2018 Latest Lead2pass 70-411 Questions & Answers PDF Free Download:
You have a server named Server 1.
You enable BitLocker Drive Encryption (BitLocker) on Server 1.
You need to change the password for the Trusted Platform Module (TPM) chip.
What should you run on Server1?
The Set-TpmOwnerAuthcmdlet changes the current owner authorization value of the Trusted Platform Module (TPM) to a new value.
You can specify the current owner authorization value or specify a file that contains the current owner authorization value. If you do not specify an owner authorization value, the cmdlet attempts to read the value from the registry.
Use the ConvertTo-TpmOwnerAuthcmdlet to create an owner authorization value.
You can specify a new owner authorization value or specify a file that contains the new value.
Your company has a main office and two branch offices. The main office is located in Seattle.
The two branch offices are located in Montreal and Miami.
Each office is configured as an Active Directory site.
The network contains an Active Directory domain named contoso.com.
Network traffic is not routed between the Montreal office and the Miami office.
You implement a Distributed File System (DFS) namespace named \\contoso.com\public.
The namespace contains a folder named Folder1. Folder1 has a folder target in each office.
You need to configure DFS to ensure that users in the branch offices only receive referrals to the target in their respective office or to the target in the main office.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Set the Ordering method of \\contoso.com\public to Random order.
B. Set the Advanced properties of the folder target in the Seattle office to Last among all targets.
C. Set the Advanced properties of the folder target in the Seattle office to First among targets of equal cost.
D. Set the Ordering method of \\contoso.com\public to Exclude targets outside of the client’s site.
E. Set the Advanced properties of the folder target in the Seattle office to Last among targets of equal cost.
F. Set the Ordering method of \\contoso.com\public to Lowest cost.
If you want to prevent branch clients from failing over to a branch server at a different branch site, select the Exclude targets outside of the client site ordering method for each folder with targets, and then set target priority on each hub server’s folder target by selecting the Last among all targets target priority. The result of selecting these two options is as follows:
The Exclude targets outside of the client site setting ensures that only targets within the client’s site will be included in referrals.
The Last among all targets setting overrides the referral ordering method by including the hub server in the referral, even if the hub server is not in the client’s site. (If multiple hub servers are used as folder targets for a given folder, those hub servers will appear last in the referral and be sorted in order of lowest cost after the other targets.)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Network Policy Server server role installed. The domain contains a server named Server2 that is configured for RADIUS accounting.
Server1 is configured as a VPN server and is configured to forward authentication requests to Server2.
You need to ensure that only Server2 contains event information about authentication requests from connections to Server1.
Which two nodes should you configure from the Network Policy Server console?
To answer, select the appropriate two nodes in the answer area.
In the properties of the Network Policy Server logging of rejected and successful authentication requests can be disabled: Using connection request policies can be defined, whether connection requests are processed locally or forwarded to a remote RADIUS server.
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately.
The solution must minimize administrative effort.
Which tool should you use?
A. Group Policy Object Editor
B. The Secedit command
C. Group Policy Management Console (GPMC)
D. Active Directory Users and Computers
In the previous versions of Windows, this was accomplished by having the user run GPUpdate.exe on their computer.
Starting with Windows Server?2012 and Windows?8, you can now remotely refresh Group Policy settings for all computers in an OU from one central location through the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdate cmdlet to refresh Group Policy for a set of computers, not limited to the OU structure, for example, if the computers are located in the default computers container.
Note: Group Policy Management Console (GPMC) is a scriptable Microsoft Management Console (MMC) snap-in, providing a single administrative tool for managing Group Policy across the enterprise. GPMC is the standard tool for managing Group Policy.
Not B: Secedit configures and analyzes system security by comparing your current configuration to at least one template.
Reference: Force a Remote Group Policy Refresh (GPUpdate)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
Server1 has the following BitLocker Drive Encryption (BitLocker) settings:
You need to ensure that drive D will unlock automatically when Server1 restarts. What command should you run?
To answer, select the appropriate options in the answer area.
If BitLocker is enabled on the operating system drive, you can admit when you turn on BitLocker for an integrated data drive that the drive is automatically unlocked when the operating system drive is unlocked.
The available parameters are part of the cmdlet Add-BitLockerKeyProtector.
The parameter -ADAccountOrGroupProtector the encryption key can be added to a domain account as a protector.
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. All servers run Windows Server 2012 R2.
You need to collect the error events from all of the servers on Server1. The solution must ensure that when new servers are added to the domain, their error events are collected automatically on Server1.
Which two actions should you perform?
(Each correct answer presents part of the solution.
A. On Server1, create a collector initiated subscription.
B. On Server1, create a source computer initiated subscription.
C. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.
D. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting.
To set up a Source-Initiated Subscription with Windows Server 2003/2008 so that events of interest from the Security event log of several domain controllers can be forwarded to an administrative workstation
* Group Policy
The forwarding computer needs to be configured with the address of the server to which the events are forwarded. This can be done with the following group policy setting:
Computer configuration-Administrative templates-Windows components-Event forwarding-
Configure the server address, refresh interval, and issue certificate authority of a target subscription manager.
* Edit the GPO and browse to Computer Configuration | Policies | Administrative Templates
| Windows Components | Event Forwarding – Configure the server address, refresh interval, and issuer certificate authority of a target Subscription Manager
Your company has two offices. The offices are located in Montreal and Seattle.
The network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2. Server1 is located in the Seattle office. Server2 is located in the Montreal office. Both servers run Windows Server 2012 R2 and have the Windows Server Update Services (WSUS) server role installed.
You need to configure Server2 to download updates that are approved on Server1 only.
What cmdlet should you run?
To answer, select the appropriate options in the answer area.
With the cmdlet Set-WsusServerSynchronization can be determined whether a Windows Server Update Services (WSUS) server updates synchronized from Microsoft Update or from an upstream server.
The parameter -UssServerName server name indicates that you want to synchronize from the specified upstream server.
The Parameter -Replica configures the Windows Server Update Services (WSUS) for the replica mode.
You have a server named Server1 that runs Windows Server 2012 R2.
Server1 has the File Server Resource Manager role service installed.
Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DL1.
You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder 1.
You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2.
The solution must not prevent DL1 from receiving notifications about other access-denied messages.
What should you do?
A. From File Explorer, modify the Classification tab of Folder1.
B. From the File Server Resource Manager console, modify the Email Notifications settings.
C. From the File Server Resource Manager console, set a folder management property.
D. From File Explorer, modify the Customize tab of Folder1.
Since the is no SMB Share – Advanced option, the other option is to edit folder management properties.
Also check this:
“When using the email model each of the file shares, you can determine whether access requests to each file share will be received by the administrator, a distribution list that represents the file share owners, or both.
The owner distribution list is configured by using the SMB Share – Advanced file share profile in the New Share Wizard in Server Manager.
You can also use the File Server Resource Manager console to configure the owner distribution list by editing the management properties of the classification properties.”
70-411 dumps full version (PDF&VCE): https://www.lead2pass.com/70-411.html
Large amount of free 70-411 exam questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDSmRhaVRWcW5Cc1k
You may also need:
70-410 exam dumps: https://drive.google.com/open?id=0B3Syig5i8gpDcXAzcDVNOWI1blU
70-412 exam dumps: https://drive.google.com/open?id=0B3Syig5i8gpDcDUzczlzc2N6RkU
70-413 exam dumps: https://drive.google.com/open?id=1b83z5KIZUL3VTF7QfvaVypTlHDaUnZIE
70-414 exam dumps: https://drive.google.com/open?id=0B3Syig5i8gpDdzk4ajRnWG50TzA