You have a file server named Server1 that runs Windows Server 2012 R2.
You need to ensure that a user named User1 can use Windows Server Backup to create a
complete backup of Server1.
What should you configure?
A.
The local groups by using Computer Management
B.
The Role Assignment by using Authorization Manager
C.
A task by using Authorization Manager
D.
The User Rights Assignment by using the Local Group Policy Editor
On exam had these questions (now atleast i know answers)
QUESTION 446
Note: This question is part of a series of questions that use the same or similar answer choices.
An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains one Active Directory domain named contoso.com.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01.
You have a domain controller named DC5 that has the Server Graphical Shell disabled.
You create an orgranizational unit (OU) named OU1.
From DC5, you you need to create 50 new users accounts in OU1.
What tool should you use?
A. the ntdsutil command.
B. the Set-ADDomain cmdlet.
C. the Install-ADDSDornain cmdlet.
D. the dsadd command.
E. the dsamain command.
F. the dsmgmt command.
G. the net user command.
H. the Set ADForest cmdle
Answer: D
QUESTION 447
Note: This question is part of a series of questions that use the same or similar answer choices.
An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains one Active Directory domain named contoso.com.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01.
The domain contains an administrator account named Admin1.
You need to prevent Admin1 from creating more than 100 objects in the domain partition.
Which tool should you use?
A. the ntdsutil command.
B. the Set-ADDomain cmdlet.
C. the Install-ADDSDornain cmdlet.
D. the dsadd command.
E. the dsamain command.
F. the dsmgmt command.
G. the net user command.
H. the Set ADForest cmdlet.
Answer: D
Explanation: DSadd quota
QUESTION 448
Note: This question is part of a series of questions that use the same or similar answer choices.
An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains one Active Directory domain named contoso.com.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01.
You plan to replace a domain controller named DC1.
DC1 has the schema operations master role.
You need to transfer the schema master role to another domain controller named DC10 before you remove Active Directory from DC1.
Which tool should you use?
A. the ntdsutil command.
B. the Set-ADDomain cmdlet.
C. the Install-ADDSDornain cmdlet.
D. the dsadd command.
E. the dsamain command.
F. the dsmgmt command.
G. the net user command.
H. the Set ADForest cmdlet.
Answer: A
QUESTION 449
Note: This question is part of a series of questions that use the same or similar answer choices.
An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains one Active Directory domain named contoso.com.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01.
You need to ensure that when administrators create users in contoso.com, the default user principal name (UPN) suffix is litwareinc.com.
Which cmdlet should you use?
A. the ntdsutil command.
B. the Set-ADDomain cmdlet.
C. the Install-ADDSDornain cmdlet.
D. the dsadd command.
E. the dsamain command.
F. the dsmgmt command.
G. the net user command.
H. the Set ADForest cmdlet.
Answer: H
Explanation:
Set-ADForest -Identity fabrikam.com -UPNSuffixes @{replace=”fabrikam.com”,”fabrikam”,”corp.fabrikam.com”} – set for all Forest
2
0
ADForest doesn’t enforce the upn for new users. You need to use dsadd with the upn switch.
0
0
dsadd work for 1 user, not for all forest, so ADForest is correct. Careffuly read question.
0
0
Which cmdlet should you use?
dsadd is not a cmdlet
0
0
Correct dsadd is not cmdlet… what is the answer?
0
0
Your network contains one Active Directory domain named contoso.com.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01.
You need to add an RODC to the domain by using the Install From Media (IFM) option.
Which tool should you use to create the media?
A. the ntdsutil command.
B.the Set-ADDomain cmdlet.
C.the Install-ADDSDornain cmdlet.
D.the dsadd command.
E.the dsamain command.
F. the dsmgmt command.
G.the net user command.
H.the Set ADForest cmdlet.
Answer : A
1
0
https://technet.microsoft.com/en-us/library/Cc770654(v=WS.10).aspx
0
0
Your network contains one Active Directory domain named contoso.com. The domain contains 2,000 client computers used by students. You recently discover an increase in calls to the helpdesk that relate to security policy to meet the following requirement:
Modify the UserName of the built-in account named Administrator
Support a time mismatch between client computers and domain controllers of up to three minutes.
Which Two security settings should you modify?
A. Account Policies
B. Password Policy
C. Account Lockout Policy
D. Kerberos Policy
E. Local Policies
F. Audit Policy
G. User Rights Assignment
H. Security Options
Answer: D and H
1
0
Your network contains an Active Directory domain named contoso.com.
