IT認証試験問題集
毎月、ITshikenは1500人以上の受験者が試験準備を助けて、試験に合格するために受験者にご協力します
 ホームページ / 70-411 問題集  / 70-411 問題練習

Microsoft 70-411 問題練習

Administering Windows Server 2012 試験

最新更新時間: 2019/05/15,合計432問。

平成から令和へ:70-411 最新真題を買う時、日本語版と英語版両方を同時に獲得できます。

実際の問題集を練習し、試験のポイントを了解し、テストに申し込むするかどうかを決めることができます。

さらに試験準備時間の35%を節約するには、70-411 問題集を使用してください。

 / 29

Question No : 1
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
Server1 has a folder named Folder1 that is used by the sales department.
You need to ensure that an email notification is sent to the sales manager when a File Screening Audit report is generated.
What should you configure on Server1?

正解:
Explanation:
From the Storage Reports Management node, you can generate reports that will help you understand file use on the storage server. You can use the storage reports to monitor disk usage patterns (by file type or user), identify duplicate files and dormant files, track quota usage, and audit file screening.



Before you run a File Screen Audit report, in the File Server Resource Manager Options dialog box, on the File Screen Audit tab, verify that the Record file screening activity in the auditing database check box is selected.
Reference:
http://technet.microsoft.com/en-us/library/cc755988.aspx
http://technet.microsoft.com/en-us/library/cc730822.aspx
http://technet.microsoft.com/en-us/library/cc770594.aspx
http://technet.microsoft.com/en-us/library/cc771212.aspx
http://technet.microsoft.com/en-us/library/cc732074.aspx

Question No : 2
Your company has a main office and a branch office. The main office is located in Seattle. The branch office is located in Montreal. Each office is configured as an Active Directory site. The network contains an Active Directory domain named adatum.com. The Seattle office contains a file server named Server1. The Montreal office contains a file server named Server2. The servers run Windows Server 2012 R2 and have the File and Storage Services server role, the DFS Namespaces role service, and the DFS Replication role service installed.
Server1 and Server2 each have a share named Share1 that is replicated by using DFS Replication.
You need to ensure that users connect to the replicated folder in their respective office when they connect to \\contoso.com\Share1.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

正解:
Explanation:
To share a replicated folder and publish it to a DFS namespace Click Start, point to Administrative Tools, and then click DFS Management. In the console tree, under the Replication node, click the replication group that contains the replicated folder you want to share. In the details pane, on the Replicated Folders tab, right-click the replicated folder that you want to share, and then click Share and Publish in Namespace. In the Share and Publish Replicated Folder Wizard, click Share and publish the replicated folder in a namespace, and then follow the steps in the wizard.
Note that: If you do not have an existing namespace, you can create one in the Namespace Path page in the Share and Publish Replicated Folder Wizard. To create the namespace, in the Namespace Path page, click Browse, and then click New Namespace.
To create a namespace
• Click Start, point to Administrative Tools, and then click DFS Management.
• In the console tree, right-click the Namespaces node, and then click New Namespace.
• Follow the instructions in the New Namespace Wizard.
To create a stand-alone namespace on a failover cluster, specify the name of a clustered file server instance on the Namespace Server page of the New Namespace Wizard.
Important
Do not attempt to create a domain-based namespace using the Windows Server 2008 mode unless the forest functional level is Windows Server 2003 or higher. Doing so can result in a namespace for which you cannot delete DFS folders, yielding the following error message: “The folder cannot be deleted. Cannot complete this function.”
To share a replicated folder and publish it to a DFS namespace

Question No : 3
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
You configure a quota threshold as shown in the exhibit. (Click the Exhibit button.)



You need to ensure that a user named User1 receives an email notification when the threshold is exceeded.
What should you do?

正解:
Explanation:
When you create quotas and file screens, you have the option of sending e-mail notifications to users when their quota limit is approaching or after they have attempted to save files that have been blocked. If you want to routinely notify certain administrators of quota and file screening events, you can configure one or more default recipients.
To send these notifications, you must specify the SMTP server to be used for forwarding the e-mail messages.
To configure e-mail options
In the console tree, right-click File Server Resource Manager, and then click Configure options. The File Server Resource Manager Options dialog box opens.



