Mar 2016 updated: Examcollection Microsoft 70-412 brain dumps 61-75

70-412 Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library! Try it Free Today!

Get it now →

Product Description:
Exam Number/Code: 70-412
Exam name: Configuring Advanced Windows Server 2012 Services
n questions with full explanations
Certification: Microsoft Certification
Last updated on Global synchronizing

Free Certification Real IT 70-412 Exam pdf Collection

Question No. 61

You have a server named Server1. 

You install the IP Address Management (IPAM) Server feature on Server1. 

You need to provide a user named User1 with the ability to set the access scope of all the DHCP servers that are managed by IPAM. The solution must use the principle of least privilege. 

Which user role should you assign to User1? 

A. DNS Record Administrator Role 

B. IPAM DHCP Reservations Administrator Role 

C. IPAM Administrator Role 

D. IPAM DHCP Administrator Role 

Answer:

Explanation: 

The IPAM DHCP administrator role completely manages DHCP servers. 


C:\Users\Chaudhry\Desktop\1.jpg 

Reference: What's New in IPAM 


Question No. 62

HOTSPOT 

Your network contains two Hyper-V hosts that are configured as shown in the following table. 


You create a virtual machine on Server1 named VM1. 

You plan to export VM1 from Server1 and import VM1 to Server2. 

You need to ensure that you can start the imported copy of VM1 from snapshots. 

What should you configure on VM1? 

To answer, select the appropriate node in the answer area. 


Answer: 



Question No. 63

Your company has a main office and a remote office. The remote office is used for disaster recovery. 

The network contains an Active Directory domain named contoso.com. The domain contains member servers named Server1, Server2, Server3, and Server4. All servers run Windows Server 2012 R2. 

Server1 and Server2 are located in the main office. Server3 and Server4 are located in the remote office. 

All servers have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Storage is replicated between the main office and the remote site. 

You need to ensure that Cluster1 is available if two nodes in the same office fail. 

What are two possible quorum configurations that achieve the goal? (Each correct answer presents a complete solution. Choose two.) 

A. No Majority: Disk Only 

B. Node Majority 

C. Node and File Share Majority 

D. Node and Disk Majority 

Answer: A,B 

Explanation: 

Depending on the quorum configuration option that you choose and your specific settings, the cluster will be configured in one of the following quorum modes: 

* (A) No majority (disk witness only) 

* (B) Node majority (no witness) 

* Node majority with witness (disk or file share) 

Reference: Configure and Manage the Quorum in a Windows Server 2012 R2 Failover Cluster 


Question No. 64

DRAG DROP 

You plan to deploy a failover cluster that will contain two nodes that run Windows Server 

2012 R2. 

You need to configure a witness disk for the failover cluster. 

How should you configure the witness disk? 

To answer, drag the appropriate configurations to the correct location or locations. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. 


Answer: 



Question No. 65

DRAG DROP 

Your network contains an Active Directory domain named contoso.com. All file servers in the domain run Windows Server 2012 R2. 

The computer accounts of the file servers are in an organizational unit (OU) named OU1. A Group Policy object (GPO) named GPO1 is linked to OU1. 

You plan to modify the NTFS permissions for many folders on the file servers by using central access policies. 

You need to identify any users who will be denied access to resources that they can currently access once the new permissions are implemented. 

In which order should you Perform the five actions? 


Answer: 



Question No. 66

HOTSPOT 

Your network contains one Active Directory forest. The forest has three sites configured as shown in the following table. 


The forest contains the site links configured as shown in the following table. 


A domain controller named DC2 has an IP address of 192.168.2.2. DC2 and is in Site2. 

You run the following cmdlets. 

New-ADReplicationSite Site3 

New-ADReplacationSubnet –Name “192.168.3.0/24” –Site Site3 

Use the drop-down menus to select the answer choice that completes each statement. 


Answer: 



Question No. 67

You have a server named Server1 that runs Windows Server 2012 R2. 

From Server Manager, you install the Active Directory Certificate Services server role on 

Server1. 

