QUESTION 71    
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. You pre-create a read-only domain controller (P.QDC) account named RODC1. You export the settings of RODC1 to a file named File1.txt. You need to promote RODC1 by using File1.txt.     
Which tool should you use?
A.    The Dcpromo command    
B.    The Install-WindowsFeature cmdlet     
C.    The Install-ADDSDomainController cmdlet     
D.    The Add-WindowsFeature cmdlet     
E.    The Dism command
Answer: A  
Explanation:     
http://technet.microsoft.com/en-us/library/jj574152.aspx     
If you have experience creating read-only domain controllers, you will discover that the installation wizard has the same graphical interface as seen when using the older Active Directory Users and Computers snap-in from Windows Server 2008 and uses the same code, which includes exporting the configuration in the unattend file format used by the obsolete dcpromo."     
"The Summary dialog enables you to confirm your settings. This is the last opportunity to stop the installation before the wizard creates the staged account. Click Next when you are ready to create the staged RODC computer account. Click Export Settings to save an answer file in the obsolete dcpromo unattend file format."
QUESTION 72    
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2008 R2. The domain contains three servers that run Windows Server 2012 R2.     
   
     
Server1 and Server2 are configured in a Network Load Balancing (NLB) cluster. The NLB cluster hosts a website named Web1 that uses an application pool named App1. Web1 uses a database named DB1 as its data store.     
You create an account named User1.     
You configure User1, as the identity of App1. You need to ensure that contoso.com domain users accessing Web1 connect to DB1 by using their own credentials.     
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A.    Configure the delegation settings of Server3.    
B.    Create a Service Principal Name (SPN) for User1.     
C.    Configure the delegation settings of User1.     
D.    Create a matching Service Principal Name (SPN) for Server1 and Server2.     
E.    Configure the delegation settings of Server1 and Server2.
Answer: BE    
Explanation:     
A. Delegation needs to be setup on the IIS web servers for the application pool identity     
B. Correct user: When an IIS application runs under a domain user account instead of under the default network service account, you must set the SPN for the HTTP service under the domain account.     
C. Delegation settings need to be set on server 1 & 2     
D. SPN needs to be created for the application pool identity account     
E. In a distributed application (Split app/db) the IIS/web servers to be trusted for delegation to impersonate/pasusers     
http://technet.microsoft.com/en-us/library/hh831797.aspx     
http://technet.microsoft.com/en-us/library/cc961723.aspx     
http://technet.microsoft.com/en-us/library/cc739764(v=ws.10).aspx     
http://technet.microsoft.com/en-us/library/ee675779.aspx
QUESTION 73    
Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012 R2. A support technician accidentally deletes a user account named User1.     
You need to use tombstone reanimation to restore the User1 account.     
Which tool should you use?
A.    Ntdsutil    
B.    Ldp     
C.    Esentutl     
D.    Active Directory Administrative Center
Answer: B    
Explanation:     
A. You can use the ntdsutil commands to perform database maintenance of AD DS, manage and control single master operations, and remove metadata     
B. use Ldp.exe to restore a single, deleted Active Directory object     
C. Provides database utilities for the Extensible Storage Engine (ESE) for Windows Vista.     
D. ADAC offers no options to restore deleted objects     
http://technet.microsoft.com/nl-nl/library/dd379509(v=ws.10).aspx#BKMK_2 http://technet.microsoft.com/en-us/magazine/2007.09.tombstones.aspx http://technet.microsoft.com/en-us/library/hh875546.aspx     
http://technet.microsoft.com/en-us/library/dd560651(v=ws.10).aspx
QUESTION 74    
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC4 that runs Windows Server 2012 R2. You create a DCCloneConfig.xml file. You need to clone DC4.     
Where should you place DCCloneConfig.xml on DC4?
A.    %Systemroot%\SYSVOL    
B.    %Programdata%\Microsoft     
C.    %Systemroot%\NTDS     
D.    %Systemdrive%
Answer: C    
Explanation:     
As the output shows, the XML file is written to c:\windows\ntds. That’s one of three valid locations where the file can be placed for cloning. All three locations are:     
%windir%\NTDS     
Wherever the DIT lives (if you’ve changed the path to D:\NTDS, for example) the root of any removable media
QUESTION 75    
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. You run ntdsutil {as shown in the exhibit}. You need to ensure that you can access the contents of the mounted snapshot.     
What should you do?     
 ![clip_image002_thumb_thumb_thumb_thum[1]_thumb_thumb clip_image002_thumb_thumb_thumb_thum[1]_thumb_thumb](http://examgod.com/l2pimages/a4557f7b2997_D667/clip_image002_thumb_thumb_thumb_thum1_thumb_thumb_thumb.jpg)
A.    From a command prompt, run dsamain.exe -dbpath c:\$snap_201204131056_volumec$\windows\ntds    
\ntds.dit – Idapport 33389.     
B.    From a command prompt, run dsamain.exe -dbpath c:\$snap_201204131056_volumec$\windows\ntds     
\ntds.dit – Idapport 389.     
C.    From the snapshot context of ntdsutil, run activate instance "NTDS".     
D.    From the snapshot context of ntdsutil, run mount (79f94f82-5926-4f44-8af0-2f56d827a57d).
Answer: A    
Explanation:     
A. Custom port needs to be defined when mounting to allow access from ADUC B. 389 is used as the standard ldap port     
C. Run prior to mount and after the mount run dsamain Sets NTDS or a specific AD LDS instance as the active instance.     
D. mounts a specific snap shot as specified by guid, using the snapshot mounted you needs to run dsamain to start an instance of AD     
http://technet.microsoft.com/en-us/library/cc753609(v=ws.10).aspx
QUESTION 76    
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. On DC1, you add a new volume and you stop the Active Directory Domain Services (AD DS) service.     
You run ntdsutil.exe and you set NTDS as the active instance. You need to move the Active Directory database to the new volume.     
Which Ntdsutil context should you use?
A.    Configurable Settings    
B.    Partition management     
C.    IFM     
D.    Files
Answer: D    
Explanation:     
A. Aids in modifying the time to live (TTL) of dynamic data that is stored in Active Directory Domain Services (AD DS). At the configurable setting: prompt, type any of the parameters listed under Syntax.     
B. Manages directory partitions for Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS).     
C. Creates installation media for writable (full) domain controllers, read-only domain controllers (RODCs), and instances of Active Directory Lightweight Directory Services (AD LDS).     
D. ntdsutil move db to %s Moves the directory service log files to the new directory specified by %s, and updates the registry so that, upon service restart, the directory service uses the new location. http://technet.microsoft.com/en-us/library/cc753343(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc755229(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc730970(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc732530(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc753900(v=ws.10).aspx
QUESTION 77    
You have a server named Server1 that has the Web Server (IIS) server role installed. You obtain a Web Server certificate.     
You need to configure a website on Server1 to use Secure Sockets Layer (SSL).     
To which store should you import the certificate?     
   
     
Answer:     
  ![clip_image0016_thumb_thumb_thumb_thu[2]_thumb_thumb clip_image0016_thumb_thumb_thumb_thu[2]_thumb_thumb](http://examgod.com/l2pimages/a4557f7b2997_D667/clip_image0016_thumb_thumb_thumb_thu2_thumb_thumb_thumb.jpg) 
     
Explanation:     
http://technet.microsoft.com/en-us/library/cc740068(v=ws.10).aspx
QUESTION 78    
Your network contains an Active Directory domain named contoso.com. You create a user account named User1. The properties of User1 are shown in the exhibit. (Click the Exhibit button.)     
You plan to use the User1 account as a service account. The service will forward authentication requests to other servers.     
You need to ensure that you can view the Delegation tab from the properties of the User1 account.     
What should you do first?     
 ![clip_image0018_thumb_thumb_thumb_thu[1]_thumb_thumb clip_image0018_thumb_thumb_thumb_thu[1]_thumb_thumb](http://examgod.com/l2pimages/a4557f7b2997_D667/clip_image0018_thumb_thumb_thumb_thu1_thumb_thumb_thumb.jpg)
A.    Modify the Security settings of User1.    
B.    Modify the user principal name (UPN) of User1.     
C.    Configure a Service Principal Name (SPN) for User1.     
D.    Configure the Name Mappings of User1.
Answer: C    
Explanation:     
If you cannot see the Delegation tab, do one or both of the following:     
Register a Service Principal Name (SPN) for the user account with the Setspn utility in the support tools on your CD. Delegation is only intended to be used by service accounts, which should have registered SPNs, as opposed to a regular user account which typically does not have SPNs.     
Raise the functional level of your domain to Windows Server 2003. For more information, see Related Topics.     
http://technet.microsoft.com/en-us/library/cc739474(v=ws.10).aspx
QUESTION 79    
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. On all of the domain controllers, Windows is installed in C:\Windows and the Active Directory database is located in D:\Windows\NTDS\. All of the domain controllers have a third-party application installed. The operating system fails to recognize that the application is compatible with domain controller cloning. You verify with the application vendor that the application supports domain controller cloning. You need to prepare a domain controller for cloning.     
What should you do?
A.    In D:\Windows\NTDS\, create an XML file named DCCloneConfig.xml and add the application    
information to the file.     
B.    In D:\Windows\NTDS\, create an XML file named CustomDCCloneAllowList.xml and add the application     
information to the file.     
C.    In the root of a USB flash drive, add the application information to an XML file named DefaultDCClone     
AllowList.xml.     
D.    In D:\Windows\NTDS, create an XML file named DefaultDCCloneAllowList.xml and add the application     
information to the file.
Answer: B    
Explanation:     
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in-active- directory-domainservices-in-windows-server-2012-part-13-domain-controller-cloning.aspx     
Place the CustomDCCloneAllowList.xml file in the same folder as the Active Directory database (ntds.dit) on the source Domain Controller.
QUESTION 80    
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. On all of the domain controllers, Windows is installed in C:\Windows and the Active Directory database is located in D:\Windows\NTDS\. All of the domain controllers have a third-party application installed. The operating system fails to recognize that the application is compatible with domain controller cloning.     
You verify with the application vendor that the application supports domain controller cloning.     
You need to prepare a domain controller for cloning.     
What should you do?
A.    In the root of a USB flash drive, add the application information to an XML file named DefaultDCClone    
AllowList.xml.     
B.    In C:\Windows\system32\sysprep\actionfiles\, add the application information to an XML file named     
Specialize .xml.     
C.    In D:\Windows\NTDS\, create an XML file named CustomDCCloneAllowList.xml and add the application     
information to the file.     
D.    In C:\Windows\system32\sysprep\actionfiles\add the application information to an XML file named     
Respecialize .xml.
Answer: C
Download Braindump2go’s Latest Microsoft 70-411 Dump Full Version For Free: http://www.braindump2go.com/70-411.html





