2015 Latest released Microsoft Official 70-412 Practice Exam Question Free Download From Braindump2go Now! All New Updated 346 Questions And Answers are Real Questions from Microsoft Exam Center!
QUESTION 91
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
The domain contains two Active Directory sites named Site1 and Site2.
You need to configure the replication between the sites to occur by using change notification. Which attribute should you modify?
Answer:
Explanation:
http://blogs.technet.com/b/qzaidi/archive/2010/09/23/enable-change-notifications-between-sites-how-and-why.aspx
http://blogs.msdn.com/b/canberrapfe/archive/2012/03/26/active-directory-replication-change-notification-amp-you.aspx
QUESTION 92
Your network contains an Active Directory domain named contoso.com.
The domain contains a main office and a branch office.
An Active Directory site exists for each office.
All domain controllers run Windows Server 2012 R2.
The domain contains two domain controllers.
The domain controllers are configured as shown in the following table.
DC1 hosts an Active Directory-integrated zone for contoso.com.
You add the DNS Server server role to DC2.
You discover that the contoso.com DNS zone fails to replicate to DC2.
You verify that the domain, schema, and configuration naming contexts replicate from DC1 to DC2.
You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication.
Which tool should you use?
A. Dnslint
B. A DNS Manager
C. Active Directory Users and Computers
D. Dnscmd
Answer: A
Explanation:
Note: If you see question about AD Replication, First preference is AD sites and services, then
Repadmin and then DNSLINT.
QUESTION 93
Your network contains an Active Directory forest named adatum.com.
The forest contains a single domain. The domain contains four servers.
The servers are configured as shown in the following table.
You need to update the schema to support a domain controller that will run Windows Server 2012 R2.
On which server should you run adprep.exe?
A. Server1
B. DC3
C. DC2
D. DC1
Answer: B
Explanation:
DC3 is the only server that could be assumed to be 64bit
http://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx#BKMK_WS2012
QUESTION 94
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
The domain contains domain controllers that run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012 R2.
You plan to implement a new Active Directory forest.
The new forest will be used for testing and will be isolated from the production network.
In the test network, you deploy a server named Server1 that runs Windows Server 2012 R2.
You need to configure Server1 as a new domain controller in a new forest named contoso.test.
The solution must meet the following requirements:
– The functional level of the forest and of the domain must be the same as that of contoso.com.
– Server1 must provide name resolution services for contoso.test.
What should you do? To answer, configure the appropriate options in the answer area.
Answer:
Explanation:
When you deploy AD DS, set the domain and forest functional levels to the highest value that your environment can support. This way, you can use as many AD DS features as possible. For example, if you are sure that you will never add domain controllers that run Windows Server 2003 to the domain or forest, select the Windows Server 2008 functional level during the deployment process. However, if you might retain or add domain controllers that run Windows Server 2003, select the Windows Server 2003 functional level. When you deploy a new forest, you are prompted to set the forest functional level and then set the domain functional level.
You cannot set the domain functional level to a value that is lower than the forest functional level. Reference: Understanding Active Directory Domain Services (AD DS) Functional Levels
REWORDED
Very smartly reworded that you need to configure server 1 as new DC in a new forest named contoso.test and “also do name resolution”. In the answer you will have to select Windows 2003 as domain and forest functional level and you should also check “Domain name system(DNS) server….
This is not in any dumps
* When you deploy AD DS, set the domain and forest functional levels to the highest value that your environment can support. This way, you can use as many AD DS features as possible. For example, if you are sure that you will never add domain controllers that run Windows Server 2003 to the domain or forest, select the Windows Server 2008 functional level during the deployment process. However, if you might retain or add domain controllers that run Windows Server 2003, select the Windows Server 2003 functional level. When you deploy a new forest, you are prompted to set the forest functional level and then set the domain functional level.
You cannot set the domain functional level to a value that is lower than the forest functional level.
http://technet.microsoft.com/en-us/library/understanding-active-directory- functionallevels(v=ws.10).aspx
QUESTION 95
Your network contains an Active Directory domain named contoso.com.
Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2.
You have a Password Settings object (PSOs) named PSO1.
You need to view the settings of PSO1. Which tool should you use?
A. Get-ADDomainControllerPasswordReplicationPolicy
B. Get-ADDefaultDomainPasswordPolicy
C. Server Manager
D. Get-ADFineGrainedPasswordPolicy
Answer: D
Explanation:
A. Gets the members of the allowed list or denied list of a read-only domain controller’s password replication policy
B. Gets the default password policy for an Active Directory domain.
C. PSO’s managed from AD AC or Powershell Only
D. Gets one or more Active Directory fine grained password policies.
http://technet.microsoft.com/en-us/library/ee617207.aspx
http://technet.microsoft.com/en-us/library/ee617244.aspx
http://technet.microsoft.com/en-us/library/ee617231.aspx
QUESTION 96
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
The domain contains two servers named Server1 and Server2.
