Pass Your Microsoft 70-411 Exam Easy!

Please can you send me 70-411 and 70-412
I really need your help.

Hi everybody ! How many questions should be in this dump ??? The size looks very scary !!! Thanks.

Please send the latest and valid dumps in pdf to enchanted2k10@yahoo.com.Thanks .writing this exam next week

please send me the latest dump to Roberto@hotmail.nl

Please can you send the last pdf questions

ninja_rural@yahoo.com.br

Hello there , can anyone please sent me the last questions pdf.

The Premium dump should be valid as it was updated 2 days after the new questions were released.

please send me the latest dump to pashos_nix@hotmail.com

Can you please mail me the valid PDF
anushasmiles2006@gmail.com

Sebastian,
Do you know if the dump Sacriestory it's valid?

can someone PLEASE send me the lastest dump. anyone with the copy of Sacriestory please email me at dh7679@yahoo.com

I have failed twice now so I need help.
thanks!

pass today with 7xx but there are new questions

Q1: you have windows server update server named server 1 is synchronize from microsoft. you plan to deploy new wsus server name server 2 will synchronize update from server 1 . identify witch port must be open?
-3389
-8530
-443
-80

Q:you deploy wsus named server 1 . you plan to use (GPO) to configure all clients to use server 1 as microsoft update server . you need to ensure that the computer assigned to the correct computer group automatically when GPO is deployed? choose two
-from update services condole,manually create the computer group
-from windows powershell ,run add-wsuscomputer cmdlt
-from windows powershell run,approve wsusupdate cmdlt
-from the update services console,modify the product and classifications options
-from the update services console,modify computer option

Q3:your network contain one active directory . you pilot direct access on the network. during the pilot deployment,you enable direct access only for a group named contoso/test computers.ones the pilot is complete, you need to enable direct access for all of client computers in the domain what should you do?
- from group policy management,modify the security filtering of an object named direct access server sitting group policy
- from group policy management, modify the security filtering of an object named direct access client sitting group policy
-from windows powershell,run set-DAclient cmdlt
-from active directory user and computer ,modify the membership of the windows authorization access group

Q4:you have server name server 1. you enable bitlocker drive encryption (bitlocker) on server 1 . you need to change the password for the trusted platform moudle (TPM) chip?
-initialize - TPM
-bdeHDcfg.exe
-manage - bde.exe
-repair -bde.exe

Q5:you plan to decommission a domain controller that holds several operation master role in the table below select
1- witch tool to use to transfer domain naming master
2- witch tool use to transfer the infrastructure master
-active directory domain and trust
-active directory schema
-active directory site and service
-active directory user and computer
- security configuration wizard (scw)

hi logan, please send me the new dump, my email is lowblood1987@gmail.com. thanks man

Hi Logan, could you please email me the latest dump? ameyhaldankar@live.in

Could you send me a the latest and valid 70-411 dump to unggulianawinda@gmail.com, thank you

Hi All, I'm going to take this exam next week.
Could you please send me a the latest 70-411 dump .My email is bunthoeurn.sien@yahoo.com
thank you

hi logan, please send me the dump, my email is reynold_aky@hotmail.com. thanks man

is there any one who has a pdf file?


vragenpiet@outlook.com

Could anybody send me the pdf file? Here's my email: Archrainiernarboneta@gmail.com

thanks!

Could you please send me a the latest 70-411 dump .My email is one362006@yahoo.com.hk,thank you.

Please send me the PDF file for this ricardo_4193@hotmail.com

Hi everyone, this vce it's valid?
Thanks

Please send to me the latest 70-411 dump plz?? Thx

Please send to me the latest 70-411 dump plz?? Thx

Could you please send me a the latest 70-411 dump .My email is ogunmusid@gmail.com
Thanks

Hi friends,

I need archive pdf o vce for exam 411, please send me to: trujillomarquezjesus@gmail.com thanks !!!ª!

Folks, I passed today 7XX with Sacriestory and some comments in this blog. Thank you all!

could anyone send me the updated dump to eng.ibrahim.nagy@gmail.com

Hey I am planning to give 70-411 next week,please send me the updated dump to appdownleo@gmail.com

@ Logan, could you please email me latest the dump at jeremy_liong@yahoo.com

Thank you!!

thanks GOD pass with this dumb today 742

@ Logan, could you please email me the dump at fernandofv81@hotmail.com? Thanks in advance!

Hi Logan, could you please email me the latest dump? shankar.tvd@gmail.com

@Logan Please kindly send me the Latest 70-411 dump my email is cbw.corp@gmail.com

@Bobo
Thanks for the help with 410. I am now trolling the net to see what the 411 is for 70-411. When the Indians fall a little short of passing then I know I am in for a challenge.

it is valid in Saudi Arabia

Pleas can anyone send me the Latest dumps to
muslim_pray@hotmail.com

Sacriestory valid now. Confirmed. Took the exam yesterday n got 8xx. 95% convered in this dump. Not perfect tho, but enough for passing the exam. try to google it dudes.

Hi Ivar can you please help me out wit the updated Dump. dns.shongwe@gmail.com

Hi Logan, could you please email me the latest dump? johnnyaxeireland@gmail.com
Can't thank you enough buddy

Logan, could you please send the valid dump to me as well? Thanks buddy!

Could you please send me a the latest 70-411 dump .My email is Manigandan.rd84@gmail.com

@Logan Please kindly send me the Latest 70-411 vce dump. My email is greatnayo@gmail.com

Hi @Logan,
Could you please send me a the latest 70-411 dump .My email is harshabba@gmail.com
Thanks

Can you please send me a copy of your dump

I used Sacriestory, and it was perfect! I would say 90% of the questions were there, and if not, about 2-3 could have been found on Snowden. About 5 were no where to be found. Some (2-3) were reworded. Passed with 7xx today, Spet 15, 2015.

Hi Logan can you please send me the latest dump to mohan.colombo@gmail.com. Thanks...

Hi Logan can you please send me the latest dump to mohan.colombo@gmail.com. Thanks...

Please, may you send a valid dumps for MCSE Server infrastructure exams to jeantwa@gmail.com. Thanks

Logan can you PLEASE send me the Sacriestory dump. d.k.macheke@gmail.com

Mr Logan can you plz send that file which you prepared for your exam.alibisharat@hotmail.com

please email me at sadaemo@gmail.com

Hi @Logan,
can you please send me a the latest 70-411 dump .My email is joakja2008@gmail.com
thanks in advance

Logan can you PLEASE send me the Sacriestory dump. dlafayette24@gmail.com I don't know where to find it. Thanks man, people have been failing this test all summer.

Hi Logan.Can You Please Send Me the latest Dump 70-411.My Email ahmedshaker.exam@outlook.com

pass today with 7xx

Passed with 828 using the Sacriestory dump

Hi!
Please, can someone send me the pdf file?
You could save my life... :)
lady.nekosix@yahoo.it

Hi Logan.can you please send me a the latest 70-411 dump .My email is bestyohan@naver.com thanks in advance

Dumps is valid, passed in friday sept 11th 2015 with 871 scores.
Refer question : Britany, adeline, angus, snowden, russel, stanley

Hi Fis, just download the Sacriestory dump most of the new questions is in there.

hi Logan please send me latest dump for 70-411 buhlem1@outlook.com or mrhle@yahoo.com. I failed last week I want to try it again soon, please man thanks.

Hey dude, where did u guys find the right VCE tools to open Sacriestory dump? I got the dump but every VCE tool I've got at hand is not working for it.

am going to exam next Thursday so i hope if one have the last uvdate for this dump 70-411 "vce" please send it to me in this e-mail tahaelnuba@hotmail.com

pleas any one have last update for dump 70-411 sending to me in that e-mail tahaelnuba@hotmail.com

@ logan can you please email me the dump you used Kholofelomanaka@gmail.com

hey Logan,please share with us some exam tips.......
.

is this dump valid ?

Hi Logan.can you please send me a the latest 70-411 dump .My email is sergemundeke @gmail.com or call me on 0787089119. plz

Past today with 807 , studied Sacriestory dump.

Passed today with 742. thanks a lot!!!

Passed today to get dumps in PDF or VCE email afzal343@gmail.com

JRueda -

For #2 it looks like "D"

https://technet.microsoft.com/en-us/library/Cc708550(v=WS.10).aspx (See Step 2)

Personal

Matue is: local computer –> personal

http://www.aiotestking.com/microsoft/which-store-should-you-import-the-certificate-2/

http://www.vcp550dumps.com/braindump2go-100-money-back-guarantee-for-100-passing-70-411-exam-using-new-updated-microsoft-70-411-exam-dumps-76-90.html

Hi all,
This is one of HOT area question cant share picture but question is below,please help me .

You have a server named server1 that has the WEb server (IIS) server role installed.You obtain a Web server certificate.You need to configure a website on Server1 to use Secure Socket Layer (SSL).To which store should you import the certificate ?


Personal
or
Trusted Root Certification Authorities.

????

This question is mary forum:
5 Question about group policy preferences relating to mapped drives;
If X already exists, it must NOT make any changes
If Y already exists, change the UNC path, but leave the contents of it
• Create
• Delete
• Replace
• Update

Anyone know the answer?

Answer : Create 100% sure. Yesterday cleared the exam with 750

ambika_rose@yahoo.in

Its Create and Updated

This question is mary forum:
5 Question about group policy preferences relating to mapped drives;
If X already exists, it must NOT make any changes
If Y already exists, change the UNC path, but leave the contents of it
• Create
• Delete
• Replace
• Update

Anyone know the answer?

Please, anyone have the right answer for this question ?
You have a group managed Service Account name Account01. Only three servers named Server01, Server02 and Server03 are allowed to use Account01 service account.
You plan to decommission Server01.
You need to prevent Server01 from using the Account01 service account. The solution must ensure that Server02 and Server03 continue to use the Account01 service account
What command should you run? To answer, select the appropriate options in the answer area.

Answer : Set-ADServiceAccount -Name Account01 -PrincipalsAllowedToRetrieveManagedPassword Server02 Server03

a. Set-ADServiceAccount
b. Uninstall-ADServiceAccount
c. remove-ADServiceAccount
d. ???

I think the answer is C: remove-ADServiceAccount

https://technet.microsoft.com/en-us/library/ee617190.aspx

Passed today with 7XX. 4 New Questions. Cannot remember the detailed questions and answers but I will try:

1. DFS Replication: Which command for replication of Files? - "Robocopy.exe" Which command for replication of Database? - "ExportDFSRClone".

2. Created admx File and copied to central store. Trying to edit settings a warning pops up: "An appropriate resource file could not be found for file \\domainname.com\sysvol\domainname.com\Policies\PolicyDefinitions\anyfile.admx (error = 2): The system cannot find the file specified" What is wrong? - adml-File is missing!

3. Create Service Account: Service NT\Service1. You see the Service1 Properties Popup. The question is: What kind of Account is the service Account used on the computer? - "virtual Account" , Which account is used when this Serviceaccount gets into Network? - If a service accesses the network while running as a virtual account, it accesses resources as the !computer account! (DOMAIN\Computername$).

@JRueda:

1: C. Get-ADDomainControllerPasswordReplicationPolicyUsage
Source(https://technet.microsoft.com/en-us/library/ee617194.aspx)
2: D. Get-ADDomain
In the question clearly mention that which domain controller must be online when cloning a domain controller.That means PDC emulator must be available during cloning operation. So you can check it using this command.
Source(http://thelazyadmin.com/2013/08/discover-fsmo-roles-with-powershell/)

Hey RIRG:
The correct answer is here:
https://technet.microsoft.com/en-us/library/cc512680.aspx

By default, the data recovery agent is defined to be the administrator account. On stand-alone workstations and workgroup machines, the administrator account is the local administrator; on domain-joined machines, the administrator account is the first domain controller’s administrator account.

I think the first one is in the Contoso Domain, so the Agent should be Contoso/Administrator. The other ones seem to be a local machine. It depends how the question introduced the machines. But I would say these are local ones. So the agent should be Server1/Administrator in both cases.
But it really depends on how the question in the exam is created.
Greetz

Failed today 595 (feel surprise), got 49 questions, not sure around 4 questions while take exam.
I studied only PT300 because Snowden and Angus have same as PT300. But PT300 is newest version.
In the exam around 40 quetions came from PT300 and can't get 100% in any part of exam that prove PT300 still more incorrect answers
Be honest, just study only PT300 and review all questions these think incorrect.

New questions (mostly from older post)
WSUS
server01 update from Microsoft update and server02 update through from server01
server01 configured to require SSL cert., both server are in the same DC (cause not require FQDN in the answer choices)
Which command should configure on server02
A. ...
B. ...
C. wsusutil.exe configuressl server01
D. wsusutil.exe configuressl server02
C or D, I choose D

GPO
question show 3 image tab to view, can't remember questions, it to long
1. SYSVOL or something(not sure), DC2(C:\Windows\PolicyDefinitions, show around 20 .txt files)
2. SYSVOL or something(not sure), Client (\\contoso.com\...not sure...\PolicyDefinitions, show empty)
3. GPO (not sure), DC1(In the gpedit.msc, under Administrative templates, show empty)

have 3 answers are Yes or No with description
1. What happens if you delete the PolicyDefinitions folder in SYSVOL,
2. do the settings appear in the GPO? How about (not sure)
3. if you create a new GPO (on DC2 not sure), do the settings appear under administrative templates for that new GPO

RODC
You need to identify which security principals are authorized to have their password cached on RODC1?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy
I choose A.

