READ Free Dumps For Microsoft- 70-411
| Question ID 14029 | Your network contains an Active Directory domain named contoso.com. The domain
contains a read-only domain controller (RODC) named RODC1.
You create a global group named RODC_Admins.
You need to provide the members of RODC_Admins with the ability to manage the
hardware and the software on R0DC1. The solution must not provide RODC_Admins with
the ability to manage Active Directory objects.
What should you do?
|
| Option A | From Active Directory Site and Services, configure the Security settings of the RODC1 server object.
|
| Option B | From Windows PowerShell, run the Set-ADAccountControlcmdlet.
|
| Option C | From a command prompt, run the dsmgmt local roles command.
|
| Option D | From Active Directory Users and Computers, configure the Member Of settings of the RODC1 account.
|
| Correct Answer | C |
Explanation Explanation: RODC: using the dsmgmt.exe utility to manage local administrators One of the benefits of RODC is that you can add local administrators who do not have full access to the domain administration. This gives them the ability to manage the server but not add or change active directory objects unless those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt. Topic 2, Volume B
| Question ID 14030 | Your network contains 25 Web servers that run Windows Server 2012 R2.
You need to configure auditing policies that meet the following requirements:
✑ Generate an event each time a new process is created.
✑ Generate an event each time a user attempts to access a file share.
Which two auditing policies should you configure? To answer, select the appropriate two
auditing policies in the answer area.
|
| Option A | Audit access management (Not Defined)
|
| Option B | Audit directory service access (Not Defined)
|
| Option C | Audit logon events (Not Defined)
|
| Option D | Audit Object (Not Defined)
|
| Option E | Audit policy change(Not Defined)
|
| Option F | Audit process tracking (Not Defined)
|
| Correct Answer | D,F |
Explanation Explanation: * Audit Object Access Determines whether to audit the event of a user accessing an object (for example, file, folder, registry key, printer, and so forth) which has its own system access control list (SACL) specified. * Audit Process Tracking Determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. Reference: Audit object access https://technet.microsoft.com/en-us/library/cc976403.aspx Reference: Audit Process Tracking https://technet.microsoft.com/en-us/library/cc976411.aspx