We are all well aware that a major problem in the IT industry is that there is a lack of quality study materials. Our exam preparation material provides you everything you will need to take a certification examination. Our Microsoft 70-417 Exam will provide you with exam questions with verified answers that reflect the actual exam. These questions and answers provide you with the experience of taking the actual test. High quality and value for the 70-417 Exam. 100% guarantee to pass your Microsoft 70-417 exam and get your Microsoft certification.
QUESTION 441
Your network contains two Active Directory forests named contoso.com and adatum.com.
All domain controllers run Windows Server 2012 R2.
The adatum.com domain contains a Group Policy object (GPO) named GPO1.
An administrator from adatum.com backs up GPO1 to a USB flash drive.
You have a domain controller named dc1.contoso.com.
You insert the USB flash drive in dc1.contoso.com.
You need to identify the domain-specific reference in GPO1.
What should you do?
A. From the Migration Table Editor, click Populate from Backup.
B. From Group Policy Management, run the Group Policy Modeling Wizard.
C. From Group Policy Management, run the Group Policy Results Wizard.
D. From the Migration Table Editor, click Populate from GPO.
Answer: A
Explanation:
https://technet.microsoft.com/en-us/library/cc779961(v=ws.10).aspx
QUESTION 442
Your network contains 25 Web servers that run Windows Server 2012 R2.
You need to configure auditing policies that meet the following requirements:
– Generate an event each time a new process is created.
– Generate an event each time a user attempts to access a file share.
Which two auditing policies should you configure? To answer, select the appropriate two auditing policies in the answer area.
A. Audit access management (Not Defined)
B. Audit directory service access (Not Defined)
C. Audit logon events (Not Defined)
D. Audit object access(Not Defined)
E. Audit policy change(Not Defined)
F. Audit privilege use (Not Defined)
G. Audit process tracking (Not Defined)
H. Audit system events(Not Defined)
Answer: DG
Explanation:
* Audit Object Access
Determines whether to audit the event of a user accessing an object (for example, file, folder, registry key, printer, and so forth) which has its own system access control list (SACL) specified.
* Audit Process Tracking
Determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access.
Reference: Audit object access
https://technet.microsoft.com/en-us/library/cc976403.aspx
Reference: Audit Process Tracking
https://technet.microsoft.com/en-us/library/cc976411.aspx
QUESTION 443
You have two Windows Server Update Services (WSUS) servers named Server01 and Server02. Server01 synchronizes from Microsoft Update. Server02 synchronizes updates from Server01. Both servers are members of the same Active Directory domain.
You configure Server01 to require SSL for all WSUS metadata by using a certificate issued by an enterprise root certification authority (CA).
You need to ensure that Server02 synchronizes updates from Server01.
What should you do on Server02?
A. From a command prompt, run wsusutil.exe configuresslproxy server02 443.
B. From a command prompt, run wsusutil.exe configuressl server01.
C. From a command prompt, run wsusutil.exe configuresslproxy server01 443.
D. From the Update Services console, modify the Update Source and Proxy Server options.
Answer: D
QUESTION 444
Your network contains one Active Directory domain named contoso.com.
The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2.
All client computers run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify which security principals are authorized to have their password cached on RODC1.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy
Answer: B
QUESTION 445
You have a group Managed Service Account named Service01.
Three servers named Server01, Server02, and Server03 currently use the Service01 service account.
You plan to decommission Server01.
You need to remove the cached password of the Service01 service account from Server01.
The solution must ensure that Server02 and Server03 continue to use Service01.
Which cmdlet should you run?
A. Set-ADServiceAccount
B. Remove-ADServiceAccount
C. Uninstall-ADServiceAccount
D. Reset-ADServiceAccountPassword
Answer: B
Explanation:
The Remove-ADServiceAccount cmdlet removes an Active Directory service account.
This cmdlet does not make changes to any computers that use the service account.
After this operation, the service account is no longer hosted on the target computer but still exists in the directory.
Incorrect:
Not C: The Uninstall-ADServiceAccount cmdlet removes an Active Directory service account on the computer on which the cmdlet is run.
The specified service account must be installed on the computer.
Reference: Remove-ADServiceAccount
https://technet.microsoft.com/en-us/library/ee617190.aspx
QUESTION 446
Your network contains an Active Directory domain named adatum.com.
The domain contains 10 domain controllers that run Windows Server 2012 R2.
You plan to create a new Active Directory-integrated zone named contoso.com.
You need to ensure that the new zone will be replicated to only four of the domain controllers.
What should you do first?
