[NEW PUBLISHED] Pass 70-412 100% By Using Latest 70-412 Exam Questions in PDF&VCE From Microsoft Official Exam Center! (31-45)

Braindump2go New Released 70-412 Exam Dumps Free Download Today! If you want to 100% pass your 70-412 Exam one time in 2015, download Braindump2go Updated 70-412 Exam Dumps Full Version Instantly!

Vendor: Microsoft
Exam Code: 70-412
Exam Name: Configuring Advanced Windows Server 2012 R2 Services

1[10]

QUESTION 31
You have a server named Server1 that runs Windows Server 2012 R2.
From Server Manager, you install the Active Directory Certificate Services server role on
Server1.
A domain administrator named Admin1 logs on to Server1.
When Admin1 runs the Certification Authority console, Admin1 receive the following error message.

wps7209.tmp_thumb

You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error message does not appear.
What should you do?

A.    Run the Install-AdcsCertificationAuthority cmdlet.
B.    Install the Active Directory Certificate Services (AD CS) tools.
C.    Modify the PATH system variable.
D.    Add Admin1 to the Cert Publishers group.

Answer: A

QUESTION 32
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
The domain contains a domain controller named DC1 and a server named Server1.
Both servers run Windows Server 2012 R2.
You configure the classification of a share on Server1 as shown in the Share1 Properties exhibit. (Click the Exhibit button.)

wpsE68D.tmp_thumb

You configure the resource properties in Active Directory as shown in the Resource Properties exhibit. (Click the Exhibit button.)

wpsD50.tmp_thumb

You need to ensure that the Impact classification can be assigned to Share1 immediately.
Which cmdlet should you run on each server? To answer, select the appropriate cmdlet for each server in the answer area.

wps27F2.tmp_thumb

Answer:

wps3BF0.tmp_thumb

QUESTION 33
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 has the DHCP Server server role installed. DHCP is configured as shown in the exhibit. (Click the Exhibit button.)

wps53A5.tmp_thumb

You discover that client computers cannot obtain IPv4 addresses from DC1.
You need to ensure that the client computers can obtain IPv4 addresses from DC1.
What should you do?

A.    Activate the scope.
B.    Authorize DC1.
C.    Disable the Allow filters.
D.    Disable the Deny filters.

Answer: C
Explanation:
There is no items in the deny List. So it means that client computers MAC addresses is not listed in the allow list. So we have to disable the “Allow Filters”
http://technet.microsoft.com/en-us/library/ee956897(v=ws.10).aspx

wps7865.tmp_thumb

QUESTION 34
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 and a domain controller named DC1. All servers run Windows Server 2012 R2. A Group Policy object (GPO) named GPO1 is linked to the domain.
Server1 contains a folder named Folder1. Folder1 is shared as Share1.
You need to ensure that authenticated users can request assistance when they are denied access to the resources on Server1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Assign the Read Attributes NTFS permission on Folder1 to the Authenticated Users group.
B.    Install the File Server Resource Manager role service on Server1.
C.    Configure the Customize message for Access Denied errors policy setting of GPO1.
D.    Enable the Enable access-denied assistance on client for all file types policy setting for GPO1.
E.    Install the File Server Resource Manager role service on DC1.

Answer: BD
Explanation:
http://technet.microsoft.com/en-us/library/hh831402.aspx#BKMK_1

QUESTION 35
Your network contains an Active Directory domain named adatum.com. All domain controllers run Windows Server 2008 R2. The domain contains a file server named Server6 that runs Windows Server 2012 R2. Server6 contains a folder named Folder1. Folder1 is shared as Share1.
The NTFS permissions on Folder1 are shown in the exhibit. (Click the Exhibit button.)

wps9604.tmp_thumb

wpsB2E7.tmp_thumb

The domain contains two global groups named Group1 and Group2.
You need to ensure that only users who are members of both Group1 and Group2 are denied access to Folder1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Remove the Deny permission for Group1 from Folder1.
B.    Deny Group2 permission to Folder1.
C.    Install a domain controller that runs Windows Server 2012 R2.
D.    Create a conditional expression.
E.    Deny Group2 permission to Share1.
F.    Deny Group1 permission to Share1.

Answer: CD
Explanation:
* Conditional Expressions for Permission Entries Windows Server 2008 R2 and Windows 7
enhanced Windows security descriptors by introducing a conditional access permission entry. Windows Server 2012 R2 takes advantage of conditional access permission entries by inserting user claims, device claims, and resource properties, into conditional expressions. Windows Server 2012 R2 security evaluates these expressions and allows or denies access based on results of the evaluation. Securing access to resources through claims is known as claims-based access control. Claims-based access control works with traditional access control to provide an additional layer of authorization that is flexible to the varying needs of the enterprise environment.
http://social.technet.microsoft.com/wiki/contents/articles/14269.introducing-dynamicaccess-control-en-us.aspx