You create a software restriction policy to allow an application named App1 by using a certificate rule.
You need to prevent the software restriction policy from applying to users that are members of the local Administrators group.
What should you do?
A. Modify the rule for App1
B. Modify the Enforcement Properties
C. Modify the Security Levels.
D. Modify the Trusted Publishers Properties
Answer B
0
0
Why B, it shouldn’t be security settings on the GPO?
0
0
B is correct, reference https://technet.microsoft.com/en-us/library/cc776536%28v=ws.10%29.aspx
0
0
It’s B
GPEDIT.MSC > Computer Configuration > Windows Settings > Security Settings > Software Restriction Policies > Enforcement:
– Apply software restriction policies to the following users: All users except local admin.
Done 🙂
0
0
RODC comes with a number of features that focus on heightened security with limited functionality to remote
office users.
Which of the following is (or are) feature(s) of RODC?
A.All of these
B.Filtered Attribute Sets
C.Unidirectional Replication
D.Read-only DNS
Answer A
https://technet.microsoft.com/en-us/library/ee221010(v=ws.10).aspx
Complete the missing word from the sentence below that is describing one of the new roles in Server 2008:
By using___ , you can augment an organization’s security strategy by protecting information through persistent
usage policies, which remain with the information, no matter where it is moved
A. AD FS
B. AD RMS
C. RODC
D. AD LDS
Answer B
https://technet.microsoft.com/en-us/library/cc835490(WS.10).aspx
Sometimes its important to remove an RODC from your forest or domain.
However, its important that you follow a simple rule whilst removing RODC’s. What is this rule?
A.All RODC’s must be detached before removing a final writable domain controller
B.All writable domain controllers must be removed before RODC’s can be detached
C.Your forest must only consist of RODC’s if you want to remove them
D.There are no rules for removing RODC’s
Answer A
http://www.howtogeek.com/112564/how-to-create-advanced-firewall-rules-in-the-windows-firewall/
You have a server named Server1 that Runs Windows Server 2012 R2.
You configure IPSec rules for connections to Server1.
On Server1, you plan to create an inbound firewall rule that contains the following settings:
• Allows inbound connections to an application named App1.exe
• Applies to the domain profile
• Overrides any block rules
You need to identify the minimum information required to create the rule.
Which two pieces of information should you identify?
Each correct answer presents part of the solution.
A. the list of Active Directory users who are authorized to use the application.
B. the list of computers that are authorized to use the application.
C. the hash of the application.
D. the local path of the application.
E. the name at the IPSec policies that apply to Server1
Answer B,D
0
0
Can anyone explane;
Sometimes its important to remove an RODC from your forest or domain.
However, its important that you follow a simple rule whilst removing RODC’s. What is this rule?
A.All RODC’s must be detached before removing a final writable domain controller
B.All writable domain controllers must be removed before RODC’s can be detached
C.Your forest must only consist of RODC’s if you want to remove them
D.There are no rules for removing RODC’s
answer A I think D because I can’t find the simple rule in:
https://technet.microsoft.com/en-us/library/cc835490(WS.10).aspx
0
0
I tested A in virtual lab, I could delete the last writable domain controller while one RODC was on the domain, so A is wrong, so I think the correct answer is D.
0
0
The question saying about a simple rule whilst removing RODC’s. You can delete RODC before delete writable DC. But how then you will control your DC?
0
0
Can you remove the last domain controller in a domain if there are unoccupied (or disabled) RODC accounts in the domain?
As for all previous versions of Windows Server, it is a requirement that all other domain controllers have been removed from the domain before you can remove the last domain controller. For Windows Server 2008, this requirement includes the removal of all RODCs and the removal of any precreated but unused RODC accounts.
https://technet.microsoft.com/en-us/library/cc754956(v=ws.10).aspx
0
0
Agreed with Nico. There are no rules Tfor removing RODC’s..
A.All RODC’s must be detached before removing a final writable domain controller – it has nothing to do with removing RODC based on this link https://technet.microsoft.com/en-us/library/cc835490(v=ws.10).aspx
If you take a look on the article from Microsoft, its about procedures not rules.
0
0
The domain contains an organizational unit (OU) named Groups that contains a universal security named Group1.
You run the following command from Windows PowerShell.
Get-ADGroup Group1 –properties managedby | New-ADGroup –name “Group2” –SamAccountName group2 –groupcategory distribution –groupscope global
You need to identify which properties of Group1 will be copied to Group2.
What should you identify?
To answer, select the appropriate options in the answer area.
