70-417 | Up to the immediate present 70-417 Exam Study Guides With New Update Exam Questions
Q141. Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1.
You create a global group named RODC_Admins.
You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on RODC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects.
What should you do?
A. From Active Directory Users and Computers, configure the Managed By settings of the RODC1 account.
B. From Windows PowerShell, run the Set-ADAccountControlcmdlet.
C. From a command prompt, run the dsadd computer command.
D. From Active Directory Sites and Services, run the Delegation of Control Wizard.
Answer: A
Q142. OTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA).
The domain contains a server named Server1 that runs Windows Server 2012 R2. You install the Active Directory Federation Services server role on Server1.
You plan to configure Server1 as an Active Directory Federation Services (AD FS) server. The Federation
Service name will be set to adfs1.contoso.com.
You need to identify which type of certificate template you must use to request a certificate for AD FS.
Which certificate template should you identify? To answer, select the appropriate template in the
answer area.
Answer:
Q143. Your network contains two Active Directory forests named contoso.com and corp.contoso.com
User1 is a member of the DnsAdmins domain local group in contoso.com.
User1 attempts to create a conditional forwarder to corp.contoso.com but receive an error message shown in the exhibit. (Click the Exhibit button.)
You need to configure bi-directional name resolution between the two forests.
What should you do first?
A. Add User1 to the DnsUpdateProxy group.
B. Configure the zone to be Active Directory-integrated
C. Enable the Advanced view from DNS Manager
D. Run the New Delegation Wizard
Answer: B
97. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012.
Server1 is the enterprise root certification authority (CA) for contoso.com. You need to enable CA role separation on Server1.
Which tool should you use?
A. The Certutil command
B. The Authorization Manager console
C. The Certsrv command
D. The Certificates snap-in
Answer: A
Q144. Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
Server1 hosts 10 virtual machines. A virtual machine named VM1 runs Windows Server 2012 R2 and hosts a processor-intensive application named App1.
Users report that App1 responds more slowly than expected.
You need to monitor the processor usage on VM1 to identify whether changes must be made to the hardware settings of VM1.
Which performance object should you monitor on Server1?
A. Hyper-V Hypervisor Logical Processor
B. Hyper-V Hypervisor Root Virtual Processor
C. Processor
D. Hyper-V Hypervisor Virtual Processor
E. Process
Answer: D
Explanation:
http://social.technet.microsoft.com/wiki/contents/articles/1234.hyper-v-concepts-vcpu-virtual-processor.aspx http://blogs.msdn.com/b/tvoellm/archive/2008/05/12/hyper-v-performance-counters-part-four-of-many-hyper-v-hypervisor-virtual-processor-and- hyper-v-hypervisor-root-virtual-processor-counter-set.aspx
Q145. Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
You need to create an IPv6 scope on Server1. The scope must use an address space that is reserved for private networks. The addresses must be routable.
Which IPV6 scope prefix should you use?
A. 2001:123:4567:890A::
B. FE80:123:4567::
C. FF00:123:4567:890A::
D. FD00:123:4567::
Answer: D
Q146. Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the Hyper-V server role installed.
You plan to replicate virtual machines between Server1 and Server2. The replication will be encrypted by using Secure Sockets Layer (SSL).
You need to request a certificate on Server1 to ensure that the virtual machine replication is encrypted.
Which two intended purposes should the certificate for Server1 contain? (Each correct answer presents part of the solution. Choose two.)
A. Client Authentication
B. Kernel Mode Code Signing
C. Server Authentication
D. IP Security end system
E. KDC Authentication
Answer: A,C
Explanation:
http://blogs.technet.com/b/virtualization/archive/2012/03/13/hyper-v-replica-certificaterequirements.aspx
Q147. You have a server named Server1 that runs Windows Server 2012 R2.
You install the File and Storage Services server role on Server1.
From Windows Explorer, you view the properties of a folder named Folder1 and you
discover that the Classification tab is missing.
You need to ensure that you can assign classifications to Folder1 from Windows Explorer
manually.
What should you do?
A. Install the File Server Resource Manager role service.
B. From Folder Options, clear Hide protected operating system files (Recommended).
C. Install the Share and Storage Management Tools.
D. From Folder Options, select the Always show menus.
Answer: A
Explanation:
B. Classification Management is a feature of FSRM http://technet.microsoft.com/en-us/library/dd759252.aspx http://technet.microsoft.com/en-us/library/dd758759(v=WS.10).aspx
Q148. Your network contains three servers named HV1, HV2, and Server1 that run Windows Server 2012 R2. HV1 and HV2 have the Hyper-V server role installed. Server1 is a file server that contains 3 TB of free disk space.
HV1 hosts a virtual machine named VM1. The virtual machine configuration file for VM1 is stored in D:VM and the virtual hard disk file is stored in E:VHD.
You plan to replace drive E with a larger volume.
You need to ensure that VM1 remains available from HV1 while drive E is being replaced. You want to achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. Perform a live migration to HV2.
B. Add HV1 and HV2 as nodes in a failover cluster. Perform a storage migration to HV2.
C. Add HV1 and HV2 as nodes in a failover cluster. Perform a live migration to HV2.
D. Perform a storage migration to Server1.
Answer: D
Q149. RAG DROP
Your network contains an Active Directory domain named contoso.com. All client computers run Windows 7. Group Policy objects (GPOs) are linked to the domain as shown in the exhibit. (Click the Exhibit button.)
GPO2 contains user configurations only and GPO3 contains computer configurations only.
You need to configure the GPOs to meet the following requirements:
. Ensure that GPO2 only applies to the user accounts in OU2 that are members of a global group named Group2.
. Ensure that GPO3 only applies to the computer accounts in OU3 that have more than 100 GB of free disk space.
What should you do?
To answer, drag the appropriate setting to the correct GPO. Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q150. OTSPOT
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains two Active Directory sites named Site1 and Site2.
You plan to deploy a read-only domain controller (RODC) named DC10 to Site2. You pre-create the DC10 domain controller account by using Active Directory Users and Computers.
You need to identify which domain controller will be used for initial replication during the promotion of the RODC.
Which tab should you use to identify the domain controller?
To answer, select the appropriate tab in the answer area.
Answer: