READ Free Dumps For Microsoft- 70-411
| Question ID 14039 | Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that has the Remote Access server role installed.
DirectAccess is implemented on Server1 by using the default configuration.
You discover that DirectAccess clients do not use DirectAccess when accessing websites
on the Internet.
You need to ensure that DirectAccess clients access all Internet websites by using their
DirectAccess connection.
What should you do?
|
| Option A | Configure a DNS suffix search list on the DirectAccess clients.
|
| Option B | Configure DirectAccess to enable force tunneling.
|
| Option C | Disable the DirectAccess Passive Mode policy setting in the DirectAccess Client Settings Group Policy object (GPO).
|
| Option D | Enable the Route all traffic through the internal network policy setting in the DirectAccess Server Settings Group Policy object (GPO).
|
| Correct Answer | B |
Explanation Explanation: With IPv6 and the Name Resolution Policy Table (NRPT), by default, DirectAccess clients separate their intranet and Internet traffic as follows: ✑ DNS name queries for intranet fully qualified domain names (FQDNs) and all intranet traffic is exchanged over the tunnels that are created with the DirectAccess server or directly with intranet servers. Intranet traffic from DirectAccess clients is IPv6 traffic. ✑ DNS name queries for FQDNs that correspond to exemption rules or do not match the intranet namespace, and all traffic to Internet servers, is exchanged over the physical interface that is connected to the Internet. Internet traffic from DirectAccess clients is typically IPv4 traffic. In contrast, by default, some remote access virtual private network (VPN) implementations, including the VPN client, send all intranet and Internet traffic over the remote access VPN connection. Internet-bound traffic is routed by the VPN server to intranet IPv4 web proxy servers for access to IPv4 Internet resources. It is possible to separate the intranet and Internet traffic for remote access VPN clients by using split tunneling. This involves configuring the Internet Protocol (IP) routing table on VPN clients so that traffic to intranet locations is sent over the VPN connection, and traffic to all other locations is sent by using the physical interface that is connected to the Internet. You can configure DirectAccess clients to send all of their traffic through the tunnels to the DirectAccess server with force tunneling. When force tunneling is configured, DirectAccess clients detect that they are on the Internet, and they remove their IPv4 default route. With the exception of local subnet traffic, all traffic sent by the DirectAccess client is IPv6 traffic that goes through tunnels to the DirectAccess server.
| Question ID 14040 | Your network contains one Active Directory domain named contoso.com. The forest
functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All
client computers run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC)
named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that
runs Windows Server 2012 R2.
You need to identify whether the members of the Protected Users group will be prevented
from authenticating by using NTLM.
Which cmdlet should you use?
|
| Option A | Get-ADGroupMember
|
| Option B | Get-ADDomainControllerPasswordReplicationPolicy
|
| Option C | Get-ADDomainControllerPasswordReplicationPolicyUsage
|
| Option D | Get-ADDomain
|
| Option E | Get-ADOptionalFeature
|
| Option F | Get-ADAccountAuthorizationGroup
|
| Correct Answer | D |
Explanation Explanation: If the domain functional level is Windows Server 2012 R2, members of the (Protected Users) group can no longer authenticate by using NTLM authentication. So we need to check the domain functional level with Get-ADDomain. https://technet.microsoft.com/en-us/library/Dn518179.aspx