Latest 70-411 Rapidshare 2021

NEW QUESTION 1
HOTSPOT
You have a file server named Server1 that runs Windows Server 2012 R2.
A user named User1 is assigned the modify NTFS permission to a folder named C:shares and all of the subfolders of C:shares.
On Server1, you open File Server Resource Manager as shown in the exhibit. (Click the Exhibit button.)

To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 2

Your company is testing DirectAccess on Windows Server 2012 R2.
Users report that when they connect to the corporate network by using DirectAccess, access to Internet websites and Internet hosts is slow. The users report that when they disconnect from DirectAccess, access to the Internet websites and the Internet hosts is much faster.
You need to identify the most likely cause of the performance issue. What should you identify?

• A. DirectAccess uses a self-signed certificate.
• B. Force tunneling is enabled.
• C. The corporate firewall blocks TCP port 8080.
• D. The DNS suffix list is empty.

Answer: B

NEW QUESTION 3

You have a Windows Server Update Services (WSUS) server named Server1.. Server1 synchronizes from Microsoft Update.
You plan to deploy a new WSUS server named Server2. Server2 will synchronize updates from Server1. Server2 will be separated from Server1 by a firewall.
You need to identify which port must be open on the firewall so that Server2 can synchronize the updates.
Which port should you identify?

• A. 8530
• B. 3389
• C. 443
• D. 80

Answer: A

Explanation:
WSUS upstream and downstream servers will synchronize on the port configured by the WSUS Administrator. By default, these ports are configured as follows: On WSUS 3.2 and earlier, port 80 for HTTP and 443 for HTTPS
On WSUS 6.2 and later (at least Windows Server 2012), port 8530 for HTTP and 8531 for HTTPS
The firewall on the WSUS server must be configured to allow inbound traffic on these ports. https://technet.microsoft.com/en-us/library/hh852346.aspx

NEW QUESTION 4

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
You have a Group Policy object (GPO) named GPO1 that contains hundreds of settings. GPO1 is linked to an organizational unit (OU) named OU1. OU1 contains 200 client computers.
You plan to unlink GPO1 from OU1.
You need to identify which GPO settings will be removed from the computers after GPO1 is unlinked from OU1.
Which two GPO settings should you identify? (Each correct answer presents part of the solution. Choose two.)

• A. The managed Administrative Template settings
• B. The unmanaged Administrative Template settings
• C. The System Services security settings
• D. The Event Log security settings
• E. The Restricted Groups security settings

Answer: AD

Explanation:
There are two kinds of Administrative Template policy settings: Managed and Unmanaged . The Group Policy service governs Managed policy settings and removes a policy setting when it is no longer within scope of the user or computer.
References:
http: //technet. microsoft. com/en-us/library/cc778402(v=ws. 10). aspx http: //technet. microsoft. com/en-us/library/bb964258. aspx

NEW QUESTION 5

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed.
An administrator creates a RADIUS client template named Template1. You create a RADIUS client named Client1 by using Template 1.
You need to modify the shared secret for Client1. What should you do first?

• A. Configure the Advanced settings of Template1.
• B. Set the Shared secret setting of Template1 to Manual.
• C. Clear Enable this RADIUS client for Client1.
• D. Clear Select an existing template for Client1.

Answer: D

Explanation:
Clear checkmark for Select an existing template in the new client wizard. In New RADIUS Client, in Shared secret, do one of the following:
Bullet Ensure that Manual is selected, and then in Shared secret, type the strong password that is also entered on the RADIUS client. Retype the shared secret in Confirm shared secret.

NEW QUESTION 6

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
A local account named Admin1 is a member of the Administrators group on Server1.
You need to generate an audit event whenever Admin1 is denied access to a file or folder. What should you run?