QUESTION 36
Drag and Drop Question
Your network contains an Active Directory forest. The forest contains a single domain named contoso.com. The forest contains two Active Directory sites named Main and Branch1. The sites connect to each other by using a site link named Main-Branch1. There are no other site links. Each site contains several domain controllers. All domain controllers run Windows Server 2012 R2. Your company plans to open a new branch site named Branch2.
The new site will have a WAN link that connects to the Main site only.
The site will contain two domain controllers that run Windows Server 2012 R2.
You need to create a new site and a new site link for Branch2.
The solution must ensure that the domain controllers in Branch2 only replicate to the domain controllers in Branch1 if all of the domain controllers in Main are unavailable.
Which three actions should you perform? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.

wpsD93D.tmp_thumb

Answer:

wpsF574.tmp_thumb

Explanation:
SO…the first part of this answer is:
1. Create a new site object named Branch2
***When you create the new site Branch2 you will be prompted to associate it with a site link…right now we only have one site link (Main-Branch1). Hit Finish
2. Remove Branch2 site from the Main-Branch1 Site Link
***In order to move a site into a new site link, you must first remove them from their previous site link….In this case Branch2 was put in Main-Branch1 when we create the new site because we didn’t have another site link to associate the new site with at the time we created it.
3. Create a new site link object named Main-Branch2
***When you create the site link object you will be asked to place the appropriate sites in this link…choose Main and Branch 2
Because we are using Interstice topology replication, ISTG (similar to KCC with Intrasite) will build a logical transitive connection path between all site links because site link bridge is enabled by default and is a Microsoft best practice to leave this default. By default a site link has a default cost of 100 so the Main-Branch1 site cost 100. Since we do not have a site link established from Branch2 – Branch1, ISTG will create a logical patch that travels along the Main-Branch2 site link (cost 100) and through Main-Branch1 site link(cost 100) to establish replication connection in the event the least cost path goes down. Since the logical path =200, Branch2 will only replicate with Branch1 if the site link to the Main Site goes down.

QUESTION 37
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com.
The domain contains two servers named Server1 and Server3.
The network contains a standalone server named Server2.
All servers run Windows Server 2012 R2.
The servers are configured as shown in the following table.

wps1600.tmp_thumb

Server3 hosts an application named App1. App1 is accessible internally by using the URL
https://appl.contoso.com. App1 only supports Integrated Windows authentication.
You need to ensure that all users from the Internet are pre-authenticated before they can access App1.
What should you do? To answer, drag the appropriate servers to the correct actions. Each server may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

wps3331.tmp_thumb

Answer:

wps4645.tmp_thumb

QUESTION 38
You have a failover cluster named Cluster1 that contains four nodes.
All of the nodes run Windows Server 2012 R2.
You need to force every node in Cluster1 to contact immediately the Windows Server Update Services (WSUS) server on your network for updates.
Which tool should you use?

A.    The Add-CauClusterRole cmdlet
B.    The Wuauclt command
C.    The Wusa command
D.    The Invoke-CauScan cmdlet

Answer: D
Explanation:
A. Adds the Cluster-Aware Updating (CAU) clustered role that provides the self-updating
functionality to the specified cluster.
B. The wuauclt utility allows you some control over the functioning of the Windows Update Agent
C. The Wusa.exe file is in the %windir%\System32 folder.
The Windows Update Standalone Installer uses the Windows Update Agent API to install update packages. Update packages have an .msu file name extension.
The .msu file name extension is associated with the Windows Update Standalone Installer.
D. Performs a scan of cluster nodes for applicable updates and returns a list of the initial set of updates that would be applied to each node in a specified cluster.
http://technet.microsoft.com/en-us/library/hh847235(v=wps.620).aspx
http://technet.microsoft.com/en-us/library/cc720477(v=ws.10).aspx
http://support.microsoft.com/kb/934307
http://technet.microsoft.com/en-us/library/hh847228(v=wps.620).aspx

QUESTION 39
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 have the Hyper-V server role installed. Server1 and Server2 are configured as Hyper-V replicas of each other.
Server1 hosts a virtual machine named VM1. VM1 is replicated to Server2.
You need to verify whether the replica of VM1 on Server2 is functional.
The solution must ensure that VM1 remains accessible to clients.
What should you do from Hyper-V Manager?

A.    On Server1, execute a Planned Failover.
B.    On Server1, execute a Test Failover.
C.    On Server2, execute a Planned Failover.
D.    On Server2, execute a Test Failover.

Answer: B
Explanation:

wps6D17.tmp_thumb

QUESTION 40
Your network contains an Active Directory domain named contoso.com.
The network contains a file server named Server1 that runs Windows Server 2012 R2.
You are configuring a central access policy for temporary employees.
You enable the Department resource property and assign the property a suggested value of Temp.
You need to configure a target resource condition for the central access rule that is scoped to resources assigned to Temp only.
Which condition should you use?

A.    (Temp.Resource Equals “Department”)
B.    (Resource.Temp Equals “Department”)
C.    (Resource.Department Equals “Temp”)
D.    (Department.Value Equals “Temp”)

Answer: C
Explanation:
http://technet.microsoft.com/fr-fr/library/hh846167.aspx

wps94F3.tmp_thumb

QUESTION 41
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as a standalone certification authority (CA).
You install a second server named Server2.
You install the Online Responder role service on Server2.
You need to ensure that Server1 can issue an Online Certificate Status Protocol (OCSP) Response Signing certificate to Server2.
What should you do?

