QUESTION 11
Your network contains an Active Directory domain named fabrikam.com. 
You implement DirectAccess and an IKEv2 VPN. 
You need to view the properties of the VPN connection.
Which connection properties should you view? 
To answer, select the appropriate connection properties in the answer area.
 
Answer: 
 
Explanation:
http://technet.microsoft.com/en-us/library/jj613767.aspx
 
QUESTION 12
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. On Server1, you create a network policy named PPTP_Policy. 
You need to configure PPTP_Policy to apply only to VPN connections that use the PPTP protocol.
What should you configure in PPTP_Policy?
A.    The Service Type
B.    The Tunnel Type
C.    The Framed Protocol
D.    The NAS Port Type
Answer: B
Explanation:
A. Restricts the policy to only clients specifying a certain type of service, such as Telnet or Point to Point Protocol connections.
B. Restricts the policy to only clients that create a specific type of tunnel, such as PPTP or L2TP.
C. Restricts the policy to clients that specify a certain framing protocol for incoming packets, such as PPP or SLIP.
D. Allows you to specify the type of media used by the client computer to connect to the network. http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx
 ![clip_image001[4]_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb clip_image001[4]_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb](http://examgod.com/l2pimages/c383d410d651_9E3C/clip_image0014_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb.jpg)
QUESTION 13
Your network contains a RADIUS server named Server1. 
You install a new server named Server2 that runs Windows Server 2012 R2 and has Network Policy Server (NPS) installed. 
You need to ensure that all accounting requests for Server2 are forwarded to Server1. 
On Server2, you configure a Connection Request Policy.
What else should you configure on Server2? 
To answer, select the appropriate node in the answer area.
 ![clip_image001[6]_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb clip_image001[6]_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb](http://examgod.com/l2pimages/c383d410d651_9E3C/clip_image0016_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb.jpg)
Answer: 
 ![clip_image002[4]_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb clip_image002[4]_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb](http://examgod.com/l2pimages/c383d410d651_9E3C/clip_image0024_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb.gif)
Explanation:
When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the domain where the user or computer account is located. For example, if you want to forward connection requests to one or more RADIUS servers in untrusted domains, you can configure NPS as a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain. To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages.
When you configure a remote RADIUS server group in NPS and you configure a connection request policy with the group, you are designating the location where NPS is to forward connection requests. 
http://technet.microsoft.com/en-us/library/cc754518.aspx
QUESTION 14
Your network contains two Active Directory forests named contoso.com and adatum.com. The contoso.com forest contains a server named server1.contoso.com. The adatum.com forest contains a server named server2.adatum.com. Both servers have the Network Policy Server role service installed. The network contains a server named Server3. Server3 is located in the perimeter network and has the Network Policy Server role service installed. 
You plan to configure Server3 as an authentication provider for several VPN servers. 
You need to ensure that RADIUS requests received by Server3 for a specific VPN server are always forwarded to server1.contoso.com.
Which two should you configure on Server3? (Each correct answer presents part of the solution. Choose two.)
A.    Network policies
B.    Remote RADIUS server groups
C.    Connection authorization policies
D.    Remediation server groups
E.    Connection request policies
Answer: BE
Explanation:
When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the domain where the user or computer account is located. For example, if you want to forward connection requests to one or more RADIUS servers in untrusted domains, you can configure NPS as a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain.
To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages.
When you configure a remote RADIUS server group in NPS and you configure a connection request policy with the group, you are designating the location where NPS is to forward connection requests. 
http://technet.microsoft.com/en-us/library/cc754518.aspx
QUESTION 15
Your network contains an Active Directory domain named fabrikam.com. 
You implement DirectAccess. 
You need to view the properties of the DirectAccess connection.
Which connection properties should you view? To answer, select the appropriate connection properties in the answer area.
 ![clip_image001[8]_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb clip_image001[8]_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb](http://examgod.com/l2pimages/c383d410d651_9E3C/clip_image0018_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb.jpg)
Answer: 
 ![clip_image002[6]_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb clip_image002[6]_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb](http://examgod.com/l2pimages/c383d410d651_9E3C/clip_image0026_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb.gif)
Explanation:
http://technet.microsoft.com/en-us/library/jj613767.aspx