A. Create an application directory partition.
B. Create an Active Directory connection object.
C. Create an Active Directory site link.
D. Change the zone replication scope.
Answer: A
Explanation:
Application directory partitions
An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the replication of a particular application directory partition hosts a replica of that partition. Only domain controllers running Windows Server 2003 can host a replica of an application directory partition.
QUESTION 447
Hotspot Question
Your network contains one Active Directory domain named contoso.com.
The domain contains 10 file servers that run Windows Server 2012 R2.
You plan to enable BitLocker Drive Encryption (BitLocker) for the operating system drives of the file servers.
You need to configure BitLocker policies for the file servers to meet the following requirements:
– Ensure that all of the servers use a startup PIN for operating system drives encrypted with BitLocker.
– Ensure that the BitLocker recovery key and recovery password are stored in Active Directory.
Which two Group Policy settings should you configure? To answer, select the appropriate settings in the answer area.
Answer:
QUESTION 448
Your network contains one Active Directory domain named contoso.com.
From the Group Policy Management console, you view the details of a Group Policy object (GPO) named GPO1.
You need to ensure that the comments field of GPO1 contains a detailed description of GPO1.
What should you do?
A. From Active Directory Users and Computers, edit the properties of contoso.com/System/Policies/{229DCD27-9D98-ACC2-A6AE-ED765F065FF5}.
B. Open GPO1 in the Group Policy Management Editor, and then modify the properties of GPO1.
C. From Notepad, edit \\contoso.com\SYSVOL\ contoso.com\Policies\{229DCD27-9D98- ACC2-A6AE-ED765F065FF5}\gpt.ini.
D. From Group Policy Management, click View, and then click Customize.
Answer: B
Explanation:
Adding a comment to a Group Policy object Open the Group Policy Management Console. Expand the Group Policy Objects node.
Right-click the Group Policy object you want to comment and then click Edit.
In the console tree, right-click the name of the Group Policy object and then click Properties .
Click the Comment tab.
Type your comments in the Comment box.
Click OK
Reference: Comment a Group Policy Object
https://technet.microsoft.com/en-us/library/cc770974.aspx
QUESTION 449
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2008 R2.
You plan to test Windows Server 2012 R2 by using native-boot virtual hard disks (VHDs).
You have a Windows image file named file1.wim.
You need to add an image of a volume to file1.wim.
What should you do?
A. Run imagex.exe and specify the /append parameter.
B. Run imagex.exe and specify the /export parameter.
C. Run dism.exe and specify the /image parameter.
D. Run dism.exe and specify the /append-image parameter.
Answer: D
Explanation:
The Deployment Image Servicing and Management (DISM) tool is a command-line tool that enables the creation of Windows image (.wim) files for deployment in a manufacturing or corporate IT environment. The /Append-Image option appends a volume image to an existing .wim file allowing you to store many customized Windows images in a fraction of the space. When you combine two or more Windows image files into a single .wim, any files that are duplicated between the images are only stored once.
Incorrect:
Not A, Not B: Imagex has been retired and replaced by dism.
Reference: Append a Volume Image to an Existing Image Using DISM
https://technet.microsoft.com/en-us/library/hh824916.aspx
QUESTION 450
You have an enterprise certification authority (CA) named CA1.
You have a certificate template named UserAutoEnroll that is based on the User certificate template. Domain users are configured to autoenroll for UserAutoEnroll.
A user named User1 has an email address defined in Active Directory.
A user named User2 does not have an email address defined in Active Directory.
You discover that User1 was issued a certificate based on UserAutoEnroll template automatically. A request by user2 for a certificate based on the UserAutoEnroll template fails.
You need to ensure that all users can autoenroll for certificated based on the UserAutoEnroll template.
Which setting should you configure from the properties on the UserAutoEnroll certificate template?
A. Issuance Requirements
B. Request Handling
C. Cryptography
D. Subject Name
Answer: D
Explanation:
Template properties – Subject Name tab
E-mail name. If the E-mail name field is populated in the Active Directory user object, that e-mail name will be used for user accounts.
The e-mail name is required for user certificates. If the e-mail name is not populated for a user in AD DS, the certificate request by that user will fail.
https://technet.microsoft.com/en-us/library/Cc725621(v=WS.10).aspx
QUESTION 451
Note: This questions is part of series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series.
Each question is independent of the other questions in this series.
Information and details provided in a question apply only to that question.
Your network contains one Active Directory forest named contoso.com.
The forest contains two child domains and six domain controllers.
The domain controllers are configured as shown in the following table.
You create a trust between contoso.com and a domain in another forest at a partner company.
