70-412 Exam
[Down to date] 70 412 pdf
Act now and download your Microsoft 70 412 dumps test today! Do not waste time for the worthless Microsoft 70 412 dumps tutorials. Download Avant-garde Microsoft Configuring Advanced Windows Server 2012 Services exam with real questions and answers and begin to learn Microsoft 70 412 pdf with a classic professional.
Q71. You have a server named Server1.
You install the IP Address Management (IPAM) Server feature on Server1.
You need to provide a user named User1 with the ability to set the access scope of all the DHCP servers that are managed by IPAM. The solution must use the principle of least privilege.
Which user role should you assign to User1?
A. DNS Record Administrator Role
B. IPAM DHCP Reservations Administrator Role
C. IPAM Administrator Role
D. IPAM DHCP Administrator Role
Answer: D
Explanation:
The IPAM DHCP administrator role completely manages DHCP servers.
C:\Users\Chaudhry\Desktop\1.jpg
Reference: What's New in IPAM
Q72. Your network contains two Active Directory forests named contoso.com and corp.contoso.com.
User1 is a member of the DnsAdmins domain local group in contoso.com.
User1 attempts to create a conditional forwarder to corp.contoso.com but receive an error message shown in the exhibit. (Click the Exhibit button.)
You need to configure bi-directional name resolution between the two forests.
What should you do first?
A. Add User1 to the DnsUpdateProxy group.
B. Configure the zone to be Active Directory-integrated.
C. Enable the Advanced view from DNS Manager.
D. Run the New Delegation Wizard.
Answer: B
Explanation:
The zone must be Active Directory-integrated.
Q73. You configure the nodes to use the port rule shown in the exhibit. (Click the Exhibit button.)
You need to configure the NLB cluster to meet the following requirements:
. HTTPS connections must be directed to Server1 if Serverl is available. . HTTP connections must be load balanced between the two nodes.
Which three actions should you perform? {Each correct answer presents part of the solution. Choose three.
A. From the host properties of Server2, set the Handling priority of the existing port rule to 2.
B. Create a port rule for TCP port 80. Set the Filtering mode to Multiple host and set the Affinity to None.
C. Create an additional port rule for TCP port 443. Set the Filtering mode to Multiple host and set the Affinity to Single.
D. From the host properties of Server1, set the Handling priority of the existing port rule to 2.
E. From the host properties of Server2, set the Priority (Unique host ID) value to 1.
F. From the host properties of Server1, set the Handling priority of the existing port rule to 1.
Answer: A,B,F
Explanation:
Multiple hosts. This parameter specifies that multiple hosts in the cluster handle network traffic for the associated port rule. This filtering mode provides scaled performance in addition to fault tolerance by distributing the network load among multiple hosts. You can specify that the load be equally distributed among the hosts or that each host handle a specified load weight.
Note: Handling priority: When Single host filtering mode is being used, this parameter specifies the local host's priority for handling the networking traffic for the associated port rule. The host with the highest handling priority (lowest numerical value) for this rule among the current members of the cluster will handle all of the traffic for this rule. The allowed values range from 1, the highest priority, to the maximum number of hosts allowed (32). This value must be unique for all hosts in the cluster.
Reference: Network Load Balancing parameters.
Q74. You have a server named Server1 that runs Windows Server 2012 R2.
From Server Manager, you install the Active Directory Certificate Services server role on Server1.
A domain administrator named Admin1 logs on to Server1.
When Admin1 runs the Certification Authority console, Admin1 receive the following error message.
You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error message does not appear.
What should you do?
A. Install the Active Directory Certificate Services (AD CS) tools.
B. Run the regsvr32.exe command.
C. Modify the PATH system variable.
D. Configure the Active Directory Certificate Services server role from Server Manager.
Answer: D
Explanation:
The error message is related to missing role configuration.
* Cannot Manage Active Directory Certificate Services Resolution: configure the two Certification Authority and Certification Authority Web Enrollment Roles:
image
Reference: Cannot manage Active Directory Certificate Services in Server 2012 Error 0x800070002
Q75. Your network contains two Active Directory forests named contoso.com and adatum.com.
Contoso.com contains one domain. Adatum.com contains a child domain named child.adatum.com.
Contoso.com has a one-way forest trust to adatum.com. Selective authentication is enabled on the forest trust.
Several user accounts are migrated from child.adatum.com to adatum.com.
Users report that after the migration, they fail to access resources in contoso.com. The users successfully accessed the resources in contoso.com before the accounts were migrated.
You need to ensure that the migrated users can access the resources in contoso.com.
What should you do?
A. Replace the existing forest trust with an external trust.
B. Run netdom and specify the /quarantine attribute.
C. Disable SID filtering on the existing forest trust.
D. Disable selective authentication on the existing forest trust.
Answer: C
Explanation:
Security Considerations for Trusts Need to gain access to the resources in contoso.com
Disabling SID Filter Quarantining on External Trusts Although it reduces the security of your forest (and is therefore not recommended), you can disable SID filter quarantining for an external trust by using the Netdom.exe tool. You should consider disabling SID filter quarantining only in the following situations:
* Users have been migrated to the trusted domain with their SID histories preserved, and
you want to grant them access to resources in the trusting domain based on the SID history
attribute.
Etc.
Incorrect:
Not B. Enables administrators to manage Active Directory domains and trust relationships
from the command prompt, /quarantine Sets or clears the domain quarantine.
Not D. Selective authentication over a forest trust restricts access to only those users in a
trusted forest who have been explicitly given authentication permissions to computer
objects (resource computers) that reside in the trusting forest.
Reference: Security Considerations for Trusts
http://technet.microsoft.com/en-us/library/cc755321(v=ws.10).aspx
Q76. DRAG DROP
Your network contains four servers that run Windows Server 2012 R2.
