70-412 Exam
Facts about mcsa 70-412
Want to know Testking 70-412 Exam practice test features? Want to lear more about Microsoft Configuring Advanced Windows Server 2012 Services certification experience? Study High quality Microsoft 70-412 answers to Far out 70-412 questions at Testking. Gat a success with an absolute guarantee to pass Microsoft 70-412 (Configuring Advanced Windows Server 2012 Services) test on your first attempt.
2021 Jul cbt nuggets 70-412 download:
Q101. Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the Active Directory Federation Services server role installed. Server2 is a file server.
Your company introduces a Bring Your Own Device (BYOD) policy.
You need to ensure that users can use a personal device to access domain resources by using Single Sign-On (SSO) while they are connected to the internal network.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Enable the Device Registration Service in Active Directory.
B. Publish the Device Registration Service by using a Web Application Proxy.
C. Configure Active Directory Federation Services (AD FS) for the Device Registration Service.
D. Create and configure a sync share on Server2.
E. Install the Work Folders role service on Server2.
Answer: A,C
Explanation:
* Workplace Join leverages a feature included in the Active Directory Federation Services (AD FS) Role in Windows Server 2012 R2, called Device Registration Service (DRS). DRS provisions a device object in Active Directory when a device is Workplace Joined. Once the device object is in Active Directory, attributes of that object can be retrieved and used to provide conditional access to resources and applications. The device identity is represented by a certificate which is set on the personal device by DRS when the device is Workplace Joined.
* In Windows Server 2012 R2, AD FS and Active Directory Domain Services have been extended to comprehend the most popular mobile devices and provide conditional access to enterprise resources based on user+device combinations and access policies. With these policies in place, you can control access based on users, devices, locations, and access times.
Reference: BYOD Basics: Enabling the use of Consumer Devices using Active Directory in Windows Server 2012 R2
Q102. You configure the nodes to use the port rule shown in the exhibit. (Click the Exhibit button.)
You need to configure the NLB cluster to meet the following requirements:
. HTTPS connections must be directed to Server1 if Serverl is available. . HTTP connections must be load balanced between the two nodes.
Which three actions should you perform? {Each correct answer presents part of the solution. Choose three.
A. From the host properties of Server2, set the Handling priority of the existing port rule to 2.
B. Create a port rule for TCP port 80. Set the Filtering mode to Multiple host and set the Affinity to None.
C. Create an additional port rule for TCP port 443. Set the Filtering mode to Multiple host and set the Affinity to Single.
D. From the host properties of Server1, set the Handling priority of the existing port rule to 2.
E. From the host properties of Server2, set the Priority (Unique host ID) value to 1.
F. From the host properties of Server1, set the Handling priority of the existing port rule to 1.
Answer: A,B,F
Explanation:
Multiple hosts. This parameter specifies that multiple hosts in the cluster handle network traffic for the associated port rule. This filtering mode provides scaled performance in addition to fault tolerance by distributing the network load among multiple hosts. You can specify that the load be equally distributed among the hosts or that each host handle a specified load weight.
Note: Handling priority: When Single host filtering mode is being used, this parameter specifies the local host's priority for handling the networking traffic for the associated port rule. The host with the highest handling priority (lowest numerical value) for this rule among the current members of the cluster will handle all of the traffic for this rule. The allowed values range from 1, the highest priority, to the maximum number of hosts allowed (32). This value must be unique for all hosts in the cluster.
Reference: Network Load Balancing parameters.
Q103. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC2 that runs Windows Server 2012 R2. DC2 has the DHCP Server server role installed.
DHCP is configured as shown in the exhibit. (Click the Exhibit button.)
You discover that client computers cannot obtain IPv4 addresses from DC2.
You need to ensure that the client computers can obtain IPv4 addresses from DC2.
What should you do?
A. Disable the Deny filters.
B. Enable the Allow filters.
C. Authorize DC2.
D. Restart the DHCP Server service
Answer: C
Explanation:
From the exhibit we see a red marker on the IPv4 server icon. The DHCP server is not
authorized.
Authorize DHCP Server
The final step is to authorize the server.
Right-click your FQDN and select Authorize.
Refresh the view by right-clicking your FQDN and selecting Refresh.
You should now see green check mark next to IPv4.
Example:
Reference: Server 2012 DHCP Server Role
Q104. Your network contains one Active Directory forest named contoso.com. The forest contains two child domains and six domain controllers. The domain controllers are configured as shown in the following table.
You create a trust between contoso.com and a domain in another forest at a partner company.
You need to prevent the sales.contoso.com and the manufacturing.contoso.com names from being used in authentication requests across the forest trust.
What should you use?
A. Set-ADSite
B. Set-ADReplicationSite
C. Set-ADDomain
D. Set-ADReplicationSiteLink
E. Set-ADGroup
F. Set-ADForest
G. Netdom
Answer: G
Explanation: The Netdom trust command establishes, verifies, or resets a trust
relationship between domains.
Parameters include /RemoveTLNEX:
Removes the specified top level name exclusion (DNS Name Suffix) from the forest trust
info from the specified trust. Valid only for a forest transitive non-Windows realm trust and can only be performed on the root domain for a forest. Reference: Netdom trust https://technet.microsoft.com/sv-se/library/Cc835085(v=WS.10).aspx
Q105. You have 30 servers that run Windows Server 2012 R2.
All of the servers are backed up daily by using Windows Azure Online Backup.
You need to perform an immediate backup of all the servers to Windows Azure Online
Backup.
Which Windows PowerShell cmdlets should you run on each server?
