GreatExam presents the highest quality of 70-412 exam practice test which helps candidates to pass the 70-412 exams in the first attempt. GreatExam professional tools like questions and answers are extremely reliable source of preparation. When you use GreatExam preparation products your success in the Certification exam is guaranteed.
QUESTION 21
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows Server 2012 R2.
Both servers have the Hyper-V server role installed. The network contains an enterprise certification authority (CA). All servers are enrolled automatically for a certificate-based on the Computer certificate template. On Server1, you have a virtual machine named VM1.
VM1 is replicated to Server2.
You need to encrypt the replication of VM1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. On Server1, modify the settings of VM1.
B. On Server2, modify the settings of VM1.
C. On Server2, modify the Hyper-V Settings.
D. On Server1, modify the Hyper-V Settings.
E. On Server1, modify the settings of the virtual switch to which VM1 is connected.
F. On Server2, modify the settings of the virtual switch to which VM1 is connected.
Answer: AC
Explanation:
Answer is A and C, not A and F. Virtual Switch has nothing to do with this scenario based many sites I’ve visited even TechNet. And added a couple examples with Enterprise CA as well.
C. – Is Server 2, modify settings of Hyper-V=>Replica Server. then all the Encryption Reqs.
TCP-443/SSL.
QUESTION 22
Your network contains an Active Directory domain named contoso.com.
The domain contains a file server named Server1 that runs Windows Server 2012 R2.
You create a user account named User1 in the domain.
You need to ensure that User1 can use Windows Server Backup to back up Server1.
The solution must minimize the number of administrative rights assigned to User1.
What should you do?
A. Add User1 to the Backup Operators group.
B. Add User1 to the Power Users group.
C. Assign User1 the Backup files and directories user right and the Restore files and directories user right.
D. Assign User1 the Backup files and directories user right.
Answer: D
Explanation:
Backup Operators have these permissions by default:
However the question explicitly says we need to minimize administrative rights. Since the requirement is for backing up the data only–no requirement to restore or shutdown–then assigning the “Back up files and directories user right” would be the correct answer.
QUESTION 23
You have a server named Server1 that runs Windows Server 2012 R2 and is used for testing.
A developer at your company creates and installs an unsigned kernel-mode driver on Server1. The developer reports that Server1 will no longer start.
You need to ensure that the developer can test the new driver.
The solution must minimize the amount of data loss.
Which Advanced Boot Option should you select?
A. Disable Driver Signature Enforcement
B. Disable automatic restart on system failure
C. Last Know Good Configuration (advanced)
D. Repair Your Computer
Answer: A
Explanation:
A. By default, 64-bit versions of Windows Vista and later versions of Windows will load a kernel- mode driver only if the kernel can verify the driver signature. However, this default behavior can be disabled to facilitate early driver development and non-automated testing.
B. specifies that Windows automatically restarts your computer when a failure occurs
C. Developer would not be able to test the driver as needed
D. Removes or repairs critical windows files, Developer would not be able to test the driver as needed and some file loss
http://technet.microsoft.com/en-us/library/jj134246.aspx
http://msdn.microsoft.com/en-us/library/windows/hardware/ff547565(v=vs.85).aspx
QUESTION 24
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
You have a Dynamic Access Control policy named Policy1.
You create a new Central Access Rule named Rule1.
You need to add Rule1 to Policy1.
What command should you run? To answer, select the appropriate options in the answer area.
Answer:
Explanation:
http://technet.microsoft.com/en-us/library/hh846167.aspx
QUESTION 25
Your network contains an Active Directory domain named contoso.com.
The domain contains two member servers named Server1 and Server2.
All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.
You add two additional nodes in Cluster1.
You have a folder named Folder1 on Server1 that hosts application data.
Folder1 is a folder target in a Distributed File System (DFS) namespace.
You need to provide highly available access to Folder1.
The solution must support DFS Replication to Folder1.
What should you configure?
A. Affinity-None
B. Affinity-Single
C. The cluster quorum settings
D. The failover settings
E. A file server for general use
F. The Handling priority
G. The host priority
H. Live migration
I. The possible owner
J. The preferred owner
K. Quick migration
L. The Scale-Out File Server
Answer: E
QUESTION 26
Your network contains an Active Directory domain named contoso.com.
The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Network Load Balancing (NLB) feature installed.
The servers are configured as nodes in an NLB cluster named Cluster1.
