Fiszki
Windows Serwer 2012 R2 70-411
Test w formie fiszek Ogromny test z administracji systemem Windows Server 2012. Pytania o Windows Serwer 2012 R2 - Egzamin 70-411
Ilość pytań: 211
Rozwiązywany: 8546 razy
Your company has two offices. The offices are located in Montreal and Seattle.
The network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2. Server1 is located in the Seattle office.
Server2 is located in the Montreal office.
Both servers run Windows Server 2012 R2 and have the Windows Server Update Services (WSUS) server role installed.
You need to configure Server2 to download updates that are approved on Server1 only.
What cmdlet should you run?
To answer, select the appropriate options in the answer area.
Wpisz 1-5
Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server2, Server3, and Server4.
Server2 and Server4 host a Distributed File System (DFS) namespace named Namespace1.
You open the DFS Management console as shown in the exhibit. (Click the Exhibit button.)
1 Server2 and Server3 only
2 Server2 only
Your network contains an Active Directory domain named contoso.com.
You create an organizationai unit (OU) named OU1 and a Group Policy object (GPO) named GP01.
You link GP01 to OU1.
You move several file servers that store sensitive company documents to OU1. Each file server contains more than 40 shared folders.
You need to audit all of the failed attempts to access the fiies on the file servers in OU1.
The solution must minimize administrative effort.
Which two audit policies should you configure in GP01 ?
To answer, select the appropriate two objects in the answer area.
Policy Change
Privilege Use
Detailed Tracking
Account Logon
System
DS Access
Object Access
Global Object Access Auditing
Account Management
Logon/Logoff
Object Access
Global Object Access Auditing
Your network contains an Active Directory domain named contoso.com. The domain contains 30 user accounts that are used for network administration. The user accounts are members of a domain global group named Group1.
You identify the security requirements for the 30 user accounts as shown in the following table.
You need to identify which settings must be implemented by using a Password Settings object (PSO) and which settings must be implemented by modifying the properties of the user accounts.
What should you identify?
To answer, configure the appropriate settings in the dialog box in the answer area.
Wpisz 1-2
Minimum password length
Account is sensitiue and cannot be delegated
User cannot change passwor
Enforce password history
Account is sensitiue and cannot be delegated
2
User cannot change passwor
2
Enforce password history
1
Your network contains 25 Web servers that run Windows Server 2012 R2.
You need to configure auditing policies that meet the following requirements:
■ Generate an event each time a new process is created.
■ Generate an event each time a user attempts to access a file share.
Whitch two auditing policies should you configure?
To answer, select the appropriate two auditing policies in the answer area.
System
Privilege Use
Account Logon
DS Access
Logon/Logoff
Object Access
Account Management
Detailed Tracking
Global Object Access Auditing
Policy Change
Object Access
Detailed Tracking
Your network contains an Active Directory domain named contoso.com.
You need to create a certificate template for the BitLocker Drive Encryption (BitLocker)
Network Unlock feature.
Which Cryptography setting of the certificate template shouid you modify?
To answer, select the appropriate setting in the answer area.
Providers
Minimum key size
Provider Category
Choose which cryptographic providers can be used for reguests
You have a file server named Server1 that runs Windows Server 2012 R2.
A user named Userl is assigned the modify NTFS permission to a folder named C:\shares and all of the subfolders of C:\shares.
On Server1, you open File Server Resource Manager as shown in the exhibit. (Click the Exhibit button.)
Wpisz od 1-4
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1. The solution must NOT require the use of certificates or pre-shared keys.
What should you modify?
To answer, select the appropriate object in the answer area.
You have a server named Server1 that has the Network Policy and Access Services server role installed.
You plan to configure Network Policy Server (NPS) on Server1 to use certificate-based authentication for VPN connections.
You obtain a certificate for NPS.
You need to ensure that NPS can perform certificate-based authentication.
To which store should you import the certificate?
To answer, select the appropriate store in the answer area.
Certificates - Current User / Personal
Certificates (Local Computer) / Personal
Certificates (Local Computer) / Personal
Your network contains an Active Directory domain named contoso.com. The domain contains a member server that runs Windows Server 2012 R2 and has the Windows Deployment Services (WDS) server role installed.
You create a new muiticast session in WDS and connect 50 client computers to the session.
When you open the Windows Deployment Services console, you discover that all ot the computers are listed as pending devices.
You need to ensure that any ot the computers on the network can join a muiticast transmission without requiring administrator approval.
What should you configure?
To answer, select the appropriate tab in the answer area.
General
Client
Advanced
DHCP
Boot
Multicast
TFTP
Network
AD DS
PXE Response
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The domain contains a server named Server1 that has the Network Policy Server server role and the Remote Access server role installed. The domain contains a server named Server2 that is configured as a RADIUS server.
Server1 provides VPN access to external users.
You need to ensure that all of the VPN connections to Server1 are logged to the RADIUS server on Server2.
What should you run?
Set-RemoteAccessAccounting -EnableAccountingType lnbox -AccountingOnOffMsg Enabled
Add-RemoteAccessRadius -ServerName Server2 -AccountingOnOffMsg Enabled -SharedSecret "Secret" -Purpose Accounting
Add-RemoteAccessRadius -ServerNameServer1 -AccountingOnOffMsg Enabled -SharedSecret "Secret" -Purpose Accounting
Set-RemoteAccessAccounting -AccountingOnOffMsg Enabled -AccountingOnOffMsg Enabled
Add-RemoteAccessRadius -ServerName Server2 -AccountingOnOffMsg Enabled -SharedSecret "Secret" -Purpose Accounting
Your network contains an Active Directory domain named contoso.com.
