Limited Time Discount Offer
30% Off - Ends in 02:00:00

X

Microsoft 70-412 Dumps

verified by experts

3 products

  • Verified by experts

70-412 Premium Bundle

  • Premium File 450 Questions & Answers

  • Training Course 92 Lectures

  • Study Guide 1700 Pages

$49.95

$24.99
Microsoft
Configuring Advanced Windows Server 2012 Services
Microsoft
Configuring Advanced Windows Server 2012 Services

Files

Views

291

Size

12.3 MB

Downloads

387

Views

536

Size

18.1 MB

Downloads

614

Views

317

Size

10.8 MB

Downloads

643

Purchase Individually

  • 70-412

    Premium File

    450 Questions & Answers
    $21.41
    $14.99
  • 70-412

    Training Course

    92 Lectures
    $14.27
    $9.99
  • 70-412

    Study Guide

    1700 Pages
    $14.27
    $9.99

Questions & Answers for Microsoft 70-412

Showing 1-15 of 424 Questions

Question #1 - Topic 1

You create a new virtual disk in a storage pool by using the New Virtual Disk Wizard. You
discover that the new virtual disk has a write-back cache of 1 GB.
You need to ensure that the virtual disk has a write-back cache of 5 GB.
What should you do?

A. Detach the virtual disk, and then run the Resize-VirtualDisk cmdlet.

B. Detach the virtual disk, and then run the Set-VirtualDisk cmdlet.

C. Delete the virtual disk, and then run the New-StorageSubSystemVirtualDisk cmdlet.

D. Delete the virtual disk, and then run the New-VirtualDisk cmdlet.

Explanation:
So what about changing the cache size? Well, you can't modify the cache size, but you can
specify it at the time that you create a new virtual hard disk. In order to do so, you have to
use Windows PowerShell.
New-VirtualDisk StoragePoolFriendlyName "<storage pool name>" FriendlyName "<v
Reference: Using Windows Server 2012's SSD Write-Back Cache

Question #2 - Topic 1

You have a server named Server1 that runs Windows Server 2012 R2.
Each day, Server1 is backed up fully to an external disk.
On Server1, the disk that contains the operating system fails.
You replace the failed disk.
You need to perform a bare-metal recovery of Server1 by using the Windows Recovery
Environment (Windows RE).
What should you do?

A. Run the Start-WBVolumeRecovery cmdlet and specify the -backupset parameter.

B. Run the Get-WBBareMetalRecovery cmdlet and specify the -policy parameter.

C. Run the wbadmin.exe start recovery command and specify the -recoverytarget parameter.

D. Run the wbadmin.exe start sysrecovery command and specify the -backuptarget parameter.

Explanation:
Performs a system recovery (bare metal recovery). This subcommand can be run only from
the Windows Recovery Environment.
* -backupTarget
Specifies the storage location that contains the backup or backups that you want to
recover. This parameter is useful when the storage location is different from where backups
of this computer are usually stored.
Reference: Wbadmin start sysrecovery
http://technet.microsoft.com/en-us/library/cc742118.aspx

Question #3 - Topic 1

You have a file server named Server1 that runs Windows Server 2012 R2.
You need to ensure that you can use the NFS Share - Advanced option from the New
Share Wizard in Server Manager.
Which two role services should you install?
To answer, select the appropriate two role services in the answer area.

Explanation:

*File Server Resource Manager Role
File Server Resource Manager is a set of features that allow you to manage and classify
data that is stored on file servers.
Note: NFS Share Advanced
This advanced profile offers additional options to configure a NFS file share.
Set the folder owners for access-denied assistance
Configure default classification of data in the folder for management and access policies
Enable quotas

Question #4 - Topic 1

Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP
Server server role installed.
You need to create an IPv6 scope on Server1. The scope must use an address space that
is reserved for private networks. The addresses must be routable.
Which IPV6 scope prefix should you use?

A. 2001:123:4567:890A::

B. FE80:123:4567::

C. FF00:123:4567:890A::

D. FD00:123:4567::

Explanation:
Explanation/Reference:
* A unique local address (ULA) is an IPv6 address in the block fc00::/7, defined in RFC
4193. It is the approximate IPv6 counterpart of the IPv4 private address.
The address block fc00::/7 is divided into two /8 groups:
/ The block fc00::/8 has not been defined yet.
/ The block fd00::/8 is defined for /48 prefixes, formed by setting the 40 least-significant bits
of the prefix to a randomly generated bit string.
* Prefixes in the fd00::/8 range have similar properties as those of the IPv4 private address
ranges:
/ They are not allocated by an address registry and may be used in networks by anyone
without outside involvement.
/ They are not guaranteed to be globally unique.
/ Reverse Domain Name System (DNS) entries (under ip6.arpa) for fd00::/8 ULAs cannot
be delegated in the global DNS.
Reference: RFC 4193

Question #5 - Topic 1

Your network contains an Active Directory forest named contoso.com. The forest contains
two domains named contoso.com and childl.contoso.com. The domains contain three
domain controllers.
The domain controllers are configured as shown in the following table.

You need to ensure that the KDC support for claims, compound authentication, and
kerberos armoring setting is enforced in the child1.contoso.com domain.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)

A. Upgrade DC1 to Windows Server 2012 R2.

B. Upgrade DC11 to Windows Server 2012 R2.

C. Raise the domain functional level of childl.contoso.com.

D. Raise the domain functional level of contoso.com.

E. Raise the forest functional level of contoso.com.

Explanation:
The root domain in the forest must be at Windows Server 2012 level. First upgrade DC1 to
this level (A), then raise the contoso.com domain functional level to Windows Server 2012
(D).
* (A) To support resources that use claims-based access control, the principals domains
will need to be running one of the following:
/ All Windows Server 2012 domain controllers
/ Sufficient Windows Server 2012 domain controllers to handle all the Windows 8 device
authentication requests
/ Sufficient Windows Server 2012 domain controllers to handle all the Windows Server
2012 resource protocol transition requests to support non-Windows 8 devices.
Reference: What's New in Kerberos Authentication
http://technet.microsoft.com/en-us/library/hh831747.aspx.

Question #6 - Topic 1

Your network contains an Active Directory domain named contoso.com. The domain
contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 has the
DNS Server server role installed.
The network contains client computers that run either Linux, Windows 7, or Windows 8.
You have a standard primary zone named adatum.com as shown in the exhibit. (Click the
Exhibit button.)

You plan to configure Name Protection on all of the DHCP servers.
You need to configure the adatum.com zone to support Name Protection.
Which two configurations should you perform from DNS Manager? (Each correct answer
presents part of the solution. Choose two.)

A. Sign the zone.

B. Store the zone in Active Directory.

C. Modify the Security settings of the zone.

D. Configure Dynamic updates.

E. Add a DNS key record

Explanation:
Name protection requires secure update to work. Without name protection DNS names
may be hijacked.
You can use the following procedures to allow only secure dynamic updates for a zone.
Secure dynamic update is supported only for Active Directoryintegrated zones. If the zone
type is configured differently, you must change the zone type and directory-integrate the
zone before securing it for Domain Name System (DNS) dynamic updates.
1. (B) Convert primary DNS server to Active Directory integrated primary
2. (D) Enable secure dynamic updates

Reference: DHCP: Secure DNS updates should be configured if Name Protection is
enabled on any IPv4 scope
http://technet.microsoft.com/en-us/library/ee941152(v=ws.10).aspx

Question #7 - Topic 1

Your network contains an Active Directory domain named contoso.com. All file servers in
the domain run Windows Server 2012 R2.
The computer accounts of the file servers are in an organizational unit (OU) named OU1. A
Group Policy object (GPO) named GPO1 is linked to OU1.
You plan to modify the NTFS permissions for many folders on the file servers by using
central access policies.
You need to identify any users who will be denied access to resources that they can
currently access once the new permissions are implemented.
In which order should you Perform the five actions?

Explanation:

* Configure a central access rule
* Configure a central access policy (CAP) (with help of central access rules)
* Deploy the central access policy (through GPO)
* Modify security settings
* Check the result

Question #8 - Topic 1

You have a server that runs Windows Server 2012 R2.
You create a new work folder named Share1.
You need to configure Share1 to meet the following requirements:
✑ Ensure that all synchronized copies of Share1 are encrypted.
✑ Ensure that clients synchronize to Share1 every 30 minutes.
✑ Ensure that Share1 inherits the NTFS permissions of the parent folder.
Which cmdlet should you use to achieve each requirement?
To answer, drag the appropriate cmdlets to the correct requirements. Each cmdlet may be
used once, more than once, or not at all. You may need to drag the split bar between
panes or scroll to view content.