Port rules are configured for all clustered applications.
You need to ensure that Server2 handles all client requests to the cluster that are NOT covered by a port rule.
What should you configure?
A. Affinity-None
B. Affinity-Single
C. The cluster quorum settings
D. The failover settings
E. A file server for general use
F. The Handling priority
G. The host priority
H. Live migration
I. The possible owner
J. The preferred owner
K. Quick migration
L. The Scale-Out File Server
Answer: G
Explanation:
http://technet.microsoft.com/en-us/library/bb742455.aspx
QUESTION 27
Hotspot Question
Your network contains two Web servers named Server1 and Server2.
Both servers run Windows Server 2012 R2.
Server1 and Server2 are nodes in a Network Load Balancing (NLB) cluster.
The NLB cluster contains an application named App1 that is accessed by using the name
appl.contoso.com.
The NLB cluster has the port rules configured as shown in the exhibit. (Click the Exhibit button.)
To answer, complete each statement according to the information presented in the exhibit.
Each correct selection is worth one point.
Answer:
QUESTION 28
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. The functional level of the forest is Windows Server 2003.
You have a domain outside the forest named adatum.com.
You need to configure an access solution to meet the following requirements:
– Users in adatum.com must be able to access resources in contoso.com.
– Users in adatum.com must be prevented from accessing resources in fabrikam.com.
– Users in both contoso.com and fabrikam.com must be prevented from accessing resources in adatum.com.
What should you create?
A. a one-way realm trust from contoso.com to adatum.com
B. a one-way realm trust from adatum.com to contoso.com
C. a one-way external trust from contoso.com to adatum.com
D. a one-way external trust from adatum.com to contoso.com
Answer: C
Explanation:
domain names were changed, so understand the question well
You need to make trust relationship where domain contoso.com trusts adatum.com.
http://technet.microsoft.com/en-us/library/cc728024(v=ws.10).aspx
QUESTION 29
Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office.
All domain controllers run Windows Server 2012 R2.
The domain contains two domain controllers.
DC1 hosts an Active Directory- integrated zone for contoso.com.
You add the DNS Server server role to DC2.
You discover that the contoso.com DNS zone fails to replicate to DC2.
You verify that the domain, schema, and configuration naming contexts replicate from DC1 to DC2.
You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication.
Which tool should you use?
A. Dnscmd
B. Dnslint
C. Repadmin
D. Ntdsutil
E. DNS Manager
F. Active Directory Sites and Services
G. Active Directory Domains and Trusts
H. Active Directory Users and Computers
Answer: F
Explanation:
http://technet.microsoft.com/en-us/library/cc739941(v=ws.10).aspx
If you see question about AD Replication, First preference is AD sites and services, then Repadmin and then DNSLINT.
QUESTION 30
Your network contains an Active Directory forest named contoso.com.
The forest contains four domains. All servers run Windows Server 2012 R2.
Each domain has a user named User1.
You have a file server named Server1 that is used to synchronize user folders by using the
Work Folders role service.
Server1 has a work folder named Sync1.
You need to ensure that each user has a separate folder in Sync1.
What should you do?
A. From Windows Explorer, modify the Sharing properties of Sync1.
B. Run the Set-SyncServerSetting cmdlet.
C. From File and Storage Services in Server Manager, modify the properties of Sync1.
D. Run the Set-SyncShare cmdlet.
Answer: D
Explanation:
http://technet.microsoft.com/en-US/library/dn296649.aspx
PS C:\> Set-SyncShare Share01 -User “ContosoGroup”
QUESTION 31
You have a server named Server1 that runs Windows Server 2012 R2.
From Server Manager, you install the Active Directory Certificate Services server role on
Server1.
A domain administrator named Admin1 logs on to Server1.
When Admin1 runs the Certification Authority console, Admin1 receive the following error message.
You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error message does not appear.
What should you do?
A. Run the Install-AdcsCertificationAuthority cmdlet.
B. Install the Active Directory Certificate Services (AD CS) tools.
C. Modify the PATH system variable.
D. Add Admin1 to the Cert Publishers group.
Answer: A
Explanation:
http://clintboessen.blogspot.nl/2013/11/cannot-manage-active-directory.html
QUESTION 32
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
The domain contains a domain controller named DC1 and a server named Server1.
Both servers run Windows Server 2012 R2.
