[2016-NEW!] PassLeader Free Valid 70-417 VCE and PDF Exam Questions (Question 421 – Question 450)

New 70-417 Exam Questions Updated Recently! PassLeader just released the latest Microsoft 70-417 PDF dumps and VCE dumps (612q dumps) with all new exam questions, which will help you 100% passing the newest 70-417 exam. These new questions are exactly the same as actual 70-417 test. Now visit passleader.com to get the newest 612q 70-417 PDF dumps and VCE dumps with 10% discount and FREE VCE simulator!

keywords: 70-417 exam,612q 70-417 exam dumps,612q 70-417 exam questions,70-417 pdf dumps,70-417 vce dumps,70-417 study guide,70-417 practice test,Upgrading Your Skills to MCSA Windows Server 2012 R2 Exam

P.S. Download Free 70-417 PDF Dumps and Preview PassLeader 70-417 VCE Dumps At The End Of This Post!!! (Ctrl+End)

QUESTION 421
Complete the missing word from the sentence below that is describing one of the new roles in Server 2012:
By using ___, you can augment an organization’s security strategy by protecting information through persistent usage policies, which remain with the information, no matter where it is moved.

A.    ADFS
B.    RODC
C.    ADLDS
D.    AD RMS

Answer: D

QUESTION 422
You have a server named Server1. that runs Windows Server 2012 R2. Server1 has live network adapters. Three of the network adapters are connected to a network named LAN1. The two other network adapters are connected to a network named LAN2. You create a network adapter team named Team1 from two of all the adapters connected to LAN1. You create a network adapter team named Team2 from the two adapters connected to LAN2. A company policy states that all server IP addresses must he assigned by using a reserved address in DHCP. You need to identify how many DHCP reservations you must create for Server1. How many reservations should you identify?

A.    2
B.    3
C.    5
D.    7

Answer: B

QUESTION 423
You create an OU named tempusers. you add several test users to that OU. You want to delete the ou and receive an error:
remove-adorganizationunit -identity “ou=tempusrs, dc=contoso,dc=com” – recursive.
What should you do?

A.    Remove all the users from ou
B.    Modify the rights to your user account
C.    Set the confirm parameters to $true
D.    Set the protectfromaccidential deletion to $false

Answer: D

QUESTION 424
You have a server that runs server core of windows 2012 r2 server. you need to ensure that windows updates are installed only by using manual installation on server1. which 3 steps will you perform.
scregedit.wsf /au 1
wuauclt /selfupdatemanaged
uninstall-windowsfeature
netstop wuauserv
wuauclt /selfupdateunmanaged
net start wuauserv

Answer:
1) netstop wuauserv
2) scregedit.wsf /au 1
3) net start wuauserv

QUESTION 425
Your network has ipsec policy configured. You need to exempt icmp and router discovery traffic from ipsec policy rule in windows firewall. Which command will you use?

A.    disable-netadapterbinding
B.    update-netipsecrule
C.    remove-netfirewallrule
D.    set-netfirewallsetting

Answer: D

QUESTION 426
Your network contains one Active Directory domain named contoso.com. You deploy a new virtual machine in microsoft azure and then you run the active directory domain configuration wizard as show in the exhibit. (click the exhibit button). You need to ensure that all of the users in contoso.com are replicated to the new domain controller in azure. What should you do?

A.    Modify the Deployment Configuration.
B.    Set up directory integration.
C.    Configuration Azure Active Directory Connect.
D.    Select the Domain Name System (DNS) server check box.

Answer: D

QUESTION 427
DC3 loses network connectivity due to a hardware failure. You log on to DC3. You need to identify which service location (SRV) records are registered by DC3. What should you do?

A.    Run ipconfig /displaydns.
B.    Run dcdiag /test:dns.
C.    Open the %windir%\system32\config\netlogon.dns file.
D.    Open the %windir%\system32\dns\backup\adatum.com.dns file.

Answer: C

QUESTION 428
You have 10 domain controller in a domain. you need to prevent several members of domain admin groups from logging on the domain controller. Which two object shoudl you create and configure.

A.    GPO to the domain
B.    authentication policy
C.    authentication policy silo
D.    a central access policy
E.    a user certificate

Answer: AB

QUESTION 429
You deploy a windows Server Update (WSUS) server named Server01. You need to ensure that you can view update reports and computer reports on server01. Which two components should you install? Each correct answer presents part of the solution.

A.    Microsoft Report Viewer 2008 Redistributable Package
B.    Microsoft .Net Framework 2.0
C.    Microsoft SQL Server 2008 R2 Builder 3.0
D.    Microsoft XPS Viewer
E.    Microsoft SQL Server 2012 reporting Services (SSRS)

Answer: AB

QUESTION 430
You deploy a windows Server Update (WSUS) server named Server01. You need to prevent the WSUS service on Server01 from being updated automatically. What should you do from the update service console?

A.    From the Product and Classification options, modify the Products setting.
B.    From the Automatic Approvals options, modify the Advanced settings.
C.    From the Product and Classification options, modify the Classifications setting.
D.    From the Automatic Approvals options, modify the Default Automatic Approval rule.

Answer: B

QUESTION 431
You have a group managed Service Account name Account01. Only three servers named Server01, Server02 and Server03 are allowed to use Account01 service account. You plan to decommission Server01. You need to prevent Server01 from using the Account01 service account. The solution must ensure that Server02 and Server03 continue to use the Account01 service account. What command should you run? To answer, select the appropriate options in the answer area.
Answer Area
Account01 Remove-ADServiceAccount -DNSHostName
Server01 Reset-ADServiceAccount -PrincipalsAllowedToReteriveMamagedPassword
Server01$ Set-ADServiceAccount -SAMAccountNAme Server02,Server03 -Server Server02$,Server03$

Answer: Account01 Remove-ADServiceAccount -DNSHostName

QUESTION 432
Note: This Question is part of series of question that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question. You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computer run Windows 8.1. The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. You need to identify which domain controller must be online when cloning a domain controller. Which cmdlet should you use?

A.    Get-ADGroupMember
B.    Get-ADDomainControllerPasswordReplicationPolicy
C.    Get-ADDomainControllerPasswordReplicationPolicyUsage
D.    Get-ADDomain
E.    Get-ADOptionalFeature
F.    Get-ADAccountAuthorizationGroup
G.    Get-ADAuthenticationPolicySlio
H.    Get-ADAuthenticationPolicy

Answer: D

QUESTION 433
Note: This Question is part of series of question that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question. You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computer run Windows 8.1. The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. You need to identify whether deleted objects can be recovered from the Active Directory Recycle Bin. Which cmdlet should you use?

A.    Get-ADGroupMember
B.    Get-ADDomainControllerPasswordReplicationPolicy
C.    Get-ADDomainControllerPasswordReplicationPolicyUsage
D.    Get-ADDomain
E.    Get-ADOptionalFeature
F.    Get-ADAccountAuthorizationGroup
G.    Get-ADAuthenticationPolicySlio
H.    Get-ADAuthenticationPolicy

Answer: E

QUESTION 434
Note: This Question is part of series of question that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question. You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computer run Windows 8.1. The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. You need to identify whether the members of the protected Users group will be prevented from authenticating by using NTLM. Which cmdlet should you use?

A.    Get-ADGroupMember
B.    Get-ADDomainControllerPasswordReplicationPolicy
C.    Get-ADDomainControllerPasswordReplicationPolicyUsage
D.    Get-ADDomain
E.    Get-ADOptionalFeature
F.    Get-ADAccountAuthorizationGroup
G.    Get-ADAuthenticationPolicySlio
H.    Get-ADAuthenticationPolicy

Answer: D

QUESTION 435
Note: This Question is part of series of question that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question. You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computer run Windows 8.1. The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. You need to identify which user accounts were authenticated by RODC1. Which cmdlet should you use?

A.    Get-ADGroupMember
B.    Get-ADDomainControllerPasswordReplicationPolicy
C.    Get-ADDomainControllerPasswordReplicationPolicyUsage
D.    Get-ADDomain
E.    Get-ADOptionalFeature
F.    Get-ADAccountAuthorizationGroup
G.    Get-ADAuthenticationPolicySlio
H.    Get-ADAuthenticationPolicy

Answer: C

QUESTION 436
Your Company is testing DirectAccess on Windows Server 2012 R2. Users report that when they connect to the corporate network by using DirectAccess, access to Internet websites and Internet hosts is slow. The users report that when they disconnect from DirectAccess, acces to the internet websites and the internet hosts is much faster. You need to identify the most likely cause of the performance issue. What should you identify?

