Note that 70-411 exam preparation should include both formal training and hands-on experience. Pass4itsure strongly recommends that you pair your Pluralsight training with 70-411 exam hands-on experience in a production environment.
Certifications: Windows Server 2012
Exam Name: Administering Windows Server 2012
Exam Code: 70-411
Total Questions: 234 Q&As
Last Updated: Mar 20, 2017
- 70-411 Dumpsoon Exam Prep Features:
- Comprehensive questions with complete details
- Questions accompanied by exhibits (if available)
- Verified Answers Researched by Industry Experts
- Drag and Drop questions as experienced in the Actual Exams (if available)
- Questions updated on 70-411 exam regular basis
- These questions and answers are backed by our GUARANTEE
- Like actual certification exams, our product is in multiple-choice questions (MCQs)
Pass4itsure Latest and Most Accurate Microsoft 70-411 Exam Q&As
70-411 exam Question No: 37 – (Topic 0) Your network contains an Active Directory domain named contoso.com. The domain
contains six domain controllers. The domain controllers are configured as shown in the
The network contains a server named Server1 that has the Hyper-v server role installed.
DC6 is a virtual machine that is hosted on Server1.
You need to ensure that you can clone DC6.
Which FSMO role should you transfer to DC2?
A. Rid master
B. Domain naming master
C. PDC emulator
D. Infrastructure master
The clone domain controller uses the security context of the source domain controller (the
domain controller whose copy it represents) to contact the Windows Server 2012 R2
Primary Domain Controller (PDC) emulator operations master role holder (also known as
flexible single master operations, or FSMO). The PDC emulator must be running Windows
Server 2012 R2, but it does not have to be running on a hypervisor.
70-411 exam Question No: 38 – (Topic 0) Your network contains an Active Directory domain named contoso.com. All domain
controllers run either Windows Server 2008 or Windows Server 2008 R2.
You deploy a new domain controller named DC1 that runs Windows Server 2012 R2.
You log on to DC1 by using an account that is a member of the Domain Admins group.
You discover that you cannot create Password Settings objects (PSOs) by using Active
Directory Administrative Center.
You need to ensure that you can create PSOs from Active Directory Administrative Center.
What should you do?
A. Modify the membership of the Group Policy Creator Owners group.
B. Transfer the PDC emulator operations master role to DC1.
C. Upgrade all of the domain controllers that run Windows Server 2008.
D. Raise the functional level of the domain.
Fine-grained password policies allow you to specify multiple password policies within a
single domain so that you can apply different restrictions for password and account lockout
policies to different sets of users in a domain. To use a fine-grained password policy, your
domain functional level must be at least Windows Server 2008. To enable fine-grained
password policies, you first create a Password Settings Object (PSO). You then configure
the same settings that you configure for the password and account lockout policies. You
can create and apply PSOs in the Windows Server 2012 environment by using the Active
Directory Administrative Center (ADAC) or Windows PowerShell.
Step 1: Create a PSO
Applies To: Windows Server 2008, Windows Server 2008 R2
70-411 exam Question No: 39 – (Topic 0) Your network contains an Active Directory forest named contoso.com. The functional level
of the forest is Windows Server 2008 R2.
All of the user accounts in the marketing department are members of a group named
Contoso\MarketingUsers. All of the computer accounts in the marketing department are
members of a group named Contoso\MarketingComputers.
A domain user named User1 is a member of the Contoso\MarketingUsers group. A
computer named Computer1 is a member of the Contoso\MarketingComputers group.
You have five Password Settings objects (PSOs). The PSOs are defined as shown in the
When User1 logs on to Computer1 and attempts to change her password, she receives an
error message indicating that her password is too short.
You need to tell User1 what her minimum password length is.
What should you tell User1?
One PSO has a precedence value of 2 and the other PSO has a precedence value of 4. In
this case, the PSO that has the precedence value of 2 has a higher rank and, hence, is
applied to the object.
70-411 exam Question No: 40 – (Topic 0) Your network contains an Active Directory domain named contoso.com. The Active
Directory Recycle bin is enabled for contoso.com.
A support technician accidentally deletes a user account named User1. You need to
restore the User1 account.
Which tool should you use?
C. Active Directory Administrative Center
70-411 exam Question No: 41 – (Topic 0) Your network contains an Active Directory forest named contoso.com. The forest contains
a single domain. All domain controllers run Windows Server 2012 R2.
The domain contains two domain controllers. The domain controllers are configured as
shown in the following table.
Active Directory Recycle Bin is enabled.
You discover that a support technician accidentally removed 100 users from an Active
Directory group named Group1 an hour ago.
You need to restore the membership of Group1.
What should you do?
A. Recover the items by using Active Directory Recycle Bin.
B. Modify the is Recycled attribute of Group1.
C. Perform tombstone reanimation.
D. Perform an authoritative restore.
Active Directory Recycle Bin helps minimize directory service downtime by enhancing your
ability to preserve and restore accidentally deleted Active Directory objects without
restoring Active Directory data from backups, restarting Active Directory Domain Services
(AD DS), or rebooting domain controllers.
When you enable Active Directory Recycle Bin, all link-valued, and non-link-valued
attributes of the deleted Active Directory objects are preserved and the objects are restored
in their entirety to the same consistent logical state that they were in immediately before
deletion. For example, restored user accounts automatically regain all group memberships
and corresponding access rights that they had immediately before deletion, within and
70-411 exam Question No: 42 – (Topic 0) Your network contains an Active Directory domain named contoso.com. The domain
contains a read-only domain controller (RODC) named RODC1.
You create a global group named RODC_Admins.
You need to provide the members of RODC_Admins with the ability to manage the
hardware and the software on R0DC1. The solution must not provide RODC_Admins with
the ability to manage Active Directory objects.
What should you do?
A. From Active Directory Site and Services, configure the Security settings of the RODC1
B. From Windows PowerShell, run the Set-ADAccountControlcmdlet.
C. From a command prompt, run the mgmt local roles command.
D. From Active Directory Users and Computers, configure the Member Of settings of the
Explanation: RODC: using the dsmgmt.exe utility to manage local administrators
One of the benefits of RODC is that you can add local administrators who do not have full
access to the domain administration. This gives them the ability to manage the server but
not add or change active directory objects unless those roles are delegated. Adding this
type of user is done using the dsmdmt.exe utility at the command prompt.
Additional Online Resources for the 70-411 Exam