Instant Download 70-417 PDF Files! New Updated 371 Exam Questions and Answers help 100% Exam Pass! 70-417 Certification Get Quickly!
Vendor: Microsoft
Exam Code: 70-417
Exam Name: Upgrading Your Skills to MCSA Windows Server 2012 R2 Exam
QUESTION 311
Hotspot Question
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1 by using TCP port 443.
What should you modify? To answer, select the appropriate object in the answer area.
Answer:
QUESTION 312
Your network contains an Active Directory domain named contoso.com. The domain contains three servers. The servers are configured as shown in the following table.
You need to ensure that end-to-end encryption is used between clients and Server2 when the clients connect to the network by using DirectAccess.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A. From the Remote Access Management Console, reload the configuration.
B. Add Server2 to a security group in Active Directory.
C. Restart the IPSec Policy Agent service on Server2.
D. From the Remote Access Management Console, modify the Infrastructure Servers settings.
E. From the Remote Access Management Console, modify the Application Servers settings.
Answer: BE
Explanation:
Unsure about these answers:
A public key infrastructure must be deployed.
Windows Firewall must be enabled on all profiles. ISATAP in the corporate network is not supported. If you are using ISATAP, you should remove it and use native IPv6.
Computers that are running the following operating systems are supported as DirectAccess clients:
Windows Server 2012 R2
Windows 8.1 Enterprise
Windows Server 2012
Windows 8 Enterprise
Windows Server 2008 R2
Windows 7 Ultimate
Windows 7 Enterprise
Force tunnel configuration is not supported with KerbProxy authentication.
Changing policies by using a feature other than the DirectAccess management console or Windows PowerShell cmdlets is not supported.
Separating NAT64/DNS64 and IPHTTPS server roles on another server is not supported.
QUESTION 313
You have a DNS server named DNS1 that runs Windows Server 2012 R2.
On DNS1, you create a standard primary DNS zone named adatum.com.
You need to change the frequency that secondary name servers will replicate the zone from DNS1.
Which type of DNS record should you modify?
A. Name server (NS)
B. Start of authority (SOA)
C. Host information (HINFO)
D. Service location (SRV)
Answer: B
Explanation:
The time to live is specified in the Start of Authority (SOA) record
Note: TTL (time to live) – The number of seconds a domain name is cached locally before expiration and return to authoritative nameservers for updated information.
QUESTION 314
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server 1. Server1 has the IP Address Management (IPAM) Server feature installed.
A technician performs maintenance on Server1.
After the maintenance is complete, you discover that you cannot connect to the IPAM server on Server1.
You open the Services console as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can connect to the IPAM server.
Which service should you start?
A. Windows Process Activation Service
B. Windows Event Collector
C. Windows Internal Database
D. Windows Store Service (WSService)
Answer: C
QUESTION 315
You have a server named Server1 that runs Windows Server 2012 R2.
Server1 is located in the perimeter network and has the DNS Server server role installed.
Server1 has a zone named contoso.com.
You apply a security template to Server1.
After you apply the template, users report that they can no longer resolve names from contoso.com.
On Server1, you open DNS Manager as shown in the DNS exhibit. (Click the Exhibit button.)
On Server1, you open Windows Firewall with Advanced Security as shown in the Firewall exhibit. (Click the Exhibit button.)
You need to ensure that users can resolve contoso.com names.
What should you do?
A. From Windows Firewall with Advanced Security, disable the DNS (TCP, Incoming) rule and the DNS (UDP, Incoming) rule.
B. From DNS Manager, modify the Zone Transfers settings of the contoso.com zone.
C. From DNS Manager, unsign the contoso.com zone.
D. From DNS Manager, modify the Start of Authority (SOA) of the contoso.com zone.
E. From Windows Firewall with Advanced Security, modify the profiles of the DNS (TCP, Incoming) rule and the DNS (UDP, Incoming) rule.
Answer: E
QUESTION 316
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Rights Management Services server role installed.
Your company works with a partner organization that does not have its own Active Directory Rights Management Services (AD RMS) implementation.
You need to create a trust policy for the partner organization.
The solution must meet the following requirements:
– Grant users in the partner organization access to protected content
– Provide users in the partner organization with the ability to create protected content.
Which type of trust policy should you create?
A. A federated trust
B. Windows Live ID
C. A trusted publishing domain
D. A trusted user domain
Answer: A
QUESTION 317
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and configured.
For all users, you are deploying smart cards for logon.
You are using an enrollment agent to enroll the smart card certificates for the users.
You need to configure the Contoso Smartcard Logon certificate template to support the use of the enrollment agent.
Which setting should you modify? To answer, select the appropriate setting in the answer area.
Answer:
QUESTION 318
Hotspot Question
Your company has a primary data center and a disaster recovery data center.
The network contains an Active Directory domain named contoso.com. The domain contains a server named that runs Windows Server 2012 R2. Server1 is located in the primary data center.
Server1 has an enterprise root certification authority (CA) for contoso.com.
You deploy another server named Server2 to the disaster recovery data center.
You plan to configure Server2 as a secondary certificate revocation list (CRL) distribution point.
You need to configure Server2 as a CRL distribution point (CDP).
Which tab should you use to configure the required CDP entry? To answer, select the appropriate tab in the answer area.
Answer:
QUESTION 319
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
The relevant servers in the domain are configured as shown in the following table.
You plan to create a shared folder on Server1 named Share1. Share1 must only be accessed by users who are using computers that are joined to the domain.
You need to identify which servers must be upgraded to support the requirements of Share1.
In the table below, identify which computers require an upgrade and which computers do not require an upgrade. Make only one selection in each row. Each correct selection is worth one point.
Answer:
QUESTION 320
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
You have several Windows PowerShell scripts that execute when users log on to their client computer.
You need to ensure that all of the scripts execute completely before the users can access their desktop.
Which setting should you configure? To answer, select the appropriate setting in the answer area.
Answer:
Explanation:
http://technet.microsoft.com/en-us/library/cc738773(v=ws.10).aspx
Run logon scripts synchronously
Directs the system to wait for logon scripts to finish running before it starts the Windows Explorer interface program and creates the desktop.
If you enable this policy, Windows Explorer does not start until the logon scripts have finished running. This setting assures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop.
If you disable this policy or do not configure it, the logon scripts and Windows Explorer are not synchronized and can run simultaneously.
Braindump2go Regular Updates of Microsoft 70-417 Preparation Materials Exam Dumps, with Accurate Answers, Keeps the Members One Step Ahead in the Real 70-417 Exam. Field Experts with more than 10 Years Experience in Certification Field work with us.