AllExam Dumps

DUMPS, FREE DUMPS, VCP5 DUMPS| VMWARE DUMPS, VCP DUMPS, VCP4 DUMPS, VCAP DUMPS, VCDX DUMPS, CISCO DUMPS, CCNA, CCNA DUMPS, CCNP DUMPS, CCIE DUMPS, ITIL, EXIN DUMPS,


READ Free Dumps For Microsoft- 70-411





Question ID 14119

Your network contains an Active Directory domain named contoso.com. All domain
controllers run Windows Server 2012 R2. You plan to use fine-grained password policies to
customize the password policy settings ofcontoso.com.
You need to identify to which Active Directory object types you can directly apply the fine-
grained password policies.
Which two object types should you identify? (Each correct answer presents part of the
solution. Choose two.)

Option A

Users

Option B

Global groups

Option C

computers

Option D

Universal groups

Option E

Domain local groups

Correct Answer A,B
Explanation Explanation: First off, your domain functional level must be at Windows Server 2008. Second, Fine- grained password policies ONLY apply to user objects, and global security groups. Linking them to universal or domain local groups is ineffective. I know what youre thinking, what about OUs? Nope, Fine-grained password policy cannot be applied to an organizational unit (OU) directly. The third thing to keep in mind is, by default only members of the Domain Admins group can set fine-grained password policies. However, you can delegate this ability to other users if needed. Fine-grained password policies apply only to user objects (or inetOrgPerson objects if they are used instead of user objects) and global security groups. You can apply Password Settings objects (PSOs) to users or global security groups: References: http: //technet. microsoft. com/en-us/library/cc731589%28v=ws. 10%29. aspx http: //technet. microsoft. com/en-us/library/cc731589%28v=ws. 10%29. aspx http: //technet. microsoft. com/en-us/library/cc770848%28v=ws. 10%29. aspx http: //www. brandonlawson. com/active-directory/creating-fine-grained-password-policies/


Question ID 14120

Your network contains one Active Directory domain named contoso.com. The domain
contains 10 file servers that run Windows Server 2012 R2.
You plan to enable BitLocker Drive Encryption (BitLocker) for the operating system drives
of the file servers.
You need to configure BitLocker policies for the file servers to meet the following
requirements:
✑ Ensure that all of the servers use a startup PIN for operating system drives
encrypted with BitLocker.
✑ Ensure that the BitLocker recovery key and recovery password are stored in Active
Directory.
Which two Group Policy settings should you configure? To answer, select the appropriate
settings in the answer area.

Option A

Answer :

Explanation: Choose how BitLocker-protected operating system drives can be recovered: With this policy setting, you can control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information. In Save BitLocker recovery information to Active Directory Domain Services, choose which BitLocker recovery information to store in Active Directory Domain Services (AD DS) for operating system drives. If you select Store recovery password and key packages, the BitLocker recovery password and the key package are stored in AD DS. Storing the key package supports recovering data from a drive that is physically corrupted. If you select Store recovery password only, only the recovery password is stored in AD DS. Require additional authentication at startup: With this policy setting, you can configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with a Trusted Platform Module (TPM). This policy setting is applied when you turn on BitLocker. On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use: -only the TPM for authentication -insertion of a USB flash drive containing the startup key -the entry of a 4-digit to 20-digit personal identification number (PIN) -a combination of the PIN and the USB flash drive There are four options for TPM-enabled computers or devices: Configure TPM startup o Allow TPM o Require TPM o Do not allow TPM Configure TPM startup PIN o Allow startup PIN with TPM o Require startup PIN with TPM o Do not allow startup PIN with TPM Configure TPM startup key o Allow startup key with TPM o Require startup key with TPM o Do not allow startup key with TPM Configure TPM startup key and PIN o Allow TPM startup key with PIN o Require startup key and PIN with TPM o Do not allow TPM startup key with PIN https://technet.mi

Correct Answer A
Explanation

Send email to admin@getfreedumps for new dumps request!!!