New questions from Peter (found 3 of 10)
1. Q3: You need to prevent Server01 from using the Account01 service account. The solution must ensure that Server02 and Server03 continue to use the Account01 service account
What command should you run? To answer, select the appropriate options in the answer area.

It's drop-down list to select, I choose
Set-ADServiceAccount
-SAMAccountNAme
-PrincipalsAllowedToReteriveMamagedPassword

2. Q4 You need to identify which domain controller must be online when cloning a domain controller.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy
I choose D.

3. Q7 You need to identify which user accounts were authenticated by RODC1.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy
I choose C.

rest of questions come from PT300 and I 100% sure have selectd choice follows as PT300 But still Failed

Cheer

I believe this is the answer

File1 has been encrypted by Contoso\admin1
File2 has been encrypted by Server1\admin1
File3 has been encrypted by Server1\administrator

You need to back up the DRA agents.
Who is the owner of each of the agents.

There is a selection of drop down boxes. You should to select one in every file
File1 : Contoso\admin
Contoso\administrator < Answer
Server1\admin1
Server1\administrator

File2 : Contoso\admin
Contoso\administrator
Server1\admin1
Server1\administrator < Answer

File3 : Contoso\admin
Contoso\administrator
Server1\admin1
Server1\administrator < Answer

https://technet.microsoft.com/en-us/library/cc512680.aspx

By default, the data recovery agent is defined to be the administrator account. On stand-alone workstations and workgroup machines, the administrator account is the local administrator; on domain-joined machines, the administrator account is the first domain controller’s administrator account.

New question, Does anyone know the answer for this question?

You have a group managed Service Account name Account01. Only three servers named Server01, Server02 and Server03 are allowed to use Account01 service account.
You plan to decommission Server01.
You need to prevent Server01 from using the Account01 service account. The solution must ensure that Server02 and Server03 continue to use the Account01 service account
What command should you run? To answer, select the appropriate options in the answer area.

Answer :

a. Set-ADServiceAccount
b. Uninstall-ADServiceAccount
c. remove-ADServiceAccount
D. ???

Please, anyone have the right answer for this questions ?

File1 has been encrypted by Contoso\admin1
File2 has been encrypted by Server1\admin1
File3 has been encrypted by Server1\administrator

You need to back up the DRA agents.
Who is the owner of each of the agents.

There is a selection of drop down boxes. You should to select one in every file
File1 : Contoso\admin
Contoso\administrator
Server1\admin1
Server1\administrator

File2 : Contoso\admin
Contoso\administrator
Server1\admin1
Server1\administrator

File3 : Contoso\admin
Contoso\administrator
Server1\admin1
Server1\administrator

I sat the exam today and I Failed only 29 question from this dump so do not depend on this dump refer some new dumps which contain NPS, NAS, health, wsus, DFS FSRM, VPN, all are new questions if anyone have any dumps please let me know this is my email ID shameer.anon@gmail.com

RIRG your answer is not correct:
Is about policy of Bitlocker (Computer Configuration->Policies->Administrative Templates->Windows Components->Bitlocker Drive Encryption, click on the appropriate folder for your configuration. In this example, I'm configuring bitlocker to encrypt the OS drive.)

-PIN at startup
-Recovery save in AD
you have to choose two , the picture have this items:

Allow enhanced PINs for startup
Allow network unlock at startup
Allow Secure Boot for integrity validation
Choose how BitLocker-protected operating system drives can be recovered
Configure minimum PIN length for startup
Configure TPM platform validation profile (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2)
Configure TPM platform validation profile for BIOS-based firmware configurations
Configure TPM platform validation profile for native UEFI firmware configurations
Configure use of hardware-based encryption for operating system drives
Configure use of passwords for operating system drives
Disallow standard users from changing the PIN or password
Enable use of BitLocker authentication requiring preboot keyboard input on slates
Enforce drive encryption type on operating system drives
Require additional authentication at startup
Require additional authentication at startup (Windows Server 2008 and Windows Vista)
Reset platform validation data after BitLocker recovery
Use enhanced Boot Configuration Data validation profile

THE CORRECT ANWSER IS:
-Require Additional authentication at startup
-Choose how Bitlocker-protected os drives can be recovered
100% correct!

Hi Rocky,

I researched all the question in these dumps. Find out right answers and find associated cmds with topics. I think questions in dumps are enough to pass exam but you need to research for right answers.

Plus get right answers for new questions posted as well. It will get you through.

Thanks

Your network contains an Active Directory domain named contoso.com. The domain
contains a Web server named www.contoso.com. The Web server is available on the
Internet.
You implement DirectAccess by using the default configuration.
You need to ensure that users never attempt to connect to www.contoso.com by using
DirectAccess. The solution must not prevent the users from using DirectAccess to access
other resources in contoso.com.
Which settings should you configure in a Group Policy object (GPO)?
A. DirectAccess Client Experience Settings
B. DNS Client
C. Name Resolution Policy
D. Network Connections

ANSWER : C (Name Resolution Policy)

you need to identify witch security principal are authorized to have their password cashed on rodc1

answer = Get-ADdomaincontrollerPasswordReplicationPolicy

Finally pass with 700+ at my 4th shot in 411, Thanks to all here.
Share some question in the exam:

1.Create a starter gpo call Starter_GPO, and assign edit permission to a group Group1
Create a new gpo called GPO1
which the following answer is correct
A.*** in GPO1
B.change Administrative Template in GPO1
C.change the Group policy preference of Starter_GPO
D.change the permission of Starter_GPO
Someone said answer is C, I also choose A in the exam, but not sure for the correct answer

2.want to encypt a drive without TPM.
The correct answer is
Require additional authentication at startup
because I got 100% in this section

3.when install a new WSUS server,can not choose the France language.
The correct answer is:
change language in upstream server

4.a modify question about DSC1, in vce ask to change the path. in exam ask to export to another server
Correct answer is:
Save Template

Passed today with 7XX. Studied Angus, Mary and new questions posted here. Here is what I remember:

- q127 from Angus but replaced .mp3 with .avi
- q98 from Angus but processing order was switched to match policy number i.e. Policy 1 had processing order 1 now.
-question similar to q147 from Angus. This time interrupt time was 2%, no privileged time bar and Processor information % was 98. Options were driver malfunction, insufficient ram, insufficient processors and excessive paging.

Peter could you please give me the answers for the new questions as i fail in this exam in it

is this dump still valid?

Need new dump can you break that down once more, I got confused on which questions for which dump. Is 38 a nat question?

@RIRG
Correct answers for Your question:
"Is about policy of Bitlocker (Computer Configuration->Policies->Administrative Templates->Windows Components->Bitlocker Drive Encryption, click on the appropriate folder for your configuration. In this example, I'm configuring bitlocker to encrypt the OS drive.

-PIN at startup
-Recovery save in AD
you have to choose two:"
- Choose how BitLocker-protected operating system drives can be recovered
- Require additional authentication at startup

I took the exam and these questions were there;

Your network contains an Active Directory domain named contoso.com. The domain
contains a Web server named www.contoso.com. The Web server is available on the
Internet.
You implement DirectAccess by using the default configuration.
You need to ensure that users never attempt to connect to www.contoso.com by using
DirectAccess. The solution must not prevent the users from using DirectAccess to access
other resources in contoso.com.
Which settings should you configure in a Group Policy object (GPO)?
A.
DirectAccess Client Experience Settings
B.
DNS Client
C.
Name Resolution Policy
D.
Network Connections

You have Windows Server 2012 R2 installation media that contains a file named
Install.wim. You need to identify the permissions of the mounted images in Install.wim.
What should you do?
A.
Run dism.exe and specify the /get-mountedwiminfo parameter.
B.
Run imagex.exe and specify the /verify parameter.
C.
Run imagex.exe and specify the /ref parameter.
D.
Run dism.exe and specify the/get-imageinfo parameter.

Q6,7,10,13,14,15 mary, 18,21,22,26, 27rem,29,30,38 nat,42,44,45,63,83,84,86,90,95,99,103,112,115,117,126,
127, you need to tell a technician how to add french and English lanage to your server how would you do that,145,153,168,173,174,178,187,190,191,192,195

Angus Q6,10,q27,29,31,32,37,38,42,44,104,105,109,121,124,126,138,140,147,150, mapping drives x and y do nothing if created already, or ipdate delete replace not sure, because it was plain as jane. 159,161,162,,179,180,187

Anette q7,38,q50
These questions are on the the test, that I took its not much, but it may help

I had a question about cloning domains some online and some off line, these are identical to what I had and a couple very simular, I had alot of PSOs on my second go around of this damn test.

This test was completely different from my first go at it,

I had questions about cloning domains online and off,

I had a question about LDAP

Bitlocker on and off

I've just quickly been through the practice Tests and at first I thought they were all new questions but most of them actually came from Angus's dump. I would say around 30+ and then around 10-15 new questions. So Glad I spent most of my time looking at Mary's

Failed again today - Lots of new questions.

Only had a couple of the RODC ones from the ones already mentioned. They have added some more RODC ones asking about finding out who can authentic with the RODC.

Lots of NPS questions and multiple choice ones.

Wrote today, failed, got 600. Studied angus, snowden and many online questions. Also the new questions posted by Peter. But none of them came and again new 15 questions. Some questions came from angus also had changed answer options. I believe Microsoft have 50 new questions set on server, and whoever writes exam gets randomly new questions along with old. old dumps can only provide unto 60-70% questions, rest is all NEW. This is getting hell difficult to pass this exam. We want new dumps for those new questions. and sorry I don't remember full questions which I got.
I remember some,
virtual cloning of RODC
some from firewall port- options were 443, 33689, 80

I suggest not to write this exam until valid dumps come out

if anyone passed this exam last week please post the new questions which outside the dump

thx

I failed today 640.
new question, something like:Is about policy of Bitlocker (Computer Configuration->Policies->Administrative Templates->Windows Components->Bitlocker Drive Encryption, click on the appropriate folder for your configuration. In this example, I'm configuring bitlocker to encrypt the OS drive.)

-PIN at startup
-Recovery save in AD
you have to choose two , the picture have this items:

Allow enhanced PINs for startup
Allow network unlock at startup
Allow Secure Boot for integrity validation
Choose how BitLocker-protected operating system drives can be recovered
Configure minimum PIN length for startup
Configure TPM platform validation profile (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2)
Configure TPM platform validation profile for BIOS-based firmware configurations
Configure TPM platform validation profile for native UEFI firmware configurations
Configure use of hardware-based encryption for operating system drives
Configure use of passwords for operating system drives
Disallow standard users from changing the PIN or password
Enable use of BitLocker authentication requiring preboot keyboard input on slates
Enforce drive encryption type on operating system drives
Require additional authentication at startup
Require additional authentication at startup (Windows Server 2008 and Windows Vista)
Reset platform validation data after BitLocker recovery
Use enhanced Boot Configuration Data validation profile

My answer was:
Allow enhanced PINs for startup
Allow Secure Boot for integrity validation

I think the answer is: Get-ADAccountAuthorizationGroup

https://social.technet.microsoft.com/Forums/scriptcenter/en-US/9af9e2f0-4430-4af5-bedb-2e100ea0638c/error-when-running-getadaccountauthorizationgroup-cmdlet?forum=winserverpowershell

Can anyone confirm?

for this one:

you need to identify witch security principal are authorized to have their password cashed on rodc1

I am more than happy to create a new dump/VCE. To do that I have to gather the new questions from here and its quite some work. Anybodu alrwady gathered this and can send me a text file or something? I will create a VCE with the correct answer, explanation of the answer (if possible and necessary) and the related technet article (if possible)

I already did it for 410 but until now they did not make my VCE available.But it will come next week I think.

first question from Haqqani

answer, Get-ADDomainControllerPasswordReplicationPolicyUsage

refer. https://technet.microsoft.com/en-us/library/ee617194.aspx

Any new dumps please? is there any compilation of the new questions below? Thanks!

Does anyone know the answer for this question. A or D?

Note: This Question is part of series of question that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question.
You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computer run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify which domain controller must be online when cloning a domain controller.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy


second question:
is AdDomain?
What are the prerequisites to make sure an RODC is able to be cloned?

failed today with 670. One new question about bitlocker. I don´t remember the question but the answer is a picture with policy, is this:
Computer Configuration->Policies->Administrative Templates->Windows Components->Bitlocker Drive Encryption->Operating system Drives.

you have to select one:

Allow network unlock at startup
Allow Secure Boot for integrity validation
Require additional authentication at startup
Require additional authentication at startup (Windows Server 2008 and Windows Vista)
Disallow standard users from changing the PIN or password
Enable use of BitLocker authentication requiring preboot keyboard input on slates
Allow enhanced PINs for startup
Configure minimum PIN length for startup
Configure use of hardware-based encryption for operating system drives
Enforce drive encryption type on operating system drives
Configure use of passwords for operating system drives
Choose how BitLocker-protected operating system drives can be recovered
Configure TPM platform validation profile for BIOS-based firmware configurations
Configure TPM platform validation profile (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2)
Configure TPM platform validation profile for native UEFI firmware configurations
Reset platform validation data after BitLocker recovery
Use enhanced Boot Configuration Data validation profile

Refer to Peter questions, Here should be correct answers.

1. Microsoft Report Viewer 2008 Redistributable Package
Microsoft .Net Framework 2.0

2. From the Automatic Approvals options, modify the advanced settings.

3. Set-ADServiceAccount -Name Account01 -PrincipalsAllowedToRetrieveManagedPassword Server02 Server03

4. Get-ADDomain

5. Get-ADOptionalFeature

6. Get-ADDomain

7. Get-ADDomainControllerPasswordReplicationPolicyUsage

8. Force tunneling is enabled.

9. Install-WindowsFeature

10. Run Set-KDSConfiguration and then run New-ADServiceAccount –Name “service01” –DNSHostName service01.contoso.com

What about the premium guys?

Hi Randhir. Can you explain in detail that how did you passed it and if you remember new questions then post it please

Hi ALL ,Yesterday i took this exam failed 580.I was shock I thought 80 % i will get need be careful.you should have clarity in Concept and question.New question are 6 to 7 came from this comments around 4 new question i found
.In this VCE some answers are wrong.Question are reworded should be very careful
i remberber two question
1).You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computer run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify which user accounts password policy were authenticated by RODC1.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy

2) WSUS installation update trough SSl

a) Wsustil.exr use ssl
i don't rembeber remaining option

I am writing again on saturday .plz all post as much as new question

@Rocky are you creating a new dump?

Hey Guys, the 411 exam from Microsoft is freaky hard. I failed today Terrible, just 4 question from here and just 1 for Wish1. tottaly different

This dump is not valid in Egypt too

The dump is invalid in Egypt too.

Hi, New questions are coming. So really need to work hard. Recently took exam but still... IF you know new questions post it asap

You have a group managed Service Account name Account01. Only three servers named Server01, Server02 and Server03 are allowed to use Account01 service account.
You plan to decommission Server01.
You need to prevent Server01 from using the Account01 service account. The solution must ensure that Server02 and Server03 continue to use the Account01 service account
What command should you run? To answer, select the appropriate options in the answer area.

Answer : Set-ADServiceAccount -Name Account01 -PrincipalsAllowedToRetrieveManagedPassword Server02 Server03


https://technet.microsoft.com/en-us/library/jj128431.aspx

read this url and under it read decommission of a member from farm.

Passed at 700 on Friday.
I studied ADELINE only (this dump gives me 100% correct answer on NPS section), and updated new questions which people mentioned.
I can remember some new questions but can't remember the answer choices:
1/ an aministrative template was already in Central Store. When you create and edit a new GPO, you receive an error says it can't find the template file. What is the problem?

2/ which tools to export DFS file, DFS database?

3/ NT Service\ > what type is this service account? What right to run this service account?

Some old questions are already in the dump but were changed a little bit, so be carefull to read it and check the answer.

Hi Guys,

Yesterday I passed with 7XX plus. My tip is to do lot of search on all the topic. Practice questions are exam question have lots of difference.

Good luck everyone.

I would like to thank everyone who posted new questions helped passing this exam.

Thanks

Passed at 700 on Friday.
I studied ADELINE only (this dump gives me 100% correct answer on NPS section), and updated new questions which people mentioned.
I can remember some new questions but can't remember the answer choices:
1/ an aministrative template was already in Central Store. When you create and edit a new GPO, you receive an error says it can't find the template file. What is the problem?

2/ which tools to export DFS file, DFS database?

3/ NT Service\ > what type is this service account? What right to run this service account?

Some old questions are already in the dump but were changed a little bit, so be carefull to read it and check the answer.

Hello folks,
Does anyone know the answer for this question pls?

Q10: You have the following Windows PowerShell output.
PS C:\Users\Administrator> New-AdServiceAccount service01 –DNSHostName service01.contoso.com New-ADServiceAccount : Key does not exist
At line : 1 char : 1
+ New-ADServicAccount service01
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: {CN=service01,CN… =contoso,DC=com:String} [New-ADServiceAccount], ADException
+FullyQualifiedErrorId :
ActiveDirectoryserver : -2146893811,Microsoft. ActiveDirectory . Management . Commands . NewADServiceAccount

You need to create a Managed service Account.
What should you do?

A. Run Set-KDSConfiguration and then run New-ADServiceAccount –Name “service01” –DNSHostName service01.contoso.com

B. Run New-AuthenticationPolicySilo, and then run New-ADServiceAccount – Name “service01” – DNSHostName

C. Run New-ADServiceAccount - Name “service01” – DNSHostName service01.contoso.com – RestrictToSingleComputer

D. Run New-ADServiceAccount - Name “service01” – DNSHostName service01.contoso.com – SAMAccountName service01.

Same score in my second shot: 670

Rocky the reply of your question is Set-ADServiceAccount -SAMAccountNAme Server02,Server03
-Server Server02$,Server03$ because that command configure the account service on that servers

The comment of the Rocky is option A

Rocky I believe the answer is: Remove-ADServiceAccount -DNSHostName Server01

Rocky Answer is below
Set-ADServiceAccount -Name Account01 -PrincipalsAllowedToRetrieveManagedPassword Server02 Server03

You have a group managed Service Account name Account01. Only three servers named Server01, Server02 and Server03 are allowed to use Account01 service account.
You plan to decommission Server01.
You need to prevent Server01 from using the Account01 service account. The solution must ensure that Server02 and Server03 continue to use the Account01 service account
What command should you run? To answer, select the appropriate options in the answer area.

Answer Area Account01
Remove-ADServiceAccount -DNSHostName Server01
Reset-ADServiceAccount -PrincipalsAllowedToReteriveMamagedPassword Server01$
Set-ADServiceAccount -SAMAccountNAme Server02,Server03
-Server Server02$,Server03$

Anyone know exact answer ??

You need to identify which domain controller must be online when cloning a domain controller. Which cmdlet should you use? Ans is D

Randhir : answer is C

Sat the exam again and got a 685. A lot of the old questions have been reworded.

Got a question that said

File1 has been encrypted by Contoso\admin1
File2 has been encrypted by Server1\admin1
File3 has been encrypted by Server1\administrator

You need to back up the DRA agents.
Who is the owner of each of the agents.

