You work as the network administrator for a Microsoft Windows Server 2008 domain named
ABC.com. ABC.com has a Development division which utilizes two organizational units (OU)
named DevelopUsers and DevelopComputers for user and computer account storage. The
Development division user and computer accounts are configured as members of global security
groups named DevUsers and DevComputers.
During the course of the week you configure two Password Settings objects for Development
division members named CredSettings01 and CredSettings02. You additionally configure a
minimum password length of 10 for CredSettings01 and 9 for CredSettings02. ABC.com wants
you to determine the required password length minimum for Development division users.
What minimum password length should be configured for CredSettings01 applied to DevUsers?
A.
You should configure the minimum password length to 9.
B.
You should configure the minimum password length to 10.
C.
You should configure the minimum password length to 5.
D.
You should configure the minimum password length to 4.
This makes no sense, could someone please explain.
0
0
not sure what u dont understand ? a pso applies to a group restricting the number of letters in a pass. this is fine grained passwords that overwrite domain pass policy objects
0
0
After purchasing the dumps for the 70-411 Exam, I had no doubt that I’d easily pass the exam. Bundle of thanks to it for helping me pass the exam without any troubles.
Now I’d like to share some real questions with you:
QUESTION 1
Your network contains an Active Directory domain named contoso.com.
The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.
All client computers run Windows 8 Enterprise. DC1 contains a Group Policy object (GPO) named GPO1.
You need to deploy a VPN connection to all users.
What should you configure from Users Configuration in GPO1?
A. Policies/Administrative Templates/Network/Network Connections
B. Policies/Administrative Templates/Network/Windows Connect Now
C. Preferences/Control Panel Settings/Network Options
D. Policies/Administrative Templates/Windows Components/Windows Mobility Centre
Answer: C
QUESTION 2
Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run Windows Server 2008, Windows Server 2008 R2 Windows Server 2012, and Windows Server 2012 R2.
A domain controller named DC1 runs Windows Server 2012 R2. DC1 is backed up daily.
During routine maintenance, you delete a group named Group1.
You need to recover Group1 and identify the names of the users who were members of Group1 prior to its deletion.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you do first?
A. Perform an authoritative restore of Group1.
B. Mount the most recent Active Directory backup.
C. Use the Recycle Bin to restore Group1.
D. Reactivate the tombstone of Group1.
Answer: A
Explanation:
The Active Directory Recycle Bin does not have the ability to track simple changes to objects. If the object itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the future.
In other words, there is no rollback capacity for changes to object properties, or, in other words, to the values of these properties. There is another approach you should be aware of. Tombstone reanimation (which has nothing to do with zombies) provides the only way to recover deleted objects without taking a DC offline, and it’s the only way to recover a deleted object’s identity information, such as its objectGUID and objectSid attributes.
It neatly solves the problem of recreating a deleted user or group and having to fix up all the old access control list (ACL) references, which contain the objectSid of the deleted object.
Restores domain controllers to a specific point in time, and marks objects in Active Directory as being authoritative with respect to their replication partners.
QUESTION 3
Your network contains an Active Directory domain named adatum.com.
You have a standard primary zone named adatum.com.
You need to provide a user named User1 the ability to modify records in the zone.
Other users must be prevented from modifying records in the zone.
What should you do first?
A. Run the Zone Signing Wizard for the zone.
B. From the properties of the zone, change the zone type.
C. Run the new Delegation Wizard for the zone.
D. From the properties of the zone, modify the Start Of Authority (SOA) record.
Answer: B
QUESTION 4
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed.
You need to enable trace logging for Network Policy Server (NPS) on Server1.
Which tool should you use?
A. The tracert.exe command
B. The Network Policy Server console
C. The Server Manager console
D. The netsh.exe command
Answer: D
QUESTION 5
You have a server named Server1 that has the Web Server (IIS) server role installed.
You obtain a Web Server certificate.
You need to configure a website on Server1 to use Secure Socket Layer (SSL).
To which store should you import the certificate?
To answer, select the appropriate store in the answer area.
Answer:
Explanation:
The certificate for the Web server must be in the memory own certificates on the local computer to import. The import can be either with the Certificates snap-in or the Internet Information Services (IIS) Manager on the feature page server certificates done.
QUESTION 6
Your network contains an Active Directory domain named contoso.com.
The domain contains a domain controller named DC1. DC1 is a DNS server for contoso.com.
The properties of the contoso.com zone are configured as shown in the exhibit. (Click the Exhibit button.)
The domain contains a server named Server1 that is part of a workgroup named Workgroup. Server1 is configured to use DC1 as a DNS server.
You need to ensure that Server1 dynamically registers a host (A) record in the contoso.com zone.
What should you configure?
A. The Dynamic updates setting of the contoso.com zone
B. The workgroup name of Server1
C. The primary DNS suffix of Server1
D. The Security settings of the contoso.com zone
Answer: C
QUESTION 7
Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers named DC1, DC2, DC3, DC4, DC5, and DC6. Each domain controller has the DNS Server server role installed and hosts an Active Directory-integrated zone for contoso.com. You plan to create a new Active Directory-integrated zone named litwareinc.com that will be used for testing.
You need to ensure that the new zone will be available only on DC5 and DC6.
What should you do first?
A. Create an application directory partition.
B. Change the zone replication scope.
C. Create an Active Directory connection object.
D. Create an Active Directory site link.
Answer: A
QUESTION 8
Your network contains a DNS server named Server1 that runs Windows Server 2012 R2. Server1 has a zone named contoso.com. The network contains a server named Server2 that runs Windows Server 2008 R2. Server1 and Server2 are members of an Active Directory domain named contoso.com.
You change the IP address of Server2. Several hours later, some users report that they cannot connect to Server2.
On the affected users’ client computers, you flush the DNS client resolver cache, and the users successfully connect to Server2.
You need to reduce the amount of time that the client computers cache DNS records from contoso.com.
Which value should you modify in the Start of Authority (SOA) record?
To answer, select the appropriate setting in the answer area.
Answer:
QUESTION 9
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
You enable and configure Routing and Remote Access (RRAS) on Server1.
You create a user account named User1.
You need to ensure that User1 can establish VPN connections to Server1.
What should you do?
A. Create a network policy.
B. Modify the members of the Remote Management Users group.
C. Create a connection request policy.
D. Add a RADIUS client.
Answer: A
QUESTION 10
Drag and Drop Question
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed.
All of the VPN servers on your network use Server1 for RADIUS authentication.
You create a security group named Group1.
You need to configure Network Policy and Access Services (NPAS) to meet the following requirements:
– Ensure that only the members of Group1 can establish a VPN connection to the VPN servers.
– Allow only the members of Group1 to establish a VPN connection to the VPN servers if the members are using client computers that run Windows 8 or later.
Which type of policy should you create for each requirement?
To answer, drag the appropriate policy types to the correct requirements. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
To get more 70-411 real questions, you can go to my Google Drive to download: https://drive.google.com/open?id=0B3Syig5i8gpDSmRhaVRWcW5Cc1k
Hope it can help you a lot!
0
0