The group type
[x]Will be different from Group1
[]Will be the same as Group1
The group scope
[x]Will be different from Group1
[]Will be the same as Group1
The managed by attribute
[]Will be different from Group1
[x]Will be the same as Group1
The permission assigned to group1
[x]Will be different from Group1
[]Will be the same as Group1
Answer: different, different, same, different.
0
0
this is correct
0
0
Permissions assigned to Group1 will the same as it already had, since permissions will not change 😛 It’s a trap
0
0
Your network contains an active directory domain named contoso.com. The domain consists 20 member Servers and 5 domain controllers. All servers run Windows Server 2012 R2. The domain contains 500 client computers.
You plan to deploy a domain controller for contoso.com in Microsoft Azure.
You need to prepare the conversation for planned deployment. The solution should ensure that the domain controller hosted in Azure always have the same IP address.
Witch two actions should you perform? Each correct answer is a part of the solution.
A. From an Azure virtual machine run the Set-AzureStaticVNetIP cmdlet
B. Deploy a Side by side virtual private network (VPN)
C. From Azure virtual machine run the Set –NetIPAuthentication cmdlet
D. From an domain controller run the Set-NetIPAdresses cmdlet
E. From an domain controller run adprep.exe
Answer? A,B – need explanation
0
0
For A : https://msdn.microsoft.com/en-us/library/azure/Dn722490.aspx
For B, I do not have an article, but you are going to need a VPN tunnel between Azure and your main site for the DCs to replicate, so to me that answer makes sense.
0
0
Guidelines for Deploying Windows Server Active Directory on Azure Virtual Machines
0
0
You have a server named Server1 that runs Windows Server 2012 R2.
You apply a security policy to server1 by using the Security Configuration Wizard (CWM).
You plan to roll back the security policy.
You need to identify the settings that are prevented from rolling back running the CWM
Witch settings should you identify.
A. The secure startup order
B. The outbound authentication methods
C. The network security rules
D. The system access control list (SAClist)
Answer?
0
0
Ansver is D
Explanation:
System Keeps Auditing After Rollback
In the auditing section of SCW there is an option to include the SCWAudit.inf template. If you do so, SCW configures System Access Control Lists (SACL) on a number of files. Without this template SCW will configure the system to perform object access auditing but since no files have SACLs on them by default, no file access will actually be audited.
If you apply a policy with this option turned on and you subsequently roll back the policy the SACLs will remain on the system. Consequently, if the system is configured to perform Object Access Auditing you will find auditing events in the Security Event Log. This is by design. SCW is not designed to roll back ACLs. To clear these SACLs you would need to manually restore any pre-existing SACLs. As long as these were defined in a security template doing so is a simple matter of re-applying that security template
0
0
Answer: D
Explanation:
System Keeps Auditing After Rollback
In the auditing section of SCW there is an option to include the SCWAudit.inf template. If you do
so, SCW configures System Access Control Lists (SACL) on a number of files. Without this
template SCW will configure the system to perform object access auditing but since no files have
SACLs on them by default, no file access will actually be audited.
If you apply a policy with this option turned on and you subsequently roll back the policy the
SACLs will remain on the system. Consequently, if the system is configured to perform Object
Access Auditing you will find auditing events in the Security Event Log. This is by design. SCW is
not designed to roll back ACLs. To clear these SACLs you would need to manually restore any
pre- existing SACLs. As long as these were defined in a security template doing so is a simple
matter of re-applying that security template.
http://blog.netwrix.com/2015/06/19/configure-audit-policy-and-security-using-securityconfiguration-wizard/
0
0
Answer is D.
Reference:
“Review the audit policy on the Audit Policy Summary Note that you also have the option to set System Access Control Lists (SACLS) to audit access of the file system. If selected, this option cannot be rolled back using SCW.”
https://www.reddit.com/r/sysadmin/comments/3jh7xz/configure_audit_policy_and_security_using/
0
0
d
0
0
Be familiar with DNScmd
You will need to complete command from 3 parts using mixed powershell and DNScmd commands.
Correct are: DNScmd; /name and 0.0.10.in-addr.arpa.
dnscmd /name dnssvr1.contoso.com /recordadd test ptr 0.0.10.in-addr.arpa
0
0
it seems
dnscmd /recordadd PTR
please reply if it isn’t right way
0
0
dnscme servername /recordadd zonename nodename ptr hostname or domain name
0
0
You have a server named Server1 that runs Windows Server 2012 R2.
Server1 has three physical network adapters named NIC1, NIC2, and NIC3.
On Server1, you create a NIC team named Team1 by using NIC1 and NIC2. You configure Team1 to
accept network traffic on VLAN 10.
You need to ensure that Server1 can accept network traffic on VLAN 10 and VLAN 11. The solution
must ensure that the network traffic can be received on both VLANs if a network adapter fails.
What should you do?
A.From Server Manager, change the load balancing mode of Team1.
B.Run the New-NetLbfoTeamcmdlet.
C.from Server Manager, change the Teaming mode of Team1
D.Run the Add-NetLbfoTeamMembercmdlet.
Answer: C
0
0
oh.. i think The team hasn’t been made between VLan10 and Vlan 11.. should it be made it first?
0
0
oh..team made, it’s not change the teaming mode, it should add to the team1.
guess D is answer?
0
0
C is correct, you can’t add Team Interface (VLAN) in switch DEPENDANT mode. Question doesn’t state which mode are configured.
0
0
You guys know the answer to the following question?
You have a server named Server 1 that runs Windows Server 2012. SERVER1 has five network adapters.
Three of the network adapters are connected to a network named LAN1.
The two other network adapters are connected to a network named LAN2.
You create a network adapter team named Team1 from two of the adapters connected to LAN1.
You create a network adapter team named Team2 from the two adapters connected to LAN2.
A company policy states that all server IP addresses must be assigned by using a reserved address in DHCP.
You need to identify how many DHCP reservations youmust create for SERVER1.
How many reservations should you identify?
A.
2
B.
3
C.
5
D.
7
Im getting mixed answers of 3 and 5
0
0
It’s B. When you put adapters into a team the team only needs 1 IP address. You have 2 teams plus 1 left over adapter so that’s 3. If you need more evidence there is are similar questions on this site here:
http://www.aiotestking.com/microsoft/how-many-reservations-should-you-identify-1/
http://www.aiotestking.com/microsoft/how-many-reservations-should-you-identify-2/
http://www.aiotestking.com/microsoft/how-many-reservations-should-you-identify-3/
http://www.aiotestking.com/microsoft/how-many-reservations-should-you-identify-4/ http://www.aiotestking.com/microsoft/how-many-reservations-should-you-identify-5/
http://www.aiotestking.com/microsoft/how-many-reservations-should-you-identify-6/
http://www.aiotestking.com/microsoft/how-many-reservations-should-you-identify-7/
http://www.aiotestking.com/microsoft/how-many-reservations-should-you-identify-8/
http://www.aiotestking.com/microsoft/how-many-reservations-should-you-identify-9/
0
0
3
0
0
Based on discussions here and there… I think I’d go with 3. There are a total of 5 network adapters, 3 on the LAN1 network and 2 on the LAN2 network. 2 of the 3 adapters on LAN1 are made into a ‘network adapter team’ so that means LAN 1 will have a total of 2 IP addresses. Both adapters on LAN2 are made into an adapter team so that means one more IP address required. Adds up to a total of 3 DHCP reservations required.
“The teaming of network cards is simply joining them into one logical entity, with a single IP address”
http://www.serverwatch.com/server-tutorials/how-to-team-your-network-cards-in-windows-server-2012.html
0
0
Jony Thank you
0
0
Oh..by the way, any one know new Azure questions? I remember there is a question that
IPV6 non-routable private prefix, multicast..
can anyone tell me that?
0
0
You have a server that runs server core of windows 2012 r2 server. you need to ensure that windows updates are installed only by using manual installation on server1. which 3 steps will you perform.
options given
————-
scregedit.wsf /au 1
wuauclt /selfupdatemanaged
uninstall-windowsfeature
netstop wuauserv
wuauclt /selfupdateunmanaged
net start wuauserv
Answers Please……?
0
0
netstop wuauserv
scregedit.wsf /au 1
net start wuauserv
That’s my idea…what about you?
0
0
I would give you right iRock on that, see:
To disable automatic updates, run the following commands:
Net stop wsuaserv
Cscript scregedit.wsf /AU 1
Net start wsuaserv
https://technet.microsoft.com/en-us/library/ff698994%28v=ws.10%29.aspx
0
0
this is correct
in sconfig you see the windows update modus is changed
0
0
New question
=============
Your network contains one Active Directory domain named contoso.com. you deploy a new virtual machine in microsoft azure and then you run the active directory domain configuration wizard as show in the exhibit. (click the exhibit button) you need to ensure that all of the users in contoso.com are replicated to the new domain controller in azure.
What should you do?
A. Modify the Deployment Configuration.
B. Set up directory integration.
C. Configuration Azure Active Directory Connect.
D. Select the Domain Name System (DNS) server check box.
0
0
C ?
0
0
I think you are right. Should be DirSync that does this, but this link looks to me that it is the Azure AD Connect that syncs
https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/#how-azure-ad-connect-works
0
0
DirSync is being replaced by aadconnect
0
0
B and C are related with azure service: Azure Active Directory, but the question is asking about replication on a domain controller installed on VM hosted on azure which is different, so I think both answers are wrong, who can confirm that?
0
0
I got the solution….You have to check the Wizard to understand the Question…
As Legend statet already its about a DC in a Azure VM and this has nothing to do with AAD (Azure Active Directory) to the AAD we talk about sync Users and not replicate which a DC does….In the Wizard they choose to make a new forest, thats why the GC and RODC options are greyed out. and this is just when you choose in the deployment configuration to create a new forest…if you would choose to add a DC to an existing domain, all of these three options are greyed out and this would exactly be what we need…we have to add this new DC in Azure VM to an existing Domain, to replicate the users from contoso.com. They did choose the wrong option in Deployment configuration tab of the wizard.
So the correct Answer is: C…Modify the Deployment configuration
I hope i could clarify a little bit and here is the link, you can check and proof it:
https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-ds/deploy/ad-ds-installation-and-removal-wizard-page-descriptions?f=255&MSPPError=-2147217396
You will see the screenshots and the options are different, depending on what you choose in the Deployment Configuration.
This Question is also in the 70-417 exam.
0
0
One important thing is missing…without the Screenshot to the Question it is not easy to understand….You will need the picture from the exam in which the GC and RODC options are greyed out, which states that they choosed the wrong deployment configuration but in our case all 3 option must be greyed out, because we should add a DC to an existing Domain….you can validate in test Lab.
Peace
0
0
Not seeing this would differ from any on-prem DC. So it just needs to be promoted to DC, set to GC and install DNS it should replicate all users to AzureVM.
0
0
New question
===========
you create an OU named tempusers. you add several test users to that OU. you want to delete the ou and receive an error.
remove-adorganizationunit -identity “ou=tempusrs, dc=contoso,dc=com” – recursive.
a) remove all the users from ou
b) modify the rights to your user account
c) set the confirm parameters to $true
d) set the protectfromaccidential deletion to $false
0
0
D ?
0
0
Yes D
0
0
yeah should be correct:
-ProtectedFromAccidentalDeletion:$false
0
0
i have contoso.com domain consist of two child domain east.contoso.com and west.contoso.com.GP applied on following
OU
market.east.contoso.com
west.contoso.com
contose.com
forest.contoso.com
east.contoso.com
GP is deleted,in which i have deleted GPO manually
select Three
0
0
Is there some one that got this answer?
0
0
market.east.contoso.com
west.contoso.com
east.contoso.com
i think
0
0
regarding question about replicating with DC in azure, is the Answer B? as per
http://blogs.technet.com/b/canitpro/archive/2014/05/14/step-by-step-syncing-on-premise-ad-with-azure-active-directory.aspx
0
0
not 100% sure, but if I got that question I would go for the Azure AD Connect (answer C): https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/#how-azure-ad-connect-works
0
0
passed my exam today 820/1000. got all the RODC questions that Jony listed.. so thank you for those. also got the replicating to AD in azure, I gave the answer as B (Directory Integration), not sure it was right or not.
0
0
I have to give the exam next week. How many questions did you study from this site? Were there any new questions?
0
0
maybe , I will take it in Monday
0
0
I would say all except a couple of the questions were in the exam from this site, including the 5/6 Jony posted regarding the RODC. There was a question also from above that talks about Azure AD integration.
a couple of questions which didn’t feature on this site were about how to restrict some members of the domain admins group from accessing the DC (sorry don’t remember the question format, and a group policy question about preventing authenticated users from joining computers to the domain.
0
0
Thanks Zak
0
0
Passed my exam today with 840/1000. All questions from this site and some of the questions that Jony posted.
0
0
Jony Thank you !
Yesterday i passed it and i got all question which u said !
Guys be aware what Jony Says !
Thank.
0
0
Passed my exam today with 720/1000. All questions from this site and some of the questions that Jony posted.
0
0
Your directory contains one AD domain named contoso.com.The domain contains 10 DC that run WS2012R2. 8 DC are writable DC.
You need to deploy several read-only DC in contoso by using pre-staged computer accounts.
Which two tasks should you perform?Each correct answer presents part of solution.