There is a selection of drop down boxes.

@Dumi

Answer for Q305 is Get-ADDomain you need to locate the PDC

NEW QUESTION 305
Note: This Question is part of series of question that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question.
You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computer run Windows 8.1. The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. You need to identify which domain controller must be online when cloning a domain controller. Which cmdlet should you use?
A.    Get-ADGroupMember
B.    Get-ADDomainControllerPasswordReplicationPolicy
C.    Get-ADDomainControllerPasswordReplicationPolicyUsage
D.    Get-ADDomain
E.    Get-ADOptionalFeature
F.    Get-ADAccountAuthorizationGroup
G.    Get-ADAuthenticationPolicySlio
H.    Get-ADAuthenticationPolicy
Answer: A
NEW QUESTION 306
Note: This Question is part of series of question that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question.
You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computer run Windows 8.1. The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. You need to identify whether deleted objects can be recovered from the Active Directory Recycle Bin. Which cmdlet should you use?
A.    Get-ADGroupMember
B.    Get-ADDomainControllerPasswordReplicationPolicy
C.    Get-ADDomainControllerPasswordReplicationPolicyUsage
D.    Get-ADDomain
E.    Get-ADOptionalFeature
F.    Get-ADAccountAuthorizationGroup
G.    Get-ADAuthenticationPolicySlio
H.    Get-ADAuthenticationPolicy
Answer: E
NEW QUESTION 307
Note: This Question is part of series of question that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question.
You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computer run Windows 8.1. The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. You need to identify whether the members of the protected Users group will be prevented from authenticating by using NTLM. Which cmdlet should you use?
A.    Get-ADGroupMember
B.    Get-ADDomainControllerPasswordReplicationPolicy
C.    Get-ADDomainControllerPasswordReplicationPolicyUsage
D.    Get-ADDomain
E.    Get-ADOptionalFeature
F.    Get-ADAccountAuthorizationGroup
G.    Get-ADAuthenticationPolicySlio
H.    Get-ADAuthenticationPolicy
Answer: D

Can someone confirm answer for following question:


Your network contains an Active Directory domain named contoso.com. All domaincontrollers run Windows Server 2012 R2. One of the domain controllers is named DC1. The DNS zone for the contoso.com zone is Active Directory-integrated and has the defaultsettings. A server named Server1 is a DNS server that runs a UNIX-based operating system. You plan to use Server1 as a secondary DNS server for the contoso.com zone.
Question No : 189
Microsoft 70-411 : Practice Test"A Composite Solution With Just One Click" - Certification Guaranteed257


You need to ensure that Server1 can host a secondary copy of the contoso.com zone. What should you do?
A.
From DNS Manager, modify the Advanced settings of DC1.
B.
From DNS Manager, modify the Zone Transfers settings of the contoso.com zone.
C.
From Windows PowerShell, run the Set-DnsServerForwardercmdlet and specify thecontoso.com zone as a target.
D.
From DNS Manager, modify the Security settings of DC1

@ICEMAN

In reference to questions: "You need to identify whether the members of the protected Users group will be prevented from authenticating by using NTLM."

I think:
Forest functional level is 2012 not domain. We don't know what the level has domain.

Will post all the questions that I have seen in the thread by summarizing them together and I would really appreciate it if everyone could jump in to answer or confirm that the questions the faster everyone pitches in the faster we will be able to get this test done with. Team work!!!

You need to ensure that user settings are saved...

answer is C

To set up Roaming User Profiles on user accounts

——————————————————————————–

1.In Active Directory Administration Center, navigate to the Users container (or OU) in the appropriate domain.

2.Select all users to which you want to assign a roaming user profile, right-click the users and then click Properties.

3.In the Profile section, select the Profile path: checkbox and then enter the path to the file share where you want to store the user’s roaming user profile, followed by %username% (which is automatically replaced with the user name the first time the user signs in). For example:

\\fs1.corp.contoso.com\User Profiles$\%username%

To specify a mandatory roaming user profile, specify the path to the NTuser.man file that you created previously, for example, \\fs1.corp.contoso.com\User Profiles$\default. For more information, see Creating a Mandatory User Profile.

4.Click OK.

1) How do you enable SSL for downstream wsus server.
On the WSUS server, run the command:

wsusutil configuressl certificateName

https://technet.microsoft.com/en-us/library/cc708467(v=ws.10).aspx

Randhir the answer is C:From the properties of each user account, configure the User profile settings.

Randhir the Answer is C

Any one for latest dump..please

I wrote the exam on friday failed with 655. I studied Angus and preety much had questions from that file and 10 of these new questions. The answers for these new questions are not correct. thank you very much for help peter, volvo and others.

Can anyone confirm right answer for this question.


Your network contains an Active Directory domain named adatum.com. The domain
contains a file server named Server1 that runs Windows Server 2012 R2.
All client computers run Windows 7.
You need to ensure that user settings are saved to \\Server1 \Users\.
What should you do?

A.
From the properties of each user account, configure the Home folder settings.

B.
From a Group Policy object (GPO), configure the Folder Redirection settings.

C.
From the properties of each user account, configure the User profile settings.

D.
From a Group Policy object (GPO), configure the Drive Maps preference.

Just failed with 685...

This dump is no longer valid.

A lot of CMDLet questions are in the exam. I only got 511. :(

Some new questions:
1) How do you enable SSL for downstream wsus server.
2) How do you limit which downstream wsus servers that can get updates from the upstream server.
3) Image of an an empty PoliciyDefinitions folder in SYSVOL. Is the Central Store enabled? Image of a GPO with no settings under Administrative Templates, but the Administrative templates are local on the computer. What happens if you delete the PolicyDefinitions folder in SYSVOL, do the settings appear in the GPO? How about if you create a new GPO, do the settings appear under administrative templates for that new GPO?

I failed today with 670 but i thought i got it...
Some new questions i can recall:
-DNS SPF record
4 answer: NS, MX, TXT, ?
I guess it was txt
https://support.office.com/en-za/article/Create-DNS-records-for-Office-365-using-Windows-based-DNS-9eec911d-5773-422c-9593-40e1147ffbde?ui=en-US&rs=en-ZA&ad=ZA

Export DFS question:
Which tool to use to (drop down menu):
Export files
Export datebase

There was a service user question with a panel like this:
http://www.coretechnologies.com/WindowsServices/services-control-panel-log-on-tab.jpg
but the user name was nt service\service
You had to define what kind of user account and service account is it (drop down menu)

And there were 2 new RODC question the answers are the same.
1. Which DC were authorized for virtual dc cloning or something like this.
2. Which security principals have their pasword cached on the RODC-s or something like this.

