70-417 Exam Questions - Online Test

70-417 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

It is more faster and easier to pass the Microsoft exam 70 417 exam by using Refined Microsoft Upgrading Your Skills to MCSA Windows Server 2012 questuins and answers. Immediate access to the Up to the minute 70 417 dumps Exam and find the same core area 70 417 pdf questions with professionally verified answers, then PASS your exam with a high score now.

Q171. Your network contains an Active Directory domain named contoso.com. The domain contains an organizational unit (OU) named AHServers.OU. 

You create and link a Group Policy object (GPO) named GP01 to AllServer.OU. GPO1 is configured as shown in the exhibit. (Click the Exhibit button.) 

You need to ensure that GPO1 only applies to servers that have Remote Desktop Services (RDS) installed. 

What should you configure? 

A. Item-level targeting 

B. WMI Filtering 

C. Security Filtering 

D. Block Inheritance 

Answer: B 

Explanation: 

Windows Management Instrumentation (WMI) filters allow you to dynamically determine the scope of Group Policy objects (GPOs) based on attributes of the target computer. When a GPO that is linked to a WMI filter is applied on the target computer, the filter is evaluated on the target computer. If the WMI filter evaluates to false, the GPO is not applied. If the WMI filter evaluates to true, the GPO is applied. 

Q172. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows Server 2012 R2. 

You log on to Server1. 

You need to retrieve a list of the active TCP connections on Server2. 

Which command should you run from Server1? 

A. netstat> server2 

B. winrm get server2 

C. winrs -r:server2netstat 

D. dsquery * -scope base -attrip,server2 

Answer: C 

Explanation: 

This command line tool enables administrators to remotely execute most Cmd.exe commands using the WSManagement protocol. 

References: http://msdn.microsoft.com/en-us/library/aa384291(v=vs.85).aspx 

Q173. Your network contains an Active Directory forest. The forest contains a single domain named contoso.com. The domain contains four domain controllers. 

The domain controllers are configured as shown in the following table. 

All domain controllers are DNS servers. 

You plan to deploy a new domain controller named DC5 in the contoso.com domain. 

You need to identify which domain controller must be online to ensure that DC5 can be 

promoted successfully to a domain controller. 

Which domain controller should you identify? 

A. DC1 

B. DC2 

C. DC3 

D. DC4 

Answer: C 

Explanation: 

In order to add a Domain Controller to corp.contoso.com, you need PDC and RID of that domain, not of the root domain. The Domain Naming Master is needed to add, remove and rename domains in the forest, i.e. not for individual Domain Controllers. 

Q174. Your network contains an Active Directory domain named contoso.com. The domain contains three servers. The servers are configured as shown in the following table. 

You need to ensure that end-to-end encryption is used between clients and Server2 when the clients connect to the network by using DirectAccess. 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. From the Remote Access Management Console, reload the configuration. 

B. Add Server2 to a security group in Active Directory. 

C. Restart the IPSec Policy Agent service on Server2. 

D. From the Remote Access Management Console, modify the Infrastructure Servers settings. 

E. From the Remote Access Management Console, modify the Application Servers settings. 

Answer: B,E 

Explanation: 

Unsure about these answers: 

A public key infrastructure must be deployed. 

Windows Firewall must be enabled on all profiles. 

ISATAP in the corporate network is not supported. If you are using ISATAP, you 

should remove it and use native IPv6. 

Computers that are running the following operating systems are supported as 

... . 

DirectAccess clients: Windows Server. 2012 R2 Windows 8.1 Enterprise Windows Server. 2012 Windows 8 Enterprise Windows Server. 2008 R2 Windows 7 Ultimate Windows 7 Enterprise 

. Force tunnel configuration is not supported with KerbProxy authentication. . Changing policies by using a feature other than the DirectAccess management console or Windows PowerShell cmdlets is not supported. . Separating NAT64/DNS64 and IPHTTPS server roles on another server is not supported. 

Q175. Your network contains a Hyper-V host named Server1 that runs Windows Server 2012 R2. 

Server1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2. 

You create a checkpoint of VM1, and then you install an application on VM1. You verify 

that the application runs properly. 

You need to ensure that the current state of VM1 is contained in a single virtual hard disk 

file. 

The solution must minimize the amount of downtime on VM1. 

What should you do? 

A. From a command prompt run dism.exe and specify the /commit-image parameter. 

B. From a command prompt, run dism.exe and specify the /delete-image parameter. 

C. From Hyper-V Manager, delete the checkpoint. 

D. From Hyper-V Manager, inspect the virtual hard disk. 

Answer: C 

Q176. Server manager is a great tool for managing most of your server settings and configuration all in one central place. Which one of the following Server manager Features is used for management of Public Key Infrastructure? 

A. Dynamic Host Configuration Server 

B. WINS Server 

C. Domain Name Service 

D. Active Directory Certificate Services 

Answer: D 

Q177. OTSPOT 

Your network contains an Active Directory domain named fabrikam.com. You implement DirectAccess and an IKEv2 VPN. You need to view the properties of the VPN connection. Which connection properties should you view? To answer, select the appropriate connection properties in the answer area. 

Answer: 

Q178. Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs. 

You need to prevent all of the GPOs at the site level and at the domain level from being Applied to users and computers in an organizational unit (OU) named OU1. 

You want to achieve this goal by using the minimum amount of administrative effort. 

What should you use? 

A. Dcgpofix 

B. Get-GPOReport 

C. Gpfixup 

D. Gpresult 

E. Gptedit.msc 

F. Import-GPO 

G. Restore-GPO 

H. Set-GPInheritance 

I. Set-GPLink 

J. Set-GPPermission 

K. Gpupdate 

L. Add-ADGroupMember 

Answer: H 

Explanation: 

http://technet.microsoft.com/en-us/library/ee461032.aspx 

Q179. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC5. DC5 has a Server Core Installation of Windows Server 2012 R2. 

You need to uninstall Active Directory from DC5 manually. 

Which tool should you use? 

A. The Remove-ADComputercmdlet 

B. The ntdsutil.exe command 

C. The dsamain.exe command 

D. The Remove-WindowsFeaturecmdlet 

Answer: D 

Explanation: http://technet.microsoft.com/en-us/library/hh472163.aspx#BKMK_RemoveSM http://technet.microsoft.com/en-us/library/cc732257.aspx#BKMK_powershell 

Q180. OTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA). 

The domain contains a server named Server1 that runs Windows Server 2012 R2. You install the Active Directory Federation Services server role on Server1. 

You plan to configure Server1 as an Active Directory Federation Services (AD FS) server. The Federation 

Service name will be set to adfs1.contoso.com. 

You need to identify which type of certificate template you must use to request a certificate for AD FS. 

Which certificate template should you identify? To answer, select the appropriate template in the 

answer area. 

Answer: