Microsoft 70-411 Exam Practice Test Instant Access

Question 1

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.

An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.

You make a change to GPO1.

You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort.

Which tool should you use?

AThe Secedit command

BThe Invoke-GpUpdate cmdlet

CGroup Policy Object Editor

DServer Manager

Answer : B

Invoke-GPUpdate

Schedule a remote Group Policy refresh (gpupdate) on the specified computer.

Applies To: Windows Server 2012 R2

The Invoke-GPUpdate cmdlet refreshes Group Policy settings, including security settings that are set on remote computers by scheduling the running of the Gpupdate command on a remote computer. You can combine this cmdlet in a scripted fashion to schedule the Gpupdate command on a group of computers.

The refresh can be scheduled to immediately start a refresh of policy settings or wait for a specified period of time, up to a maximum of 31 days. To avoid putting a load on the network, the refresh times will be offset by a random delay.

Note:

Group Policy is a complicated infrastructure that enables you to apply policy settings to remotely configure a computer and user experience within a domain. When the Resultant Set of Policy settings does not conform to your expectations, a best practice is to first verify that the computer or user has received the latest policy settings. In previous versions of Windows, this was accomplished by having the user run GPUpdate.exe on their computer.

With Windows Server 2012 R2 and Windows 8, you can remotely refresh Group Policy settings for all computers in an organizational unit (OU) from one central location by using the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdate Windows PowerShell cmdlet to refresh Group Policy for a set of computers, including computers that are not within the OU structure---for example, if the computers are located in the default computers container.

The remote Group Policy refresh updates all Group Policy settings, including security settings that are set on a group of remote computers, by using the functionality that is added to the context menu for an OU in the Group Policy Management Console (GPMC). When you select an OU to remotely refresh the Group Policy settings on all the computers in that OU, the following operations happen:

An Active Directory query returns a list of all computers that belong to that OU.

For each computer that belongs to the selected OU, a WMI call retrieves the list of signed in users.

A remote scheduled task is created to run GPUpdate.exe /force for each signed in user and once for the computer Group Policy refresh. The task is scheduled to run with a random delay of up to 10 minutes to decrease the load on the network traffic. This random delay cannot be configured when you use the GPMC, but you can configure the random delay for the scheduled task or set the scheduled task to run immediately when you use the Invoke-GPUpdate cmdlet.

Question 2

Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2.

You view the effective policy settings of Server1 as shown in the exhibit. (Click the Exhibit button.)

On Server1, you have a folder named C:\Share1 that is shared as Share1. Share1 contains confidential dat

a. A group named Group1 has full control of the content in Share1.

You need to ensure that an entry is added to the event log whenever a member of Group1 deletes a file in Share1.

What should you configure?

Athe Audit File Share setting of Servers GPO

Bthe Sharing settings of C:\Share1

Cthe Audit File System setting of Servers GPO

Dthe Security settings of C:\Share1

Answer : D

You can use Computer Management to track all connections to shared resources on a Windows Server 2008 R2 system.

Whenever a user or computer connects to a shared resource, Windows Server 2008 R2 lists a connection in the Sessions node.

File access, modification and deletion can only be tracked, if the object access auditing is enabled you can see the entries in the event log.

To view connections to shared resources, type net session at a command prompt or follow these steps:

In Computer Management, connect to the computer on which you created the shared resource.

In the console tree, expand System Tools, expand Shared Folders, and then select Sessions. You can now view connections to shares for users and computers.

To enable folder permission auditing, you can follow the below steps:

Click start and run 'secpol. msc' without quotes.

Open the Local Policies\Audit Policy

Enable the Audit object access for 'Success' and 'Failure'.

Go to target files and folders, right click the folder and select properties.

Go to Security Page and click Advanced.

Click Auditing and Edit.

Click add, type everyone in the Select User, Computer, or Group.

Choose Apply onto: This folder, subfolders and files.

Tick on the box ''Change permissions''

Click OK.

After you enable security auditing on the folders, you should be able to see the folder permission changes in the server's Security event log. Task Category is File System.

References:

http: //social. technet. microsoft. com/Forums/en-US/winservergen/thread/13779c78-0c73-4477-8014-f2eb10f3f10f/

http: //technet. microsoft. com/en-us/library/cc753927(v=ws. 10). aspx

http: //social. technet. microsoft. com/Forums/en-US/winservergen/thread/13779c78-0c73-4477-8014-f2eb10f3f10f/

http: //support. microsoft. com/kb/300549

http: //www. windowsitpro. com/article/permissions/auditing-folder-permission-changes

http: //www. windowsitpro. com/article/permissions/auditing-permission-changes-on-a-folder

Question 3

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.