A domain administrator named Admin1 logs on to Server1. 

When Admin1 runs the Certification Authority console, Admin1 receive the following error message. 


You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error message does not appear. 

What should you do? 

A. Run the Install-AdcsCertificationAuthority cmdlet. 

B. Install the Active Directory Certificate Services (AD CS) tools. 

C. Modify the PATH system variable. 

D. Add Admin1 to the Cert Publishers group. 

Answer:

Explanation: 

* Cannot manage Active Directory Certificate Services 

The error message is related to missing role configuration. 

* Cannot Manage Active Directory Certificate Services Resolution: configure the two Certification Authority and Certification Authority Web Enrollment Roles. 

* Active Directory Certificate Services (AD CS) is an Active Directory tool that lets administrators customize services in order to issue and manage public key certificates. 

AD CS included: 

CA Web enrollment - connects users to a CA with a Web browser 

Certification authorities (CAs) - manages certificate validation and issues certificates 

Etc. 

Incorrect: 

Not A. The CA is installed, it just need to be configured correctly. 

Note: Install-AdcsCertificationAuthority 

The Install-AdcsCertificationAuthority cmdlet performs installation and configuration of the 

AD CS CA role service. 

Reference: Cannot manage Active Directory Certificate Services in Server 2012 Error 

0x800070002; Active Directory Certificate Services (AD CS) Definition 

http://searchwindowsserver.techtarget.com/definition/Active-Directory-Certificate-Services-

AD-CS 


Question No. 68

Your network contains an Active Directory domain named contoso.com. The domain contains an IP Address Management (IPAM) server that uses a Windows Internal Database. 

You install a Microsoft SQL Server 2012 instance on a new server. 

You need to migrate the IPAM database to the SQL Server instance. 

Which cmdlet should you run? 

A. Disable-IpamCapability 

B. Set-IpamConfiguration 

C. Update-IpamServer 

D. Move-IpamDatabase 

Answer:

Explanation: 

The Move-IpamDatabase cmdlet migrates the IP Address Management (IPAM) database to a Microsoft SQL Server database. You can migrate from Windows Internal Database (WID) or from a SQL Server database. The cmdlet creates a new IPAM schema and copies all data from the existing IPAM database. After the cmdlet completes copying data, it changes IPAM configuration settings to refer to the new database as the IPAM database. 

Reference: Move-IpamDatabase 


Question No. 69

Your network contains four Active Directory forests. Each forest contains an Active 

Directory Rights Management Services (AD RMS) root cluster. 

All of the users in all of the forests must be able to access protected content from any of 

the forests. 

You need to identify the minimum number of AD RMS trusts required. How many trusts should you identify? 

A. 3 

B. 6 

C. 12 

D. 16 

Answer:

Explanation: 

The number of AD RMS trusts required to interact between all AD RMS forests can be 

defined by using the following formula: N*(N-1). 

Here N=4, so the number of trust is 12 (4*3). 

Reference: AD RMS Prerequisites, Important considerations for installing AD RMS in a 

multi-forest environment 


Question No. 70

Your network contains an Active Directory forest named contoso.com. The forest contains four domains. All servers run Windows Server 2012 R2. 

Each domain has a user named User1. 

You have a file server named Server1 that is used to synchronize user folders by using the Work Folders role service. 

Server1 has a work folder named Sync1. 

You need to ensure that each user has a separate folder in Sync1. 

What should you do? 

A. From Windows Explorer, modify the Sharing properties of Sync1. 

B. Run the Set-SyncServerSetting cmdlet. 

C. From File and Storage Services in Server Manager, modify the properties of Sync1. 

D. Run the Set-SyncShare cmdlet. 

Answer:

Explanation: 

The Set-SyncShare cmdlet modifies the settings for a sync share. 

Example: Modify a sync share to add a user group 

This example modifies settings on the share named Share01, and enables the user group 

named ContosoEngGroup to access the share. 