Each server has the Failover Clustering feature installed. Each server has three network
adapters installed. An iSCSI SAN is available on the network.
You create a failover cluster named Cluster1. You add the servers to the cluster.
You plan to configure the network settings of each server node as shown in the following table.
You need to configure the network settings for Cluster1.
What should you do?
To answer, drag the appropriate network communication setting to the correct cluster network. Each network communication setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q77. Your network contains an Active Directory domain named adatum.com. The domain contains two domain controllers that run Windows Server 2012 R2. The domain controllers are configured as shown in the following table.
You log on to DC1 by using a user account that is a member of the Domain Admins group, and then you create a new user account named User1.
You need to prepopulate the password for User1 on DC2.
What should you do first?
A. Connect to DC2 from Active Directory Users and Computers.
B. Add DC2 to the Allowed RODC Password Replication Policy group.
C. Add the User1 account to the Allowed RODC Password Replication Policy group.
D. Run Active Directory Users and Computers as a member of the Enterprise Admins group.
Answer: D
Explanation:
To prepopulate the password cache for an RODC by using Active Directory Users and Computers (see step 1 below).
Administrative credentials: To prepopulate the password cache for an RODC, you must be a member of the Domain Admins group.
Click Start, click Administrative Tools, and then click Active Directory Users and
Computers.
Ensure that Active Directory Users and Computers points to the writable domain
controller that is running Windows Server 2008, and then click Domain Controllers.
In the details pane, right-click the RODC computer account, and then click
Properties.
Click the Password Replication Policy tab.
Click Advanced.
Click Prepopulate Passwords.
Type the name of the accounts whose passwords you want to prepopulate in the
cache for the RODC, and then click OK.
When you are asked if you want to send the passwords for the accounts to the
RODC, click Yes.
Note: You can prepopulate the password cache for an RODC with the passwords of user and computer accounts that you plan to authenticate to it. When you prepopulate the RODC password cache, you trigger the RODC to replicate and cache the passwords for users and computers before the accounts try to log on in the branch office.
Incorrect: Not C. You don't need to add User1 to the Allowed RODC Password Replication Policy group. As a first step you should run Active.Directory Users and Computers as a member of the Domain/Enterprise Admins group.-
Reference: Password Replication Policy Administration
http://technet.microsoft.com/en-us/library/cc753470(v=ws.10).aspx#BKMK_pre
Q78. You have a server named Server1 that runs Windows Server 2012 R2.
Server1 fails.
You identify that the master boot record (MBR) is corrupt.
You need to repair the MBR.
Which tool should you use?
A. Bcdedit
B. Bcdboot
C. Bootrec
D. Fixmbr
Answer: C
Explanation:
Repairing an unbootable Windows installation with bootrec.exe If the boot/recovery partition is corrupted or lost, you can modify your Windows OS partition to boot.
. Boot from your Windows Vista/7/Server2008/R2/2012 media and choose the
"Repair Windows" option. . Open the command prompt. . Using diskpart, mark your Windows partition as bootable. . If your windows partition does not have it, copy the "boot" folder from the
installation media.
. Run the following commands: >c: >cd boot >attrib bcd -s -h -r >ren c:\boot\bcd bcd.old >bootrec /RebuildBcd Reboot and Windows should boot normally. If not, return to the command prompt and run: >bootrec /FixMBR >bootrec /FixBoot
Incorrect: Not A. BCDEdit is a command-line tool for managing BCD stores. It can be used for a variety of purposes, including creating new stores, modifying existing stores, adding boot menu options, and so on. BCDEdit serves essentially the same purpose as Bootcfg.exe on earlier versions of Windows Not B. The BCDboot tool is a command-line tool that enables you to manage system partition files Not D. Fixmbr is not a tool. Fixmbr is an option when using the bootrec tool.
Reference: Windows BCD Store
http://www.itsgotme.com/wiki/Windows_BCD
Q79. Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that has the Active Directory Federation Services server role installed. All servers run Windows Server 2012.
You complete the Active Directory Federation Services Configuration Wizard on Server1. You need to ensure that client devices on the internal network can use Workplace Join. Which two actions should you perform on Server1? (Each correct answer presents part of the solution. Choose two.)
A. Run Enable-AdfsDeviceRegistration -PrepareActiveDirectory.
B. Edit the multi-factor authentication global authentication policy settings.
C. Run Enable-AdfsDeviceRegistration.
D. Run Set-AdfsProxyProperties HttpPort 80.
E. Edit the primary authentication global authentication policy settings.
Answer: C,E
Explanation:
C. To enable Device Registration Service
On your federation server, open a Windows PowerShell command window and type:
Enable-AdfsDeviceRegistration
Repeat this step on each federation farm node in your AD FS farm.
E. Enable seamless second factor authentication
Seamless second factor authentication is an enhancement in AD FS that provides an
added level of access protection to corporate resources and applications from external
devices that are trying to access them. When a personal device is Workplace Joined, it
becomes a ‘known’ device and administrators can use this information to drive conditional
access and gate access to resources.
To enable seamless second factor authentication, persistent single sign-on (SSO) and
conditional access for Workplace Joined devices.
In the AD FS Management console, navigate to Authentication Policies. Select Edit Global
Primary Authentication. Select the check box next to Enable Device Authentication, and
then click OK.
Reference: Configure a federation server with Device Registration Service.
Q80. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The relevant servers in the domain are configured as shown in the following table.
You plan to create a shared folder on Server1 named Share1. Share1 must only be accessed by users who are using computers that are joined to the domain.
You need to identify which servers must be upgraded to support the requirements of Share1.
In the table below, identify which computers require an upgrade and which computers do not require an upgrade. Make only one selection in each row. Each correct selection is worth one point.
Answer: