QUESTION 81
Your network contains an Active Directory domain named adatum.com. The domain contains a domain controller named DC1. On DC1, you create a new volume named E.
You restart DC1 in Directory Service Restore Mode.
You open ntdsutil.exe and you set NTDS as the active instance.
You need to move the Active Directory logs to E:\NTDS\.
Which Ntdsutil context should you use?
A. IFM
B. Configurable Settings
C. Partition management
D. Files
Answer: D
Explanation:
How to Move Log Files
Use the move logs to command to move the directory service log files to another folder. For the new settings to take effect, restart the computer after you move the log files.
To move the log files, follow these steps:
Click Start, click Run, type ntdsutil in the Open box, and then press ENTER. At the Ntdsutil command prompt, type files, and then press ENTER. At the file maintenance command prompt, type move logs to new location (where new location is an existing folder that you have created for this purpose), and then press ENTER.
Type quit, and then press ENTER.
Restart the computer.
http://support.microsoft.com/kb/816120#5
http://technet.microsoft.com/en-us/library/cc753343(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc755229(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc730970(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc732530(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc753900(v=ws.10).aspx
QUESTION 82
Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers.
The network contains a server named Server1 that has the Hyper-V server role installed. DC6 is a virtual machine that is hosted on Server1.
You need to ensure that you can clone DC6.
Which FSMO role should you transfer to DC2?
A. Infrastructure Master
B. RID Master
C. Domain Naming Master
D. PDC emulator
Answer: D
Explanation:
D. The clone domain controller uses the security context of the source domain controller (the domain controller whose copy it represents) to contact the Windows Server 2012 R2 Primary Domain Controller (PDC) emulator operations master role holder (also known as flexible single master operations, or FSMO). The PDC emulator must be running Windows Server 2012 R2, but it does not have to be running on a hypervisor.
http://technet.microsoft.com/en-us/library/hh831734.aspx
QUESTION 83
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed. Server1 hosts 10 virtual machines. A virtual machine named VM1 runs Windows Server 2012 R2 and hosts a processor-intensive application named Appl. Users report that App1 responds more slowly than expected. You need to monitor the processor usage on VM1 to identify whether changes must be made to the hardware settings of VM1. Which performance object should you monitor on Server1?
A. Processor
B. Hyper-V Hypervisor Virtual Processor
C. Hyper-V Hypervisor Root Virtual Processor
D. Process
E. Hyper-V Hypervisor Logical Processor
Answer: B
Explanation:
A. Traditionally, processor performance can be measured using the “\Processor(*)\% Processor Time” performance monitor counter. This is not an accurate counter for evaluating processor utilization of a guest operating system though because Hyper-V
B. Shows the percentage of time used by the virtual processor in guest code. This is used to determine the processor utilization of the virtualization stack on the host server.
C. Identifies how much of the physical processor is being used to run the virtual machines. This counter does not identify the individual virtual machines or the amount consumed by each virtual machine.
D. This counter is a natural choice that will give use the amount of time that this particular process spends using the processor resource.
E. Identifies how much of the virtual processor is being consumed by a virtual machine. http://msdn.microsoft.com/en-us/library/cc768535(v=bts.10).aspx
http://technet.microsoft.com/en-us/library/cc742454.aspx
http://technet.microsoft.com/en-us/library/ff367892(v=exchg.141).aspx
QUESTION 84
The contoso.com domain contains 2 domain controllers running Server 2012, AD recycle bin is enabled for the domain. DC1 is configured to take AD snapshots daily, DC2 is set to take snapshots weekly. Someone deletes a group containing 100 users, you need to recover this group, What should you do?
A. Authoritative Restore
B. Non Authoritative Restore
C. Tombstone Reanimation
D. Modify attribute isdeleted=true
Answer: C
Explanation:
C. Active Directory Recycle Bin, starting in Windows Server 2008 R2, builds on the existing tombstone reanimation infrastructure and enhances your ability to preserve and recover accidentally deleted Active
Directory objects.
http://technet.microsoft.com/en-us/library/hh831702.aspx
QUESTION 85
You have a RODC named Server1 running Server 2012 .
You need to add a RODC Administrator.
How do you complete the task?
