70-411 Free Practice Test

- (Topic 3)
Your network contains an Active Directory domain named adatum.com. The domain
contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server.
The network contains two subnets named Subnet1 and Subnet2. Server1 has a DHCP scope for each subnet.
You need to ensure that noncompliant computers on Subnet1 receive different network policies than noncompliant computers on Subnet2.
Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)

1. A. The NAP-Capable Computers conditions
2. B. The NAS Port Type constraints
3. C. The Health Policies conditions
4. D. The MS-Service Class conditions
5. E. The Called Station ID constraints

Correct Answer: CD
The NAP health policy server uses the NPS role service with configured health policies and system health validators (SHVs) to evaluate client health based on administrator-defined requirements. Based on results of this evaluation, NPS instructs the DHCP server to provide full access to compliant NAP client computers and to restrict access to client computers that are noncompliant with health requirements.
If policies are filtered by DHCP scope, then MS-Service Class is configured in policy conditions.

- (Topic 3)
Your network contains two Active Directory forests named contoso.com and adatum.com. All domain controllers run Windows Server 2012 R2.
The adatum.com domain contains a Group Policy object (GPO) named GPO1. An administrator from adatum.com backs up GPO1 to a USB flash drive.
You have a domain controller named dc1.contoso.com. You insert the USB flash drive in dc1.contoso.com.
You need to identify the domain-specific reference in GPO1. What should you do?

1. A. From the Migration Table Editor, click Populate from Backup.
2. B. From Group Policy Management, run the Group Policy Modeling Wizard.
3. C. From Group Policy Management, run the Group Policy Results Wizard.
4. D. From the Migration Table Editor, click Populate from GPO.

Correct Answer: A

- (Topic 1)
Your network contains two Active Directory forests named contoso.com and dev.contoso.com. The contoso.com forest contains a domain controller named DC1. The dev.contoso.com forest contains a domain controller named DC2. Each domain contains an organizational unit (OU) named OU1.
Dev.contoso.com has a Group Policy object (GPO) named GPO1. GPO1 contains 200 settings, including several settings that have network paths. GPO1 is linked to OU1.
You need to copy GPO1 from dev.contoso.com to contoso.com. What should you do first on DC2?

1. A. From the Group Policy Management console, right-click GPO1 and select Copy.
2. B. Run the mtedit.exe command and specify the /Domaintcontoso.com /DC: DC 1 parameter.
3. C. Run the Save-NetGpocmdlet.
4. D. Run the Backup-Gpocmdlet.

Correct Answer: A
To copy a Group Policy object:
In the GPMC console tree, right-click the GPO that you want to copy, and then click Copy. To create a copy of the GPO in the same domain as the source GPO, right-click Group Policy objects, click Paste, specify permissions for the new GPO in the Copy GPO box, and then click OK.
For copy operations to another domain, you may need to specify a migration table.
The Migration Table Editor (MTE) is provided with Group Policy Management Console (GPMC) to facilitate the editing of migration tables. Migration tables are used for copying or importing Group Policy objects (GPOs) from one domain to another, in cases where the GPOs include domain-specific information that must be updated during copy or import. Source WS2008R2: Backup the existing GPOs from the GPMC, you need to ensure that the “Group Policy Objects” container is selected for the “Backup Up All” option to be available.
Copy a Group Policy Object with the Group Policy Management Console (GPMC)
You can copy a Group Policy object (GPO) either by using the drag-and-drop method or right-click method.
Applies To: Windows 8, Windows Server 2008 R2, Windows Server 2012
References:
http://technet.microsoft.com/en-us/library/cc785343(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc733107.aspx

- (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains three servers. The servers are configured as shown in the following table.
<>>

1. A. From the Remote Access Management Console, reload the configuration.
2. B. Add Server2 to a security group in Active Directory.
3. C. Restart the IPSec Policy Agent service on Server2.
4. D. From the Remote Access Management Console, modify the Infrastructure Servers settings.
5. E. From the Remote Access Management Console, modify the Application Servers settings.

Correct Answer: BE
Unsure about these answers:
✑ A public key infrastructure must be deployed.
✑ Windows Firewall must be enabled on all profiles.
✑ ISATAP in the corporate network is not supported. If you are using ISATAP, you should remove it and use native IPv6.
✑ Computers that are running the following operating systems are supported as DirectAccess clients:
Windows Server® 2012 R2
Windows 8.1 Enterprise
Windows Server® 2012
Windows 8 Enterprise Windows Server® 2008 R2 Windows 7 Ultimate
Windows 7 Enterprise
✑ Force tunnel configuration is not supported with KerbProxy authentication.
✑ Changing policies by using a feature other than the DirectAccess management console or Windows PowerShell cmdlets is not supported.
✑ Separating NAT64/DNS64 and IPHTTPS server roles on another server is not supported.

- (Topic 3)
Your network contains an Active Directory domain named contoso.com. You create a new user account named Admin5.
You need to ensure that Admin5 can create Group Policy objects (GPOs) and link the GPOs to all of the organizational units (OUs) in the domain. Admin5 must be prevented from modifying GPOs created by other administrators.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

1. A. From Active Directory Users and Computers, modify the members of the Network Configuration Operators group.
2. B. From Active Directory Users and Computers, modify the Security settings of the Admin5 user account.
3. C. From Group Policy Management, click the Group Policy Objects node and modify the Delegation settings.
4. D. From Group Policy Management, click the contoso.com node and modify the Delegationsettings.
5. E. From Active Directory Users and Computers, modify the members of the Group Policy Creator Owners group.

Correct Answer: CD