070-411 無料問題集「Microsoft Administering Windows Server 2012」
Your network contains an Active Directory domain.
A Group Policy object (GRO) named GPO1 is linked to the domain. GPO1 has the settings shown in the following table.
Policy
Policy setting
Enforce password history
5 passwords remembered
Minimum password length
10 characters
You import the backup of a GPO named GPO named GPO2. GPO2 has the settings shown in the following table.
Policy
Policy setting
Minimum password length
5 characters
Store passwords using reversible encryption
Enabled
You import the backup of GPO2 into GPO1.
You need to identify the configurations in GPO1.
What should you identify?
A Group Policy object (GRO) named GPO1 is linked to the domain. GPO1 has the settings shown in the following table.
Policy
Policy setting
Enforce password history
5 passwords remembered
Minimum password length
10 characters
You import the backup of a GPO named GPO named GPO2. GPO2 has the settings shown in the following table.
Policy
Policy setting
Minimum password length
5 characters
Store passwords using reversible encryption
Enabled
You import the backup of GPO2 into GPO1.
You need to identify the configurations in GPO1.
What should you identify?
正解:C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
A technician installs a new server that runs Windows Server 2012 R2.
During the installation of Windows Server Update Services (WSUS) on the new server, the technician reports that on the Choose Languages page of the Windows Server Update Services Configuration Wizard, the only available language is English.
The technician needs to download updates in French and English.
What should you tell the network technician to do to ensure that the required updates are available?
During the installation of Windows Server Update Services (WSUS) on the new server, the technician reports that on the Choose Languages page of the Windows Server Update Services Configuration Wizard, the only available language is English.
The technician needs to download updates in French and English.
What should you tell the network technician to do to ensure that the required updates are available?
正解:D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
HOTSPOT
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1. The solution must NOT require the use of certificates or pre-shared keys.
What should you modify?
To answer, select the appropriate object in the answer area.
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1. The solution must NOT require the use of certificates or pre-shared keys.
What should you modify?
To answer, select the appropriate object in the answer area.
正解:
The four types of tunneling protocols used with a VPN/RAS server running on Windows Server 2012 include:
Point-to-Point Tunneling Protocol (PPTP): A VPN protocol based on the legacy Point-to-Point protocol used with modems. The PPTP specification does not describeencryption or authentication features and relies on the Point-to-Point Protocol being tunneled to implement security functionality.
Layer 2 Tunneling Protocol (L2TP): Used with IPsec to provide security. L2TP supports either computer certificates or a preshared key as the authentication method for IPsec.
IKEv2: IKE is short for Internet Key Exchange, which is a tunneling protocol that uses IPsec Tunnel Mode protocol. The message is encrypted with one of the following protocols by using encryption keys that are generated from the IKEv2 negotiation process.
Secure Socket Tunneling Protocol (SSTP): Introduced with Windows Server 2008, which uses the HTTPS protocol over TCP port 443 to pass traffic through firewalls References:
http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 are nodes in a Hyper-V cluster named Cluster1. Cluster1 hosts 10 virtual machines. All of the virtual machines run Windows Server 2012 R2 and are members of the domain.
You need to ensure that the first time a service named Service1 fails on a virtual machine, the virtual machine is moved to a different node.
You configure Service1 to be monitored from Failover Cluster Manager.
What should you configure on the virtual machine?
Server1 and Server2 are nodes in a Hyper-V cluster named Cluster1. Cluster1 hosts 10 virtual machines. All of the virtual machines run Windows Server 2012 R2 and are members of the domain.
You need to ensure that the first time a service named Service1 fails on a virtual machine, the virtual machine is moved to a different node.
You configure Service1 to be monitored from Failover Cluster Manager.
What should you configure on the virtual machine?
正解:D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
All sales users have laptop computers that run Windows 8. The sales computers are joined to the domain. All user accounts for the sales department are in an organizational unit (OU) named Sales_OU.
A Group Policy object (GPO) named GPO1 is linked to Sales_OU.
You need to configure a dial-up connection for all of the sales users.
What should you configure from User Configuration in GPO1?
All sales users have laptop computers that run Windows 8. The sales computers are joined to the domain. All user accounts for the sales department are in an organizational unit (OU) named Sales_OU.
A Group Policy object (GPO) named GPO1 is linked to Sales_OU.
You need to configure a dial-up connection for all of the sales users.
What should you configure from User Configuration in GPO1?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Your network is configured as shown in the exhibit. (Click the Exhibit button.)
Server1 regularly accesses Server2.
You discover that all of the connections from Server1 to Server2 are routed through Router1.
You need to optimize the connection path from Server1 to Server2.
Which route command should you run on Server1?
Server1 regularly accesses Server2.
You discover that all of the connections from Server1 to Server2 are routed through Router1.
You need to optimize the connection path from Server1 to Server2.
Which route command should you run on Server1?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Your network contains one Active Directory domain named contoso.com. The domain contains a server named Server01 that runs Windows Server 2012 R2. Server01 does not have a Trusted Platform Module (TPM).
You need to ensure that you can enable BitLocket Drive Encryption (BitLocker) on the operating system drive.
Which Group policy setting should you configure?
You need to ensure that you can enable BitLocket Drive Encryption (BitLocker) on the operating system drive.
Which Group policy setting should you configure?
正解:C
解答を投票する
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server.
The network contains two subnets named Subnet1 and Subnet2. Server1 has a DHCP scope for each subnet.
You need to ensure that noncompliant computers on Subnet1 receive different network policies than noncompliant computers on Subnet2.
Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)
The network contains two subnets named Subnet1 and Subnet2. Server1 has a DHCP scope for each subnet.
You need to ensure that noncompliant computers on Subnet1 receive different network policies than noncompliant computers on Subnet2.
Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)
正解:B、D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
HOTSPOT
Your network contains an Active Directory domain named contoso.com. All client computers are configured as DHCP clients.
You link a Group Policy object (GPO) named GPO1 to an organizational unit (OU) that contains all of the client computer accounts.
You need to ensure that Network Access Protection (NAP) compliance is evaluated on all of the client computers.
Which two settings should you configure in GPO1?
To answer, select the appropriate two settings in the answer area.
Your network contains an Active Directory domain named contoso.com. All client computers are configured as DHCP clients.
You link a Group Policy object (GPO) named GPO1 to an organizational unit (OU) that contains all of the client computer accounts.
You need to ensure that Network Access Protection (NAP) compliance is evaluated on all of the client computers.
Which two settings should you configure in GPO1?
To answer, select the appropriate two settings in the answer area.
正解:
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
On all of the domain controllers, Windows is installed in C:\Windows and the Active Directory database is located in D:\Windows\NTDS\.
All of the domain controllers have a third-party application installed.
The operating system fails to recognize that the application is compatible with domain controller cloning.
You verify with the application vendor that the application supports domain controller cloning.
You need to prepare a domain controller for cloning.
What should you do?
On all of the domain controllers, Windows is installed in C:\Windows and the Active Directory database is located in D:\Windows\NTDS\.
All of the domain controllers have a third-party application installed.
The operating system fails to recognize that the application is compatible with domain controller cloning.
You verify with the application vendor that the application supports domain controller cloning.
You need to prepare a domain controller for cloning.
What should you do?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
HOTSPOT
You have a server named Server1 that has the Network Policy and Access Services server role installed.
You plan to configure Network Policy Server (NPS) on Server1 to use certificate-based authentication for VPN connections.
You obtain a certificate for NPS.
You need to ensure that NPS can perform certificate-based authentication.
To which store should you import the certificate?
To answer, select the appropriate store in the answer area.
You have a server named Server1 that has the Network Policy and Access Services server role installed.
You plan to configure Network Policy Server (NPS) on Server1 to use certificate-based authentication for VPN connections.
You obtain a certificate for NPS.
You need to ensure that NPS can perform certificate-based authentication.
To which store should you import the certificate?
To answer, select the appropriate store in the answer area.
正解:
When organizations deploy their own public key infrastructure (PKI) and install a private trusted root CA, their CA automatically sends its certificate to all domain member computers in the organization.
The domain member client and server computers store the CA certificate in the Trusted Root Certification Authorities certificate store. After this occurs, the domain member computers trust certificates that are issued by the organization trusted root CA.
For example, if you install AD CS, the CA sends its certificate to the domain member computers in your organization and they store the CA certificate in the Trusted Root Certification Authorities certificate store on the local computer. If you also configure and autoenroll a server certificate for your NPS servers and then deploy PEAP-MS-CHAP v2 for wireless connections, all domain member wireless client computers can successfully authenticate your NPS servers using the NPS server certificate because they trust the CA that issued the NPS server certificate.
On computers that are running the Windows operating system, certificates that are installed on the computer are kept in a storage area called the certificate store. The certificate store is accessible using the Certificates Microsoft Management Console (MMC) snap-in.
This store contains multiple folders, where certificates of different types are stored. For example, the certificate store contains a Trusted Root Certification Authorities folder where the certificates from all trusted root CAs are kept.
When your organization deploys a PKI and installs a private trusted root CA using AD CS, the CA automatically sends its certificate to all domain member computers in the organization. The domain member client and server computers store the CA certificate in the Trusted Root Certification Authorities folder in the Current User and the Local Computer certificate stores. After this occurs, the domain member computers trust certificates that are issued by the trusted root CA.
Similarly, when you autoenroll computer certificates to domain member client computers, the certificate is kept in the Personal certificate store for the Local Computer. When you autoenroll certificates to users, the user certificate is kept in the Personal certificate store for the Current User.
References:
http: //technet. microsoft. com/en-us/library/cc730811. aspx
http: //technet. microsoft. com/en-us/library/cc730811. aspx
http: //technet. microsoft. com/en-us/library/cc772401%28v=ws. 10%29. aspx
http: //technet. microsoft. com/en-us/library/ee407543%28v=ws. 10%29. aspx
Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
You have two GPOs linked to an organizational unit (OU) named OU1.
You need to change the precedence order of the GPOs.
What should you use?
You have two GPOs linked to an organizational unit (OU) named OU1.
You need to change the precedence order of the GPOs.
What should you use?
正解:G
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Your network contains an Active Directory domain named contoso.com.
All user accounts for the marketing department reside in an organizational unit (OU) named OU1. All user accounts for the finance department reside in an organizational unit (OU) named OU2.
You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU2. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop.
You discover that when a user signs in, the Link1 is not added to the desktop.
You need to ensure that when a user signs in, Link1 is added to the desktop.
What should you do?
All user accounts for the marketing department reside in an organizational unit (OU) named OU1. All user accounts for the finance department reside in an organizational unit (OU) named OU2.
You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU2. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop.
You discover that when a user signs in, the Link1 is not added to the desktop.
You need to ensure that when a user signs in, Link1 is added to the desktop.
What should you do?
正解:C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Your network has a router named Router1 that provides access to the Internet. You have a server named Server1 that runs Windows Server 2012 R2. Server1 to use Router1 as the default gateway.
A new router named Router2 is added to the network. Router2 provides access to the Internet. The IP address of the internal interface on Router2 is 10.1.14.2S4.
You need to configure Server1 to use Router2 to connect to the Internet if Router1 fails.
What should you do on Server1?
A new router named Router2 is added to the network. Router2 provides access to the Internet. The IP address of the internal interface on Router2 is 10.1.14.2S4.
You need to configure Server1 to use Router2 to connect to the Internet if Router1 fails.
What should you do on Server1?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Your network contains an Active Directory domain named contoso.com. The domain contain two domain controllers named DC1 and DC2.
You discover that client computer authenticate to both domain controllers.
You need to ensure that client computer only authenticate to DC2 if DC1 fails. The solution must be persistent.
What should you do?
You discover that client computer authenticate to both domain controllers.
You need to ensure that client computer only authenticate to DC2 if DC1 fails. The solution must be persistent.
What should you do?
正解:D
解答を投票する
Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com.
The main office contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 is a DNS server and hosts a primary zone for contoso.com. The branch office contains a member server named Server1 that runs Windows Server 2012 R2. Server1 is a DNS server and hosts a secondary zone for contoso.com.
The main office connects to the branch office by using an unreliable WAN link.
You need to ensure that Server1 can resolve names in contoso.com if the WAN link in unavailable for three days.
Which setting should you modify in the start of authority (SOA) record?
The network contains an Active Directory domain named contoso.com.
The main office contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 is a DNS server and hosts a primary zone for contoso.com. The branch office contains a member server named Server1 that runs Windows Server 2012 R2. Server1 is a DNS server and hosts a secondary zone for contoso.com.
The main office connects to the branch office by using an unreliable WAN link.
