getcertified4sure.com

70-412 Exam

What tells you about examcollection 70 412



Exam Code: examcollection 70 412 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Configuring Advanced Windows Server 2012 Services
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass 70 412 pdf Exam.

Q51. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. All servers run Windows Server 2012 R2. 

You install the DHCP Server server role on both servers. 

On Server1, you have the DHCP scope configured as shown in the exhibit. (Click the Exhibit button.) 

You need to configure the scope to be load-balanced across Server1 and Server2. 

What Windows PowerShell cmdlet should you run on Server1? To answer, select the appropriate options in the answer area. 

Answer: 


Q52. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed. 

You need to create an IPv6 scope on Server1. The scope must use an address space that is reserved for private networks. The addresses must be routable. 

Which IPV6 scope prefix should you use? 

A. 2001:123:4567:890A:: 

B. FE80:123:4567:: 

C. FF00:123:4567:890A:: 

D. FD00:123:4567:: 

Answer: D Explanation: 

Explanation/Reference: 

* A unique local address (ULA) is an IPv6 address in the block fc00::/7, defined in RFC 

4193. It is the approximate IPv6 counterpart of the IPv4 private address. 

The address block fc00::/7 is divided into two /8 groups: 

/ The block fc00::/8 has not been defined yet. 

/ The block fd00::/8 is defined for /48 prefixes, formed by setting the 40 least-significant bits 

of the prefix to a randomly generated bit string. 

* Prefixes in the fd00::/8 range have similar properties as those of the IPv4 private address 

ranges: 

/ They are not allocated by an address registry and may be used in networks by anyone 

without outside involvement. 

/ They are not guaranteed to be globally unique. 

/ Reverse Domain Name System (DNS) entries (under ip6.arpa) for fd00::/8 ULAs cannot 

be delegated in the global DNS. 

Reference: RFC 4193 


Q53. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 and a server named Server1. Both servers run Windows Server 2012 R2. 

You configure the classification of a share on Server1 as shown in the Share1 Properties exhibit. (Click the Exhibit button.) 

You configure the resource properties in Active Directory as shown in the Resource Properties exhibit. (Click the Exhibit button.) 

You need to ensure that the Impact classification can be assigned to Share1 immediately. 

Which cmdlet should you run on each server? 

To answer, select the appropriate cmdlet for each server in the answer area. 

Answer: 


Q54. DRAG DROP 

Your network contains an Active Directory forest. The forest contains a single domain named contoso.com. 

The forest contains two Active Directory sites named Main and Branch1. The sites connect to each other by using a site link named Main-Branch1. There are no other site links. 

Each site contains several domain controllers. All domain controllers run Windows Server 2012 R2. Your company plans to open a new branch site named Branch2. The new site will have a WAN link that connects to the Main site only. The site will contain two domain controllers that run Windows Server 2012 R2. 

You need to create a new site and a new site link for Branch2. The solution must ensure that the domain controllers in Branch2 only replicate to the domain controllers in Branch1 if all of the domain controllers in Main are unavailable. 

Which three actions should you perform? 

To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order. 

Answer: 


Q55. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 has the DNS Server server role installed. 

The network contains client computers that run either Linux, Windows 7, or Windows 8. 

You have a zone named adatum.com as shown in the exhibit. (Click the Exhibit button.) 

You plan to configure Name Protection on all of the DHCP servers. 

You need to configure the adatum.com zone to support Name Protection. 

What should you do? 

A. Change the zone type. 

B. Sign the zone. 

C. Add a DNSKEY record. 

D. Configure Dynamic updates. 

Answer:

Explanation: 

Name protection requires secure update to work. Without name protection DNS names may be hijacked. 

You can use the following procedures to allow only secure dynamic updates for a zone. Secure dynamic update is supported only for Active Directory–integrated zones. If the zone type is configured differently, you must change the zone type and directory-integrate the zone before securing it for Domain Name System (DNS) dynamic updates. 

