I’m currently studying for Microsoft exam 70-417. I do enjoy studying for exams. It’s hard, but it’s an excellent forcing function. I learn bits and pieces here and there now and then about this and that, but when I have an exam schedule for a set date, I have to study! And not only do I put in more hours, but I follow a more systematic approach. In this article, I’m going to share GreatExam braindumps in case you too are studying and this method works for you.
QUESTION 461
Drag and Drop Question
You network contains one Active Directory domain. The domain contains two Hyper-V Hosts named Host1 and Host2 that run Windows Server 2012 R2. Host1 contains a virtual machine named DC5. DC5 is a domain controller that run Windows Server 2012 R2.
You configure Active Directory to support domain controller cloning for DC5, and then you shut down DC5.
You need to create a clone of DC5 on Host2
What should you run on each Hyper-V Host ? To answer Drag the appropriate commands or cmdlets to the correct Hyper-V hosts. Each command or cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Explanation:
Use import and export feature, when you want to create a new virtual machine with the same configuration of an existing machine in Hyper-V.
The Export-VM cmdlet exports a virtual machine to disk.
The Import-VM cmdlet imports a virtual machine from a file.
Reference: Overview of exporting and importing a virtual machine
https://technet.microsoft.com/en-us/library/hh831535.aspx
QUESTION 462
You network contains one Active Directory domain named adatum.com.
The domain contains a DNS server named Server1 that runs Windows Server 2012 R2.
All domain computers use Server1 for DNS.
You sign adatum.com by using DNSSEC.
You need to configure the domain computers to validate DNS responses for adatum.com records.
What should you configure in Group Policy?
A. Network List Manager Policies
B. Network Access Protection (NAP)
C. Name Resolution Policy
D. Public Key Policy
Answer: C
Explanation:
Name resolution policy needs to be configured in group policy.
“In both example 1 and example 2, validation is not required for the secure.contoso.com zone because the Name Resolution Policy Table (NRPT) is not configured to require validation.”
https://technet.microsoft.com/en-us/library/jj200221.aspx
QUESTION 463
Note: This questions is part of series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series.
Each question is independent of the other questions in this series.
Information and details provided in a question apply only to that question.
Your network contains one Active Directory forest named contoso.com.
The forest contains two child domains and six domain controllers.
The domain controllers are configured as shown in the following table.
You need to add an additional UPN Suffix.
What should you use?
A. Set-ADSite
B. Set-ADReplicationSite
C. Set-ADDomain
D. Set-ADReplicationSiteLink
E. Set-ADGroup
F. Set-ADForest
G. Netdom
Answer: F
Explanation:
https://technet.microsoft.com/en-us/library/dd391925(v=ws.10).aspx
QUESTION 464
Note: This questions is part of series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series.
Each question is independent of the other questions in this series.
Information and details provided in a question apply only to that question.
Your network contains one Active Directory forest named contoso.com.
The forest contains two child domains and six domain controllers.
The domain controllers are configured as shown in the following table.
You need to replicate users who haven’t authenticated against any domain controllers for the last 7 days.
What should you use?
A. Set-ADSite
B. Set-ADReplicationSite
C. Set-ADDomain
D. Set-ADReplicationSiteLink
E. Set-ADGroup
F. Set-ADForest
G. Netdom
Answer: C
Explanation:
https://technet.microsoft.com/en-us/library/ee617212.aspx
QUESTION 465
Note: This questions is part of series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series.
Each question is independent of the other questions in this series.
Information and details provided in a question apply only to that question.
Your network contains one Active Directory forest named contoso.com.
The forest contains two child domains and six domain controllers.
The domain controllers are configured as shown in the following table.
You need to enable universal group membership caching for the Europe office and Asia office sites.
What should you use?
A. Set-ADSite
B. Set-ADReplicationSite
C. Set-ADDomain
D. Set-ADReplicationSiteLink
E. Set-ADGroup
F. Set-ADForest
G. Netdom
Answer: B
Explanation:
https://technet.microsoft.com/en-us/library/hh852305(v=wps.630).aspx
QUESTION 466
Note: This questions is part of series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series.
Each question is independent of the other questions in this series.
Information and details provided in a question apply only to that question.
Your network contains one Active Directory forest named contoso.com.
The forest contains two child domains and six domain controllers.
The domain controllers are configured as shown in the following table.
For the contoso.com domain, a company policy states that administrators must be able to retrieve a list of all the users who have not logged on to the network in the last seven days from any domain controller.
You need to ensure that the users’ last logon information from the last seven days is replicated to all of the domain controllers.
What should you use?
A. Set-ADSite
B. Set-ADReplicationSite
C. Set-ADDomain
D. Set-ADReplicationSiteLink
E. Set-ADGroup
F. Set-ADForest
G. Netdom
Answer: C
Explanation:
https://technet.microsoft.com/en-us/library/ee617212.aspx
QUESTION 467
You have an enterprise certification authority (CA) named CA1.
You configure a recovery agent for CA1.
On CA1, you create a new certificate template named CertTemplate1, and then you configure CA1 to allow certificates to be requested based on CertTemplate1.
You need to ensure that new certificates issued based on CertTemplate1 can be recovered.
What should you do?
A. From the Certification Authority console, modify the enrollment agents of CA1.
B. From the Certification Authority console, modify the enrollment managers of CA1.
C. From the Certification Templated console, modify the Issuance Requirements setting of CertTemplate1.
D. From the Certification Templated console, modify the Request Handling setting of CertTemplate1.
Answer: C
QUESTION 468
Your network contains one Active Directory domain.
The domain contains two Hyper-V hosts named Host1 and Host2 that run Windows Server 2012 R2.
Host1 contains a virtual machine named VM1.
You plan to move VM1 to Host2.
You need to generate a report that lists any configuration issues on Host2 that will prevent VM1 from being moved successfully.
Which cmdlet should you use?
A. Move-VM
B. Test-VHD
C. Debug-VM
D. Compare-VM
Answer: D
Explanation:
https://technet.microsoft.com/en-us/library/hh848612(v=wps.630).aspx
QUESTION 469
Hotspot Question
You run Get-ISCSIServerTarget and you receive the following output.
Use the drop-down menus to select the answer choice that completes each statement.
Answer:
QUESTION 470
Hotspot Question
Your network contains one Active Directory forest named contoso.com.
The forest contains the domain controllers configured as shown in the following table.
You perform the following actions:
– Create a file named File1.txt in the SYSVOL folder on DC1.
– Create a user named User1 on DC4.
You need to identify on which domain controller or controllers a copy of each object is stored.
What should you identify? To answer, select the appropriate options in the answer area.
Answer:
QUESTION 471
Note: This questions is part of series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series.
Each question is independent of the other questions in this series.
Information and details provided in a question apply only to that question.
Your network contains one Active Directory forest named contoso.com.
The forest contains two child domains and six domain controllers.
The domain controllers are configured as shown in the following table.
You need to prevent administrators from accidentally deleting any of the sites in the forest.
What should you use?
A. Set-ADSite
B. Set-ADReplicationSite
C. Set-ADDomain
D. Set-ADReplicationSiteLink
E. Set-ADGroup
F. Set-ADForest
G. Netdom
Answer: B
Explanation:
The Set-ADReplicationSite sets the replication properties for an Active Directory site.
Parameter: -ProtectedFromAccidentalDeletion<Boolean> Specifies whether to prevent the object from being deleted. When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are:
— $False or 0
— $True or 1
https://technet.microsoft.com/en-us/library/hh852305(v=wps.630).aspx
QUESTION 472
Hotspot Question
You build a test environment. The test environment contains one Active Directory forest.
The forest contains a single domain named contoso.com.
The domain contains the servers configured as shown in the following table.
You run the following commands.
New-ADReplicationSite Site1
New-ADReplicationSite Site2
New-ADReplicationSubnet -Name “192.168.1.0/24” -Site Site1
New-ADReplicationSubnet -Name “192.168.2.0/24” -Site Site2
New-ADReplicationSiteLink -Name “SiteLink1” -SitesIncluded Site1,Site2 -Cost 100 – ReplicationFrequencyInMinutes 15
You promote Server3 and Server4 to domain controllers by using the default options.
Use the drop-down menus to select the answer choice that completes each statement.
Answer:
QUESTION 473
Your network contains an active directory domain anmed contoso.com.
The domain contains the server named server1 that runs Sindows Server 2012 R2.
Server1 has the active directory rights management services server role installed.
The domain contains a domain local group named group1
You create a rights policy template named template1.
You need to ensure that all the members of group1 can use template1.
What should you do?
A. Convert the scope of group1 to universal and assign group1 the rights to template1
B. Convert the scope of group1 to global and configure the email address attribute of group1.
C. Configure the email address attribute of group1 and configure the email address attribute of all the users are members of group1.
D. Configure the email address of all the users who are members of group1 and assign group1 the rights to template1.
Answer: D
QUESTION 474
Hotspot Question
Your network contains one Active Directory domain.
The domain contains an enterprise certification authority (CA).
You need to ensure that members of a group named Group1 can issue certificates for the User certificate template only.
Which two tabs should you use to perform the configuration? To answer, select the appropriate tabs in the answer area.
Answer:
QUESTION 475
Your network contains an Active Directory domain named contoso.com.
A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS) on a server named Server1.
After the proof of concept was complete, the Active Directory Rights Management Services server role was removed.
You attempt to deploy AD RMS.
During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service Connection Point (SCP) was found.
You need to ensure that clients will only attempt to establish connections to the new AD RMS deployment.
Which should you do?
A. From DNS, remove the records for Server1.
B. From DNS, increase the priority of the DNS records for the new deployment of AD RMS.
C. From Active Directory, remove the computer object for Server1.
D. From Active Directory, remove the SCP.
Answer: D
Explanation:
The Active Directory Rights Management Services (AD RMS) Service Connection Point (SCP) is an object in Active Directory that holds the web address of the AD RMS certification cluster. AD RMS-enabled applications use the SCP to discover the AD RMS service; it is the first connection point for users to discover the AD RMS web services.
Only one SCP can exist in your Active Directory forest. If you try to install AD RMS and an SCP already exists in your forest from a previous AD RMS installation that was not properly deprovisioned, the new SCP will not install properly. It must be removed before you can establish the new SCP.
http://social.technet.microsoft.com/wiki/contents/articles/710.the-ad-rms-service-connection-point.aspx
QUESTION 476
Your network contains one Active Directory domain named contoso.com.
The domain contains the domain controllers configured as shown in the following table.
The functional level of the domain and the forest is Windows Server 2008.
An administrator named Admin1 is a member of the Domain Admins group.
You need to ensure that Admin1 can deploy a Windows Server 2012 R2 domain controller to contoso.com.
What should you do?
A. Raise the forest functional level.
B. Run the Set-ADForestMode cmdlet.
C. Raise the domain functional level.
D. Run the adprep.exe command.
Answer: D
Explanation:
Adprep.exe commands run automatically as needed as part of the AD DS installation process on servers that run Windows Server 2012 or later. The commands need to run in the following cases:
* Before you add the first domain controller that runs a version of Windows Server that is later than the latest version that is running in your existing domain.
* Before you upgrade an existing domain controller to a later version of Windows Server, if that domain controller will be the first domain controller in the domain or forest to run that version of Windows Server.
https://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx
QUESTION 477
You have a DNS server named Server1 that runs Windows Server 2012 R2.
Server1 has the zones shown in the following output.
You need to delegate permissions to modify the records in the adatum.com zone to a group named Group1.
What should you do first?
A. Enable the distribution of the trust anchors for adatum.com.
B. Unsign adatum.com.
C. Store adatum.com in Active Directory.
D. Update the server data file for adatum.com.
Answer: B
Explanation:
When a zone is signed with DNSSEC, the DNS server will explicitly block attempts to change the zone replication scope or zone type. This is primarily to avoid complexities related to key storage when DNSSEC signing keys are stored in Active Directory. To change the zone replication scope, you must first unsign the zone.
https://technet.microsoft.com/en-us/library/dn593637.aspx#poc
QUESTION 478
Your network contains one Active Directory domain named contoso.com.
The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2.
All domain computers have certificates that are issued by a certification authority (CA) named Contoso CA.
A user named User1 performs daily backups of the data on Server1 to a backup vault named Vault1. A user named User2 performs daily backups of the data on Server2 to a vault named Vault2.
You have the administrative credentials for Server2.
You need to restore the data from that last backup of Server1 to Server2.
Which two pieces of information do you require to complete the task? Each correct answer presents part of the solution.
A. the Microsoft Azure subscription credentials
B. the Vault2 credentials
C. the User1 credentials
D. the Vault1 credentials
E. the Server1 certificate
F. the Server2 certificate
G. the Server1 passphrase
H. the Server2 passphrase
Answer: DG
Explanation:
We need the Vault1 credentials to be able to access the data in Vault1.
We need the passphrase of Server1 to access the backup that was made on Server1.
http://blogs.technet.com/b/rmurphy/archive/2014/12/02/microsoft-azure-backup.aspx
QUESTION 479
Your network contains an Active Directory forest named contoso.com.
Users frequently access the website of an external partner company.
The URL of the website is http://partners.adatum.com.
The partner company informs you that it will perform maintenance on its Web server and that the IP addresses of the Web server will change.
After the change is complete, the users on your internal network report that they fail to access the website. However, some users who work from home report that they can access the website.
You need to ensure that your DNS servers can resolve partners.adatum.com to the correct IP address immediately.
What should you do?
A. Run ipconfig and specify the FlushDns parameter.
B. Run ipconfig and specify the Renew parameter.
C. Run dnscmd and specify the ClearCache parameter.
D. Run Set-DnsServerResourceRecordAging.
Answer: C
Explanation:
We cane clear the DNS cache on the DNS server with either Dnscmd /ClearCache (from command prompt) or Clear-DnsServerCache (from Windows PowerShell).
https://technet.microsoft.com/en-us/library/cc772069.aspx
QUESTION 480
Hotspot Question
Your network contains one Active Directory forest.
The forest has three sites configured as shown in the following table.
The forest contains the site links configured as shown in the following table.
A domain controller named DC2 has an IP address of 192.168.2.2. DC2 and is in Site2.
You run the following cmdlets.
New-ADReplicationSite Site3
New-ADReplacationSubnet -Name “192.168.3.0/24” -Site Site3
Use the drop-down menus to select the answer choice that completes each statement.
Answer:
If you want to prepare for 70-417 exam in shortest time, with minimum effort but for most effective result, you can use GreatExam 70-417 practice test which simulates the actual testing environment and allows you to focus on various sections of 70-417 exam. Best of luck!