You need to ensure that Server1 can resolve names in contoso.com if the WAN link in unavailable for three days.
Which setting should you modify in the start of authority (SOA) record?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Your network contains an Active Directory domain named contoso.com.
All user accounts reside in an organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU1. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop of each user.
You discover that when a user deletes Link1, the shortcut is removed permanently from the desktop.
You need to ensure that if a user deletes Link1, the shortcut is added to the desktop again.
What should you do?
All user accounts reside in an organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU1. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop of each user.
You discover that when a user deletes Link1, the shortcut is removed permanently from the desktop.
You need to ensure that if a user deletes Link1, the shortcut is added to the desktop again.
What should you do?
正解:D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
HOTSPOT
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1.
Your company implements DirectAccess.
A user named User1 works at a customer's office. The customer's office contains a server named Server1.
When User1 attempts to connect to Server1, User1 connects to Server1 in adatum.com.
You need to provide User1 with the ability to connect to Server1 in the customer's office.
Which Group Policy option should you configure? To answer, select the appropriate option in the answer area.
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1.
Your company implements DirectAccess.
A user named User1 works at a customer's office. The customer's office contains a server named Server1.
When User1 attempts to connect to Server1, User1 connects to Server1 in adatum.com.
You need to provide User1 with the ability to connect to Server1 in the customer's office.
Which Group Policy option should you configure? To answer, select the appropriate option in the answer area.
正解:
Specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon.
If the user clicks the Disconnect option, NCA removes the DirectAccess rules from the Name Resolution Policy Table (NRPT) and the DirectAccess client computer uses whatever normal name resolution is available to the client computer in its current network configuration, including sending all DNS queries to the local intranet or Internet DNS servers. Note that NCA does not remove the existing IPsec tunnels and users can still access intranet resources across the DirectAccess server by specifying IPv6 addresses rather than names.
The ability to disconnect allows users to specify single-label, unqualified names (such as "PRINTSVR") for local resources when connected to a different intranet and for temporary access to intranet resources when network location detection has not correctly determined that the DirectAccess client computer is connected to its own intranet.
To restore the DirectAccess rules to the NRPT and resume normal DirectAccess functionality, the user clicks Connect.
Note: If the DirectAccess client computer is on the intranet and has correctly determined its network location, the Disconnect option has no effect because the rules for DirectAccess are already removed from the NRPT.
If this setting is not configured, users do not have Connect or Disconnect options.
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains three member servers named Server1, Server2, and Server3. All servers run Windows Server 2012 R2 and have the Windows Server Update Services (WSUS) server role installed.
Server1 and Server2 are configured as replica servers that use Server3 as an upstream server.
You remove Servers from the network.
You need to ensure that WSUS on Server2 retrieves updates from Server1. The solution must ensure that Server1 and Server2 have the latest updates from Microsoft.
Which command should you run on each server? To answer, select the appropriate command to run on each server in the answer area.
Your network contains an Active Directory domain named contoso.com. The domain contains three member servers named Server1, Server2, and Server3. All servers run Windows Server 2012 R2 and have the Windows Server Update Services (WSUS) server role installed.
Server1 and Server2 are configured as replica servers that use Server3 as an upstream server.
You remove Servers from the network.
You need to ensure that WSUS on Server2 retrieves updates from Server1. The solution must ensure that Server1 and Server2 have the latest updates from Microsoft.
Which command should you run on each server? To answer, select the appropriate command to run on each server in the answer area.
正解:
Explanation:
Set-WsusServerSynchronization-SyncFromMU [-UpdateServer<IUpdateServer> ] [-Confirm] [-WhatIf]
[ <CommonParameters>]
Set-WsusServerSynchronization-UssServerName<String> [-PortNumber<Int32> ] [-Replica] [- UpdateServer<IUpdateServer> ] [-UseSsl] [-Confirm] [-WhatIf] [ <CommonParameters>] The Set-WsusServerSynchronizationcmdlet sets whether the Windows Server Update Services (WSUS) server synchronizes from Microsoft Update or an upstream server. This cmdlet allows the user to specify settings such as the upstream server name, the port number, and whether or not to use Secure Sockets Layer (SSL).
References:
http: //technet. microsoft. com/en-us/library/hh826163. aspx
http: //technet. microsoft. com/en-us/library/cc708480%28v=ws. 10%29. aspx