• A. auditpol.exe /set /userradmin1 /failure: enable
• B. auditpol.exe /set /user: admin1 /category: "detailed tracking" /failure: enable
• C. auditpol.exe /resourcesacl /set /type: file /user: admin1 /failure
• D. auditpol.exe /resourcesacl /set /type: key /user: admin1 /failure /access: ga

Answer: C

Explanation:
http: //technet. microsoft. com/en-us/library/ff625687. aspx
To set a global resource SACL to audit successful and failed attempts by a user to perform generic read and write functions on files or folders:
auditpol /resourceSACL /set /type: File /user: MYDOMAINmyuser /success /failure /access: FRFW
http: //technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx Syntax
auditpol /resourceSACL
[/set /type: <resource> [/success] [/failure] /user: <user> [/access: <access flags>]] [/remove /type: <resource> /user: <user> [/type: <resource>]]
[/clear [/type: <resource>]]
[/view [/user: <user>] [/type: <resource>]]
References:
http: //technet. microsoft. com/en-us/library/ff625687%28v=ws. 10%29. aspx http: //technet. microsoft. com/en-us/library/ff625687%28v=ws. 10%29. aspx http: //technet. microsoft. com/en-us/library/ff625687. aspx
http: //technet. microsoft. com/en-us/library/ff625687%28v=ws. 10%29. aspx

NEW QUESTION 7
HOTSPOT
Your network contains an Active Directory domain named contoso.com.
You create an organizational unit (OU) named OU1 and a Group Policy object (GPO) named GPO1. You link GPO1 to OU1.
You move several file servers that store sensitive company documents to OU1. Each file server contains more than 40 shared folders.
You need to audit all of the failed attempts to access the files on the file servers in OU1. The solution must minimize administrative effort.
Which two audit policies should you configure in GPO1? To answer, select the appropriate two objects in the answer area.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 8
HOTSPOT
Your network contains an Active Directory domain named contoso.com. You implement DirectAccess.
You need to view the properties of the DirectAccess connection.
Which connection properties should you view? To answer, select the appropriate connection properties in the answer area.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 9

Your network contains an Active Directory domain named contoso.com. The domain contains client computers that run either Windows XP or Windows 8.
Network Policy Server (NPS) is deployed to the domain. You plan to create a system health validator (SHV).
You need to identify which policy settings can be applied to all of the computers.
Which three policy settings should you identify? (Each correct answer presents part of the solution. Choose three.)

• A. Antispyware is up to date.
• B. Automatic updating is enabled.
• C. Antivirus is up to date.
• D. A firewall is enabled for all network connections.
• E. An antispyware application is on.

Answer: BCD

Explanation:
The WSHA on NAP client computers running Windows XP SP3 does not monitor the status of antispyware applications.

NEW QUESTION 10
HOTSPOT
You have a server named Server4 that runs Windows Server 2012 R2. Server4 has the Windows Deployment Services server role installed.
Server4 is configured as shown in the exhibit. (Click the Exhibit button.)

To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 11

You have Windows Server 2012 R2 installation media that contains a file named Install.wim. You need to identify the permissions of the mounted images in Install.wim.
What should you do?

• A. Run dism.exe and specify the /get-mountedwiminfo parameter.
• B. Run imagex.exe and specify the /verify parameter.
• C. Run imagex.exe and specify the /ref parameter.
• D. Run dism.exe and specify the/get-imageinfo parameter.

Answer: A

Explanation:
/Get-MountedWimInfo Lists the images that are currently mounted and information about the mounted image such as read/write permissions, mount location, mounted file path, and mounted image index.
References:
http: //technet. microsoft. com/en-us/library/cc749447(v=ws. 10). aspx http: //technet. microsoft. com/en-us/library/dd744382(v=ws. 10). aspx http: //technet. microsoft. com/en-us/library/hh825224. aspx

NEW QUESTION 12

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.
All client computers run Windows 8 Enterprise.
DC1 contains a Group Policy object (GPO) named GPO1.
You need to update the PATH variable on all of the client computers. Which Group Policy preference should you configure?