A. dsmgmt.exe
B. ntdsutil
C. Add user to Local Administrator Group on Server1
D. Use Security Group and modify RODC Delegated Administrator
Answer: D
Explanation:
D. Using ntdsutil or dsmgmt to specify the delegated RODC administrator account is not recommended because the information is stored only locally on the RODC. You can only specify one security principal to be the delegated RODC administrator. As a best practice, you should create a security group for each RODC and assign that group to be the delegated administrator. Then, you can add individual user accounts to the group, and each user can manage the RODC. http://technet.microsoft.com/en-us/library/cc755310(v=ws.10).aspx
QUESTION 86
Your network contains an Active Directory domain named contoso.com.
You need to create a AD Snapshot.
Which four actions should you perform?
To answer, move the four appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
http://www.petri.co.il/working-active-directory-snapshots-windows-server-2008.htm#
http://technet.microsoft.com/en-us/library/cc753609(v=ws.10).aspx
QUESTION 87
Your network contains an Active Directory forest named contoso.com. All domain controllers run Windows Server 2008 R2. The schema is upgraded to Windows Server 2012 R2.
Server 1 and Server2 host a load-balanced application pool named AppPool1.
You need to ensure that AppPool1 uses a group Manged Service Account as its identity.
Which 3 actions should you perform?
Answer:
Answer:
Explanation:
http://technet.microsoft.com/en-us/library/jj128431.aspx
QUESTION 88
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
Active Directory Recycle Bin is enabled.
You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1 an hour ago.
What should you do?
A. Perform a non-authoritative restore.
B. Modify the is Recycled attribute of Group1.
C. Perform an authoritative restore.
D. Recover the items by using Active Directory Recycle Bin.
Answer: D
Explanation:
This is the only option that specifies “file”
http://technet.microsoft.com/en-us/library/ff625687(v=ws.10).aspx)
QUESTION 89
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1. You create a global group named RODC_Admins. You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on RODC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects. What should you do?
A. From Active Directory Users and Computers , configure the Managed By settings of the RODC1 account.
B. From Active Directory Sites and Services, run the Delegation of Control Wizard
C. From Active Directory Users and Computers, run the Delegation of Control Wizard.
D. From a command prompt, run the dsadd computer command.
Answer: A
Explanation:
Note:
* You can delegate local administrative permissions for an RODC to any domain user without granting that user any user rights for the domain or other domain controllers. This permits a local branch user to log on to an RODC and perform maintenance work on the server, such as upgrading a driver. However, the branch user cannot log on to any other domain controller or perform any other administrative task in the domain. In this way, the branch user can be delegated the ability to effectively manage the RODC in the branch office without compromising the security of the rest of the domain.
Incorrect:
Not C: The Set-ADAccountControl cmdlet modifies the user account control (UAC) values for an Active Directory user or computer account. UAC values are represented by cmdlet parameters. For example, set the PasswordExpired parameter to change whether an account is expired and to modify the ADS_UF_PASSWORD_EXPIRED UAC value.
Not D: Managed by Tab in Windows Server computer account grantslocal admin access to that RODC. This means he getsControl Access for ResetPassword, and WriteProperty for UserLogonInformation and AccountRestrictions propsets. These allow him to attach an RODC to precreated RODC account, or to perform RODC demotion (with /retainDcMetadata flag). He is also dropped into the local builtin admins group on that RODC
QUESTION 90
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. In a remote site, a support technician installs a server named DC10 that runs Windows Server 2012 R2. DC10 is currently a member of a workgroup.
You plan to promote DC10 to a read-only domain controller (RODC).
You need to ensure that a user named Contoso/User1 can promote DC10 to a RODC in the contoso.com domain. The solution must minimize the number of permissions assigned to User1.
What should you do?
A. Join DC10 to the domain. Modify the properties of the DC10 computer account
B. From Active Directory Administrative Center, pre-create an RODC computer account.
C. Join DC10 to the domain. Run dsmod and specify the /server switch
D. From Active Directory Administrative Center, modify the security settings of the Domain Controllers
organizational unit (OU).
Answer: B
Explanation:
A staged read only domain controller (RODC) installation works in two discrete phases:
1. Staging an unoccupied computer account
2. Attaching an RODC to that account during promotion
Reference: Install a Windows Server 2012 R2 Active Directory Read-Only Domain Controller (RODC)
Download Braindump2go’s Latest Microsoft 70-411 Dump Full Version For Free: http://www.braindump2go.com/70-411.html