Please don't ask every day if this dump is valid or not. You only have to read the comments to know that they are not valid.

This is valid in Brazil ? tips for studies?

Hello folks,
I felt my exam yesterday 08/12 easy, with the questions of Mary and Snowden plus the questions of Peter (France) but at the end I failed with 660 I got surprised. We need or wait new dumps or really solve the questions of Peter. However, the ideal would be to do the exam as soon as possible otherwise we will need to starting studying all over again.

Failed today with 685!

Waiting for the new dumps, because I failed on these questions. There's something about them witch make the actual answers diferent then we all think. All other categories scored between 800 and 100. New questions count for 40% in my exam

Does anyone know if the new passguide might have the new questions. I just saw it was last updated on there site on 08\03...Just Curious

tested today on 12-AUG-2015 and to be honest, most of the questions came from Mary's exam and what Peter posted below...this felt like the easiest exam despite what others are saying HOWEVER, I failed with a 4XX. I was surprised. Outside the dump and the new questions posted here, there were like 5 new I'd not seen, like a 3 drop down question involving file01/02/03.docx files, or a two part bitlocker exhibit. Felt like the ones I missed counted the most, or I just aced a bunch of wrong answers lol

I failed today with 660. I studied Snowden and Mary. We really need to get the correct answers for the questions of Peter (France). If we get the correct answers it's possible to pass

Q6: Note: This Question is part of series of question that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question.
You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computer run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify whether the members of the protected Users group will be prevented from authenticating by using NTLM.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy

Im an idiot and its late at night - You have to check the domain functional level first.

Therefore its D!

Q7: Note: This Question is part of series of question that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question.
You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computer run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify which user accounts were authenticated by RODC1.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy

Get-ADDomainControllerPasswordReplicationPolicyUsage

Gets the Active Directory accounts that are authenticated by a read-only domain controller or that are in the revealed list of the domain controller.

https://technet.microsoft.com/en-us/library/hh852193(v=wps.630).aspx

Q5: Note: This Question is part of series of question that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question.
You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computer run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify whether deleted objects can be recovered from the Active Directory Recycle Bin.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy

You need to see if the feature is turned on. Therefore it is Get-ADOptionalFeature

@Roel

@Peter (and the rest of yall)

Don't fall for this one!! NTLM is not allowed in 2012 R2 for protected users! Thing is that you must look up the Domain Functional Level to see if it is 2012R2!.
Answer should be: get-AdDomain (to see the functional level).

It tells you the functional level of the domain in the Questions - Its Server 2012 - Therefore you don't need to check the level.

Get-ADAuthenticationPolicy will show you the policy's.

Q7: Note: This Question is part of series of question that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question.
You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computer run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify which user accounts were authenticated by RODC1.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy

Simple Internet Checks confirms the answer is C:

Gets the Active Directory accounts that are authenticated by a read-only domain controller or that are in the revealed list of the domain controller.

This dump still valid?

Hey people. Below is a list I have compiled from the previous comments to the new questions. Feel free to correct any answers that you have researched or are 100% sure is the correct answer. Thanks

@Derrick Lafayette,

To answer you question: C. Get-ADDomainControllerPasswordReplicationPolicyUsage

This will get you a list of all the passwords that have been replicated to the RODC.
The RODC caches these when users get authenticated by this DC.

Hi All,

I recall there is one question about what kind of DNS record to be created, so that the new added server can send or receive email. don't remember the detail. My guess to that question is MX record. But I am not sure.

Thanks Roel. I was stuck on that question for a while. What did you get for this question?

Q7: Note: This Question is part of series of question that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question.
You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computer run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify which user accounts were authenticated by RODC1.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy

I believe the answer is C.

@Peter (and the rest of yall)

Don't fall for this one!! NTLM is not allowed in 2012 R2 for protected users! Thing is that you must look up the Domain Functional Level to see if it is 2012R2!.
Answer should be: get-AdDomain (to see the functional level).

Q6: Note: This Question is part of series of question that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question.
You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computer run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify whether the members of the protected Users group will be prevented from authenticating by using NTLM.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy

is this dump still valid

Is this valid in Bangladesh
I want to seat tomorrow.

Hi Peter,

Regarding the questions you added, Question 3 I believe missing an answer, there sould be another option Uninstall-ADDServiceAccount, Can you confirm that plz ?

Thank you so much Peter (France). I remember those questions were exactly the ones in my first shot. But I am also quite sure that they are not the only ones. I would really appreciate if you could post the remaining ones too if you have or any one else who witness them. Many thanks again for your efforts!

some of the new questions
1- you need to identify witch security principal are authorized to have their password cashed on rodc1

2- how to export DFS files
and DFS database

@peter .. we need the answers as well :)
Than Q

hello, do you have the answer for the question below?????

Hi Peter, Great job i remember more than 50% of the questions from the last exam i took a week ago, Do you or anyone else have the right answer for those questions ?

thx

My attempt to answer Peter's questions.

Question 1: A,B
Question 2: B (Guess)
Question 3: A
Question 4: A
Question 5: E
Nothing for 6 and 7
Question 8: C
Questions 9: C
For the managed Service account : C

which one is better Andus or Snowden ??

These are the New Question In Exam

-----------------------------------

Q1: You deploy a windows Server Update (WSUS) server named Server01.
You need to ensure that you can view update reports and computer reports on server01.
Which two components should you install? Each correct answer presents part of the solution.

A. Microsoft Report Viewer 2008 Redistributable Package
B. Microsoft .Net Framework 2.0
C. Microsoft SQL Server 2008 R2 Builder 3.0
D. Microsoft XPS Viewer
E. Microsoft SQL Server 2012 reporting Services (SSRS)

Q2: You deploy a windows Server Update (WSUS) server named Server01.
You need to prevent the WSUS service on Server01 from being updated automatically.
What should you do from the update service console?

A. From the Product and Classification options, modify the Products setting.
B. From the Automatic Approvals options, modify the Advanced settings.
C. From the Product and Classification options, modify the Classifications setting.
D. From the Automatic Approvals options, modify the Default Automatic Approval rule.


Q3: You have a group managed Service Account name Account01. Only three servers named Server01, Server02 and Server03 are allowed to use Account01 service account.
You plan to decommission Server01.
You need to prevent Server01 from using the Account01 service account. The solution must ensure that Server02 and Server03 continue to use the Account01 service account
What command should you run? To answer, select the appropriate options in the answer area.