• A. Ini Files
• B. Services
• C. Data Sources
• D. Environment

Answer: D

Explanation:
Environment Variable preference items allow you to create, update, replace, and delete user and system environment variables or semicolon-delimited segments of the PATH variable. Before you create an Environment Variable preference item, you should review the behavior of each type of action possible with this extension.

NEW QUESTION 13

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8.1 Enterprise and Microsoft Office 2013.
You implement a Group Policy central store.
You need to modify the default Microsoft Office 2013 Save As location for all client computers. The solution must minimize administrative effort.
What should you configure in a Group Policy object (GPO)?

• A. The Group Policy preferences
• B. An application control policy
• C. The Administrative Templates
• D. The Software Installation settings

Answer: A

Explanation:
Group Policy preferences provide the means to simplify deployment and standardize configurations. They add to Group Policy a centralized system for deploying preferences (that is, settings that users can change later). You can also use Group Policy preferences to configure applications that are not Group Policy-aware. By using Group Policy preferences, you can change or delete almost any registry setting, file or folder, shortcut, and more. You are not limited by the contents of Administrative Template files.
Reference: http://technet.microsoft.com/en-us/library/dn581922.aspx

NEW QUESTION 14
HOTSPOT
Your network contains an Active Directory domain named contoso.com.
You have several Windows PowerShell scripts that execute when users log on to their client computer.
You need to ensure that all of the scripts execute completely before the users can access their desktop.
Which setting should you configure? To answer, select the appropriate setting in the answer area.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
http: //technet. microsoft. com/en-us/library/cc738773(v=ws. 10). aspx Run logon scripts synchronously
Directs the system to wait for logon scripts to finish running before it starts the Windows Explorer interface program and creates the desktop.
If you enable this policy, Windows Explorer does not start until the logon scripts have finished running. This setting assures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop.
If you disable this policy or do not configure it, the logon scripts and Windows Explorer are not synchronized and can run simultaneously.

NEW QUESTION 15

Your network contains an Active Directory domain named contoso.com.
All user accounts for the marketing department reside in an organizational unit (OU) named OU1. All user accounts for the finance department reside in an organizational unit (OU) named OU2.
You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU2. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop.
You discover that when a user signs in, the Link1 is not added to the desktop. You need to ensure that when a user signs in, Link1 is added to the desktop. What should you do?

• A. Enforce GPO1.
• B. Enable loopback processing in GPO1.
• C. Modify the Link1 shortcut preference of GPO1.
• D. Modify the Security Filtering settings of GPO1.

Answer: D

Explanation:
Security filtering is a way of refining which users and computers will receive and apply the settings in a Group Policy object (GPO). Using security filtering, you can specify that only certain security principals within a container where the GPO is linked apply the GPO. Security group filtering determines whether the GPO as a whole applies to groups, users, or computers; it cannot be used selectively on different settings within a GPO.

NEW QUESTION 16

You have a server named Server1 that runs Windows Server 2012 R2. You discover that the performance of Server1 is poor.
The results of a performance report generated on Server1 are shown in the following table.

You need to identify the cause of the performance issue. What should you identify?

• A. Driver malfunction
• B. Insufficient RAM
• C. Excessive paging
• D. NUMA fragmentation

Answer: A

Explanation:
Processor: %DPC Time. Much like the other values, this counter shows the amount of time that the processor spends servicing DPC requests. DPC requests are more often than not associated with the network interface.
Processor: % Interrupt Time. This is the percentage of time that the processor is spending on handling Interrupts. Generally, if this value exceeds 50% of the processor time you may have a hardware issue. Some components on the computer can force this issue and not really be a problem. For example a programmable I/O card like an old disk controller card, can take up to 40% of the CPU time. A NIC on a busy IIS server can likewise generate a large percentage of processor activity.
Processor: % User Time. The value of this counter helps to determine the kind of processing that is affecting the system. Of course the resulting value is the total amount of non-idle time that was spent on User mode operations. This generally means application code.
Processor: %Privilege Time. This is the amount of time the processor was busy with Kernel mode operations. If the processor is very busy and this mode is high, it is usually an indication of some type of NT service having difficulty, although user mode programs can make calls to the Kernel mode NT components to occasionally cause this type of performance issue.
Memory: Pages/sec. This value is often confused with Page Faults/sec. The Pages/sec counter is a combination of Pages Input/sec and Pages Output/sec counters. Recall that Page Faults/sec is a combination of hard page faults and soft page faults. This counter, however, is a general indicator of how often the system is using the hard drive to store or retrieve memory associated data.
References:
http: //technet. microsoft. com/en-us/library/cc768048. aspx

NEW QUESTION 17

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 P.2. Server1 has the Network Policy and Access Services server role installed.
You plan to deploy 802. lx authentication to secure the wireless network.
You need to identify which Network Policy Server (NPS) authentication method supports certificate-based mutual authentication for the 802.1x deployment.
Which authentication method should you identify?

• A. MS-CHAP
• B. PEAP-MS-CHAPv2
• C. EAP-TLS
• D. MS-CHAP v2

Answer: C

Explanation:
802.1X uses EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication methods:
✑ EAP (Extensible Authentication Protocol) uses an arbitrary authentication method, such as certificates, smart cards, or credentials.
✑ EAP-TLS (EAP-Transport Layer Security) is an EAP type that is used in certificate- based security environments, and it provides the strongest authentication and key determination method.
✑ EAP-MS-CHAP v2 (EAP-Microsoft Challenge Handshake Authentication Protocol
version 2) is a mutual authentication method that supports password-based user or computer authentication.
✑ PEAP (Protected EAP) is an authentication method that uses TLS to enhance the
security of other EAP authentication protocols.

NEW QUESTION 18
DRAG DROP
Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8.1.
Group Policy objects (GPOs) are linked to the domain as shown in the exhibit. (Click the Exhibit button.)

GPO2 contains computer configurations only and GPO3 contains user configurations only. You need to configure the GPOs to meet the following requirements:
✑ Ensure that GPO2 only applies to the computer accounts in OU2 that have more
than one processor.
✑ Ensure that GPO3 only applies to the user accounts in OU3 that are members of a security group named SecureUsers.
Which setting should you configure in each GPO?
To answer, drag the appropriate setting to the correct GPO. Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
https://technet.microsoft.com/en-us/library/cc732796(v=ws.11).aspx https://technet.microsoft.com/en-us/library/cc752992(v=ws.11).aspx

NEW QUESTION 19
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server2, Server3, and Server4.
Server2 and Server4 host a Distributed File System (DFS) namespace named Namespace1.
You open the DFS Management console as shown in the exhibit. (Click the Exhibit button.)

To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 20

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
On all of the domain controllers, Windows is installed in C:Windows and the Active
Directory database is located in D:WindowsNTDS.
All of the domain controllers have a third-party application installed.
The operating system fails to recognize that the application is compatible with domain controller cloning.
You verify with the application vendor that the application supports domain controller cloning.
You need to prepare a domain controller for cloning. What should you do?

• A. In D:WindowsNTDS, create an XML file named DCCloneConfig.xml and add the application information to the file.
• B. In the root of a USB flash drive, add the application information to an XML file named DefaultDCCIoneAllowList.xml.
• C. In D:WindowsNTDS, create an XML file named CustomDCCloneAllowList.xml and add the application information to the file.
• D. In C:WindowsSystem32SysprepActionfiles, add the application information to an XML file named Respecialize.xml.

Answer: C

Explanation:
Place the CustomDCCloneAllowList.xml file in the same folder as the Active Directory database (ntds. dit) on the source Domain Controller.