A.    DirectAccess uses a self-signed certificate.
B.    The corporate firewall blocks TCP port 8080.
C.    Force tunneling is enabled.
D.    The DNS suffix list is empty

Answer: C

QUESTION 437
Your network contains one Active Directory domain named contoso.com. The domain contains a file server named Server01 that runs Windows Server 2012 R2. Server01 has an operating system drive and a data drive. Server01 has a trusted Platform Module (TPM). Which cmdlet should you run first?

A.    Enable-TPMAutoProvisioning
B.    Unblock-TPM
C.    Install-WindowsFeature
D.    Lock-BitLocker

Answer: C

QUESTION 438
You have the following Windows PowerShell output.

You need to create a Managed service Account. What should you do?

A.    Run Set-KDSConfiguration and then run New-ADServiceAccount -Name “service01” -DNSHostName service01.contoso.com
B.    Run New-AuthenticationPolicySilo, and then run New-ADServiceAccount -Name“service01” –DNSHostName service01.contoso.com.
C.    Run Add-KDSRootKey, and then run New-ADServiceAccount -Name “service01”-DNSHostName service01.contoso.com.
D.    Run New-ADServiceAccount – Name “service01” – DNSHostName service01.contoso.com -SAMAccountName service01.

Answer: C

QUESTION 439
Hotspot Question
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1. Your company implements DirectAccess. A user named User1 works at a customer’s office. The customer’s office contains a server named Server1. When User1 attempts to connect to Server1, User1 connects to Server1 in adatum.com. You need to provide User1 with the ability to connect to Server1 in the customer’s office. Which Group Policy option should you configure? To answer, select the appropriate option in the answer area.

Answer:

QUESTION 440
Hotspot Question
Your network contains a DNS server named Server1. Server1 hosts a DNS zone for contoso.com. You need to ensure that DNS clients cache records from contoso.com for a maximum of one hour. Which value should you modify in the Start of Authority (SOA) record? To answer, select the appropriate setting in the answer area.

Answer:

QUESTION 441
Your network contains two Active Directory forests named contoso.com and adatum.com. All domain controllers run Windows Server 2012 R2. The adatum.com domain contains a Group Policy object (GPO) named GPO1. An administrator from adatum.com backs up GPO1 to a USB flash drive. You have a domain controller named dc1.contoso.com. You insert the USB flash drive in dc1.contoso.com. You need to identify the domain-specific reference in GPO1. What should you do?

A.    From the Migration Table Editor, click Populate from Backup.
B.    From Group Policy Management, run the Group Policy Modeling Wizard.
C.    From Group Policy Management, run the Group Policy Results Wizard.
D.    From the Migration Table Editor, click Populate from GPO.

Answer: A

QUESTION 442
Your network contains 25 Web servers that run Windows Server 2012 R2. You need to configure auditing policies that meet the following requirements:
– Generate an event each time a new process is created.
– Generate an event each time a user attempts to access a file share.
Which two auditing policies should you configure? To answer, select the appropriate two auditing policies in the answer area.

A.    Audit access management (Not Defined)
B.    Audit directory service access (Not Defined)
C.    Audit logon events (Not Defined)
D.    Audit object access(Not Defined)
E.    Audit policy change(Not Defined)
F.    Audit privilege use (Not Defined)
G.    Audit process tracking (Not Defined)
H.    Audit system events(Not Defined)

Answer: DG

QUESTION 443
You have two Windows Server Update Services (WSUS) servers named Server01 and Server02. Server01 synchronizes from Microsoft Update. Server02 synchronizes updates from Server01. Both servers are members of the same Active Directory domain. You configure Server01 to require SSL for all WSUS metadata by using a certificate issued by an enterprise root certification authority (CA). You need to ensure that Server02 synchronizes updates from Server01. What should you do on Server02?

A.    From a command prompt, run wsusutil.exe configuresslproxy server02 443.
B.    From a command prompt, run wsusutil.exe configuressl server01.
C.    From a command prompt, run wsusutil.exe configuresslproxy server01 443.
D.    From the Update Services console, modify the Update Source and Proxy Server options.

Answer: D

QUESTION 444
Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1. The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. You need to identify which security principals are authorized to have their password cached on RODC1. Which cmdlet should you use?