All sales users have laptop computers that run Windows 8. The sales computers are joined to the domain. All user accounts for the sales department are in an organizational unit (OU) named Sales_OU.

A Group Policy object (GPO) named GPO1 is linked to Sales_OU.

You need to configure a dial-up connection for all of the sales users.

What should you configure from User Configuration in GPO1?

APolicies/Administrative Templates/Network/Windows Connect Now

BPreferences/Control Panel Settings/Network Options

CPolicies/Administrative Templates/Windows Components/Windows Mobility Center

DPolicies/Administrative Templates/Network/Network Connections

Answer : B

The Network Options extension allows you to centrally create, modify, and delete dial-up networking and virtual private network (VPN) connections. Before you create a network option preference item, you should review the behavior of each type of action possible with the extension.

To create a new Dial-Up Connection preference item

Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit.

In the console tree under Computer Configuration or User Configuration, expand the Preferences folder, and then expand the Control Panel Settings folder.

Right-click the Network Options node, point to New, and select Dial-Up Connection.

References:

http: //technet. microsoft. com/en-us/library/cc772107. aspx

http: //technet. microsoft. com/en-us/library/cc772449. aspx

Question 4

Your network contains an Active Directory domain named adatum.com.

You need to audit changes to the files in the SYSVOL shares on all of the domain controllers. The solution must minimize the amount of SYSVOL replication traffic caused by the audit.

Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)

AAudit Policy\Audit system events

BAdvanced Audit Policy Configuration\DS Access

CAdvanced Audit Policy Configuration\Global Object Access Auditing

DAudit Policy\Audit object access

EAudit Policy\Audit directory service access

FAdvanced Audit Policy Configuration\Object Access

Answer : D, F

Question 5

Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run Windows Server 2008, Windows Server 2008 R2 Windows Server 2012, and Windows Server 2012 R2.

A domain controller named DC1 runs Windows Server 2012 R2. DC1 is backed up daily.

During routine maintenance, you delete a group named Group1.

You need to recover Group1 and identify the names of the users who were members of Group1 prior to its deletion. You want to achieve this goal by using the minimum amount of administrative effort.

What should you do first?

APerform an authoritative restore of Group1.

BMount the most recent Active Directory backup.

CUse the Recycle Bin to restore Group1.

DReactivate the tombstone of Group1.

Answer : A

The Active Directory Recycle Bin does not have the ability to track simple changes to objects. If the object itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the future. In other words, there is no rollback capacity for changes to object properties, or, in other words, to the values of these properties.

There is another approach you should be aware of. Tombstone reanimation (which has nothing to do with zombies) provides the only way to recover deleted objects without taking a DC offline, and it's the only way to recover a deleted object's identity information, such as its objectGUID and objectSid attributes. It neatly solves the problem of recreating a deleted user or group and having to fix up all the old access control list (ACL) references, which contain the objectSid of the deleted object.

Restores domain controllers to a specific point in time, and marks objects in Active Directory as being authoritative with respect to their replication partners.

Question 6

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.

An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.

You make a change to GPO1.

You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort.

Which tool should you use?

AServer Manager

BActive Directory Users and Computers

CThe Gpupdate command

DGroup Policy Management Console (GPMC)

Answer : D

Starting with Windows Server 2012 and Windows 8, you can now remotely refresh Group Policy settings for all computers in an OU from one central location through the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdatecmdlet to refresh Group Policy for a set of computers, not limited to the OU structure, for example, if the computers are located in the default computers container.

References:

http: //technet. microsoft. com/en-us//library/jj134201. aspx

http: //blogs. technet. com/b/grouppolicy/archive/2012/11/27/group-policy-in-windows-server-2012-using-remote-gpupdate. aspx

Question 7

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Deployment Services server role installed.

Server1 contains two boot images and four install images.

You need to ensure that when a computer starts from PXE, the available operating system images appear in a specific order.

What should you do?

AModify the properties of the boot images.

BCreate a new image group.

CModify the properties of the install images.

DModify the PXE Response Policy.

Answer : C

Microsoft Administering Windows Server 70-411 Exam Practice Test