On the E-mail Notifications tab, under SMTP server name or IP address, type the host name or the IP address of the SMTP server that will forward e-mail notifications.
If you want to routinely notify certain administrators of quota or file screening events, under Default administrator recipients, type each e-mail address.
Use the format [email protected] Use semicolons to separate multiple accounts.
To test your settings, click Send Test E-mail.





Question No : 4
HOTSPOT
Your network contains an Active Director domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2. You have two user accounts named User1 and User2. User1 and User2 are the members of a group named Group1. User1 has the Department value set to Accounting, user2 has the Department value set to Marketing. Both users have the Employee Type value set to Contract Employee.
You create the auditing entry as shown in the exhibit. (Click the Exhibit button.)



To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.






正解:

Question No : 5
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The network contains several group Managed Service Accounts that are used by four member servers. You need to ensure that if a group Managed Service Account resets a password of a domain user account, an audit entry is created. You create a Group Policy object (GPO) named GPO1.
What should you do next?

正解:
Explanation:
Audit User Account Management
This security policy setting determines whether the operating system generates audit events when the following user account management tasks are performed:
• A user account is created, changed, deleted, renamed, disabled, enabled, locked out, or unlocked.
• A user account password is set or changed.
Security identifier (SID) history is added to a user account.
• The Directory Services Restore Mode password is set.
• Permissions on accounts that are members of administrators groups are changed.
• Credential Manager credentials are backed up or restored.
This policy setting is essential for tracking events that involve provisioning and managing user accounts.

Question No : 6
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2.
You view the effective policy settings of Server1 as shown in the exhibit. (Click the Exhibit button.)



You need to ensure that an entry is added to the event log whenever a local user account is created or deleted on Server1.
What should you do?

正解:
Explanation:
When you use Advanced Audit Policy Configuration settings, you need to confirm that these settings are not overwritten by basic audit policy settings. The following procedure shows how to prevent conflicts by blocking the application of any basic audit policy settings.
Enabling Advanced Audit Policy Configuration
Basic and advanced audit policy configurations should not be mixed. As such, it’s best practice to enable Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings in Group Policy to make sure that basic auditing is disabled. The setting can be found under Computer Configuration\Policies\Security Settings\Local Policies\Security Options, and sets the SCENoApplyLegacyAuditPolicy registry key to prevent basic auditing being applied using Group Policy and the Local Security Policy MMC snap-in.
In Windows 7 and Windows Server 2008 R2, the number of audit settings for which success and failure can be tracked has increased to 53. Previously, there were nine basic auditing settings under Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Audit Policy. These 53 new settings allow you to select only the behaviors that you want to monitor and exclude audit results for behaviors that are of little or no concern to you, or behaviors that create an excessive number of log entries. In addition, because Windows 7 and Windows Server 2008 R2 security audit policy can be applied by using domain Group Policy, audit policy settings can be modified, tested, and deployed to selected users and groups with relative simplicity.
Audit Policy settings
• Any changes to user account and resource permissions.
• Any failed attempts for user logon.
• Any failed attempts for resource access.
• Any modification to the system files.
Advanced Audit Configuration Settings
Audit compliance with important business-related and security-related rules by tracking precisely defined activities, such as:
• A group administrator has modified settings or data on servers that contain finance information.
• An employee within a defined group has accessed an important file.
• The correct system access control list (SACL) is applied to every file and folder or registry key on a computer or file share as a verifiable safeguard against undetected access.
In Servers GPO, modify the Audit Policy settings - enabling audit account management setting will generate events about account creation, deletion and so on.
Advanced Audit Configuration Settings
Advanced Audit Configuration Settings ->Audit Policy
-> Account Management -> Audit User Account Management


In Servers GPO, modify the Audit Policy settings - enabling audit account management setting will generate events about account creation, deletion and so on.



Reference:
http://blogs.technet.com/b/abizerh/archive/2010/05/27/tracing-down-user-and-computer-account-deletion-in-active-directory.aspx
http://technet.microsoft.com/en-us/library/dd772623%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/jj852202(v=ws.10).aspx
http://www.petri.co.il/enable-advanced-audit-policy-configuration-windows-server.htm
http://technet.microsoft.com/en-us/library/dd408940%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/dd408940%28v=ws.10%29.aspx#BKMK_step2

Question No : 7
Your network contains an Active Directory domain named adatum.com. You have a standard primary zone named adatum.com. You need to provide a user named User1 the ability to modify records in the zone. Other users must be prevented from modifying records in the zone.
What should you do first?

正解:
Explanation:
The Zone would need to be changed to a AD integrated zone When you use directory-integrated zones, you can use access control list (ACL) editing to secure a dnsZone object container in the directory tree. This feature provides detailed access to either the zone or a specified resource record in the zone. For example, an ACL for a zone resource record can be restricted so that dynamic updates are allowed only for a specified client computer or a secure group, such as a domain administrators group. This security feature is not available with standard primary zones.
DNS update security is available only for zones that are integrated into Active Directory. After you integrate a zone, you can use the access control list (ACL) editing features that are available in the DNS snap-in to add or to remove users or groups from the ACL for a specific zone or for a resource record.
Standard (not an Active Directory integrated zone) has no Security settings:



You need to firstly change the "Standard Primary Zone" to AD Integrated Zone:



Now there's Security tab:



References:
http://technet.microsoft.com/en-us/library/cc753014.aspx
http://technet.microsoft.com/en-us/library/cc726034.aspx
http://support.microsoft.com/kb/816101

Question No : 8
HOTSPOT
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1. Your company implements DirectAccess. A user named User1 works at a customer's office. The customer's office contains a server named Server1.
When User1 attempts to connect to Server1, User1 connects to Server1 in adatum.com.
You need to provide User1 with the ability to connect to Server1 in the customer's office.
Which Group Policy option should you configure? To answer, select the appropriate option in the answer area.



正解:


Explanation:
Specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon.
If the user clicks the Disconnect option, NCA removes the DirectAccess rules from the Name Resolution Policy Table (NRPT) and the DirectAccess client computer uses whatever normal name resolution is available to the client computer in its current network configuration, including sending all DNS queries to the local intranet or Internet DNS servers. Note that NCA does not remove the existing IPsec tunnels and users can still access intranet resources across the DirectAccess server by specifying IPv6 addresses rather than names.
The ability to disconnect allows users to specify single-label, unqualified names (such as “PRINTSVR”) for local resources when connected to a different intranet and for temporary access to intranet resources when network location detection has not correctly determined that the DirectAccess client computer is connected to its own intranet.
To restore the DirectAccess rules to the NRPT and resume normal DirectAccess functionality, the user clicks Connect.
Note: If the DirectAccess client computer is on the intranet and has correctly determined its network location, the Disconnect option has no effect because the rules for DirectAccess are already removed from the NRPT.
If this setting is not configured, users do not have Connect or Disconnect options.

Question No : 9
Your network is configured as shown in the exhibit. (Click the Exhibit button.)



Server1 regularly accesses Server2. You discover that all of the connections from Server1 to Server2 are routed through Router1. You need to optimize the connection path from Server1 to Server2.
Which route command should you run on Server1?

正解:
Explanation:
Destination - specifies either an IP address or host name for the network or host.
subnetmask - specifies a subnet mask to be associated with this route entry. If subnetmask is not specified, 255.255.255.255 is used.
gateway - specifies either an IP address or host name for the gateway or router to use when forwarding.
costmetric - assigns an integer cost metric (ranging from 1 through 9,999) to be used in calculating the fastest, most reliable, and/or least expensive routes. If costmetric is not specified, 1 is used.
interface - specifies the interface to be used for the route that uses the interface number. If an interface is not specified, the interface to be used for the route is determined from the gateway IP address.
References:
http://support.microsoft.com/kb/299540/en-us
http://technet.microsoft.com/en-us/library/cc757323%28v=ws.10%29.aspx

Question No : 10
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2. The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link. Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com.
You need to configure Server1 to resolve names in fabrikam.com. The solution must NOT require that changes be made to the fabrikam.com zone on Server2.
What should you create?

正解:
Explanation:
A stub zone is a copy of a zone that contains only those resource records necessary to identify the authoritative Domain Name System (DNS) servers for that zone. A stub zone is used to resolve names between separate DNS namespaces. This type of resolution may be necessary when a corporate merger requires that the DNS servers for two separate DNS namespaces resolve names for clients in both namespaces.

Question No : 11
You have a DNS server named Server1 that runs Windows Server 2012 R2. On Server1, you create a DNS zone named contoso.com. You need to specify the email address of the person responsible for the zone.
Which type of DNS record should you configure?

正解:
Explanation:
A SOA-record defines the responsible person for an entire zone, but a zone may contain many individual hosts / domain names for which different people are responsible. The RP-record type makes it possible to identify the responsible person for individual host names contained within the zone.