You configure the classification of a share on Server1 as shown in the Share1 Properties exhibit. (Click the Exhibit button.)
You configure the resource properties in Active Directory as shown in the Resource Properties exhibit. (Click the Exhibit button.)
You need to ensure that the Impact classification can be assigned to Share1 immediately.
Which cmdlet should you run on each server? To answer, select the appropriate cmdlet for each server in the answer area.
Answer:
QUESTION 33
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 has the DHCP Server server role installed. DHCP is configured as shown in the exhibit. (Click the Exhibit button.)
You discover that client computers cannot obtain IPv4 addresses from DC1.
You need to ensure that the client computers can obtain IPv4 addresses from DC1.
What should you do?
A. Activate the scope.
B. Authorize DC1.
C. Disable the Allow filters.
D. Disable the Deny filters.
Answer: C
Explanation:
There is no items in the deny List. So it means that client computers MAC addresses is not listed in the allow list. So we have to disable the “Allow Filters”
http://technet.microsoft.com/en-us/library/ee956897(v=ws.10).aspx
QUESTION 34
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 and a domain controller named DC1. All servers run Windows Server 2012 R2. A Group Policy object (GPO) named GPO1 is linked to the domain.
Server1 contains a folder named Folder1. Folder1 is shared as Share1.
You need to ensure that authenticated users can request assistance when they are denied access to the resources on Server1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Assign the Read Attributes NTFS permission on Folder1 to the Authenticated Users group.
B. Install the File Server Resource Manager role service on Server1.
C. Configure the Customize message for Access Denied errors policy setting of GPO1.
D. Enable the Enable access-denied assistance on client for all file types policy setting for GPO1.
E. Install the File Server Resource Manager role service on DC1.
Answer: CD
Explanation:
https://technet.microsoft.com/en-us/library/hh831402.aspx
To configure access-denied assistance for all file types by using Group Policy
…
To specify a separate access-denied message for a shared folder by using File Server Resource Manager
QUESTION 35
Your network contains an Active Directory domain named adatum.com. All domain controllers run Windows Server 2008 R2. The domain contains a file server named Server6 that runs Windows Server 2012 R2. Server6 contains a folder named Folder1. Folder1 is shared as Share1.
The NTFS permissions on Folder1 are shown in the exhibit. (Click the Exhibit button.)
The domain contains two global groups named Group1 and Group2.
You need to ensure that only users who are members of both Group1 and Group2 are denied access to Folder1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Remove the Deny permission for Group1 from Folder1.
B. Deny Group2 permission to Folder1.
C. Install a domain controller that runs Windows Server 2012 R2.
D. Create a conditional expression.
E. Deny Group2 permission to Share1.
F. Deny Group1 permission to Share1.
Answer: AD
Explanation:
DAC uses enhanced security descriptors introduced in Windows Server 2008 R2 and Windows 7 to allow conditional expressions in user and device claims and resource properties. This allows a file resource, for example, to be limited to members of the sales department who reside in Canada.
https://redmondmag.com/articles/2013/08/01/implement-the-new-windows-server-2012-dac.aspx.
So in order to use conditional expressions, 2008 R2 is enough, you don’t need to install DC that runs W2012 R2.
You need to ensure that only users who are members of both Group1 and Group2 are denied access to Folder1. User must be member of both groups, so condition is IF user is member of Group1 AND Group2, so you need to Remove the Deny permission for Group1 from Folder1, because Users who are members of only Group1 should have access to Folder1.
QUESTION 36
Drag and Drop Question
Your network contains an Active Directory forest. The forest contains a single domain named contoso.com. The forest contains two Active Directory sites named Main and Branch1. The sites connect to each other by using a site link named Main-Branch1. There are no other site links. Each site contains several domain controllers. All domain controllers run Windows Server 2012 R2. Your company plans to open a new branch site named Branch2.
The new site will have a WAN link that connects to the Main site only.
The site will contain two domain controllers that run Windows Server 2012 R2.
You need to create a new site and a new site link for Branch2.
The solution must ensure that the domain controllers in Branch2 only replicate to the domain controllers in Branch1 if all of the domain controllers in Main are unavailable.
