The latest updates Microsoft Windows Server 2012 70-417 dumps, 70-417 pdf free download, 70-417 exam practice test questions to improve your skills. “Upgrading Your Skills to MCSA Windows Server 2012” 70-417 Exam. Easy to pass the exam: Pass4itsure.com!
The latest Microsoft Windows Server 2012 70-417 pdf free download
[PDF] Free Microsoft 70-417 pdf dumps download from Google Drive: https://drive.google.com/open?id=1Yt70SHE0JT1V4qXMQsxSYhHL9qxi_oGW
[PDF] Free Full Microsoft pdf dumps download from Google Drive: https://drive.google.com/open?id=1gdQrKIsiLyDEsZ24FxsyukNPYmpSUDDO
Valid information provided by Microsoft officials
Exam 70-417: Upgrading Your Skills to MCSA Windows Server 2012: https://www.microsoft.com/en-us/learning/exam-70-417.aspx
This exam is intended for IT professionals who want to validate the skills and knowledge necessary to implement the Windows Server 2012
core infrastructure services. Candidates have already earned a qualifying Windows Server 2008, Windows Server 2003, Windows Server 2000,
or Windows XP certification
pass4itsure 70-417 exam Skills measured
This exam measures your ability to accomplish the technical tasks listed below.
- Install and configure servers
- Configure server roles and features
- Configure Hyper-V
- Install and administer Active Directory
- Deploy, manage, and maintain servers
- Configure network services and access
- Configure a network policy server infrastructure
- Configure and manage Active Directory
- Configure and manage Group Policy
- Configure and manage high availability
- Configure file and storage solutions
- Implement business continuity and disaster recovery
- Configure network services
- Configure access and information protection solutions
Latest Microsoft Windows Server 2012 70-417 Exam Practice Test Questions and Answers
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller
named DC1 and a member server named Server1. Server1 has the IP Address Management (IPAM) Server feature
On DC1, you configure Windows Firewall to allow all of the necessary inbound ports for IPAM.
On Server1, you open Server Manager as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can use IPAM on Server1 to manage DNS on DC1. What should you do?
A. Add Server1 to the Remote Management Users group.
B. Modify the outbound firewall rules on Server1.
C. Add Server1 to the Event Log Readers group.
D. Modify the inbound firewall rules on Server1.
Correct Answer: C
The exhibit shows (in the details tab) that firewall rules are OK for DNS management (DNS RPC Access Status
Unblocked) But it shows too that Event log Access Status is blocked (which by the way blocks the IPAM Access Status)
=> We should solve this by adding the Server1 computer account to the Event Log Readers group Understand and
Troubleshoot IP Address Management (IPAM) in Windows Server 8 Beta (download.microsoft.com) IPAM Access
IPAM Access Settings Manual provisioning For manual provisioning, ensure that the required access settings are
appropriately configured on the target server manually. Verify Access Verify that IPAM access status is listed as
unblocked indicating that manual or GPO based provisioning is successfully complete. For the IPAM access status
value to be allowed, all of the access sub-states shown in the details pane should be marked as allowed. These access
states are: DNS RPC access status DHCP RPC access status Event log access status DHCP audit share access status
[…] Troubleshooting Access Issues If any of the access sub-states for managed server roles is showing in the Blocked
state, check that the corresponding setting is enabled on the target server. For details of access setting to sub-state
mapping refer to the IPAM Access Monitoring section in this guide. For GPO based provisioning, the GPResult
command line tool can be used to troubleshoot group policy update issues. The provisioning task setup by IPAM DHCP
and DNS GPOs creates a troubleshooting log in the location%windir%\temp named IpamDhcpLog.txt and
IpamDnsLog.txt respectively. http://social.technet.microsoft.com/Forums/en-US/winserver8gen/thread/c882c077
-61bd45f6-ab47-735bd728d3bc/ IPAM -Unblock access to a DC? The process to manually (not GPO based) unblock a
DNS/DC server is:
Enable DNS RPC access by enabling the following inbound Firewall rules:
a) DNS Service (RPC)
b) DNS Service (RPC Endpoint Mapper)
Enable remote management access by enabling the following inbound Firewall rules:
b) Service Management (RPC)
b) Remote Service Management (RPC-EPMAP)
Enable Remote Event Log Management RPC access by enabling the following inbound
a) Remote Event Log Management (RPC)
b) Remote Event Log Management (RPC-EPMAP)
Add the IPAM machine acct to the Event Log Readers domain security group. See the example below.
This view is from Active Directory Users and Computers \contoso.com \Builtin \Event Log Readers:
Also, there should be a Details tab at the bottom that summarizes whether or not the correct firewall ports and the Event
Log Access status are unblocked
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server
You pre-create a read- only domain controller (RODC) account named RODC1. You export the settings of RODC1 to a
file named File1.txt.
You need to promote RODC1 by using File1.txt.
Which tool should you use?
A. The Install-WindowsFeature cmdlet
B. The Add-WindowsFeature cmdlet
C. The Dism command
D. The Dcpromo command
E. The Install-ADDSDomainController cmdlet
Correct Answer: D
DCPromo is gone, HOWEVER, it is still used for unattend installations using unattended files. This allows administrators
the chance to get used to using powershell commands instead of the unattended file.
http://technet.microsoft.com/en-us/library/hh472162.aspx NB: http://technet.microsoft.com/en-us/library/jj205467.aspx
Install-WindowsFeature Installs one or more Windows Server roles, role services, or features on either the local or a
specified remote server that is running Windows Server 2012 R2. This cmdlet is equivalent to and replaces Add-
WindowsFeature, the cmdlet that was used to install roles, role services, and features in Windows Server 2008 R2. So
the 2 first answers are the same and we only have one choice here…
Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that
run Windows Server 2008 Service Pack 2 (SP2), Windows Server 2008 R2 Service Pack 1 (SP1), Windows Server
2012, and Windows Server 2012 R2.
A domain controller named DC1 runs Windows Server 2012 R2. DC1 is backed up daily.
During routine maintenance, you delete a group named Group1.
You need to recover Group1 and identify the names of the users who were members of Group1 prior to its deletion. You
want to achieve this goal by using the minimum amount of administrative effort. What should you do first?
A. Perform an authoritative restore of Group1.
B. Mount the most recent Active Directory backup.
C. Use the Recycle Bin to restore Group1.
D. Reactivate the tombstone of Group1.
Correct Answer: A
The Active Directory Recycle Bin does not have the ability to track simple changes to objects. If the object itself is not
deleted, no element is moved to the Recycle Bin for possible recovery in the future. In other words, there is no rollback
capacity for changes to object properties, or, in other words, to the values of these properties.
There is another approach you should be aware of. Tombstone reanimation (which has nothing to do with zombies)
provides the only way to recover deleted objects without taking a DC offline, and it\\’s the only way to recover a deleted
identity information, such as its objectGUID and objectSid attributes. It neatly solves the problem of recreating a deleted
user or group and having to fix up all the old access control list (ACL) references, which contain the objectSid of the
Restores domain controllers to a specific point in time, and marks objects in Active Directory as being authoritative with
respect to their replication partners.
You administer an Active Directory Domain Services forest that includes an Active Directory Federation Services (AD
FS) server and Azure Active Directory. The fully qualified domain name of the AD FS server is adfs.contoso.com.
You must implement single sign-on (SSO) for a cloud application that is hosted in Azure. All domain users must be able
to use SSO to access the application. You need to configure SSO for the application.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Use the Azure Active Directory Synchronization tool to configure user synchronization.
B. Use the AD FS Configuration wizard to specify the domain and administrator for the Azure Active Directory service.
C. Create a trust between AD FS and Azure Active Directory.
D. In the Azure management portal, activate directory synchronization.
Correct Answer: AC
References: https://msdn.microsoft.com/en-us/library/azure/hh967643.aspx https://msdn.microsoft.com/en-us/library/azure/jj205461.aspx
You have a Direct Access Server named Server1 running Server 2012. You need to add prevent users from accessing
websites from an Internet connection.
What should you configure?
A. Split Tunneling
B. Security Groups
C. Force Tunneling
D. Network Settings
Correct Answer: C
Your network contains two DNS servers named DNS1 and DNS2 that run Windows Server 2012 R2. DNS1 has a
primary zone named contoso.com. DNS2 has a secondary copy of the contoso.com zone.
You need to log the zone transfer packets sent between DNS1 and DNS2. What should you configure?
A. debug logging from DNS Manager
B. logging from Windows Firewall with Advanced Security
C. monitoring from DNS Manager
D. a Data Collector Set (DCS) from Performance Monitor
Correct Answer: C
Monitoring DNS with the DNS Console
The DNS management console includes functionality that enables you to use the console to monitor DNS activity:
*Event Logging tab: You can access the Event Logging tab located within the Properties dialog box of the DNS server to
specify the DNS events that you want to monitor. Through the Event Logging tab, you can limit the events which are
written to the DNS Events log.
*Monitoring tab: The Monitoring tab is also located within the Properties dialog box of the DNS server. This tab allows
you to test querying of the DNS server.
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1
that runs Windows Server 2012 and a server named Server2 that runs Windows Server 2008 R2 Service Pack 1 (SP1).
Both servers are member servers.
On Server2, you install all of the software required to ensure that Server2 can be managed remotely from Server
You need to ensure that you can manage Server2 from Server1 by using Server Manager.
Which two tasks should you perform on Server2? (Each correct answer presents part of the solution. (Choose two.)
A. Run the Enable-PSRemoting cmdlet.
B. Run the Configure-SMRemoting.psl script.
C. Run the Enable-PSSessionConfiguration cmdlet.
D. Run the Set-ExecutionPolicycmdlet.
E. Run the systempropertiesremote.exe command.
Correct Answer: BD
To configure Server Manager remote management by using Windows PowerShell
On the computer that you want to manage remotely, open a Windows PowerShell session with elevated user rights.
In the Windows PowerShell session, type the following, and then press Enter.
Set-ExecutionPolicy –ExecutionPolicyRemoteSigned (D)
Type the following, and then press Enter to enable all required firewall rule exceptions.
Configure-SMRemoting.ps1 -force –enable (B)
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain
controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are
configured as shown in the following table.
Active Directory Recycle Bin is enabled.
You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1
an hour ago.
You need to restore the membership of Group1.
What should you do?
A. Perform an authoritative restore.
B. Perform tombstone reanimation.
C. Modify the isDeleted attribute of Group1.
D. Apply a virtual machine snapshot to DC2.
Correct Answer: A
Your network contains 25 Web servers that run Windows Server 2012 R2.
You need to configure auditing policies that meet the following requirements:
Generate an event each time a new process is created.
Generate an event each time a user attempts to access a file share.
Which two auditing policies should you configure? To answer, select the appropriate two auditing policies in the answer
A. Audit access management (Not Defined)
B. Audit directory service access (Not Defined)
C. Audit logon events (Not Defined)
D. Audit object access(Not Defined)
E. Audit policy change(Not Defined)
F. Audit privilege use (Not Defined)
G. Audit process tracking (Not Defined)
H. Audit system events(Not Defined)
Correct Answer: DG
Audit Object Access
Determines whether to audit the event of a user accessing an object (for example, file, folder, registry key, printer, and
so forth) which has its own system access control list (SACL) specified.
Audit Process Tracking
Determines whether to audit detailed tracking information for events such as program activation, process exit, handle
duplication, and indirect object access.
Your network contains an Active Directory domain named contoso.com. The domain contains an organizational unit
(OU) named AHServers.OU.
You create and link a Group Policy object (GPO) named GP01 to AllServer.OU. GPO1 is configured as shown in the
exhibit. (Click the Exhibit button.)
You need to ensure that GPO1 only applies to servers that have Remote Desktop Services (RDS) installed. What
should you configure?
A. Item-level targeting
B. WMI Filtering
C. Security Filtering
D. Block Inheritance
Correct Answer: B
Windows Management Instrumentation (WMI) filters allow you to dynamically determine the scope of Group Policy
objects (GPOs) based on attributes of the target computer. When a GPO that is linked to a WMI filter is applied on the
target computer, the filter is evaluated on the target computer. If the WMI filter evaluates to false, the GPO is not
applied. If the WMI filter evaluates to true, the GPO is applied.
You have a group managed Service Account name Account01. Only three servers named Server01, Server02 and
Server03 are allowed to use Account01 service account. You plan to decommission Server01. You need to prevent
Server01 from using the Account01 service account. The solution must ensure that Server02 and Server03 continue to
use the Account01 service account.
What command should you run?
Correct Answer: D
References: https://technet.microsoft.com/en-us/library/ee617190.aspx https://www.petri.com/restrict-privileged-accounts-with-authentication-silos-in-windows-server-2012-r2
Your role of Network Administrator at ABC.com includes the management of the Active Directory Domain Services (AD
DS) domain named ABC.com. The network includes servers that run Windows Server 2012.
The network includes virtual machines (VMs) running on Windows Server 2012 Hyper-V host servers.
A Hyper-V host server named ABC-HV01 hosts several VMs for customers of the business. ABCHV01 has 64 GB of
RAM, 4 network adapters and 4 hex-core processors. To enable accurate billing for customers, you need to measure
resource usage of the VMs running on the ABC-HV01.
You need a way of measuring the following:
Average CPU usage.
Minimum, Maximum and Average physical memory usage.
Amount of disk space allocated to a virtual machine.
Total incoming and outgoing network traffic for a virtual network adapter.
What should you do?
A. You should configure Port Mirroring.
B. You should configure Resource Metering.
C. You should configure Single-root I/O virtualization.
D. You should configure Integration Services.
E. You should configure Resource control.
Correct Answer: B
Your network contains a Hyper-V host named Hyperv1. Hyperv1 runs Windows Server 2012 R2.
Hyperv1 hosts four virtual machines named VM1, VM2, VM3, and VM4. All of the virtual machines run Windows Server
You need to view the amount of memory resources and processor resources that VM4 currently uses.
Which tool should you use on Hyperv1?
A. Task Manager
B. Windows System Resource Manager (WSRM)
C. Hyper-V Manager
D. Resource Monitor
Correct Answer: C
Follow Pass4itsure free sharing of YouTube channels
We offer more ways to make it easier for everyone to learn, and YouTube is the best tool in the video. Follow channels: https://www.youtube.com/channel/UCTP5RClZrtMxtRkSvIag0DQ/videos get more useful exam content.
Latest Microsoft 70-417 YouTube videos:
Follow us! We update the latest effective exam dumps throughout the year to help you improve your skills! Microsoft Windows Server 2012 70-417 dumps share for free! Easy via 70-417 exam: https://www.pass4itsure.com/70-417.html (Q&As: 708)
Pass4itsure Promo Code 15% Off
Why Choose Pass4itsure?
Pass4itsure is the best provider of IT learning materials and the right choice for you to prepare for the Microsoft 70-417 exam. Other brands started earlier, but the price is relatively expensive and the questions are not the newest. Pass4itsure provides the latest real questions and answers with the lowest prices, help you pass 70-417 exam easily at first try.