A: Run the Add-AddsReadOnlyDomainControlleraccount cmdlet.
B:Create an authentication policy silo.
C:Create an authentication policy.
D:Run the Install-AddsDomainControler cmdlet.
E:Run the adprep /rodcprep command
F:Join the servers to contoso.com.
0
0
E?
0
0
It’s A and D
https://technet.microsoft.com/en-gb/library/jj574152.aspx
0
0
confirm
no adprep/rodprep, because we use for the first RODC.
“The domain contains 10 DC that run WS2012R2. 8 DC are writable DC.” (the other 2?)
0
0
A,E 100%
0
0
“Before install a RODC in a domain environment it need to meet the following requirements,
Forest function level should be windows 2003 server or higher
Needs at least one writable domain controller running windows server 2008 or higher
If forest have any DC running windows server 2003 we need to adjust permissions on DNS application directory partition to allow them to replicate to RODC. It can be done by running adprep /RODCprep from windows 2012 server installation disk \support\adprep folder….
…As we can see here its runs with windows server 2012 R2 so we do not need to prepare domain with adprep /RODCprep”
http://www.rebeladmin.com/2014/10/step-by-step-guide-to-install-read-only-domain-controller-rodc/
A: Stage RODC: Add-addsreadonlydomaincontrolleraccount
D: Attach RODC: Install-AddsDomaincontroller
0
0
the company has 2 LAN, LAN 1 has IP 10.1.1.0/27, and LAN 1 and LAN 2 is communicated by the router. LAN 2 needs to meet requirements below:
1, it contains at least 50 IP addresses,
2, priviate IPs,
3 can communicate with LAN 1.
So which IP and mask should be used.
0
0
I would gather
10.1.1.0/26 = 64 ip addresses
255.255.255.192
agree?
0
0
10.1.1.64 255.255.255.192
0
0
Your network contains one Active Directory domain named contoso.com. you deploy a new virtual machine in microsoft azure and then you run the active directory domain configuration wizard as show in the exhibit. (click the exhibit button) you need to ensure that all of the users in contoso.com are replicated to the new domain controller in azure.
What should you do?
A. Modify the Deployment Configuration.
B. Set up directory integration.
C. Configuration Azure Active Directory Connect.
D. Select the Domain Name System (DNS) server check box.
???
0
0
C
0
0
ou have 10 domain controller in a domain. you need to prevent several members of domain admin groups from logging on the domain controller. which two object shoudl you create and configure.
A. GPO to the domain
B. authentication policy
C. authentication policy silo
D. a central access policy
E. a user certificate
please provide answer
0
0
i would go for Silo
http://social.technet.microsoft.com/wiki/contents/articles/26945.authentication-policies-and-authentication-silos-restricting-domain-controller-access.aspx
0
0
what is the answer of the question?
0
0
BC
https://dirteam.com/sander/2014/12/23/new-features-in-active-directory-domain-services-in-windows-server-2012-r2-part-3-authentication-policies-and-authentication-policy-silos/
0
0
Passed my exam today
thank you all
0
0
Hi Qabas.
Can you send us your answers?
Tks
0
0
Your directory contains one AD domain named contoso.com.The domain contains 10 DC that run WS2012R2. 8 DC are writable DC.
You need to deploy several read-only DC in contoso by using pre-staged computer accounts.
Which two tasks should you perform?Each correct answer presents part of solution.
A: Run the Add-AddsReadOnlyDomainControlleraccount cmdlet.
B:Create an authentication policy silo.
C:Create an authentication policy.
D:Run the Install-AddsDomainControler cmdlet.
E:Run the adprep /rodcprep command
F:Join the servers to contoso.com.
A and D
https://books.google.it/books?id=L5d7BAAAQBAJ&pg=PA234&lpg=PA234&dq=deploy+read-only+DC+by+using+pre-staged+computer+accounts&source=bl&ots=efdHJnE2lj&sig=vlQoEEDZXQdwazhoKi5XuidCGoU&hl=it&sa=X&ved=0CEMQ6AEwBGoVChMI_rPPuviZyAIVwQ8sCh3RwAij#v=onepage&q=deploy%20read-only%20DC%20by%20using%20pre-staged%20computer%20accounts&f=false
0
0
b&E?
0
0
Hello Guys, Please help me. I studied all the 282 questions here and i memorize 100% of all the questions + Jony’s posted question and answer. So my question is, Is it enough to pass the exam with all of that question will appear on the exam? Please help me to answer that. I will sit on the exam on the 7th of October so plss help.