Question No : 12
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 are nodes in a Hyper-V cluster named Cluster1. Cluster1 hosts 10 virtual machines. All of the virtual machines run Windows Server 2012 R2 and are members of the domain. You need to ensure that the first time a service named Service1 fails on a virtual machine, the virtual machine is moved to a different node. You configure Service1 to be monitored from Failover Cluster Manager.
What should you configure on the virtual machine?

正解:
Explanation:
Configure the virtual machine to take no action through Hyper-V if the physical computer shuts down by modifying the Automatic Stop Action setting to None. Virtual machine state must be managed through the Failover Clustering feature.
Virtual machine application monitoring and management
In clusters running Windows Server 2012, administrators can monitor services on clustered virtual machines that are also running Windows Server 2012. This functionality extends the high-level monitoring of virtual machines that is implemented in Windows Server 2008 R2 failover clusters. If a monitored service in a virtual machine fails, the service can be restarted, or the clustered virtual machine can be restarted or moved to another node (depending on service restart settings and cluster failover settings).
This feature increases the uptime of high availability services that are running on virtual machines within a failover cluster.
Windows Server 2012 Failover Cluster introduces a new capability for Hyper-V virtual machines (VMs), which is a basic monitoring of a service within the VM which causes the VM to be rebooted should the monitored service fail three times. For this feature to work the following must be configured:
• Both the Hyper-V servers must be Windows Server 2012 and the guest OS running in the VM must be Windows Server 2012.
• The host and guest OSs are in the same or at least trusting domains.
• The Failover Cluster administrator must be a member of the local administrator's group inside the VM.
Ensure the service being monitored is set to Take No Action (see screen shot below) within the guest VM for Subsequent failures (which is used after the first and second failures) and is set via the Recovery tab of the service properties within the Services application (services. msc).



Within the guest VM, ensure the Virtual Machine Monitoring firewall exception is enabled for the Domain network by using the Windows Firewall with Advanced Security application or by using the Windows PowerShell command below: Set-NetFirewallRule -DisplayGroup "Virtual Machine Monitoring" -Enabled True.
After the above is true, enabling the monitoring is a simple process:

Question No : 13
HOTSPOT
You have a server named Servers that runs Windows Server 2012 R2. Servers has the Windows Deployment Services server role installed. Server5 contains several custom images of Windows 8. You need to ensure that when 32-bit client computers start by using PXE, the computers automatically install an image named Image 1.
What should you configure? To answer, select the appropriate tab in the answer area.



正解:

Question No : 14
You have a server named Server1 that runs Windows Server 2012 R2. You discover that the performance of Server1 is poor.
The results of a performance report generated on Server1 are shown in the following table.



You need to identify the cause of the performance issue.
What should you identify?

正解:
Explanation:
Processor: %DPC Time. Much like the other values, this counter shows the amount of time that the processor spends servicing DPC requests. DPC requests are more often than not associated with the network interface.
Processor: % Interrupt Time. This is the percentage of time that the processor is spending on handling Interrupts. Generally, if this value exceeds 50% of the processor time you may have a hardware issue. Some components on the computer can force this issue and not really be a problem. For example a programmable I/O card like an old disk controller card, can take up to 40% of the CPU time. A NIC on a busy IIS server can likewise generate a large percentage of processor activity.
Processor: % User Time. The value of this counter helps to determine the kind of processing that is affecting the system. Of course the resulting value is the total amount of non-idle time that was spent on User mode operations. This generally means application code.
Processor: %Privilege Time. This is the amount of time the processor was busy with Kernel mode operations. If the processor is very busy and this mode is high, it is usually an indication of some type of NT service having difficulty, although user mode programs can make calls to the Kernel mode NT components to occasionally cause this type of performance issue.
Memory: Pages/sec. This value is often confused with Page Faults/sec. The Pages/sec counter is a combination of Pages Input/sec and Pages Output/sec counters. Recall that Page Faults/sec is a combination of hard page faults and soft page faults. This counter, however, is a general indicator of how often the system is using the hard drive to store or retrieve memory associated data.
References:
http://technet.microsoft.com/en-us/library/cc768048.aspx

Question No : 15
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server Update Services server role installed. You need to configure Windows Server Update Services (WSUS) to support Secure Sockets Layer (SSL).
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

正解:
Explanation:
Certificate needs to be installed to IIS, Bindings modifies and wsusutil run.

 / 29