70-412 Exam
Examples of exam 70 412
Vivid of examcollection 70 412 actual exam materials and braindumps for Microsoft certification for IT candidates, Real Success Guaranteed with Updated exam 70 412 pdf dumps vce Materials. 100% PASS Configuring Advanced Windows Server 2012 Services exam Today!
Q1. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA).
All users in the domain are issued a smart card and are required to log on to their domain-joined client computer by using their smart card.
A user named User1 resigned and started to work for a competing company.
You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not prevent other users from logging on to the domain.
Which tool should you use?
A. Active Directory Administrative Center
B. Certificate Templates
C. The Security Configuration Wizard
D. The Certificates snap-in
Answer: A
Explanation:
To disable or enable a user account using Active Directory Administrative Center
1. To open Active Directory Administrative Center, click Start , click Administrative Tools ,
and then click Active Directory Administrative Center .
To open Active Directory Users and Computers in Windows Server 2012, click Start , type
dsac.exe .
2. In the navigation pane, select the node that contains the user account whose status you
want to change.
3. In the management list, right-click the user whose status you want to change.
4. Depending on the status of the user account, do one of the following: . uk.co.certification.simulator.questionpool.PList@ed88a30
Reference: Disable or Enable a User Account
Q2. You have a server named Server1 that runs Windows Server 2012 R2.
You install the File and Storage Services server role on Server1.
From Windows Explorer, you view the properties of a folder named Folder1 and you discover that the Classification tab is missing.
You need to ensure that you can assign classifications to Folder1 from Windows Explorer manually.
What should you do?
A. From Folder Options, clear Hide protected operating system files (Recommended).
B. Install the File Server Resource Manager role service.
C. From Folder Options, select the Always show menus.
D. Install the Share and Storage Management Tools.
Answer: B
Explanation:
On the Classification tab of the file properties in Windows Server 2012, File Classification Infra-structure adds the ability to manually classify files. You can also classify folders so that any file added to the classified folder will inherit the classifications of the parent folder.
Reference: What's New in File Server Resource Manager in Windows Server.
Q3. Your network contains one Active Directory domain named contoso.com. The domain contains three users named User1, User2, and User3.
You need to ensure that the users can log on to the domain by using the user principal names (UPNs) shown in the following table.
What should you use?
A. the Set-ADDomain cmdlet
B. the Add-DNSServerSecondaryZone cmdlet
C. the Setspn command
D. the Set-ADUser cmdlet
Answer: D
Reference: Technet, Set-ADUser https://technet.microsoft.com/en-us/library/ee617215.aspx
Q4. Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. The domains contain three domain controllers.
The domain controllers are configured as shown in the following table.
You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring setting is enforced in the child1.contoso.com domain.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Upgrade DC1 to Windows Server 2012 R2.
B. Upgrade DC11 to Windows Server 2012 R2.
C. Raise the domain functional level of childl.contoso.com.
D. Raise the domain functional level of contoso.com.
E. Raise the forest functional level of contoso.com.
Answer: A,D
Explanation:
The root domain in the forest must be at Windows Server 2012 level. First upgrade DC1 to this level (A), then raise the contoso.com domain functional level to Windows Server 2012 (D).
* (A) To support resources that use claims-based access control, the principal’s domains will need to be running one of the following: / All Windows Server 2012 domain controllers / Sufficient Windows Server 2012 domain controllers to handle all the Windows 8 device authentication requests / Sufficient Windows Server 2012 domain controllers to handle all the Windows Server
2012 resource protocol transition requests to support non-Windows 8 devices. Reference: What's New in Kerberos Authentication http://technet.microsoft.com/en-us/library/hh831747.aspx.
Q5. HOTSPOT
Your network contains an Active Directory forest.
You implement Dynamic Access Control in the forest.
You have the claim types shown in the Claim Types exhibit. (Click the Exhibit button.)
The properties of a user named User1 are configured as shown in the User1 exhibit. (Click the Exhibit button.)
The output of Whoami /claims for a user named User2 is shown in the Whoami exhibit. (Click the Exhibit button.)
Select Yes if the statement can be shown to be true based on the available information; otherwise select No. Each correct selection is worth one point.
Answer:
Q6. Your network contains one Active Directory domain named contoso.com. The domain contains the domain controllers configured as shown in the following table.
The functional level of the domain and the forest is Windows Server 2008.
An administrator named Admin1 is a member of the Domain Admins group.
You need to ensure that Admin1 can deploy a Windows Server 2012 R2 domain controller to contoso.com.
What should you do?
A. Raise the forest functional level.
B. Run the Set-ADForestMode cmdlet.
C. Raise the domain functional level.
D. Run the adprep.exe command.
Answer: D
Explanation: Adprep.exe commands run automatically as needed as part of the AD DS installation process on servers that run Windows Server 2012 or later. The commands need to run in the following cases:
* Before you add the first domain controller that runs a version of Windows Server that is later than the latest version that is running in your existing domain.