With regards to other questions here, how many are 100% correct answer here out of 282 question? because I have read some of the comments to the answer but some of according to the comment some of those questions here is wrong so kindly please help me..
Thank you.
Regards,
Dubai
0
0
With the comments i would say at least 95% is correct. Without the comments, less. Substasionly less.
0
0
Hello Guys, I am going to take the exam on wednesday. Is this website is valid? I have read all of the questions and answers here and I noticed that it is Kathleen dumps. Is is still valid? Is all the questions is correct here?
Thanks guys for the answer. Cheers
0
0
I passed the exam. All the questions is here.
Thanks guyss
0
0
I passed the exam on the 9th, 860!!!! This dump is valid and extremely helpful in preparing me for the exam
0
0
Just failed with 646. A lot of questions from here, but also a lot of new questions. One on setting NIC teaming mode to switch independent and a Set-GpPermissions/Link…
0
0
I passed on 13th using this dump.
Really really helpful.
Almost all the questions are here.
Check the comments section for correct answers
0
0
Thanks a lot I passed my exam today 13th with 820
Really this page is very very helpful thanks again
0
0
Still valid – passed today, 80% of the exam questions are on this collection
0
0
Passed today, 9xx score, but many new questions. [about 15 the same, 10 similar, and 22 new]
What I have remember:
1 new RODC question, about adding new domain to vm on azure subscription, you should pick which tool you will use, the answers where the same like the other RODC questions.
Question about configuring SAM account
How would you change mode on NIC teaming
What command you will use to allow user User1 to manage linked/unlinked GPOs, one of the options was Set-GpPermission.
0
0
Sounds like we got the exact same question set, 47 questions with those exact new topics you’ve listed.. I passed with 880!
0
0
i took the exam on the 20th, last month. I got 860 score. thanks to @jony
0
0
i take the exam fail 3 time, and try to exam 4 time.
Can anyone help me how to pass this exam, i had use 200usd to take this exam.
Thank for all
0
0
This week passed with 780 in Netherlands.
Got almost all questions that are posted above here in Q286.
RODS, Azure questions also (are 70-411 questions ..?).
90% Of the other questions from the other 285 questions. Can’t remember these new ones.
Good luck to you all!
0
0
Thanks for sharing…I passed this week with 720, like 95% of the questions from this dump and the comments here.
please advise witch dump to use for 70-411
Good luck to you all,
0
0
Passed today with 900, this dump and all additional questions here from Jony are valid.
Got 2 new questions, one was:
You have win2012 R2 DHCP servers with 50 leases. You want to convert leases into reservations using PowerShell command. What do you need to have to accomplish this
A) Computer names
B) Computer GUIDs
C) Computer MAC Addresses
D) Hardware information (?)
I chose C, but am not 100% sure.
0
0
C
PS C:\> Add-DhcpServerv4Reservation -ScopeId 10.10.10.0 -IPAddress 10.10.10.8 -ClientId F0-DE-F1-7A-00-5E -Description “Reservation for Printer”
https://technet.microsoft.com/en-us/library/jj590686%28v=wps.630%29.aspx
0
0
Passed today with 945, almost all questions came from lead2pass 472q vce file.
0
0
QUESTION 449
Note: This question is part of a series of questions that use the same or similar answer choices.
An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains one Active Directory domain named contoso.com.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01.
You need to ensure that when administrators create users in contoso.com, the default user principal name (UPN) suffix is litwareinc.com.
Which cmdlet should you use?
A. the ntdsutil command.
B. the Set-ADDomain cmdlet.
C. the Install-ADDSDornain cmdlet.
D. the dsadd command.
E. the dsamain command.
F. the dsmgmt command.
G. the net user command.
H. the Set ADForest cmdlet.
Answer: E dsamain
0
0
That’s wrong man.
The correct is answer is H.
https://technet.microsoft.com/en-us/library/ee617221.aspx
1
0
Man, that’s wrong.
The correct answer is H.
0
0
H correct.
Explanation:
Set-ADForest -Identity fabrikam.com -UPNSuffixes
@{replace=”fabrikam.com”,”fabrikam”,”corp.fabrikam.com”} – set for all Forest
0
0
Passed today with 88X.
All questions came from this dump & v5 + the questions Jony posted here regarding Azure.
1 new question regarding Domain & Domain Controller policies and when to apply which one.
They give 3 examples and you have to select either Domain Policiy or Domain Controller Policy.
Also, be sure to UNDERSTAND the answers, not just memorize them, some questions are altered or switched around!
