Breathing of 70 412 dumps free exam questions materials and answers for Microsoft certification for IT specialist, Real Success Guaranteed with Updated microsoft 70 412 pdf dumps vce Materials. 100% PASS Configuring Advanced Windows Server 2012 Services exam Today!
2017 NEW RECOMMEND
Free VCE & PDF File for Microsoft 70-412 Real Exam
Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions
Q21. Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains three Active Directory sites named SiteA, SiteB, and SiteC. The sites contain four domain controllers. The domain controllers are configured as shown in the following table.
An IP site link exits between each site.
You discover that the users in SiteC are authenticated by the domain controllers in SiteA and SiteB.
You need to ensure that the SiteC users are authenticated by the domain controllers in SiteB, unless all of the domain controllers in SiteB are unavailable.
What should you do?
A. Create an SMTP site link between SiteB and SiteC.
B. Create additional connection objects for DC3 and DC4.
C. Decrease the cost of the site link between SiteB and SiteC.
D. Create additional connection objects for DC1 and DC2.
By decreasing the site link cost between SiteB and SiteC the SiteC users would be authenticated by SiteB rather than by SiteA.
Your network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA).
The domain contains a server named Server1 that runs Windows Server 2012 R2. You install the Active Directory Federation Services server role on Server1.
You plan to configure Server1 as an Active Directory Federation Services (AD FS) server. The Federation Service name will be set to adfs1.contoso.com.
You need to identify which type of certificate template you must use to request a certificate for AD FS.
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
On DC1, you create an Active Directory-integrated zone named Zone1. You verify that
Zone1 replicates to DC2.
You use DNSSEC to sign Zone1.
You discover that the updates to Zone1 fail to replicate to DC2.
You need to ensure that Zone1 replicates to DC2.
What should you configure on DC1?
To answer, select the appropriate tab in the answer area.
Q24. Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 have the Hyper-V server role installed. Server1 and Server2 are configured as Hyper-V replicas of each other.
Server2 hosts a virtual machine named VM5. VM5 is replicated to Server1.
You need to verify whether the replica of VM5 on Server1 is functional. The solution must ensure that VM5 remains accessible to clients.
What should you do from Hyper-V Manager?
A. On Server1, execute a Planned Failover.
B. On Server1, execute a Test Failover.
C. On Server2, execute a Planned Failover.
D. On Server2, execute a Test Failover.
Test Failover (TFO) is an operation initiated on your replica virtual machine (in this scenario on Server1) which allows you to test the sanity of the virtualized workload without interrupting your production workload or ongoing replication.
TFO is performed on the replica virtual machine by right-clicking on the VM and choosing the Test Failover operation (either from the Hyper-V Manager or from the Failover Clustering Manager).
Reference: Types of failover operations in Hyper-V Replica â Part I â Test Failover.
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the IP Address Management (IPAM) Server feature installed.
You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1 and Server2. You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2. To which group on Server2 should you add Tech1? To answer, select the appropriate group in the answer area.
Q26. Your network contains one Active Directory forest named contoso.com. The forest contains two child domains and six domain controllers. The domain controllers are configured as shown in the following table.
You need to enable universal group membership caching for the Europe office and Asia office sites.
What should you use?
Q27. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as an enterprise certification authority (CA).
You need to ensure that all of the users in the domain are issued a certificate that can be used for the following purposes:
Encrypting File System (EFS)
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. From a Group Policy, configure the Certificate Services Client â Auto-Enrollment settings.
B. From a Group Policy, configure the Certificate Services Client â Certificate Enrollment Policy settings.
C. Modify the properties of the User certificate template, and then publish the template.
D. Duplicate the User certificate template, and then publish the template.
E. From a Group Policy, configure the Automatic Certificate Request Settings settings.
The default user template supports all of the requirements EXCEPT auto enroll as shown below:
However a duplicated template from users has the ability to autoenroll:
The Automatic Certificate Request Settings GPO setting is only available to Computer, not user.