Both servers have the IP Address Management (IPAM) Server feature installed.
You have a support technician named Tech1.
Tech1 is a member of the IPAM Administrators group on Server1 and Server2.
You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2.
To which group on Server2 should you add Tech1? To answer, select the appropriate group in the answer area.
Answer:
Explanation:
http://www.microsoft.com/en-us/download/dlx/ThankYou.aspx?id=29012
Both WinRMRemoteWMIUsers_ and Remote Management Users have the exact same description. As such, I tested connecting with server manager remotely with a non-administrative account. I tried before adding to either group and got this error:
I then added to Remote Management Users and got this error:
Note that this is due to access to the event log only.
Next I removed from Remote Management Users and added to WinRMRemoteWMIUsers_ and got this error:
The error is exactly the same and the explanation is due to event log. In summary, Either one of these answers is correct, however since the document explicitly says use the “WinRMRemoteWMIUsers_” group, then that’s what we got to do.
QUESTION 97
Drag and Drop Question
You have a server named Server2 that runs Windows Server 2012 R2.
You have storage provisioned on Server2 as shown in the exhibit. (Click the Exhibit button.)
You need to configure the storage so that it appears in Windows Explorer as a drive letter on Server1.
Which three actions should you perform in sequence? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
QUESTION 98
Your network contains an Active Directory domain named contoso.com.
The domain contains two servers named Server1 and Server2 Both servers have the IP Address Management (IPAM) Server feature installed.
You have a support technician named Tech1.
Tech1 is a member of the IPAM Administrators group on Server1 and Server2.
You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2.
To which group on Server2 should you add Tech1.
A. IPAM MSM Administrators
B. IPAM Administrators
C. winRMRemoteWMIUsers_
D. Remote Management Users
Answer: C
Explanation:
A. IPAM MSM Administrators can’t access remotely
B. IPAM Administrators can’t access remotely
C. If you are accessing the IPAM server remotely using Server Manager IPAM client RSAT, then you must be a member of the WinRMRemoteWMIUsers group on the IPAM server, in addition to being a member of the appropriate IPAM security group (or local Administrators group).
http://msdn.microsoft.com/en-us/library/windows/desktop/aa384295(v=vs.85).aspx
http://www.microsoft.com/en-us/download/details.aspx?id=29012
QUESTION 99
Your network contains two Active Directory forests named contoso.com and adatum.com.
Both forests contain multiple domains. All domain controllers run Windows Server 2012 R2. Contoso.com has a one-way forest trust to adatum.com. A domain named paris.eu.contoso.com hosts several legacy applications that use NTLM authentication. Users in a domain named london.europe.adatum.com report that it takes a long time to be authenticated when they attempt to access the legacy applications hosted in paris.eu.contoso.com.
You need to reduce how long it takes for the london.europe.adatum.com users to be authenticated in paris.eu.contoso.com. What should you do?
A. Create a shortcut trust.
B. Create an external trust between the forest root domains.
C. Disable SID filtering on the existing trust.
D. Create an external trust.
Answer: A
Explanation:
A. Shortcut trusts are one-way or two-way, transitive trusts that can be used when administrators need to optimize the authentication process. Authentication requests must first travel a trust path between domain trees, and in a complex forest this can take time, which can be reduced with shortcut trusts.
B. Use external trusts to provide access to resources located on a Windows NT 4.0 domain or a domain located in a separate forest that is not joined by a forest trust.
C. Filters users or SIDs from one domain
D. Use external trusts to provide access to resources located on a Windows NT 4.0 domain or a domain located in a separate forest that is not joined by a forest trust
http://technet.microsoft.com/en-us/library/cc737939(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc775736(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc772633(v=ws.10).aspx
QUESTION 100
Your network contains an Active Directory domain named contoso.com.
All servers run Windows Server 2012 R2.
You are creating a central access rule named TestFinance that will be used to audit members of the Authenticated Users group for access failure to shared folders in the finance department.
You need to ensure that access requests are unaffected when the rule is published.
What should you do?
A. Add a User condition to the current permissions entry for the Authenticated Users principal.
B. Set the Permissions to Use the following permissions as proposed permissions.
C. Add a Resource condition to the current permissions entry for the Authenticated Users principal.
D. Set the Permissions to Use following permissions as current permissions.
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/jj134043.aspx
QUESTION 101
You have a server named Server1 that runs Windows Server 2012 R2.
Windows Server 2012 R2 is installed on volume C.
You need to ensure that Safe Mode with Command Prompt loads the next time Server1 restarts. Which tool should you use?
A. The Restart-Server cmdlet
B. The Bootcfg command
C. The Restart-Computer cmdlet
D. The Bcdedit command
Answer: D
Explanation:
A. Restart-Server is not a CMDLET
B. modifies the Boot.ini file
C. Restarts computer
D. Boot Configuration Data (BCD) files provide a store that is used to describe boot applications and boot application settings.
http://support.microsoft.com/kb/317521
http://technet.microsoft.com/en-us/library/hh849837.aspx
http://technet.microsoft.com/en-us/library/cc731662(v=ws.10).aspx
You can see with msconfig tool that boot options have changed as follows:
NOTE: Alternate Shell may be used
After reboot you should remove the safeboot option using bcdedit:
– bcdedit /deletevalue safeboot
QUESTION 102
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2012 R2.
Server1 has the Active Directory Certificate Services server role installed and is configured to support key archival and recovery.
You create a new Active Directory group named Group1.
You need to ensure that the members of Group1 can request a Key Recovery Agent certificate. The solution must minimize the permissions assigned to Group1.
Which two permissions should you assign to Group1? (Each correct answer presents part of the solution. Choose two.)
A. Read
B. Auto enroll
C. Write
D. Enroll
E. Full control
Answer: AD
Explanation:
* In Template, type a new template display name, and then modify any other optional properties as needed.
On the Security tab, click Add, type the name of the users you want to issue the key recovery agent certificates to, and then click OK. Under Group or user names, select the user names that you just added. Under Permissions, select the Read and Enroll check boxes, and then click OK.
QUESTION 103
Your network contains two Web servers named Server1 and Server2. Server1 and Server2 are nodes in a Network Load Balancing (NLB) cluster.
You configure the nodes to use the port rule shown in the exhibit. (Click the Exhibit button.)
You need to configure the NLB cluster to meet the following requirements:
– HTTPS connections must be directed to Server1 if Server1 is available.
– HTTP connections must be load balanced between the two nodes.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. From the host properties of Server1, set the Handling priority of the existing port rule to 2.
B. From the host properties of Server1, set the Handling priority of the existing port rule to 1.
C. From the host properties of Server2, set the Priority (Unique host ID) value to 1.
D. Create a port rule for TCP port 80. Set the Filtering mode to Multiple host and set the Affinity to None.
E. From the host properties of Server2, set the Handling priority of the existing port rule to 2.
F. Create an additional port rule for TCP port 443. Set the Filtering mode to Multiple host and set the Affinity
to Single.
Answer: BDE
Explanation:
Handling priority: When Single host filtering mode is being used, this parameter specifies the local host’s priority for handling the networking traffic for the associated port rule. The host with the highest handling priority (lowest numerical value) for this rule among the current members of the cluster will handle all of the traffic for this rule. The allowed values range from 1, the highest priority, to the maximum number of hosts allowed (32). This value must be unique for all hosts in the cluster.
E (not C): Lower priority (2) for Server 2.
D: HTTP is port 80.
Multiple hosts. This parameter specifies that multiple hosts in the cluster handle network traffic for the associated port rule.
This filtering mode provides scaled performance in addition to fault tolerance by distributing the network load among multiple hosts.
You can specify that the load be equally distributed among the hosts or that each host handle a specified load weight. Reference:
Network Load Balancing parameters
QUESTION 104
Your network contains two Active Directory forests named contoso.com and litwareinc.com.
A two- way forest trusts exists between the forest. Selective authentication is enabled on the trust. The contoso.com forest contains a server named Server1.
You need to ensure that users in litwareinc.com can access resources on Server1.
What should you do?
A. Install Active Directory Rights Management Services on a domain controller in contoso.com.
B. Modify the permission on the Server1 computer account.
C. Install Active Directory Rights Management Services on a domain controller in litwareinc.com.
D. Configure SID filtering on the trust.
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc772808(v=ws.10).aspx
QUESTION 105
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed.
The servers are configured as nodes in a failover cluster named Cluster1.
You add two additional nodes to Cluster1.
You have a folder named Folder1 on Server1 that contains application data.
You plan to provide continuously available access to Folder1.
You need to ensure that all of the nodes in Cluster1 can actively respond to the client requests for Folder1.
What should you configure?
A. Affinity-None
B. Affinity-Single
C. The cluster quorum settings
D. The failover settings
E. A file server for general use
F. The Handling priority
G. The host priority
H. Live migration
I. The possible owner
J. The preferred owner
K. Quick migration
L. the Scale-Out File Server
Answer: L
Explanation:
http://technet.microsoft.com/en-us/library/hh831349.aspx
Scale-Out File Server for application data (Scale-Out File Server)
This clustered file server is introduced in Windows Server 2012 R2 and lets you store server application data, such as Hyper-V virtual machine files, on file shares, and obtain a similar level of reliability, availability, manageability, and high performance that you would expect from a storage area network.
All file shares are online on all nodes simultaneously.
File shares associated with this type of clustered file server are called scale-out file shares.
This is sometimes referred to as active-active.
Braindump2go is one of the Leading 70-412 Exam Preparation Material Providers Around the World! We Offer 100% Money Back Guarantee on All Products! Feel Free In Downloading Our New Released 70-412 Real Exam Questions!