All domain controllers run Windows Server 2012 R2.
On all of the domain controllers, Windows is installed in C:\Windows and the Active Directory database is located in D:\Windows\NTDS\.
All of the domain controllers have a third-party application installed. The operating system fails to recognize that the application is compatible with domain controller cloning.
You verify with the application vendor that the application supports domain controller cloning.
You need to prepare a domain controller for cloning.
What should you do?
In D:\Windows\NTDS\, create an XML file named DCCIoneConfig.xml and add the application information to the file
In the root of a USB flash drive, add the application information to an XML file named DefaultDCCIoneAllowList.xml
In D:\Windows\NTDS\, create an XML file named CustomDCCIoneAllowList.xml and add the application information to the file
In C:\Windows\System32\Sysprep\Actionfiles\, add the application information to an XML file named Respecialize.xml
In D:\Windows\NTDS\, create an XML file named CustomDCCIoneAllowList.xml and add the application information to the file
Your network contains an Active Directory domain named contoso.com. You create a user account named User1.
The properties of User1 are shown in the exhibit. (Click the Exhibit button.)
You plan to use the User1 account as a service account.
The service will forward authentication requests to
other servers.
You need to ensure that you can view the Delegation tab from the properties of the User1 account.
What should you do first?
Configure a Service Principal Name (SPN) for User1
Modify the user principal name (UPN) of User1
Configure the Name Mappings of User1
Modify the Security settings of User1
Configure a Service Principal Name (SPN) for User1
Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012 R2. The forest contains a single domain. You create a Password Settings object (PSO) named PS01.
You need to delegate the rights to apply PS01 to the Active Directory objects in an organizational unit named 0U1.
What should you do?
From Active Directory Users and Computers, run the Delegation of Control Wizard
From Active Directory Administrative Center, modify the security settings of PS01
From Group Policy Management, create a Group Policy object (GPO) and link the GPO to OU1
From Active Directory Administrative Center, modify the security settings of 0U1
From Active Directory Administrative Center, modify the security settings of PS01
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The domain contains two servers. The servers are configured as shown in the following table.
All client computers run Windows 8 Enterprise.
You plan to deploy Network Access Protection (NAP) by using IPSec enforcement. A Group Policy object (GPO) named GP01 is configured to deploy a trusted server group to all ot the client computers.
You need to ensure that the client computers can discover HRA servers automatically.
Which three actions should you perform? (Each correct answer presents part ot the solution. Choose three.)
In a GPO, modify the Request Policy setting for the NAP Client Configuration
On all ot the client computers, configure the EnableDiscovery registry key
On DC1, create an alias (CNAME) record
On DC1, create a service location (SRV) record
On Server2, configure the EnableDiscovery registry key
In a GPO, modify the Request Policy setting for the NAP Client Configuration
On all ot the client computers, configure the EnableDiscovery registry key
On DC1, create a service location (SRV) record
Your network contains two Active Directory forests named contoso.com and adatum.com. The contoso.com
forest contains a server named Server1.contoso.com. The adatum.com forest contains a server named
server2. adatum.com. Both servers have the Network Policy Server role service installed.
The network contains a server named Server3. Server3 is located in the perimeter network and has the
Network Policy Server role service installed.
You plan to configure Server3 as an authentication provider for several VPN servers. You need to ensure
that RADIUS requests received by Server3 for a specific VPN server are always forwarded to
Server1 .contoso.com.
Which two should you configure on Server3? (Each correct answer presents part ot the solution.
Choose two.)
Remote RADIUS server groups
Network policies
Connection request policies
Remediation server groups
Connection authorization policies
Remote RADIUS server groups
Connection request policies
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed.
Your company's security policy requires that certificate-based authentication must be used by some network services.
You need to identify which Network Policy Server (NPS) authentication methods comply with the security
policy.
Which two authentication methods should you identify? (Each correct answer presents part ot the soiution.
Choose two.)
Chap
MS-CHAPv2
EAP-TLS
MS-CHAP
PEAP-MS-CHAP v2
Your network contains an Active Directory domain named adatum.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2.
All client computers run Windows 7.
You need to ensure that user settings are saved to \\Server1\Users\.
What should you do?
From the properties of each user account, configure the User profile settings
From a Group Policy object (GPO), configure the Drive Maps preference
From a Group Policy object (GPO), configure the Folder Redirection settings
From the properties of each user account, configure the Home folder settings
From the properties of each user account, configure the User profile settings
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise.
A Group Policy object (GPO) named GP01 is linked to OU1.
You make a change to GP01.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately.
The solution must minimize administrative effort.
Which tool should you use?
Active Directory Users and Computers
Group Policy Management Console (GPMC)
The Gpupdate command
Server Manager
Group Policy Management Console (GPMC)
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.
All client computers run Windows 8 Enterprise.
DC1 contains a Group Policy object (GPO) named GP01.
You need to update the PATH variable on all of the client computers.
Which Group Policy preference should you configure?
Ini Files
Services
Data Sources
Environment