You need to prevent the sales.contoso.com and the manufacturing.contoso.com names from being used in authentication requests across the forest trust.
What should you use?
A. Set-ADSite
B. Set-ADReplicationSite
C. Set-ADDomain
D. Set-ADReplicationSiteLink
E. Set-ADGroup
F. Set-ADForest
G. Netdom
Answer: G
Explanation:
You can use this procedure to prevent authentication requests for specific name suffixes from being routed to a forest, or you can use this procedure to allow authentication requests for specific name suffixes to be routed to a forest.
You can enable or disable an existing name suffix for routing by using the New Trust Wizard in Active Directory Domains and Trusts or by using the Netdom command-line tool.
For more information about how to use the Netdom command-line tool to modify name suffix routing settings, see “Netdom.exe: Windows Domain Manager” in the Windows Server 2003 Technical Reference on the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=41700).
https://technet.microsoft.com/en-us/library/cc772217.aspx
QUESTION 452
Note: This questions is part of series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series.
Each question is independent of the other questions in this series.
Information and details provided in a question apply only to that question.
Your network contains one Active Directory forest named contoso.com.
The forest contains two child domains and six domain controllers.
The domain controllers are configured as shown in the following table.
You need to prevent administrators from accidently deleting any of the site in the forest.
What should you use?
A. Set-ADSite
B. Set-ADReplicationSite
C. Set-ADDomain
D. Set-ADReplicationSiteLink
E. Set-ADGroup
F. Set-ADForest
G. Netdom
Answer: B
Explanation:
Set-ADReplicationSite (Set-ADReplicationSite -ProtectedFromAccidentalDeletion $true)
QUESTION 453
Note: This questions is part of series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series.
Each question is independent of the other questions in this series.
Information and details provided in a question apply only to that question.
Your network contains one Active Directory forest named contoso.com.
The forest contains two child domains and six domain controllers.
The domain controllers are configured as shown in the following table.
You need ensure that all Active Directory changes are replicated to all of the domain controllers in the forest within 30 minutes.
What should you use?
A. Set-ADSite
B. Set-ADReplicationSite
C. Set-ADDomain
D. Set-ADReplicationSiteLink
E. Set-ADGroup
F. Set-ADForest
G. Netdom
Answer: D
Explanation:
This command gets all the site links in the directory with replication frequency greater than or equal to 60 minutes, and then sets the Cost property on these site link objects to 200.
https://technet.microsoft.com/en-us/%5Clibrary/Hh852257(v=WPS.630).aspx
QUESTION 454
Note: This questions is part of series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series.
Each question is independent of the other questions in this series.
Information and details provided in a question apply only to that question.
Your network contains one Active Directory forest named contoso.com.
The forest contains two child domains and six domain controllers.
The domain controllers are configured as shown in the following table.
You have a trust from contoo.com to another forest named fabrikam.com.
You plan to migrate users from contodo.com to fabrikam.com.
You need to ensure that the users who migrated to fabrikam.com can continue to access shared resources in contoso.com. the solution must not require administrators to modify permissions to shared resources.
What should you use?
A. Set-ADSite
B. Set-ADReplicationSite
C. Set-ADDomain
D. Set-ADReplicationSiteLink
E. Set-ADGroup
F. Set-ADForest
G. Netdom
Answer: G
Explanation:
The Netdom move command moves a workstation or member server to a new domain. The act of moving a computer to a new domain creates an account for the computer on the domain, if it does not already exist.
https://technet.microsoft.com/en-us/library/cc788127.aspx
QUESTION 455
Your network contains one Active Directory forest named adatum.com.
The forest contains a single domain.
The site topology for the forest is shown in the exhibit.
Each site contain s one domain controller.
You need to ensure that replication between site2 and site4 occurs in 15 minutes or less.
What command should you run? To answer select the appropriate options in the answer area.
Answer Area
New-AdReplicationSiteLink
New-ADReplicationLinkBridge
Set-ADReplicationConnection
Set-ADReplicationSiteLink
Set-ADReplicationSiteLinkBridge
-name
SiteLink3
SiteLink6
SiteLink1, SiteLink2
Answer: -SitesIncluded Site2, Site4 -ReplicationFrequencyinMinutes 15 -cost
Explanation:
(Specifically look up – ReplicationFrequencyinMinutes)
https://technet.microsoft.com/en-us/%5Clibrary/Hh852257(v=WPS.630).aspx
QUESTION 456
Your network contains one Active Directory forest named contoso.com.
The forest contains a single domain.
The domain contains the domain controllers is configured as shown in the following table.
Name Site
DC1 Site1
DC2 Site2
DC3 Site3
DC4 Site4
The replication topology is configured as shown in the following output.
Cost : 100
DistinguishedName : CN=SiteLink1, CN=IP, CN=Inter-Site Transports, CN=Sites, CN=Configuration, Dc=Adatum, DC=com
Name : SiteLink1
ObjectClass : SiteLink
ObjectGUID : e1c8c335-b75f-4612-8a9e-58a0edead21f
ReplInterval : 60
SiteList : {CN=Site4, CN=Sites, CN=Configuration, DC=Adatum, DC=Adatum, DC=com,
CN=Site2, CN=Sites, CN=Configuration, DC=Adatum, DC=Adatum, DC=com}
Cost : 100
DistinguishedName : CN=SiteLink1, CN=IP, CN=Inter-Site Transports, CN=Sites, CN=Configuration, Dc=Adatum, DC=com
Name : SiteLink2
ObjectClass :SiteLink
ObjectGUID : 9516948e-cd56-4a9b-b6ba-cdf3dd7fe0d1
ReplInterval : 60
SiteList : {CN=Site4, CN=Sites, CN=Configuration, DC=Adatum, DC=Adatum, DC=com,
CN=Site2, CN=Sites, CN=Configuration, DC=Adatum, DC=Adatum, DC=com}
Cost : 100
DistinguishedName : CN=SiteLink3, CN=IP, CN=Inter-Site Transports, CN=Sites, CN=Configuration, Dc=Adatum, DC=com
Name : SiteLink3
ObjectClass : SiteLink
ObjectGUID : 07a7a37e-a12c-40c4-8042-f5d2e737b8a9
ReplInterval : 60
SiteList : {CN=Site4, CN=Sites, CN=Configuration, DC=Adatum, DC=Adatum, DC=com,
CN=Site3, CN=Sites, CN=Configuration, DC=Adatum, DC=Adatum, DC=com}
Cost : 400
DistinguishedName : CN=SiteLink4, CN=IP, CN=Inter-Site Transports, CN=Sites, CN=Configuration, Dc=Adatum, DC=com
Name : SiteLink4
ObjectClass : SiteLink
ObjectGUID : 508810dc-30fd-4845-982a-d4552fba2e04 ReplInterval : 45
SiteList : {CN=Site4, CN=Sites, CN=Configuration, DC=Adatum, DC=Adatum, DC=com,
CN=Site2, CN=Sites, CN=Configuration, DC=Adatum, DC=Adatum, DC=com}
You discover that replication between Dc1 and DC3 takes a few hours.
You need to reduce the amount of time it takes to replicate Active Directory changes between DC1 and DC3.
What should you do?
A. Create a site link that connects Site1 and Site3, has a cost of 350, and replicates every 15 minutes.
B. Modify SiteLink4 to replicate every 15 minute.
C. Disable Site Link bridging.
D. Set the cost of SiteLink4 to 100.
Answer: D
QUESTION 457
Your network contains one Active Directory forest named contoso.com.
The forest contains a single domain.
The domain contains the domain controllers is configured as shown in the following table.
Name Site
DC1 Site1
DC2 Site2
DC3 Site3
DC4 Site4
The forest contains a member server named Server1.
Server1 has an IP address of 172.16.10.66.
The forest has the following Active Directory subnet configuration.
DistinguishedName : CN=172.16.10.0/26, CN=subnets, CN=Sites, CN=Configuration,
Location Dc=Adatum, DC=com
Name : 172.16.10.0/26
ObjectClass : subnet
ObjectGUID : db362a6c-c0a9-4703-aaee-191083ab9ea5
Site : CN=Site1, CN=Sites, CN=Configuration, DC=Adatum, DC=Adatum,
DC=com,
DistinguishedName : CN=172.16.10.64/26, CN=subnets, CN=Sites, CN=Configuration,
Location Dc=Adatum, DC=com
Name : 172.16.10.64/26
ObjectClass : subnet
ObjectGUID : ef101558-3afa-41f1-9c5a-717453436fc1
Site : CN=Site2, CN=Sites, CN=Configuration, DC=Adatum, DC=Adatum,
DC=com,
DistinguishedName : CN=172.16.10.192/26, CN=subnets, CN=Sites, CN=Configuration,
Location Dc=Adatum, DC=com
Name : 172.16.10.192/26
ObjectClass : subnet
ObjectGUID : 33137047-6711-4195-940f-a463bbdab8fb
Site : CN=Site4, CN=Sites, CN=Configuration, DC=Adatum, DC=Adatum,
DC=com,
DistinguishedName : CN=172.16.10.128/26, CN=subnets, CN=Sites, CN=Configuration,
Location Dc=Adatum, DC=com
Name : 172.16.10.128/26
ObjectClass : subnet
ObjectGUID : ef5235ab-759b-4dc8-992a-c5ec1dae97a8
Site : CN=Site3, CN=Sites, CN=Configuration, DC=Adatum, DC=Adatum,
DC=com,
Use the drop down menus to select the answer choice that complete each statement.