Explanation:

* (box 1) Set-SyncShare
The Set-SyncShare cmdlet modifies the settings for a sync share.
/ parameter: -RequireEncryption<Boolean>
Indicates whether the sync server requests that the contents of Work Folders be encrypted
on each PC and device that accesses the sync share.
* (box 2) Set-SyncServerSettings
Parameter: -MinimumChangeDetectionMins<UInt32>
Specifies the time, in minutes, before the Sync Share server detects changes on devices
and syncs the client and server.
* (box 3): Example: Modify a sync share to enable inherited permissions
This command modifies settings on the share named Share01, and sets
KeepParentFolderPermission to enable the share to inherit permissions from the parent
folder.
Windows PowerShell
PS C:\> Set-SyncShare Share01 -KeepParentFolderPermission

Question #9 - Topic 1

Your network contains two Active Directory forests named contoso.com and adatum.com.
Contoso.com contains one domain. Adatum.com contains a child domain named
child.adatum.com.
Contoso.com has a one-way forest trust to adatum.com. Selective authentication is
enabled on the forest trust.
Several user accounts are migrated from child.adatum.com to adatum.com.
Users report that after the migration, they fail to access resources in contoso.com. The
users successfully accessed the resources in contoso.com before the accounts were
migrated.
You need to ensure that the migrated users can access the resources in contoso.com.
What should you do?

A. Replace the existing forest trust with an external trust.

B. Run netdom and specify the /quarantine attribute.

C. Disable SID filtering on the existing forest trust.

D. Disable selective authentication on the existing forest trust.

Explanation:
Security Considerations for Trusts
Need to gain access to the resources in contoso.com
Disabling SID Filter Quarantining on External Trusts
Although it reduces the security of your forest (and is therefore not recommended), you can
disable SID filter quarantining for an external trust by using the Netdom.exe tool. You
should consider disabling SID filter quarantining only in the following situations:
* Users have been migrated to the trusted domain with their SID histories preserved, and
you want to grant them access to resources in the trusting domain based on the SID history
attribute.
Etc.
Incorrect:
Not B. Enables administrators to manage Active Directory domains and trust relationships
from the command prompt, /quarantine Sets or clears the domain quarantine.
Not D. Selective authentication over a forest trust restricts access to only those users in a
trusted forest who have been explicitly given authentication permissions to computer
objects (resource computers) that reside in the trusting forest.
Reference: Security Considerations for Trusts
http://technet.microsoft.com/en-us/library/cc755321(v=ws.10).aspx

Question #10 - Topic 1

You have a server named Server1 that runs Windows Server 2012 R2.
From Server Manager, you install the Active Directory Certificate Services server role on
Server1.
A domain administrator named Admin1 logs on to Server1.
When Admin1 runs the Certification Authority console, Admin1 receives the following error
message.

You need to ensure that when Admin1 opens the Certification Authority console on
Server1, the error message does not appear.
What should you do?

A. Install the Active Directory Certificate Services (AD CS) tools.

B. Run the regsvr32.exe command.

C. Modify the PATH system variable.

D. Configure the Active Directory Certificate Services server role from Server Manager.

Explanation:
The error message is related to missing role configuration.
* Cannot Manage Active Directory Certificate Services
Resolution: configure the two Certification Authority and Certification Authority Web
Enrollment Roles:

image
Reference: Cannot manage Active Directory Certificate Services in Server 2012 Error
0x800070002

Question #11 - Topic 1

You have a server named Server1.
You install the IP Address Management (IPAM) Server feature on Server1.
You need to provide a user named User1 with the ability to set the access scope of all the
DHCP servers that are managed by IPAM. The solution must use the principle of least
privilege.
Which user role should you assign to User1?

A. DNS Record Administrator Role

B. IPAM DHCP Reservations Administrator Role

C. IPAM Administrator Role

D. IPAM DHCP Administrator Role

Explanation:
The IPAM DHCP administrator role completely manages DHCP servers.