References:
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in-active-directory-domain-services-in-windows-server-2012-part-13-domain-controller- cloning. aspx
http://www.thomasmaurer.ch/2012/08/windows-server-2012-hyper-v-how-to-clone-a-virtual-domain-controller
http: //technet. microsoft. com/en-us/library/hh831734. aspx

NEW QUESTION 21

Your network contains an Active Directory domain named contoso.com. All servers run
Windows Server 2012 R2.
The domain contains a server named Server1 that has the Network Policy Server server role and the Remote Access server role installed. The domain contains a server named Server2 that is configured as a RADIUS server.
Server1 provides VPN access to external users.
You need to ensure that all of the VPN connections to Server1 are logged to the RADIUS server on Server2.
What should you run?

• A. Add-RemoteAccessRadius -ServerNameServer1 -AccountingOnOffMsg Enabled - SharedSecret "Secret" -Purpose Accounting
• B. Set-RemoteAccessAccounting -AccountingOnOffMsg Enabled -AccountingOnOffMsg Enabled
• C. Add-RemoteAccessRadius -ServerName Server2 -AccountingOnOffMsg Enabled - SharedSecret "Secret" -Purpose Accounting
• D. Set-RemoteAccessAccounting -EnableAccountingType Inbox -AccountingOnOffMsg Enabled

Answer: C

Explanation:
Add-RemoteAccessRadius
Adds a new external RADIUS server for VPN authentication, accounting for DirectAccess (DA) and VPN, or one-time password (OTP) authentication for DA. AccountingOnOffMsg<String>
Indicates the enabled state for sending of accounting on or off messages. The acceptable values for this parameter are:
✑ Enabled.
✑ Disabled. This is the default value.
This parameter is applicable only when the RADIUS server is being added for Remote Access accounting.

NEW QUESTION 22

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.
All client computers run Windows 8 Enterprise.
DC1 contains a Group Policy object (GPO) named GPO1. You need to deploy a VPN connection to all users.
What should you configure from User Configuration in GPO1?

• A. Policies/Administrative Templates/Network/Windows Connect Now
• B. Policies/Administrative Templates/Network/Network Connections
• C. Policies/Administrative Templates/Windows Components/Windows Mobility Center
• D. Preferences/Control Panel Settings/Network Options

Answer: D

Explanation:
1. Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit.
2. In the console tree under Computer Configuration or User Configuration, expand the Preferences folder, and then expand the Control Panel Settings folder.
3. Right-click the Network Options node, point to New, and select VPN Connection.
The Network Options extension allows you to centrally create, modify, and delete dial-up networking and virtual private network (VPN) connections. Before you create a network option preference item, you should review the behavior of each type of action possible with the extension.
Reference: http: //technet.microsoft.com/en-us/library/cc772449.aspx

NEW QUESTION 23
HOTSPOT
Your company has four offices. The offices are located in Montreal, Seattle, Sydney, and New York.
The network contains an Active Directory domain named contoso.com. The domain contains a server named Server2 that runs Windows Server 2012 R2. Server2 has the DHCP Server server role installed.
All client computers obtain their IPv4 and IPv6 addresses from DHCP.
You need to ensure that Network Access Protection (NAP) enforcement for DHCP applies to all of the client computers except for the client computers in the New York office.
Which two nodes should you configure? To answer, select the appropriate two nodes in the answer area.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 24

Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
A network administrator accidentally deletes the Default Domain Policy GPO. You do not have a backup of any of the GPOs.
You need to recreate the Default Domain Policy GPO. What should you use?

• A. Dcgpofix
• B. Get-GPOReport
• C. Gpfixup
• D. Gpresult
• E. Gpedi
• F. msc
• G. Import-GPO
• H. Restore-GPO
• I. Set-GPInheritance
• J. Set-GPLink
• K. Set-GPPermission
• L. Gpupdate
• M. Add-ADGroupMember

Answer: A

Explanation:
Dcgpofix
Restores the default Group Policy objects to their original state (that is, the default state after initial installation).
Reference: http: //technet. microsoft. com/en-us/library/hh875588(v=ws. 10). aspx

NEW QUESTION 25

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server role service installed.
You plan to configure Server1 as a Network Access Protection (NAP) health policy server for VPN enforcement by using the Configure NAP wizard.
You need to ensure that you can configure the VPN enforcement method on Server1 successfully.
What should you install on Server1 before you run the Configure NAP wizard?