0
0
Passed today with 8XX in Ghana…. Had MRK’s question regarding Domain & Domain Controller Policy and when to apply it…….and just about 3 new questions..this dump is very valid.
0
0
The new question about LAN and submasking: you have 2 LANs. LAN1 has IP 10.1.1.0/27
LAN2 should communicate with LAN1 thru a router (as you wrote). Drop in the box the correct IP address and mask.
The answer: The first and easiest step is to identify the mask bits. In this case it is 27.
you MUST select the same mask as /27 gives you at LAN1, so that’s 255.255.255.224 (because there must be communication between the LANs!)
LAN1’s mask gives you the hosts per subnet, that is 30 (32 minus broadcast and minus the subnet ID, that’s why it is 30)
So LAN1 can have the hosts from 10.1.1.1-10.1.1.30 (10.1.1.0 is for the subnet, 10.1.1.31 is the broadcast).
The next usable subnet with the /27 mask is 10.1.1.32/27.
So the correct answer is: 10.1.1.32 with mask of 255.255.255.224
0
0
Your argument regarding the length of the mask is not valid. Since you have a router the mask could be any length. You have just calculated the next network on the same range however without any specific requirements any network could potentially communicate with 10.1.1.0/27 since there is router.
0
0
Your network contains one Active Directory domain named contoso.com. you deploy a new virtual machine in microsoft azure and then you run the active directory domain configuration wizard as show in the exhibit. (click the exhibit button) you need to ensure that all of the users in contoso.com are replicated to the new domain controller in azure.
What should you do?
A. Modify the Deployment Configuration.
B. Set up directory integration.
C. Configuration Azure Active Directory Connect.
D. Select the Domain Name System (DNS) server check box.
Answer: C?
Im confused if its C or B.
https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/#how-azure-ad-connect-works
0
0
Passed.
Jony thank You.
Dump from this site with comments! + Jony Q&A
0
0
Your network contains one Active Directory domain named contoso.com. you deploy a new virtual machine in microsoft azure and then you run the active directory domain configuration wizard as show in the exhibit. (click the exhibit button) you need to ensure that all of the users in contoso.com are replicated to the new domain controller in azure.
What should you do?
A. Modify the Deployment Configuration.
B. Set up directory integration.
C. Configuration Azure Active Directory Connect.
D. Select the Domain Name System (DNS) server check box.
Ans: C? https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/
0
0
But the question is not to sync the users to AAD (Azure Active Directory)…they ask to ensure that all of the users replicate to the new domain controller in the Azure VM.
So B and C cannot be the answer as it has to do with AAD and not AD on a DC!
D for DNS check box i would also say not
So for me it would be just the A as an option. Otherwise if they would ask to sync the Users to AAD, then i would also say C.
0
0
i have contoso.com domain consist of two child domain east.contoso.com and west.contoso.com.GP applied on following
OU
A. name Corporate site
B. contoso.com
C. east.contoso.com
D. east.contoso.com Marketing OU
E. contoso.com ALLUsers OU
GP is deleted,in which i have deleted GPO manually
select Three
1
0
you have a server named server1 that runs windows server 2012 r2. Server1 has the DHCP server server role installed. You need to convert 20 ip address leases to reservation by using windows power shell. Which value should you use when running the
Add-DhcpServer4Reservation cmdlet?
A. the MAC addresses
B. the computer names
c. the hardware IDs
D. the SMSBOIS GUIDs
Answer: ???
0
0
you have a server named server1 that runs windows server 2012 r2. Server1 contains a volume named data. Data contains a shared folder named server1 that contains shared files. Several users access the files. You enable shadow copies on the data values. A user named user1 deletes a file named Budget.xls fro share1. You need to recover the file. The solution must not override changes to the other files in share1. What should you do first?
A. from the properties of the data volume, open the Shadow Copies tab, select the shadow copy, and then click Revert.
B. from the properties of the data volume,open the Previous Versions tab, and then open folder. Browse to the share1 folder.
C. from the properties of the share1 folder, open the Previous Versions tab, and then click Restore.
D. from the properties of the share1 folder, open the Sharing tab, click Advanced Sharing, and then click Caching.
Answer: ???
0
0
Enjoyed every bit of your blog. Much obliged.
razbirat.com
0
0
Blog yang bagus ngomong-ngomong saya berbagi info untuk menjadi dewa poker kunjungi aaja pokertogelmania.
Info carea main domino hingga prediksi togel. Mungkin juga sahabat adda
yang perlu info review situs adu Ԛ terpopuler ddi Indonesia visit pokertogelmania.
0
0