Reference: Manage Certificate Enrollment Policy by Using Group Policy. http://technet.microsoft.com/en-us/library/dd851772.aspx
Q28. Your network contains two Active Directory forests named contoso.com and litwareinc.com. A two-way forest trusts exists between the forest. Selective authentication is enabled on
The contoso.com forest contains a server named Server1.
You need to ensure that users in litwareinc.com can access resources on Server1.
What should you do?
A. Install Active Directory Rights Management Services on a domain controller in contoso.com.
B. Modify the permission on the Server1 computer account.
C. Install Active Directory Rights Management Services on a domain controller in litwareinc.com.
D. Configure SID filtering on the trust.
Selective authentication between forests If you decide to set selective authentication on an incoming forest trust, you need to manually assign permissions on each computer in the domain as well as the resources to which you want users in the second forest to have access. To do this, set a control access right Allowed to authenticate on the computer object that hosts the resource in Active Directory Users and Computers in the second forest. Then, allow user or group access to the particular resources you want to share.
Reference: Accessing resources across forests
Q29. You have a server named DNS1 that runs Windows Server 2012 R2.
You discover that the DNS resolution is slow when users try to access the company intranet home page by using the URL http://companyhome.
You need to provide single-label name resolution for CompanyHome that is not dependent on the suffix search order.
Which three cmdlets should you run? (Each correct answer presents part of the solution. Choose three.)
F. Add-DnsServerDirectory Partition
You can use this task to create a GlobalNames zone to maintain a set of single-label, Domain Name System (DNS) names that Windows Server 2008 DNS servers can resolve on behalf of DNS clients throughout a single forest in Active Directory Domain Services
Deploying a GlobalNames zone in a single forest requires that you perform the following
. (A) Create a zone named GlobalNames that replicates to all domain controllers in the forest.
. (B) Add an alias (CNAME) record to the zone for each host for which you want to provide single-label name resolution. For example, if you want DNS clients to be able to access a server whose fully qualified domain name (FQDN) is cweb.itgroup.contoso.com, add an alias (CNAME) resource record that maps the name cweb to cweb.igroup.contoso.com.
A. The Add-DnsServerPrimaryZone cmdlet adds a specified primary zone on a Domain Name System (DNS) server.
B. The Add-DnsServerResourceRecordCName cmdlet adds a canonical name (CNAME) resource record to a specified Domain Name System (DNS) zone. A CNAME record allows you to use more than one resource record to refer to a single host
D. The Set-DnsServerGlobalNameZone cmdlet enables or disables single-label Domain Name System (DNS) queries. It also changes configuration settings for a GlobalNames zone. The GlobalNames zone supports short, easy-to-use names instead of fully qualified domain names (FQDNs) without using Windows Internet Name Service (WINS) technology. For instance, DNS can query SarahJonesDesktop instead of SarahJonesDesktop.contoso.com.
Reference: Adding a GlobalNames zone to a forest
Q30. You have a server named Server1 that runs Windows Server 2012 R2.
From Server Manager, you install the Active Directory Certificate Services server role on
A domain administrator named Admin1 logs on to Server1.
When Admin1 runs the Certification Authority console, Admin1 receive the following error message.
You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error message does not appear.
What should you do?
A. Run the Install-AdcsCertificationAuthority cmdlet.
B. Install the Active Directory Certificate Services (AD CS) tools.
C. Modify the PATH system variable.
D. Add Admin1 to the Cert Publishers group.
* Cannot manage Active Directory Certificate Services
The error message is related to missing role configuration.
* Cannot Manage Active Directory Certificate Services Resolution: configure the two Certification Authority and Certification Authority Web Enrollment Roles.
* Active Directory Certificate Services (AD CS) is an Active Directory tool that lets administrators customize services in order to issue and manage public key certificates.
AD CS included:
CA Web enrollment – connects users to a CA with a Web browser
Certification authorities (CAs) – manages certificate validation and issues certificates
Not A. The CA is installed, it just need to be configured correctly.
The Install-AdcsCertificationAuthority cmdlet performs installation and configuration of the
AD CS CA role service.
Reference: Cannot manage Active Directory Certificate Services in Server 2012 Error
0x800070002; Active Directory Certificate Services (AD CS) Definition