Which three actions should you perform? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
SO…the first part of this answer is:
1. Create a new site object named Branch2
***When you create the new site Branch2 you will be prompted to associate it with a site link…right now we only have one site link (Main-Branch1). Hit Finish
2. Remove Branch2 site from the Main-Branch1 Site Link
***In order to move a site into a new site link, you must first remove them from their previous site link….In this case Branch2 was put in Main-Branch1 when we create the new site because we didn’t have another site link to associate the new site with at the time we created it.
3. Create a new site link object named Main-Branch2
***When you create the site link object you will be asked to place the appropriate sites in this link…choose Main and Branch 2
Because we are using Interstice topology replication, ISTG (similar to KCC with Intrasite) will build a logical transitive connection path between all site links because site link bridge is enabled by default and is a Microsoft best practice to leave this default. By default a site link has a default cost of 100 so the Main-Branch1 site cost 100. Since we do not have a site link established from Branch2 – Branch1, ISTG will create a logical patch that travels along the Main-Branch2 site link (cost 100) and through Main-Branch1 site link(cost 100) to establish replication connection in the event the least cost path goes down. Since the logical path =200, Branch2 will only replicate with Branch1 if the site link to the Main Site goes down.
QUESTION 37
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com.
The domain contains two servers named Server1 and Server3.
The network contains a standalone server named Server2.
All servers run Windows Server 2012 R2.
The servers are configured as shown in the following table.
Server3 hosts an application named App1. App1 is accessible internally by using the URL
https://appl.contoso.com. App1 only supports Integrated Windows authentication.
You need to ensure that all users from the Internet are pre-authenticated before they can access App1.
What should you do? To answer, drag the appropriate servers to the correct actions. Each server may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
QUESTION 38
You have a failover cluster named Cluster1 that contains four nodes.
All of the nodes run Windows Server 2012 R2.
You need to force every node in Cluster1 to contact immediately the Windows Server Update Services (WSUS) server on your network for updates.
Which tool should you use?
A. The Add-CauClusterRole cmdlet
B. The Wuauclt command
C. The Wusa command
D. The Invoke-CauScan cmdlet
Answer: D
Explanation:
A. Adds the Cluster-Aware Updating (CAU) clustered role that provides the self-updating
functionality to the specified cluster.
B. The wuauclt utility allows you some control over the functioning of the Windows Update Agent
C. The Wusa.exe file is in the %windir%\System32 folder.
The Windows Update Standalone Installer uses the Windows Update Agent API to install update packages. Update packages have an .msu file name extension.
The .msu file name extension is associated with the Windows Update Standalone Installer.
D. Performs a scan of cluster nodes for applicable updates and returns a list of the initial set of updates that would be applied to each node in a specified cluster.
http://technet.microsoft.com/en-us/library/hh847235(v=wps.620).aspx
http://technet.microsoft.com/en-us/library/cc720477(v=ws.10).aspx
http://support.microsoft.com/kb/934307
http://technet.microsoft.com/en-us/library/hh847228(v=wps.620).aspx
QUESTION 39
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 have the Hyper-V server role installed.
Server1 and Server2 are configured as Hyper-V replicas of each other.
Server1 hosts a virtual machine named VM1. VM1 is replicated to Server2.
You need to verify whether the replica of VM1 on Server2 is functional.
The solution must ensure that VM1 remains accessible to clients.
What should you do from Hyper-V Manager?
A. On Server1, execute a Planned Failover.
B. On Server1, execute a Test Failover.
C. On Server2, execute a Planned Failover.
D. On Server2, execute a Test Failover.
Answer: D
Explanation:
You have to access the replica server to do the test failover which is server 2 in this case.
https://technet.microsoft.com/en-us/library/hh831759.aspx#BKMK_Step5
QUESTION 40
Your network contains an Active Directory domain named contoso.com.
The network contains a file server named Server1 that runs Windows Server 2012 R2.
You are configuring a central access policy for temporary employees.
You enable the Department resource property and assign the property a suggested value of Temp.
You need to configure a target resource condition for the central access rule that is scoped to resources assigned to Temp only.
Which condition should you use?
A. (Temp.Resource Equals “Department”)
B. (Resource.Temp Equals “Department”)
C. (Resource.Department Equals “Temp”)
D. (Department.Value Equals “Temp”)
Answer: C
Explanation:
http://technet.microsoft.com/fr-fr/library/hh846167.aspx
GreatExam is now here to help you with your 70-412 exam certification problems. Because we are the best 70-412 exam questions training material providing vendor, all of our candidates get through 70-412 exam without any problem.