QUESTION 321
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. The domain contains a virtual machine named VM1.
A developer wants to attach a debugger to VM1.
You need to ensure that the developer can connect to VM1 by using a named pipe.
Which virtual machine setting should you configure?
|
A. |
BIOS |
|
B. |
Network Adapter |
|
C. |
COM 1 |
|
D. |
Processor |
Correct Answer: C
Explanation:
Named pipes can be used to connect to a virtual machine by configuring COM 1.
References:
http://support.microsoft.com/kb/819036
http://support.microsoft.com/kb/141709
QUESTION 322
Your network contains an Active Directory domain named contoso.com. The domain contains four servers. The servers are configured as shown in the following table.
You plan to deploy an enterprise certification authority (CA) on a server named Servers. Server5 will be used to issue certificates to domain-joined computers and workgroup computers.
You need to identify which server you must use as the certificate revocation list (CRL) distribution point for Server5.
Which server should you identify?
|
A. |
Server1 |
|
B. |
Server3 |
|
C. |
Server4 |
|
D. |
Server2 |
Correct Answer: B
Explanation:
CDP (and AD CS) always uses a Web Server
NB: this CDP must be accessible from outside the AD, but here we don’t have to wonder about that as there’s only one web server.
http://technet.microsoft.com/fr-fr/library/cc782183%28v=ws.10%29.aspx
Selecting a CRL Distribution Point
Because CRLs are valid only for a limited time, PKI clients need to retrieve a new CRL periodically. Windows Server 2003 PKI Applications look in the CRL distribution point extension for a URL that points to a network location from which the CRL object can be retrieved. Because CRLs for enterprise CAs are stored in Active Directory, they can be accessed by means of LDAP. In comparison, because CRLs for stand-alone CAs are stored in a directory on the server, they can be accessed by means of HTTP, FTP, and so on as long as the CA is online. Therefore, you should set the CRL distribution point after the CA has been installed.
The system account writes the CRL to its distribution point, whether the CRL is published manually or is published according to an established schedule. Therefore you must ensure that the system accounts for CAs have permission to write to the CRL distribution point. Because the CRL path is also included in every certificate, you must define the CRL location and its access path before deploying certificates. If an Application performs revocation checking and a valid CRL is not available on the local computer, it rejects the certificate.
You can modify the CRL distribution point by using the Certification Authority MMC snap-in. In this way, you can change the location where the CRL is published to meet the needs of users in your organization. You must move the CRL distribution point from the CA configuration folder to a Web server to change the location of the CRL, and you must move each new CRL to the new distribution point, or else the chain will break when the previous CRL expires.
Note
On root CAs, you must also modify the CRL distribution point in the CAPolicy.inf file so that the root CA certificate references the correct CDP and AIA paths, if specified. If you are using certificates on the Internet, you must have at least one HTTPs-accessible location for all certificates that are not limited to internal use.
http://technet.microsoft.com/en-us/library/cc771079.aspx
Configuring Certificate Revocation
It is not always possible to contact a CA or other trusted server for information about the validity of a certificate. To effectively support certificate status checking, a client must be able to access revocation data to determine whether the certificate is valid or has been revoked. To support a variety of scenarios, Active Directory Certificate Services (AD CS) supports industry-standard methods of certificate revocation. These include publication of certificate revocation lists (CRLs) and delta CRLs, which can be made available to clients from a variety of locations, including Active Directory Domain Services (AD DS), Web servers, and network file shares.
QUESTION 323
Your network contains an Active Directory forest named contoso.com. All domain controllers currently run Windows Server 2008 R2.
You plan to install a new domain controller named DC4 that runs Windows Server 2012 R2.
The new domain controller will have the following configurations:
Schema master
![clip_image003[1]](http://www.pass-exams.com/wp-content/uploads/2015/11/clip_image0031.gif "clip_image003[1]"){kind=small}
Global catalog server
![clip_image003[2]](http://www.pass-exams.com/wp-content/uploads/2015/11/clip_image0032.gif "clip_image003[2]"){kind=small}
DNS Server server role
![clip_image003[3]](http://www.pass-exams.com/wp-content/uploads/2015/11/clip_image0033.gif "clip_image003[3]"){kind=small}
Active Directory Certificate Services server role
You need to identify which configurations cannot be fulfilled by using the Active Directory Domain Services Configuration Wizard.
Which two configurations should you identify? (Each correct answer presents part of the solution. Choose two.)
|
A. |
Enable the global catalog server. |
|
B. |
Transfer the schema master. |
|
C. |
Install the Active Directory Certificate Services role. |
|
D. |
Install the DNS Server role. |
Correct Answer: BC
Explanation:
AD Installation Wizard will automatically install DNS and allows for the option to set it as a global catalog server. ADCS and schema must be done separately.
QUESTION 324
DRAG DROP
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012.
The domain contains an organizational unit (OU) named OU1. OU1 contains an OU named OU2. OU2 contains a user named User1.
User1 is the member of a group named Group1. Group1 is in the Users container.
You create five Group Policy objects (GPO). The GPOs are configured as shown in the following table.
The Authenticated Users group is assigned the default permissions to all of the GPOs.
There are no site-level GPOs.
You need to identify which three GPOs will be applied to User1 and in which order the GPOs will be applied to User1.
Which three GPOs should you identify in sequence?
To answer, move the appropriate three GPOs from the list of GPOs to the answer area and arrange them in the correct order.
Correct Answer:
QUESTION 325
HOTSPOT
You have two servers that run Windows Server 2012 R2. The servers are configured as shown in the following table.
You need to ensure that Server2 can be managed by using Server Manager from Server1.
In the table below, identify which actions must be performed on Server1 and Server2.Make only one selection in each row. Each correct selection is worth one point.