Answer Area
If you promote Server1 to a domain controller, its server object will be created in [answer area]
Site1
Site2
Site3
Site4
If you perform an Active Directory search from a domain member that has an IP address of 172.16.10.116, you will attempt to connect [answer area]
DC1
DC2
DC3
DC4
Answer: Site2, DC2
Explanation:
S1 – 172.16.10.66/26, /26 = 63 IP address, Site 2 is located in this subnet.
You be automatically redirected on DC2 on your IP addressing.
QUESTION 458
You have a server named Server1 that runs Windows Server 2012 R2 and uses Windows Server Backup.
You need to identify whether the backups performed on Server1 support bare metal recovery.
Which cmdlet should you run?
A. Get-OBMachineSetting
B. GetWBVSSBackupOption
C. Get-WBPolicy
D. Get-OBPolicy
Answer: C
Explanation:
Get-OBMachineSetting is for Azure Backup, question asks about Windows Backup
GetWBVSSBackupOption cmdlet doesn’t exist
Get-WBPolicy is for Windows Backup
Get-OBPolicy is for Azure Backup, question asks Windows Backup
https://technet.microsoft.com/en-us/library/Ee706650.aspx
QUESTION 459
You have a cluster named Cluster1 that contains two nodes. Both nodes run Windows Server 2012 R2. Cluster1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2.
You notice that VM1 is marked as being in a critical state in the cluster.
You verify that VM1 is functioning correctly.
You need to ensure that VM1 is no longer marked as being in a critical state.
Which cmdlet should you run?
A. Remove-ClusterVmMonitoredItem
B. Remove-ClusterResourceDependency
C. Reset-ClusterVMMonitoredState
D. Clear-ClusterNode
Answer: C
Explanation:
Remove-ClusterVmMonitoredItem actually removes the monitoring so nothing will happen
Remove-ClusterResourceDependency – self explanatory has to do with dependencies, not critical state
Reset-ClusterVMMonitoredState – This cmdlet resets the Application Critical state of a virtual machine, so that the virtual machine is no longer marked as being in a critical state in the cluster
Clear-ClusterNode – This cmdlet helps ensure that the failover cluster configuration has been completely removed from a node that was evicted.
https://technet.microsoft.com/en-us/%5Clibrary/Hh847312(v=WPS.630).aspx
QUESTION 460
You run Get-FSRMClassificationule and you receive the following output
ClassificationMechanism : Content Classfier
ContentRegularExpression : {\d{2,}}
ContentString :
ContentStringCaseSensitive :
Description :
Disabled : False
Flags :
Lastmodified : 4/18/2015 12:59:47 AM
Name : Rule2
Namespace : {D:\}
Parameters : {FSRMClearPropertyInternal = 0}
Property : Property2
PropertyValue : Value2
ReevaluateProperty : Overwrite
PSComputerName :
ClassficationMechanism : FolderClassifier
ContentRegularExpression :
ContentString :
ContentStringCaseSensitive :
Description :
Disabled : False
Flags :
Lastmodified : 4/15/2015 9:17:16 PM
Name : Rule1
Namespace : {D:\}
Parameters : {FSRMClearPropertyInternal = 0}
Property : Property1
PropertyValue : Value1
ReevaluateProperty : Aggregate
PSComputerName :
You have a file named file1 that is stored on drive D and has the following content “111000000000111111”
You run the classification with all of the rules
Use the drop-down menus top select the answer choice that completes each statement.
File1 has [answer choice]
Only Property1 set to value1
Only Property2 set to value2
Property1 set to value1 and property2 set to value2
Neither Property1 nor Property2 set
If you modify File1 [answer choice]
Only the value of Property1 is
Only the value of Property2 is
the value of Property1 and Property2 are
Neither the value of Property1 nor the value of Property2 is
Answer:
Only Property1 set to value1
Only the value of Property1 is
The Microsoft 70-417 questions and answers in PDF on GreatExam are the most reliable study guide for 70-417 exam. Comparing with others’, our 70-417 practice test is more authoritative and complete. We provide the latest full version of 70-417 PDF and VCE dumps with new real questions and answers to ensure your 70-417 exam 100% pass.