Answer Area Account01
Remove-ADServiceAccount -DNSHostName Server01
Reset-ADServiceAccount -PrincipalsAllowedToReteriveMamagedPassword Server01$
Set-ADServiceAccount -SAMAccountNAme Server02,Server03
-Server Server02$,Server03$


Q4: Note: This Question is part of series of question that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question.
You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computer run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify which domain controller must be online when cloning a domain controller.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy
Q5: Note: This Question is part of series of question that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question.
You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computer run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify whether deleted objects can be recovered from the Active Directory Recycle Bin.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy

Q6: Note: This Question is part of series of question that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question.
You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computer run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify whether the members of the protected Users group will be prevented from authenticating by using NTLM.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy


Q7: Note: This Question is part of series of question that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question.
You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computer run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify which user accounts were authenticated by RODC1.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy


Q8: Your Company is testing DirectAccess on Windows Server 2012 R2.
Users report that when they connect to the corporate network by using DirectAccess, access to Internet websites and Internet hosts is slow. The users report that when they disconnect from DirectAccess, acces to the internet websites and the internet hosts is much faster.
You need to identify the most likely cause of the performance issue.
What should you identify?

A. DirectAccess uses a self-signed certificate.
B. The corporate firewall blocks TCP port 8080.
C. Force tunneling is enabled.
D. The DNS suffix list is empty
Q9: Your network contains one Active Directory domain named contoso.com. The domain contains a file server named Server01 that runs Windows Server 2012 R2. Server01 has an operating system drive and a data drive. Server01 has a trusted Platform Module (TPM).
Which cmdlet should you run first?

A. Enable-TPMAutoProvisioning
B. Unblock-TPM
C. Install-WindowsFeature
D. Lock-BitLocker


Q10: You have the following Windows PowerShell output.
PS C:\Users\Administrator> New-AdServiceAccount service01 –DNSHostName service01.contoso.com New-ADServiceAccount : Key does not exist
At line : 1 char : 1
+ New-ADServicAccount service01
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: {CN=service01,CN… =contoso,DC=com:String} [New-ADServiceAccount], ADException
+FullyQualifiedErrorId :
ActiveDirectoryserver : -2146893811,Microsoft. ActiveDirectory . Management . Commands . NewADServiceAccount

You need to create a Managed service Account.
What should you do?

A. Run Set-KDSConfiguration and then run New-ADServiceAccount –Name “service01” –DNSHostName service01.contoso.com

B. Run New-AuthenticationPolicySilo, and then run New-ADServiceAccount – Name “service01” – DNSHostName

C. Run New-ADServiceAccount - Name “service01” – DNSHostName service01.contoso.com – RestrictToSingleComputer

D. Run New-ADServiceAccount - Name “service01” – DNSHostName service01.contoso.com – SAMAccountName service01.

I remember there was another question in my exam related to EFS

There are new questions on the test, would they ever revive questions from earlier versions of this exam? I noticed on Microsoft.actualtests.70-411.v2015-07-30.by.pt300q.vce there are older questions on this one, when I researched them I found them on boards from 2013. Just Curious

as anyone recall the following questions :
1. about bitlocker decryption agent, which user name will use to decrypte ? there was a drop list and 3 cases to choose from, 1 from local account and 2 from domain account scenarios.
2. the 10 dc's and 1 rodc - a pack of 4-5 questions related RODC, it will help if someone remember the questions correctly

thx

there was one question - how to add a comment in the GPO - the answer though the edit of the gpo object

Those questions are from the dumps, we want the new questions posted

Hi Josef_the_Great, I think the answers are:
1. E.the Dcpromo command
2. Server 1: WDS
3. D.The referral settings of the namespace
4. D.Audit Policy\Audit object Access y F.Advanced Audit Policy Configuration\Object Access
5. C.From the Network Policy Server console, configure a Windows Security Health Validator (WSHV) policy.

1. E
2. WDS
3. D
4, D,F
5, A?

Hi Tamor,

I tried few dumps and site but unfortunately couldn't find any latest dump.

Make sure to learn all AD commands that may help in passing. If possible please upload new exam questions.

Thanks

a lot of new questions.new dump please

Hi,

really are you using 2013 november dump? why?

RODC Questins

1. You need to identify which domain controllers are authorized to be cloned by using virtual domain controller cloning

2. You need to identify whether the members of the protected Users group will be prevented from authenticating by using NTLM

3.You need to identify which security principals are authorized to have their password cached on RODC1.

which cmdlet?

@Kay I mean as we remembered our exam question after answered our test.One person remember one question it'll be ok for next person to answer 411 exam .

hi guys .. does anybody know where can i find the new questions .. or anybody took the second shot can till us what he did

Hi Guys,

I got a question something like bullet direct Access. I dont remember the question does anyone remember that question.

Thanks

In my exam questions there was a question related to ADSIEdit. I donn't exactly remember the question. Is there anyone remember that question.

Thanks

This Dump is not longer valid.I studied Angus and Showden... Failed Today with 625.South Africa

Whoever takes the next exam please write the exact questions. Right now all the new questions are written in confusing form. I will surely write them if I remember even if I fail. Many thanks in advance! Cheers!

I studied the Angus and Gerald dumps and same as a lot of recent comments, about 15 or so were new out of the 49 questions in my exam.. I also failed with a 670 score. The comments about the new questions are exactly what I had in my exam.

Multiple questions about RODCs.

Which Protected Accounts use NTLM (none - protected accounts cannot use NTLM, so the accounts cannot be a member of a specific group - so the answer is GetADGroup)

AD Recycle Bin (Get-ADOptionalFeature)

To view generated reports for WSUS on Server 2012 as a minimum you'll need?
•Microsoft report viewer 2008 distributable
•.Net Framework 2.0
See technote: http://www.genelaisne.com/viewing-reports-in-windows-server-2012-wsus/


An additional one I recall had something to do with "You get an error when creating a new Managed Service account", and it mentioned an error with a "key". Doing some research I found this technote that says you need to create a KDS Root Key first:

http://blogs.technet.com/b/askpfeplat/archive/2012/12/17/windows-server-2012-group-managed-service-accounts.aspx

Hopefully the comments already posted will help me with my exam retake next week.

I sat this two days ago. Failed by 1-2 questions. Dump is %60 valid. Some questions had different answer sets however. Had set of questions related to 10DCs and an RODC (same as volvo mentioned below). Also several bitlocker questions.

Also had a question that presented a failed powershell cmdlet for a GMSA 'key does not exist'. Answer was to run cmdlet Add-KDSRootKey first

For the question about the WSUS firewall config, you must open port 8530, and 8531.

For the question of GPO: What PS cmd will disable site/domain policy for ou1, my guess is Remove-GPLINK

I thinks It is very good Idea to write down new questions and solve to pass exam