* Before you upgrade an existing domain controller to a later version of Windows Server, if that domain controller will be the first domain controller in the domain or forest to run that version of Windows Server.
Reference: Running Adprep.exe
https://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx
Q7. Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that has the Active Directory Federation Services server role installed. All servers run Windows Server 2012.
You complete the Active Directory Federation Services Configuration Wizard on Server1. You need to ensure that client devices on the internal network can use Workplace Join. Which two actions should you perform on Server1? (Each correct answer presents part of the solution. Choose two.)
A. Run Enable-AdfsDeviceRegistration -PrepareActiveDirectory.
B. Edit the multi-factor authentication global authentication policy settings.
C. Run Enable-AdfsDeviceRegistration.
D. Run Set-AdfsProxyProperties HttpPort 80.
E. Edit the primary authentication global authentication policy settings.
Answer: C,E
Explanation:
C. To enable Device Registration Service
On your federation server, open a Windows PowerShell command window and type:
Enable-AdfsDeviceRegistration
Repeat this step on each federation farm node in your AD FS farm.
E. Enable seamless second factor authentication
Seamless second factor authentication is an enhancement in AD FS that provides an
added level of access protection to corporate resources and applications from external
devices that are trying to access them. When a personal device is Workplace Joined, it
becomes a ‘known’ device and administrators can use this information to drive conditional
access and gate access to resources.
To enable seamless second factor authentication, persistent single sign-on (SSO) and
conditional access for Workplace Joined devices.
In the AD FS Management console, navigate to Authentication Policies. Select Edit Global
Primary Authentication. Select the check box next to Enable Device Authentication, and
then click OK.
Reference: Configure a federation server with Device Registration Service.
Q8. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. Server1 is a BranchCache hosted cache server that is located in a branch office.
The network contains client computers that run either Windows 7 or Windows 8.
For the branch office, all of the user accounts and the client computer accounts are located in an organizational unit (OU) named Branch1. A Group Policy object (GPO) named GPO1 is linked to Branch 1. GPO1 contains the BranchCache settings.
You discover that users in the branch office who have client computers that run Windows 7 do not access cached content from Server1. Users in the branch office who have Windows 8 computers access cached content from Server1.
You need to configure the Windows 7 computers to use BranchCache on Server1. Which setting should you configure in GPO1?
To answer, select the appropriate setting in the answer area.
Answer:
Q9. You have a server named Server1 that runs Windows Server 2012 R2 and is used for testing.
A developer at your company creates and installs an unsigned kernel-mode driver on Server1. The developer reports that Server1 will no longer start.
You need to ensure that the developer can test the new driver. The solution must minimize the amount of data loss.
Which Advanced Boot Option should you select?
A. Disable Driver Signature Enforcement
B. Disable automatic restart on system failure
C. Last Know Good Configuration (advanced)
D. Repair Your Computer
Answer: A
Explanation:
A. By default, 64-bit versions of Windows Vista and later versions of Windows will load a kernel-mode driver only if the kernel can verify the driver signature. However, this default behavior can be disabled to facilitate early driver development and non-automated testing.
Incorrect:
Not B. specifies that Windows automatically restarts your computer when a failure occurs.
Not C. Developer would not be able to test the driver as needed.
Not D. Removes or repairs critical windows files, Developer would not be able to test the
driver as needed and some file loss.
Reference: Installing Windows Server 2012.
http://technet.microsoft.com/en-us/library/jj134246.aspx
http://msdn.microsoft.com/en-us/library/windows/hardware/ff547565(v=vs.85).aspx
Q10. Your network contains an Active Directory domain named adatum.com. The domain contains a file server named FS1 that runs Windows Server 2012 R2 and has the File Server Resource Manager role service installed. All client computers run Windows 8.
File classification and Access-Denied Assistance are enabled on FS1.
You need to ensure that if users receive an Access Denied message, they can request assistance by email from the Access Denied dialog box.
What should you configure?
A. A file management task
B. A classification property
C. The File Server Resource Manager Options
D. A report task
Answer: C
Explanation:
You can configure access-denied assistance individually on each file server by using the File Server Resource Manager console.
Note:
To configure access-denied assistance by using File Server Resource Manager
Open File Server Resource Manager. In Server Manager, click Tools, and then
click File Server Resource Manager.
Right-click File Server Resource Manager (Local), and then click Configure
Options.
Click the Access-Denied Assistance tab.
Select the Enable access-denied assistance check box.
In the Display the following message to users who are denied access to a folder or
file box, type a message that users will see when they are denied access to a file
or folder.
You can add macros to the message that will insert customized text.
Click Configure email requests, select the Enable users to request assistance
check box, and then click OK.
Click Preview if you want to see how the error message will look to the user.
Click OK.
Reference: Deploy Access-Denied Assistance (Demonstration Steps)