A. Get-OBPolicy | StartOBBackup
B. Start-OBRegistration | StartOBBackup
C. Get-WBPolicy | Start-WBBackup
D. Get-WBBackupTarget | Start-WBBackup
Answer: A
Explanation:
This example starts a backup job using a policy.
Windows PowerShell
PS C:\> Get-OBPolicy | Start-OBBackup
Incorrect:
Not B. Registers the current computer to Windows Azure Backup.
Not C. Not using Azure
Not D. Not using Azure
Reference: Start-OBBackup
http://technet.microsoft.com/en-us/library/hh770406(v=wps.620).aspx
Rebirth mcsa 70-412:
Q106. You have five servers that run Windows Server 2012 R2. The servers have the Failover Clustering feature installed. You deploy a new cluster named Cluster1. Cluster1 is configured as shown in the following table.
Server1, Server2, and Server3 are configured as the preferred owners of the cluster roles. Dynamic quorum management is disabled.
You plan to perform hardware maintenance on Server3.
You need to ensure that if the WAN link between Site1 and Site2 fails while you are performing maintenance on Server3, the cluster resource will remain available in Site1.
What should you do?
A. Add a file share witness in Site1.
B. Enable DrainOnShutdown on Cluster1.
C. Remove the node vote for Server4 and Server5.
D. Remove the node vote for Server3.
Answer: C
Explanation:
Recommended Adjustments to Quorum Voting When enabling or disabling a given WSFC (Windows Server Failover Clustering) node’s vote, follow these guidelines:
* Exclude secondary site (here site2) nodes (here server4 and server5). In general, do not give votes to WSFC nodes that reside at a secondary disaster recovery site. You do not want nodes in the secondary site to contribute to a decision to take the cluster offline when there is nothing wrong with the primary site.
Reference: WSFC Quorum Modes and Voting Configuration (SQL Server)
Q107. Your network contains an Active Directory domain named adatum.com. The domain contains two domain controllers that run Windows Server 2012 R2. The domain controllers are configured as shown in the following table.
You log on to DC1 by using a user account that is a member of the Domain Admins group, and then you create a new user account named User1.
You need to prepopulate the password for User1 on DC2.
What should you do first?
A. Connect to DC2 from Active Directory Users and Computers.
B. Add DC2 to the Allowed RODC Password Replication Policy group.
C. Add the User1 account to the Allowed RODC Password Replication Policy group.
D. Run Active Directory Users and Computers as a member of the Enterprise Admins group.
Answer: D
Explanation:
To prepopulate the password cache for an RODC by using Active Directory Users and Computers (see step 1 below).
Administrative credentials: To prepopulate the password cache for an RODC, you must be a member of the Domain Admins group.
Click Start, click Administrative Tools, and then click Active Directory Users and
Computers.
Ensure that Active Directory Users and Computers points to the writable domain
controller that is running Windows Server 2008, and then click Domain Controllers.
In the details pane, right-click the RODC computer account, and then click
Properties.
Click the Password Replication Policy tab.
Click Advanced.
Click Prepopulate Passwords.
Type the name of the accounts whose passwords you want to prepopulate in the
cache for the RODC, and then click OK.
When you are asked if you want to send the passwords for the accounts to the
RODC, click Yes.
Note: You can prepopulate the password cache for an RODC with the passwords of user and computer accounts that you plan to authenticate to it. When you prepopulate the RODC password cache, you trigger the RODC to replicate and cache the passwords for users and computers before the accounts try to log on in the branch office.
Incorrect: Not C. You don't need to add User1 to the Allowed RODC Password Replication Policy group. As a first step you should run Active.Directory Users and Computers as a member of the Domain/Enterprise Admins group.-
Reference: Password Replication Policy Administration
http://technet.microsoft.com/en-us/library/cc753470(v=ws.10).aspx#BKMK_pre
Q108. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains two Active Directory sites named Site1 and Site2.
You discover that when the account of a user in Site1 is locked out, the user can still log on to the servers in Site2 for up to 15 minutes by using Remote Desktop Services (RDS).
You need to reduce the amount of time it takes to synchronize account lockout information across the domain.
Which attribute should you modify?
To answer, select the appropriate attribute in the answer area.
Answer:
Q109. HOTSPOT
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
On DC1, you create an Active Directory-integrated zone named Zone1. You verify that
Zone1 replicates to DC2.
You use DNSSEC to sign Zone1.
You discover that the updates to Zone1 fail to replicate to DC2.
You need to ensure that Zone1 replicates to DC2.
What should you configure on DC1?
To answer, select the appropriate tab in the answer area.
Answer:
Q110. Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 has the IP Address Management (IPAM) Server feature installed.
A technician performs maintenance on Server1.
After the maintenance is complete, you discover that you cannot connect to the IPAM server on Server1.
You open the Services console as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can connect to the IPAM server.
Which service should you start?
A. Windows Process Activation Service
B. Windows Event Collector
C. Windows Internal Database
D. Windows Store Service (WSService)
Answer: C
Explanation:
Explanation Windows Internal Database
Windows Internal Database is a relational data store that can be used only by Windows
roles and features.
IPAM does not support external databases. Only a Windows Internal Database is
supported.
IPAM stores 3 years of forensics data (IP address leases, host MAC addresses, user
login/logoff information) for 100,000 users in a Windows Internal Database. There is no
database purge policy provided, and the administrator must purge data manually as
needed.
Incorrect:
Not A. IPAM works even if the Windows Process Activation Service is not running.
Not B. IPAM does not require the Windows Event Collector Service. It need to be running
on the managed DC/DNS/DHCP computers.
Not D. IPAM does not require the Windows Store Service. It provides infrastructure support
for Windows Store.This service is started on demand and if disabled applications bought
using Windows Store will not behave correctly.
Reference: IPAM Deployment Planning