Enable secure dynamic updates: 

Reference: DHCP: Secure DNS updates should be configured if Name Protection is 

enabled on any IPv4 scope http://technet.microsoft.com/en-us/library/ee941152(v=ws.10).aspx 


Q56. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as an enterprise certification authority (CA). 

You need to ensure that all of the users in the domain are issued a certificate that can be used for the following purposes: 

Email security 

Client authentication 

Encrypting File System (EFS) 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. From a Group Policy, configure the Certificate Services Client – Auto-Enrollment settings. 

B. From a Group Policy, configure the Certificate Services Client – Certificate Enrollment Policy settings. 

C. Modify the properties of the User certificate template, and then publish the template. 

D. Duplicate the User certificate template, and then publish the template. 

E. From a Group Policy, configure the Automatic Certificate Request Settings settings. 

Answer: A,D 

Explanation: 

The default user template supports all of the requirements EXCEPT auto enroll as shown below: 

However a duplicated template from users has the ability to autoenroll: 

The Automatic Certificate Request Settings GPO setting is only available to Computer, not user. 

Reference: Manage Certificate Enrollment Policy by Using Group Policy. http://technet.microsoft.com/en-us/library/dd851772.aspx 


Q57. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. All client 

computers run Windows 8 Enterprise. 

You have a remote site that only contains client computers. All of the client computer 

accounts are located in an organizational unit (OU) named Remote1. A Group Policy object 

(GPO) named GPO1 is linked to the Remote1 OU. 

You need to configure BranchCache for the remote site. 

Which two settings should you configure in GPO1? 

To answer, select the two appropriate settings in the answer area. 

Answer: 


Q58. Your network contains an Active Directory forest named contoso.com. The forest contains 

a single domain. The forest functional level is Windows Server 2012 R2. 

You have a domain controller named DC1. 

On DC1, you create a new Group Policy object (GPO) named GPO1. You need to verify that GPO1 was replicated to all of the domain controllers. 

Which tool should you use? 

A. Group Policy Management 

B. Active Directory Sites and Services 

C. DFS Management 

D. Active Directory Administrative Center 

Answer:

Explanation: 

In Windows Server 2012, the Group Policy Management Console (GPMC) was enhanced to provide a report for the overall health state of the Group Policy infrastructure for a domain, or to scope the health view to a single GPO. 

Reference: Check Group Policy Infrastructure Status 

http://technet.microsoft.com/en-us/library/jj134176.aspx 


Q59. Your company recently deployed a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2. 

You need to identify the time-to-live (TTL) value for domain referrals to the NETLOGON and SYSVOL shared folders. 

Which tool should you use? 

A. Ultrasound 

B. Replmon 

C. Dfsdiag 

D. Frsutil 

Answer:

Explanation: 

Explanation/Reference: 

DFSDIAG can check your configuration in five different ways: 

Checking referral responses (DFSDIAG /TestReferral) 

Checking domain controller configuration 

Checking site associations 

Checking namespace server configuration 

Checking individual namespace configuration and integrity 

Reference: Five ways to check your DFS-Namespaces (DFS-N) configuration with the 

DFSDIAG.EXE tool 


Q60. Your network contains an Active Directory domain named contoso.com. All servers run 

Windows Server 2012 R2. The domain contains a domain controller named DC1 that is 

configured as an enterprise root certification authority (CA). 

All users in the domain are issued a smart card and are required to log on to their domain-

joined client computer by using their smart card. 

A user named User1 resigned and started to work for a competing company. 

You need to prevent User1 immediately from logging on to any computer in the domain. 

The solution must not prevent other users from logging on to the domain. 

Which tool should you use? 

A. Server Manager 

B. The Certification Authority console 

C. Active Directory Administrative Center 

D. Active Directory Sites and Services 

Answer:


© Copyright Getcertified4sure.com. examcollectionuk.com
All other trademarks and copyrights are the property of their respective owners.
All rights reserved.