer: D
domain have Microsoft Windows Server 2012 R2 installed.
Site.com has a Research department.
A server in the Research department named Site-SR25 runs the File and Storage Services role and the File Server Resource Manager role service. Sensitive
information is stored in shared folders on Site-SR25. You want to be notified by e-mail when an executable file is stored in a shared folder on Site-SR25. The
notification must include information about the user who stored the file and the exact location of the file. What should you do?
A. You should enable Encrypted File System (EFS) on Site-SR25.
B. You should modify the permissions of the shared folders on Site-SR25.
C. You should configure a File Screen Exception on Site-SR25.
D. You should configure a File Screen on Site-SR25.
Answer: D
You work as a Network Administrator at Site.com. Site.com has an Active Directory Domain Services (AD DS) domain named Site.com. All servers in the Site.com
domain have Microsoft Windows Server 2012 R2 installed.
Site.com has a Research department. All user and computer accounts in the Research department are located in an organizational unit (OU) named ResearchOU.
A server in the Research department named Site-SR23 runs the File and Storage Services role and the File Server Resource Manager role service. Sensitive
information is stored in shared folders on Site-SR23.
All users in the Research department are members of a global security group named ResearchUsers. The ResearchUsers group has full control access to a folder named D:\Data which is shared as \\Site-SR23\Data. You link a group policy object (GPO) to the ResearchOU. The GPO configures the Audit File System and Audit File Share settings to Success and Failure. You need to ensure that all file deletions in \\Site-SR23\Data by members of the ResearchUsers group are logged. You delete a test file in the shared folder and verify that an event log entry is added. You discover that when a user in the ResearchUsers group deletes a file, no event log entry is added.
What should you modify?
A. You should modify the share permissions of \\Site-SR23\Data.
B. You should modify the audit settings in the GPO.
C. You should modify the discretionary access control list (DACL) D:\Data.
D. You should modify the system access control list (SACL) of D:\Data.
Answer: D
Monday 6 November 2017
Microsoft 70-411 Question Answer
You work as a Network Administrator at Site.com. Site.com has an Active Directory Domain Services (AD DS) domain named Site.com. All servers in the Site.com
domain have Microsoft Windows Server 2012 R2 installed.
Site.com has a main office and a branch office. The two offices are connected by a slow WAN link. A server in the main office named Site-SR21 runs the File and Storage Services and Distributed File System roles. A server in the branch office named Site-SR22
also runs the File and Storage Services and Distributed File System roles. Shared folders on Site-SR21 and Site-SR22 are replicated to each other using DFS
Replication (DFSR). You discover that DFS replication between the two servers is using too much bandwidth over the WAN link. How can you limit the amount of bandwidth used by DFS replication?
A. You should run the Set-DfsrConnectionSchedule cmdlet.
B. You should run the Set-DfsrGroupSchedule cmdlet.
C. You should run the Set-DfsReplicatedFolder cmdlet.
D. You should run the Set-DfsReplicationGroup cmdlet.
Answer: B
domain have Microsoft Windows Server 2012 R2 installed.
Site.com has a main office and a branch office. The two offices are connected by a slow WAN link. A server in the main office named Site-SR21 runs the File and Storage Services and Distributed File System roles. A server in the branch office named Site-SR22
also runs the File and Storage Services and Distributed File System roles. Shared folders on Site-SR21 and Site-SR22 are replicated to each other using DFS
Replication (DFSR). You discover that DFS replication between the two servers is using too much bandwidth over the WAN link. How can you limit the amount of bandwidth used by DFS replication?
A. You should run the Set-DfsrConnectionSchedule cmdlet.
B. You should run the Set-DfsrGroupSchedule cmdlet.
C. You should run the Set-DfsReplicatedFolder cmdlet.
D. You should run the Set-DfsReplicationGroup cmdlet.
Answer: B
Thursday 21 September 2017
Sunday 10 September 2017
Microsoft 70-411 Question Answer
You work as a Network Administrator at Site.com. Site.com has an Active Directory Domain Services (AD DS) domain named Site.com. All domain controllers in the Site.com domain have Microsoft Windows Server 2012 R2 installed. Several Sales users spend most of their time away from the office. You implement DirectAccess to enable the Sales users to connect to the network when they are away from the office. All computers used by the Sales users are joined to the domain. You create a DirectAccess client group named SalesDirectAccess and add all the computer accounts for the Sales users' computers to the SalesDirectAccess group. Some Sales users report that they are unable to access the network using DirectAccess. Other Sales report that they can connect successfully. You discover that only users using laptop computers can connect using DirectAccess. Sales users are unable to connect when they use desktop computers. How can you enable all Sales users to access the network using DirectAccess?
A. You should add the computer accounts for the Sales user computers to the RAS and IAS Servers group.
B. You should add the user accounts for the Sales users to the SalesDirectAccess group.
C. You should modify the group that the Direct Access Client Settings GPO applies to.
D. You should modify the WMI filter that the Direct Access Client Settings GPO is linked to.
Answer: D
You work as a Network Administrator at Site.com. Site.com has an Active Directory Domain Services (AD DS) domain named Site.com. All servers in the Site.com domain have Microsoft Windows Server 2012 R2 installed. Sales users often work away from the office. The Sales users have portable computers that have Windows 7, Windows Vista or Windows XP installed. All client computers are members of the Site.com domain. You have been asked to implement a remote access solution to enable the Sales users to connect to the network when they are working away from the office. The remote access solution must ensure that all Sales users can connect to the network. Which VPN solution should you implement?
A. Point-to-Point Tunneling Protocol (PPTP).
B. Layer 2 Tunneling Protocol (L2TP).
C. Secure Socket Tunneling Protocol (SSTP).
D. DirectAccess.
Answer: B
A. You should add the computer accounts for the Sales user computers to the RAS and IAS Servers group.
B. You should add the user accounts for the Sales users to the SalesDirectAccess group.
C. You should modify the group that the Direct Access Client Settings GPO applies to.
D. You should modify the WMI filter that the Direct Access Client Settings GPO is linked to.
Answer: D
You work as a Network Administrator at Site.com. Site.com has an Active Directory Domain Services (AD DS) domain named Site.com. All servers in the Site.com domain have Microsoft Windows Server 2012 R2 installed. Sales users often work away from the office. The Sales users have portable computers that have Windows 7, Windows Vista or Windows XP installed. All client computers are members of the Site.com domain. You have been asked to implement a remote access solution to enable the Sales users to connect to the network when they are working away from the office. The remote access solution must ensure that all Sales users can connect to the network. Which VPN solution should you implement?
A. Point-to-Point Tunneling Protocol (PPTP).
B. Layer 2 Tunneling Protocol (L2TP).
C. Secure Socket Tunneling Protocol (SSTP).
D. DirectAccess.
Answer: B
Subscribe to:
Posts (Atom)