Correct Answer:
QUESTION 326
Your network contains an Active Directory domain named contoso.com. The network contains a server named Server1 that runs Windows Server 2012 R2 and a server named Server2 that runs Windows Server 2008 R2 Service Pack 1 (SP1). Server1 and Server2 are member servers. You need to ensure that you can manage Server2 from Server1 by using Server Manager. Which two tasks should you perform? (Each correct answer presents part of the solution. Choose two.)
|
A. |
Install Windows Management Framework 3.0 on Server2. |
|
B. |
Install Remote Server Administration Tools on Server1. |
|
C. |
Install the Windows PowerShell 2.0 engine on Server1. |
|
D. |
Install Microsoft .NET Framework 4 on Server2. |
|
E. |
Install Remote Server Administration Tools on Server2. |
Correct Answer: AD
Explanation:
http://technet.microsoft.com/en-us/library/hh831456.aspx#BKMK_softconfig
QUESTION 327
Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Hyper-V server role installed.Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.
You need to configure VM4 to track the CPU, memory, and network usage.
What should you configure?
|
A. |
NUMA topology |
|
B. |
Resource control |
|
C. |
Resource metering |
|
D. |
Virtual Machine Chimney |
|
E. |
The VLAN ID |
|
F. |
Processor Compatibility |
|
G. |
The startup order |
|
H. |
Automatic Start Action |
|
I. |
Integration Services |
|
J. |
Port mirroring |
|
K. |
Single-root I/O virtualization |
Correct Answer: C
Explanation:
Metrics collected for each virtual machine using resource metering:
Average CPU usage, measured in megahertz over a period of time. Average physical memory usage, measured in megabytes. Minimum memory usage (lowest amount of physical memory). Maximum memory usage (highest amount of physical memory). Maximum amount of disk space allocated to a virtual machine. Total incoming network traffic, measured in megabytes, for a virtual network adapter.
Total outgoing network traffic, measured in megabytes, for a virtual network adapter
QUESTION 328
Your network contains a server named Server1 that has the Network Policy and Access Services server role installed.
AH of the network access servers forward connection requests to Server1.
You create a new network policy on Server1.
You need to ensure that the new policy applies only to connection requests from the 192.168.0.0/24 subnet.
What should you do?
|
A. |
Set the Client IP4 Address condition to 192.168.0.0/24. |
|
B. |
Set the Client IP4 Address condition to 192.168.0. |
|
C. |
Set the Called Station ID constraint to 192.168.0_0/24. |
|
D. |
Set the Called Station ID constraint to 192_168.0 |
Correct Answer: A
Explanation:
After creating a network policy with the New Network Policy Wizard or by creating a custom policy, you can specify the conditions that connection requests must have in order to match the network policy; if the conditions configured in the policy match the connection request, Network Policy Server (NPS) applies the settings designated in the network policy to the connection.
Incorrect:
Not C, not D: Called station ID
Allows you to specify the telephone number of the dial-up server that clients are allowed to use to access the network.
QUESTION 329
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2.
The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
Active Directory Recycle Bin is enabled.
You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1 an hour ago.
You need to restore the membership of Group1.
What should you do?
|
A. |
Perform tombstone reanimation. |
|
B. |
Export and import data by using Dsamain. |
|
C. |
Perform a non-authoritative restore. |
|
D. |
Recover the items by using Active Directory Recycle Bin. |
Correct Answer: B
Explanation:
As far as the benefits of the Windows 2012 Recycle Bin, they are the same as the Windows 2008 R2 recycle bin with the exception of the new user interface which makes it more user-friendly. These additional benefits include:
All deleted AD object information including attributes, passwords and group membership can be selected in mass then undeleted from the user interface instantly or via Powershell
User-friendly and intuitive interface to filter on AD objects and a time period
Can undelete containers with all child objects
https://www.simple-talk.com/sysadmin/exchange/the-active-directory-recycle-bin-in- windows-server-2008-r2/
http://communities.quest.com/community/quest-itexpert/blog/2012/09/24/the-windows- server-2012-recycle-binand-recovery-manager-for-active-directory
QUESTION 330
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012. Server1 has the Remote Desktop Session Host role service installed. The computer account of Server1 resides in an organizational unit (OU) named OU1.
You create and link a Group Policy object (GPO) named GPO1 to OU1. GPO1 is configured as shown in the exhibit. (Click the Exhibit button.)
You need to prevent GPO1 from applying to your user account when you log on to Server1. GPO1 must apply to every other user who logs on to Server1.
What should you configure?
|
A. |
Item-level targeting |
|
B. |
Security Filtering |
|
C. |
Block Inheritance |
|
D. |
WMI Filtering |
Correct Answer: B
Explanation:
Security filtering is a way of refining which users and computers will receive and apply the settings in a Group Policy object (GPO). Using security filtering, you can specify that only certain security principals within a container where the GPO is linked apply the GPO. Security group filtering determines whether the GPO as a whole applies to groups, users, or computers; it cannot be used selectively on different settings within a GPO.
Free VCE & PDF File for Microsoft 70-417 Actual Tests
Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…
70-410 Dumps VCE PDF
70-411 Dumps VCE PDF
70-412 Dumps VCE PDF
70-413 Dumps VCE PDF
70-414 Dumps VCE PDF
70-417 Dumps VCE PDF
70-461 Dumps VCE PDF
70-462 Dumps VCE PDF
70-463 Dumps VCE PDF
70-464 Dumps VCE PDF
70-465 Dumps VCE PDF
70-480 Dumps VCE PDF
70-483 Dumps VCE PDF
70-486 Dumps VCE PDF
70-487 Dumps VCE PDF