The first command uses the Get-SyncShare cmdlet to retrieve the sync share for Share01, 

and assigns the results to the variable $Current. 

The second command uses the Set-SyncShare cmdlet to modify the sync share and add 

the current user and the ContosoEngGroup to the list of users allowed to access the share. 

PS C:\> $Current = Get-SyncShare Share01 

PS C:\> Set-SyncShare Share01 -User $Current.user,"ContosoEngGroup" 

PS C:\> Get-SyncShare Share01 // See %username below% !! 

ConflictResolutionPolicy : KeepLatest 

Description : 

DevicePolicy : Share01 

Enabled : True ExclusiveAccessToUser : False Name : Share01 Path : K:\Share01 StagingFolder : K:\EcsStagingArea\Share01 StagingQuota : 1099511627776 StagingQuotaPerUser : 10737418240 Type : User Data User : {HRGroup, EngGroup} UserFolderName : %username% // <-- This line!! PSComputerName 

Reference: Set-SyncShare 

http://technet.microsoft.com/en-US/library/dn296649.aspx 


Question No. 71

You have a server named Server1 that runs Windows Server 2012 R2. 

Server1 has a single volume that is encrypted by using BitLocker Drive Encryption 

(BitLocker). 

BitLocker is configured to save encryption keys to a Trusted Platform Module (TPM). 

Server1 is configured to perform a daily system image backup. 

The motherboard on Server1 is upgraded. 

After the upgrade, Windows Server 2012 R2 on Server1 fails to start. 

You need to start the operating system on Server1 as soon as possible. 

What should you do? 

A. Start Server1 from the installation media. Run startrec.exe. 

B. Move the disk to a server that has a model of the old motherboard. Start the server from the installation media. Run bcdboot.exe. 

C. Move the disk to a server that has a model of the old motherboard. Start the server. Run tpm.msc. 

D. Start Server1 from the installation media. Perform a system image recovery. 

Answer:

Explanation: 

By moving the hard drive to server with that has a model of the old motherboard the system 

would be able to start. As BitLocker was configured to save encryption keys to a Trusted 

Platform Module (TPM), we can use tpm.msc to access the TPM settings. 

Note: After you replaced the motherboard, you need to repopulate the TPM with new 

information regarding the encryption of the hard disk. 

We use these commands to repopulate the information in the TPM (without PIN): 

manage-bde –delete -protectors C: -type TPM 

manage-bde –protectors –add C: -tpm 

Incorrect: 

Not D. After the system image recovery you would still have the new motherboard installed. 

The problem would return. 

Reference: BitLocker - New motherboard replacement 


Question No. 72

Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. 

Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. 

You add two additional nodes in Cluster1. 

You have a folder named Folder1 on Server1 that hosts Application data. Folder1 is a folder target in a Distributed File System (DFS) namespace. 

You need to provide highly available access to Folder1. The solution must support DFS Replication to Folder1. 

What should you configure? 

A. Affinity-None 

B. Affinity-Single 

C. The cluster quorum settings 

D. The failover settings 

E. A file server for general use 

F. The Handling priority 

G. The host priority 

H. Live migration 

I. The possible owner 

J. The preferred owner 

K. Quick migration 

L. The Scale-Out File Server 

Answer:

Explanation: 

File Server for general use 


Note: You can deploy and configure a clustered file server by using either of the following methods: 

* File Server for general use. This is the continuation of the clustered file server that has been supported in Windows Server since the introduction of Failover Clustering. This type of clustered file server, and therefore all the shares associated with the clustered file server, is online on one node at a time. This is sometimes referred to as active-passive or dual-active. File shares associated with this type of clustered file server are called clustered file shares. This is the recommended file server type when deploying information worker scenarios. 

* Scale-Out File Server for application data This clustered file server feature was introduced in Windows Server 2012, and it lets you store server application data, such as Hyper-V virtual machine files, on file shares, and obtain a similar level of reliability, availability, manageability, and high performance that you would expect from a storage area network. All file shares are simultaneously online on all nodes. File shares associated with this type of clustered file server are called scale-out file shares. This is sometimes referred to as active-active. This is the recommended file server type when deploying either Hyper-V over Server Message Block (SMB) or Microsoft SQL Server over SMB. 

Reference: Scale-Out File Server for Application Data Overview 


Question No. 73

You have a server named Server1 that runs Windows Server 2012 R2. Server1 is located in the perimeter network and has the DNS Server server role installed. 

Server1 has a zone named contoso.com. 

You App1y a security template to Server1. 

After you App1y the template, users report that they can no longer resolve names from contoso.com. 

On Server1, you open DNS Manager as shown in the DNS exhibit. (Click the Exhibit button.) 


On Server1, you open Windows Firewall with Advanced Security as shown in the Firewall exhibit. (Click the Exhibit button.) 


You need to ensure that users can resolve contoso.com names. 

What should you do? 

A. From Windows Firewall with Advanced Security, disable the DNS (TCP, Incoming) rule and the DNS (UDP, Incoming) rule. 

B. From DNS Manager, modify the Zone Transfers settings of the contoso.com zone. 

C. From DNS Manager, unsign the contoso.com zone. 

D. From DNS Manager, modify the Start of Authority (SOA) of the contoso.com zone. 

E. From Windows Firewall with Advanced Security, modify the profiles of the DNS (TCP, Incoming) rule and the DNS (UDP, Incoming) rule. 

Answer:

Explanation: 

To configure Windows Firewall on a managed DNS server . On the Server Manager menu, click Tools and then click Windows Firewall with Advanced Security. . Right-click Inbound Rules, and then click New Rule. The New Inbound Rule Wizard will launch. . In Rule Type, select Predefined, choose DNS Service from the list, and then click Next. . In Predefined Rules, under Rules, select the checkboxes next to the following 

rules: . Click Next, choose Allow the connection, and then click Finish. . Right-click Inbound Rules, and then click New Rule. The New Inbound Rule 

Wizard will launch. etc. 

Reference: Manually Configure DNS Access Settings 


Question No. 74

You have a server named LON-DC1 that runs Windows Server 2012 R2. An iSCSI virtual disk named VirtualiSCSI1.vhd exists on LON-DC1 as shown in the exhibit. (Click the Exhibit button.) 


You create a new iSCSI virtual disk named VirtualiSCSI2.vhd by using the existing itgt iSCSI target. 

VirtualiSCSIl.vhd is removed from LON-DC1. 

You need to assign VirtualiSCSI2.vhd a logical unit value of 0. 

What should you do? 

A. Modify the properties of the itgt ISCSI target. 

B. Modify the properties of the VirtualiSCSI2.vhd iSCSI virtual disk. 

C. Run the Set-VirtualDisk cmdlet and specify the -Uniqueld parameter. 

D. Run the iscsicli command and specify the reportluns parameter. 

Answer:

Explanation: 

The virtual disk has the option to change the lun ID, no other option available in the answers appear to allow this change. 

Note: Logical unit numbers (LUNs) created on an iSCSI disk storage subsystem are not directly assigned to a server. For iSCSI, LUNs are assigned to logical entities called targets. 


Question No. 75

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is an enterprise root certification authority (CA) for contoso.com. 

Your user account is assigned the certificate manager role and the auditor role on the contoso.com CA. Your account is a member of the local Administrators group on Server1. 

You enable CA role separation on Server1. 

You need to ensure that you can manage the certificates on the CA. 

What should you do? 

A. Remove your user account from the local Administrators group. 

B. Assign the CA administrator role to your user account. 

C. Assign your user account the Bypass traverse checking user right. 

D. Remove your user account from the Manage auditing and security log user right. 

Answer:

Explanation: 

The separation of CA roles can be enforced using role separation. Once enforced, role separation only allows a user to be assigned a single role. If a user is assigned to more than one role and attempts to perform an operation on the CA, the operation is denied. For this reason, before role separation is enabled, a user should be assigned only one CA role. 

Reference: Role Separation