• A. A system health validator (SHV)
• B. The Host Credential Authorization Protocol (HCAP)
• C. A computer certificate
• D. The Remote Access server role

Answer: C

Explanation:
Configure NAP enforcement for VPN
This checklist provides the steps required to deploy computers with Routing and Remote Access Service installed and configured as VPN servers with Network Policy Server (NPS) and Network Access Protection (NAP).

NEW QUESTION 26

Your network contains an Active Directory domain named contoso.com. The domain contains a RADIUS server named Server1 that runs Windows Server 2012 R2.
You add a VPN server named Server2 to the network. On Server1, you create several network policies.
You need to configure Server1 to accept authentication requests from Server2. Which tool should you use on Server1?

• A. Server Manager
• B. Routing and Remote Access
• C. New-NpsRadiusClient
• D. Connection Manager Administration Kit (CMAK)

Answer: C

Explanation:
New-NpsRadiusClient -Name "NameOfMyClientGroup" -Address "10.1.0.0/16" - AuthAttributeRequired 0 -NapCompatible 0 -SharedSecret "SuperSharedSecretxyz" - VendorName "RADIUS Standard"


Reference:
http: //technet. microsoft. com/en-us/library/hh918425(v=wps. 620). aspx
http: //technet. microsoft. com/en-us/library/jj872740(v=wps. 620). aspx
http: //technet. microsoft. com/en-us/library/dd469790. aspx

NEW QUESTION 27

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 is backed up daily.
The domain has the Active Directory Recycle Bin enabled.
During routine maintenance, you delete 500 inactive user accounts and 100 inactive groups. One of the deleted groups is named Group1. Some of the deleted user accounts are members of some of the deleted groups.
For documentation purposes, you must provide a list of the members of Group1 before the group was deleted.
You need to identify the names of the users who were members of Group1 prior to its deletion.
You want to achieve this goal by using the minimum amount of administrative effort. What should you do first?

• A. Mount the most recent Active Directory backup.
• B. Reactivate the tombstone of Group1.
• C. Perform an authoritative restore of Group1.
• D. Use the Recycle Bin to restore Group1.

Answer: A

Explanation:
The Active Directory Recycle Bin does not have the ability to track simple changes to objects.
If the object itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the future. In other words, there is no rollback capacity for changes to object properties, or, in other words, to the values of these properties.

NEW QUESTION 28

You have a failover cluster that contains five nodes. All of the nodes run Windows Server 2012 R2. All of the nodes have BitLocker Drive Encryption (BitLocker) enabled.
You enable BitLocker on a Cluster Shared Volume (CSV).
You need to ensure that all of the cluster nodes can access the CSV. Which cmdlet should you run next?

• A. Unblock-Tpm
• B. Add-BitLockerKeyProtector
• C. Remove-BitLockerKeyProtector
• D. Enable BitLockerAutoUnlock

Answer: B

Explanation:
4. Add an Active Directory Security Identifier (SID) to the CSV disk using the Cluster Name Object (CNO) The Active Directory protector is a domain security identifier (SID) based protector for protecting clustered volumes held within the Active Directory infrastructure. It can be bound to a user account, machine account or group. When an unlock request is made for a protected volume, the BitLocker service interrupts the request and uses the BitLocker protect/unprotect APIs to unlock or deny the request. For the cluster service to selfmanage
BitLocker enabled disk volumes, an administrator must add the Cluster Name Object (CNO), which is the Active Directory identity associated with the Cluster Network name, as a BitLocker protector to the target disk volumes.
Add-BitLockerKeyProtector <drive letter or CSV mount point> - ADAccountOrGroupProtector – ADAccountOrGroup $cno

NEW QUESTION 29
......