Lead2pass Offering Free 70-411 Dumps Files For Free Downloading By 70-411 Exam Candidates:
https://www.lead2pass.com/70-411.html
QUESTION 11
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2012 R2.
Server1 has the Network Policy Server server role installed.
You need to allow connections that use 802.1x.
What should you create?
A. A network policy that uses Microsoft Protected EAP (PEAP) authentication
B. A network policy that uses EAP-MSCHAP v2 authentication
C. A connection request policy that uses EAP (PEAP) authentication
D. A connection request policy that uses MS-CHAP v2 authentication
Answer: B
Explanation:
802.1X – uses EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication methods:
EAP (Extensible Authentication Protocol) uses an arbitrary authentication method, such as certificates, smart cards, or credentials. EAP-TLS (EAP-Transport Layer Security) is an EAP type that is used in certificate- based security environments, and it provides the strongest authentication and key determination method.
EAP-MS-CHAP v2 (EAP-Microsoft Challenge Handshake Authentication Protocol version 2) is a mutual authentication method that supports password-based user or computer authentication.
PEAP (Protected EAP) is an authentication method that uses TLS to enhance the security of other EAP authentication protocols.
Connection request policies are sets of conditions and settings that allow network administrators to designate which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting.
With connection request policies, you can use NPS as a RADIUS server or as a RADIUS proxy, based on factors such as the following:
The time of day and day of the week
The realm name in the connection request
The type of connection being requested
The IP address of the RADIUS client
QUESTION 12 70-411 Dumps,70-411 Exam Questions,70-411 New Questions,70-411 VCE,70-411 PDF
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. On Server1, you create a network policy named PPTP_Policy.
You need to configure PPTP_Policy to apply only to VPN connections that use the PPTP protocol.
What should you configure in PPTP_Policy?
A. The Service Type
B. The Tunnel Type
C. The Framed Protocol
D. The NAS Port Type
Answer: B
QUESTION 13 70-411 Dumps,70-411 Exam Questions,70-411 New Questions,70-411 VCE,70-411 PDF
Your network contains a RADIUS server named Server1.
You install a new server named Server2 that runs Windows Server 2012 R2 and has Network Policy Server (NPS) installed.
You need to ensure that all accounting requests for Server2 are forwarded to Server1.
On Server2, you configure a Connection Request Policy.
What else should you configure on Server2?
To answer, select the appropriate node in the answer area.
Answer:
Explanation:
When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the domain where the user or computer account is located. For example, if you want to forward connection requests to one or more RADIUS servers in untrusted domains, you can configure NPS as a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain. To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages.
When you configure a remote RADIUS server group in NPS and you configure a connection request policy with the group, you are designating the location where NPS is to forward connection requests.
http://technet.microsoft.com/en-us/library/cc754518.aspx
QUESTION 14 70-411 Dumps,70-411 Exam Questions,70-411 New Questions,70-411 VCE,70-411 PDF
Your network contains two Active Directory forests named contoso.com and adatum.com. The contoso.com forest contains a server named server1.contoso.com. The adatum.com forest contains a server named server2.adatum.com. Both servers have the Network Policy Server role service installed. The network contains a server named Server3. Server3 is located in the perimeter network and has the Network Policy Server role service installed.
You plan to configure Server3 as an authentication provider for several VPN servers.
You need to ensure that RADIUS requests received by Server3 for a specific VPN server are always forwarded to server1.contoso.com.
Which two should you configure on Server3? (Each correct answer presents part of the solution. Choose two.)
A. Network policies
B. Remote RADIUS server groups
C. Connection authorization policies
D. Remediation server groups
E. Connection request policies
Answer: BE
Explanation:
When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the domain where the user or computer account is located. For example, if you want to forward connection requests to one or more RADIUS servers in untrusted domains, you can configure NPS as a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain.
To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages.
When you configure a remote RADIUS server group in NPS and you configure a connection request policy with the group, you are designating the location where NPS is to forward connection requests.
http://technet.microsoft.com/en-us/library/cc754518.aspx
QUESTION 15 70-411 Dumps,70-411 Exam Questions,70-411 New Questions,70-411 VCE,70-411 PDF
Hotspot Question
You have a server named Server1 that runs Windows Server 2012 R2.
You configure Network Access Protection (NAP) on Server1.
Your company implements a new security policy stating that all client computers must have the latest updates installed. The company informs all employees that they have two weeks to update their computer accordingly.
You need to ensure that if the client computers have automatic updating disabled, they are provided with full access to the network until a specific date and time.
Which two nodes should you configure?
To answer, select the appropriate two nodes in the answer area.
Answer:
QUESTION 16 70-411 Dumps,70-411 Exam Questions,70-411 New Questions,70-411 VCE,70-411 PDF
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2.
The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link.
Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com.
You need to configure Server1 to support the resolution of names in fabrikam.com.
The solution must ensure that users in contoso.com can resolve names in fabrikam.com if the WAN link fails.
What should you do on Server1?
A. Add a forwarder.
B. Create a stub zone.
C. Create a conditional forwarder.
D. Create a secondary zone.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc771898.aspx
When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary source for information about this zone. The zone at this server must be obtained from another remote DNS server computer that also hosts the zone With secondary, you have ability to resolve records from the other domain even if its DNS servers are temporarily unavailable
While secondary zones contain copies of all the resource records in the corresponding zone on the master name server, stub zones contain only three kinds of resource records:
A copy of the SOA record for the zone.
Copies of NS records for all name servers authoritative for the zone. Copies of A records for all name servers authoritative for the zone.
http://www.windowsnetworking.com/articles-tutorials/windows-2003/DNS_Stub_Zones.html http://technet.microsoft.com/en-us/library/cc771898.aspx http://redmondmag.com/Articles/2004/01/01/The-Long-and-Short-of-Stub-Zones.aspx?Page=2
QUESTION 17 70-411 Dumps,70-411 Exam Questions,70-411 New Questions,70-411 VCE,70-411 PDF
Hotspot Question
Your network contains an Active Director domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2.
You have two user accounts named User1 and User2.
User1 and User2 are the members of a group named Group1.
User1 has the Department value set to Accounting, user2 has the Department value set to Marketing.
Both users have the Employee Type value set to Contract Employee.
You create the auditing entry as shown in the exhibit. (Click the Exhibit button.)
To answer, complete each statement according to the information presented in the exhibit.
Each correct selection is worth one point.
Answer:
Explanation:
The Auditing Entry events for file access logs that match the misconfigured permissions and carried out by a principal that satisfies both conditions for Sarah is the attribute Department with the value marketing festgelgt.
The condition for the attribute department may have to be changed accordingly, so that their deletions are logged. In order to monitor the opening of files, read access must be involved in the monitoring.
QUESTION 18 70-411 Dumps,70-411 Exam Questions,70-411 New Questions,70-411 VCE,70-411 PDF
Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed. Server1 hosts a primary zone for contoso.com. Server2 hosts a secondary zone for contoso.com. The zone is not configure to notify secondary servers of changes automatically.
You update several records on Server1.
You need to force the replication of the contoso.com zone records from Server1 to Server2.
What should you do from Server2?
A. Right-click Server2 and click Update Server Data Files.
B. Right-click Server2 and click Refresh.
C. Right-click the contoso.com zone and click Reload.
D. Right-click the contoso.com zone and click Transfer from Master.
Answer: D
Explanation:
A. For standard primary zones, this procedure causes the DNS server to immediately write its in- memory changes out to disk for storage with the zone file.
D. Initiates zone transfer from secondary server
http://technet.microsoft.com/en-us/library/cc786985(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc779391(v=ws.10).aspx
QUESTION 19 70-411 Dumps,70-411 Exam Questions,70-411 New Questions,70-411 VCE,70-411 PDF
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The network contains several group Managed Service Accounts that are used by four member servers.
You need to ensure that if a group Managed Service Account resets a password of a domain user account, an audit entry is created.
You create a Group Policy object (GPO) named GPO1.
What should you do next?
A. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User Account Management.
Link GPO1 to the Domain Controllers organizational unit (OU).
B. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User Account Management.
Move the member servers to a new organizational unit (OU).
Link GPO1 to the new OU.
C. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive Privilege Use.
Link GPO1 to the Domain Controllers organizational unit (OU).
D. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive Privilege Use.
Move the member servers to a new organizational unit (OU).
Link GPO1 to the new OU.
Answer: A
Explanation:
Audit User Account Management
This security policy setting determines whether the operating system generates audit events when the following user account management tasks are performed:
– A user account is created, changed, deleted, renamed, disabled, enabled, locked out, or unlocked.
– A user account password is set or changed.
– Security identifier (SID) history is added to a user account.
– The Directory Services Restore Mode password is set.
– Permissions on accounts that are members of administrators groups are changed.
– Credential Manager credentials are backed up or restored.
This policy setting is essential for tracking events that involve provisioning and managing
user accounts.
QUESTION 20 70-411 Dumps,70-411 Exam Questions,70-411 New Questions,70-411 VCE,70-411 PDF
You have a DNS server named Server1 that has a Server Core Installation on Windows Server 2012 R2.
You need to view the time-to-live (TTL) value of a name server (NS) record that is cached by the DNS Server service on Server1.
What should you run?
A. Show-DNSServerCache
B. dnscacheugc.exe
C. ipconfig.exe /displaydns
D. nslookup.exe
Answer: A
70-411 dumps full version (PDF&VCE): https://www.lead2pass.com/70-411.html
Large amount of free 70-411 exam questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDSmRhaVRWcW5Cc1k
You may also need:
70-410 exam dumps: https://drive.google.com/open?id=0B3Syig5i8gpDcXAzcDVNOWI1blU
70-412 exam dumps: https://drive.google.com/open?id=0B3Syig5i8gpDcDUzczlzc2N6RkU
70-413 exam dumps: https://drive.google.com/open?id=1b83z5KIZUL3VTF7QfvaVypTlHDaUnZIE
70-414 exam dumps: https://drive.google.com/open?id=0B3Syig5i8gpDdzk4ajRnWG50TzA