C:\Users\Chaudhry\Desktop\1.jpg
Reference: What's New in IPAM

Question #12 - Topic 1

You have a server named Server1 that runs Windows Server 2012 R2.
Server1 is backed up by using Windows Server Backup. The backup configuration is
shown in the exhibit. (Click the Exhibit button.)

You discover that only the last copy of the backup is maintained.
You need to ensure that multiple backup copies are maintained.
What should you do?

A. Modify the backup destination.

B. Configure the Optimize Backup Performance settings.

C. Modify the Volume Shadow Copy Service (VSS) settings.

D. Modify the backup times.

Explanation:
The destination in the exhibit shows a network share is used. If a network share is being
used only the latest copy will be saved

Reference: Where should I save my backup?
http://windows.microsoft.com/en-us/windows7/where-should-i-save-my-backup

Question #13 - Topic 1

Your network contains an Active Directory domain named contoso.com. All servers run
Windows Server 2012 R2.
You are creating a central access rule named TestFinance that will be used to audit
members of the Authenticated Users group for access failure to shared folders in the
finance department.
You need to ensure that access requests are unaffected when the rule is published.
What should you do?

A. Add a User condition to the current permissions entry for the Authenticated Users principal.

B. Set the Permissions to Use the following permissions as proposed permissions.

C. Add a Resource condition to the current permissions entry for the Authenticated Users principal.

D. Set the Permissions to Use following permissions as current permissions.

Explanation:
Proposed permissions enable an administrator to more accurately model the impact of
potential changes to access control settings without actually changing them.
Reference: Access Control and Authorization Overview
http://technet.microsoft.com/en-us/library/jj134043.aspx

Question #14 - Topic 1

You have a Hyper-V host named Server1 that runs Windows Server 2012 R2. Server1
contains a virtual machine named VM1 that runs Windows Server 2012 R2.
You fail to start VM1 and you suspect that the boot files on VM1 are corrupt.
On Server1, you attach the virtual hard disk (VHD) of VM1 and you assign the VHD a drive
letter of F.
You need to repair the corrupt boot files on VM1.
What should you run?

A. bootrec.exe /rebuildbcd

B. bootrec.exe /scanos

C. bcdboot.exe f:\windows /s c:

D. bcdboot.exe c:\windows /s f:

Explanation:
Enables you to quickly set up a system partition, or to repair the boot environment located
on the system partition. The system partition is set up by copying a simple set of Boot
Configuration Data (BCD) files to an existing empty partition.

Reference: BCDboot Command-Line Options

Question #15 - Topic 1

Your network contains an Active Directory domain named contoso.com. The domain
contains a member server named Server1 that has the Active Directory Federation
Services server role installed. All servers run Windows Server 2012.
You complete the Active Directory Federation Services Configuration Wizard on Server1.
You need to ensure that client devices on the internal network can use Workplace Join.
Which two actions should you perform on Server1? (Each correct answer presents part of
the solution. Choose two.)

A. Run Enable-AdfsDeviceRegistration -PrepareActiveDirectory.

B. Edit the multi-factor authentication global authentication policy settings.

C. Run Enable-AdfsDeviceRegistration.

D. Run Set-AdfsProxyProperties HttpPort 80.

E. Edit the primary authentication global authentication policy settings.

Explanation:
C. To enable Device Registration Service
On your federation server, open a Windows PowerShell command window and type:
Enable-AdfsDeviceRegistration
Repeat this step on each federation farm node in your AD FS farm.
E. Enable seamless second factor authentication
Seamless second factor authentication is an enhancement in AD FS that provides an
added level of access protection to corporate resources and applications from external
devices that are trying to access them. When a personal device is Workplace Joined, it
becomes a known device and administrators can use this information to drive conditional
access and gate access to resources.
To enable seamless second factor authentication, persistent single sign-on (SSO) and
conditional access for Workplace Joined devices.
In the AD FS Management console, navigate to Authentication Policies. Select Edit Global
Primary Authentication. Select the check box next to Enable Device Authentication, and
then click OK.
Reference: Configure a federation server with Device Registration Service.

×