A.    Get-ADGroupMember
B.    Get-ADDomainControllerPasswordReplicationPolicy
C.    Get-ADDomainControllerPasswordReplicationPolicyUsage
D.    Get-ADDomain
E.    Get-ADOptionalFeature
F.    Get-ADAccountAuthorizationGroup
G.    Get-ADAuthenticationPolicySlio
H.    Get-ADAuthenticationPolicy

Answer: B

QUESTION 445
You have a group Managed Service Account named Service01. Three servers named Server01, Server02, and Server03 currently use the Service01 service account. You plan to decommission Server01. You need to remove the cached password of the Service01 service account from Server01. The solution must ensure that Server02 and Server03 continue to use Service01. Which cmdlet should you run?

A.    Set-ADServiceAccount
B.    Remove-ADServiceAccount
C.    Uninstall-ADServiceAccount
D.    Reset-ADServiceAccountPassword

Answer: B

QUESTION 446
Your network contains an Active Directory domain named adatum.com. The domain contains 10 domain controllers that run Windows Server 2012 R2. You plan to create a new Active Directory-integrated zone named contoso.com. You need to ensure that the new zone will be replicated to only four of the domain controllers. What should you do first?

A.    Create an application directory partition.
B.    Create an Active Directory connection object.
C.    Create an Active Directory site link.
D.    Change the zone replication scope.

Answer: A

QUESTION 447
Hotspot Question
Your network contains one Active Directory domain named contoso.com. The domain contains 10 file servers that run Windows Server 2012 R2. You plan to enable BitLocker Drive Encryption (BitLocker) for the operating system drives of the file servers. You need to configure BitLocker policies for the file servers to meet the following requirements:
– Ensure that all of the servers use a startup PIN for operating system drives encrypted with BitLocker.
– Ensure that the BitLocker recovery key and recovery password are stored in Active Directory.
Which two Group Policy settings should you configure? To answer, select the appropriate settings in the answer area.

Answer:

QUESTION 448
Your network contains one Active Directory domain named contoso.com. From the Group Policy Management console, you view the details of a Group Policy object (GPO) named GPO1. You need to ensure that the comments field of GPO1 contains a detailed description of GPO1. What should you do?

A.    From Active Directory Users and Computers, edit the properties of contoso.com/System/Policies/{229DCD27-9D98-ACC2-A6AE-ED765F065FF5}.
B.    Open GPO1 in the Group Policy Management Editor, and then modify the properties of GPO1.
C.    From Notepad, edit \\contoso.com\SYSVOL\contoso.com\Policies\{229DCD27-9D98- ACC2-A6AE-ED765F065FF5}\gpt.ini.
D.    From Group Policy Management, click View, and then click Customize.

Answer: B

QUESTION 449
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2008 R2. You plan to test Windows Server 2012 R2 by using native-boot virtual hard disks (VHDs). You have a Windows image file named file1.wim. You need to add an image of a volume to file1.wim. What should you do?

A.    Run imagex.exe and specify the /append parameter.
B.    Run imagex.exe and specify the /export parameter.
C.    Run dism.exe and specify the /image parameter.
D.    Run dism.exe and specify the /append-image parameter.

Answer: D

QUESTION 450
You have an enterprise certification authority (CA) named CA1. You have a certificate template named UserAutoEnroll that is based on the User certificate template. Domain users are configured to autoenroll for UserAutoEnroll. A user named User1 has an email address defined in Active Directory. A user named User2 does not have an email address defined in Active Directory. You discover that User1 was issued a certificate based on UserAutoEnroll template automatically. A request by user2 for a certificate based on the UserAutoEnroll template fails. You need to ensure that all users can autoenroll for certificated based on the UserAutoEnroll template. Which setting should you configure from the properties on the UserAutoEnroll certificate template?

A.    Issuance Requirements
B.    Request Handling
C.    Cryptography
D.    Subject Name

Answer: D

Download Free 70-417 PDF Dumps From Google Drive: https://drive.google.com/open?id=0B-ob6L_QjGLpfjJyZU1pUlVQdlpWV0dXUlljZVVhWmJUa0pZbVVBdzZYSllIN3ktT1VMUlk (Explanation For Every Question Is Available!)

PassLeader 70-417 VCE Dumps Screenshots:

Download New 70-417 VCE Dumps From PassLeader: http://www.passleader.com/70-417.html (New Questions Are 100% Available and Wrong Answers Have Been Corrected!!!)