A.    On Server1, run the certutil.exe command and specify the -setreg parameter.
B.    On Server2, run the certutil.exe command and specify the -policy parameter.
C.    On Server1, configure Security for the OCSP Response Signing certificate template.
D.    On Server2, configure Issuance Requirements for the OCSP Response Signing certificate template.

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc732526.aspx

wpsBD5B.tmp_thumb

QUESTION 42
Your network contains an Active Directory domain named adatum.com. The domain contains a server named CA1 that runs Windows Server 2012 R2. CA1 has the Active Directory Certificate Services server role installed and is configured to support key archival and recovery.
You need to ensure that a user named User1 can decrypt private keys archived in the Active Directory Certificate Services (AD CS) database.
The solution must prevent User1 from retrieving the private keys from the AD CS database.
What should you do?

A.    Assign User1 the Issue and Manage Certificates permission to Server1.
B.    Assign User1 the Read permission and the Write permission to all certificate templates.
C.    Provide User1 with access to a Key Recovery Agent certificate and a private key.
D.    Assign User1 the Manage CA permission to Server1.

Answer: C
Explanation:
http://social.technet.microsoft.com/wiki/contents/articles/7573.active-directory-certificate- services-pki-keyarchival-and-management.aspx#Protecting_Key_Recovery_Agent_Keys

wpsDC51.tmp_thumb

QUESTION 43
Your network contains an Active Directory domain named contoso.com.
The domain contains two sites named Site1 and Site2 and two domain controllers named DC1 and DC2. Both domain controllers are located in Site1.
You install an additional domain controller named DC3 in Site1 and you ship DC3 to Site2.
A technician connects DC3 to Site2.
You discover that users in Site2 are authenticated by all three domain controllers.
You need to ensure that the users in Site2 are authenticated by DC1 or DC2 only if DC3 is unavailable.
What should you do?

A.    From Network Connections, modify the IP address of DC3.
B.    In Active Directory Sites and Services, modify the Query Policy of DC3.
C.    From Active Directory Sites and Services, move DC3.
D.    In Active Directory Users and Computers, configure the insDS-PrimaryComputer attribute for the
users in Site2.

Answer: C
Explanation:
http://social.technet.microsoft.com/wiki/contents/articles/7573.active-directory-certificateservices- pki-keyarchival-and-anagement.aspx#Protecting_Key_Recovery_Agent_Keys

wps36.tmp_thumb

QUESTION 44
Your network contains two Active Directory forests named contoso.com and adatum.com. Contoso.com contains one domain. Adatum.com contains a child domain named child.adatum.com. Contoso.com has a one-way forest trust to adatum.com.
Selective authentication is enabled on the forest trust.
Several user accounts are migrated from child.adatum.com to adatum.com.
Users report that after the migration, they fail to access resources in contoso.com.
The users successfully accessed the resources in contoso.com before the accounts were migrated.
You need to ensure that the migrated users can access the resources in contoso.com.
What should you do?

A.    Replace the existing forest trust with an external trust.
B.    Run netdom and specify the /quarantine attribute.
C.    Disable SID filtering on the existing forest trust.
D.    Disable selective authentication on the existing forest trust.

Answer: C
Explanation:
B. Enables administrators to manage Active Directory domains and trust relationships from the command prompT, /quarantine Sets or clears the domain quarantine
C. Need to gran access to the resources in contoso.com
D. Selective authentication over a forest trust restricts access to only those users in a trusted forest who have been explicitly given authentication permissions to computer objects (resource
computers) that reside in the trusting forest
http://technet.microsoft.com/en-us/library/cc755321(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc758152(v=ws.10).aspx

wps20F0.tmp_thumb

QUESTION 45
You have four servers that run Windows Server 2012 R2.
The servers have the Failover Clustering feature installed.
You deploy a new cluster named Cluster1.
Cluster1 is configured as shown in the following table.

wps3C2F.tmp_thumb

Site2 is a disaster recovery site. Server1, Server2, and Server3 are configured as the preferred owners of the cluster roles. Dynamic quorum management is disabled.
You plan to perform hardware maintenance on Server3.
You need to ensure that if the WAN link between Site1 and Site2 fails while you are performing maintenance on Server3, the cluster resource will remain available in Site1.
What should you do?

A.    Enable dynamic quorum management.
B.    Remove the node vote for Server3.
C.    Add a file share witness in Site1.
D.    Remove the node vote for [C1] Server4 and Server5.

Answer: D
Explanation:
http://msdn.microsoft.com/en-us/library/hh270280.aspx#VotingandNonVotingNodes

wps5F88.tmp_thumb


Braindump2go Provides You the Latest 2015 70-412  Questions and Answers ALL From Official Microsoft Exam Center, 346 questions in all, 2015 Exam 70-412 100% Pass Guaranteed By Braindump2go!

1[5]

http://www.braindump2go.com/70-412.html

Comments are closed.