 ![clip_image002[4]_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb clip_image002[4]_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb](http://examgod.com/l2pimages/c383d410d651_9E3C/clip_image0024_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb.jpg)
QUESTION 16
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. 
You enable and configure Routing and Remote Access (RRAS) on Server1. 
You create a user account named User1. 
You need to ensure that User1 can establish VPN connections to Server1.
What should you do?
A.    Add a RADIUS client.
B.    Create a connection request policy.
C.    Modify the members of the Remote Management Users group.
D.    Modify the Dial-in setting of User1.
Answer: D
Explanation:
D. Access permission is also granted or denied based on the dial-in properties of each user account. 
http://technet.microsoft.com/en-us/library/cc772123.aspx
QUESTION 17
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2. The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link. Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com. You need to configure Server1 to support the resolution of names in fabrikam.com. The solution must ensure that users in contoso.com can resolve names in fabrikam.com if the WAN link fails.
What should you do on Server1?
A.    Add a forwarder.
B.    Create a stub zone.
C.    Create a conditional forwarder.
D.    Create a secondary zone.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc771898.aspx 
When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary source for information about this zone. The zone at this server must be obtained from another remote DNS server computer that also hosts the zone With secondary, you have ability to resolve records from the other domain even if its DNS servers are temporarily unavailable
While secondary zones contain copies of all the resource records in the corresponding zone on the master name server, stub zones contain only three kinds of resource records:
A copy of the SOA record for the zone.
Copies of NS records for all name servers authoritative for the zone. Copies of A records for all name servers authoritative for the zone. 
http://www.windowsnetworking.com/articles-tutorials/windows-2003/DNS_Stub_Zones.html http://technet.microsoft.com/en-us/library/cc771898.aspx http://redmondmag.com/Articles/2004/01/01/The-Long-and-Short-of-Stub-Zones.aspx?Page=2
QUESTION 18
Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed. Server1 hosts a primary zone for contoso.com. Server2 hosts a secondary zone for contoso.com. The zone is not configure to notify secondary servers of changes automatically. 
You update several records on Server1. 
You need to force the replication of the contoso.com zone records from Server1 to Server2.
What should you do from Server2?
A.    Right-click Server2 and click Update Server Data Files.
B.    Right-click Server2 and click Refresh.
C.    Right-click the contoso.com zone and click Reload.
D.    Right-click the contoso.com zone and click Transfer from Master.
Answer: D
Explanation:
A. For standard primary zones, this procedure causes the DNS server to immediately write its in- memory changes out to disk for storage with the zone file.
D. Initiates zone transfer from secondary server
http://technet.microsoft.com/en-us/library/cc786985(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc779391(v=ws.10).aspx
QUESTION 19
Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8. Your company has users who work from home. Some of the home users have desktop computers. Other home users have laptop computers. All of the computers are joined to the domain. All of the computer accounts are members of a group named Group1. Currently, the home users access the corporate network by using a PPTP VPN. 
You implement DirectAccess by using the default configuration and you specify Group1 as the DirectAccess client group. The home users who have desktop computers report that they cannot use DirectAccess to access the corporate network. The home users who have laptop computers report that they can use DirectAccess to access the corporate network. 
You need to ensure that the home users who have desktop computers can access the network by using DirectAccess.
What should you modify?
A.    The security settings of the computer accounts for the desktop computers
B.    The membership of the R.AS and IAS Servers group
C.    The WMI filter for Direct Access Client Settings GPO
D.    The conditions of the Connections to Microsoft Routing and Remote Access server policy
Answer: C
Explanation:
C. By default, the Getting Started Wizard deploys DirectAccess to all laptops and notebook computers in the domain by applying a WMI filter to the client settings GPO http://technet.microsoft.com/en-us/library/jj574097.aspx
QUESTION 20
You have a DNS server named Server1 that has a Server Core Installation on Windows Server 2012 R2. 
You need to view the time-to-live (TTL) value of a name server (NS) record that is cached by the DNS Server service on Server1.
What should you run?
A.    Show-DNSServerCache
B.    dnscacheugc.exe
C.    ipconfig.exe /displaydns
D.    nslookup.exe
Answer: A
Explanation:
Show-DnsServerCache – Shows the records in a DNS Server Cache.
The Show-DNSServerCache shows all cached Domain Name System (DNS) server resource records in the following format: Name, ResourceRecordData, Time-to-Live (TTL).
 ![clip_image002[6]_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb clip_image002[6]_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb](http://examgod.com/l2pimages/c383d410d651_9E3C/clip_image0026_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb.jpg)
http://technet.microsoft.com/en-us/library/jj649915.aspx
http://www.windowsnetworking.com/articles_tutorials/Managing-DNS-servers-using-PowerShell.html
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump