♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for Microsoft 70-412 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-412 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/70-412-exam-dumps.html

Q71. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 and a member server named Server1. Server1 

has the IP Address Management (IPAM) Server feature installed. 

On Dc1, you configure Windows Firewall to allow all of the necessary inbound ports for 

IPAM. 

On Server1, you open Server Manager as shown in the exhibit. (Click the Exhibit button.) 

You need to ensure that you can use IPAM on Server1 to manage DNS on DC1. 

What should you do? 

A. Modify the outbound firewall rules on Server1. 

B. Modify the inbound firewall rules on Server1. 

C. Add Server1 to the Remote Management Users group. 

D. Add Server1 to the Event Log Readers group. 

Answer:

Explanation: 

To access configuration data and server event logs, the IPAM server must be a member of the domain IPAM Users Group (IPAMUG). The IPAM server must also be a member of the Event Log Readers security group. 

Note: The computer account of the IPAM server must be a member of the Event Log Readers security group. 

Reference: Manually Configure DC and NPS Access Settings. http://technet.microsoft.com/en-us/library/jj878317.aspx http://technet.microsoft.com/en-us/library/jj878313.aspx


Q72. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012. 

Server1 is the enterprise root certification authority (CA) for contoso.com. 

You need to enable CA role separation on Server1. 

Which tool should you use? 

A. The Certutil command 

B. The Authorization Manager console 

C. The Certsrv command 

D. The Certificates snap-in 

Answer:

Explanation: 

To enable role separation 

. Open Command Prompt. 

. Type: certutil -setreg caRoleSeparationEnabled 1 Etc. 

Reference: Enable role separation 


Q73. Your network contains two Active Directory forests named contoso.com and adatum.com. Each forest contains one domain. Contoso.com has a two-way forest trust to adatum.com. Selective authentication is enabled on the forest trust. 

Contoso contains 10 servers that have the File Server role service installed. Users successfully access shared folders on the file servers by using permissions granted to the Authenticated Users group. 

You migrate the file servers to adatum.com. 

Contoso users report that after the migration, they are unable to access shared folders on the file servers. 

You need to ensure that the Contoso users can access the shared folders on the file servers. 

What should you do? 

A. Disable selective authentication on the existing forest trust. 

B. Disable SID filtering on the existing forest trust. 

C. Run netdom and specify the /quarantine attribute. 

D. Replace the existing forest trust with an external trust. 

Answer:

Explanation: 

Although it is not recommended, you can use this procedure to disable security identifier (SID) filter quarantining for an external trust with the Netdom.exe tool. You should consider disabling SID filter quarantining only in the following situations: 

* Users have been migrated to the trusted domain with their SID histories preserved, and you want to grant those users access to resources in the trusting domain (the former domain of the migrated users) based on the sIDHistory attribute. 

Etc. 

Reference: Disabling SID filter quarantining 

http://technet.microsoft.com/en-us/library/cc794713(v=ws.10).aspx 


Q74. Your network contains an Active Directory forest named contoso.com. 

Users frequently access the website of an external partner company. The URL of the website is http://partners.adatum.com. 

The partner company informs you that it will perform maintenance on its Web server and that the IP addresses of the Web server will change. 

After the change is complete, the users on your internal network report that they fail to access the website. However, some users who work from home report that they can access the website. 

You need to ensure that your DNS servers can resolve partners.adatum.com to the correct IP address immediately. 

What should you do? 

A. Run ipconfig and specify the FlushDns parameter. 

B. Run ipconfig and specify the Renew parameter. 

C. Run dnscmd and specify the ClearCache parameter. 

D. Run Set-DnsServerResourceRecordAging. 

Answer:

Explanation: We cane clear the DNS cache on the DNS server with either Dnscmd /ClearCache (from command prompt) or Clear-DnsServerCache (from Windows PowerShell). 

Reference: Technet, Dnscmd 

https://technet.microsoft.com/en-us/library/cc772069.aspx 


Q75. DRAG DROP 

Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2. 

All domain user accounts have the Division attribute automatically populated as part of the user provisioning process. The Support for Dynamic Access Control and Kerberos armoring policy is enabled for the domain. 

You need to control access to the file shares on Server1 based on the values in the Division attribute and the Division resource property. 

Which three actions should you perform in sequence? 

Answer: 


Q76. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Rights Management Services server role installed. 

The domain contains a domain local group named Group1. 

You create a rights policy template named Template1. You assign Group1 the rights to Template1. 

You need to ensure that all the members of Group1 can use Template1. 

What should you do? 

A. Configure the email address attribute of Group1. 

B. Convert the scope of Group1 to global. 

C. Convert the scope of Group1 to universal. 

D. Configure the email address attribute of all the users who are members of Group1. 

Answer:

Explanation: 

Explanation/Reference: When a user or group is created in Active Directory, the mail attribute is an optional attribute that can be set to include a primary email address for the user or group. For AD RMS to work properly, this attribute must be set because all users must have an email attribute to protect and consume content. 

Reference: AD RMS Troubleshooting Guide http://social.technet.microsoft.com/wiki/contents/articles/13130.ad-rms-troubleshooting-guide.aspx 


Q77. Your company has a main office and a branch office. 

The main office contains a file server named Server1. Server1 has the BranchCache for 

Network Files role service installed. The branch office contains a server named Server2. 

Server2 is configured as a BranchCache hosted cache server. 

You need to preload the data from the file shares on Server1 to the cache on Server2. 

What should you run first? 

A. Publish-BCFileContent 

B. Add- BCDataCacheExtension 

C. Set-BCCache 

D. Export-BCCachePackage 

Answer:

Explanation: 

See step 2 below. 

To prehash content and preload the content on hosted cache servers . Log on to the file or Web server that contains the data that you wish to preload, and identify the folders and files that you wish to load on one or more remote hosted cache servers. . Run Windows PowerShell as an Administrator. For each folder and file, run either the Publish-BCFileContent command or the Publish-BCWebContent command, depending on the type of content server, to trigger hash generation and to add data to a data package. . After all the data has been added to the data package, export it by using the Export-BCCachePackage command to produce a data package file. . Move the data package file to the remote hosted cache servers by using your choice of file transfer technology. FTP, SMB, HTTP, DVD and portable hard disks are all viable transports. . Import the data package file on the remote hosted cache servers by using the Import-BCCachePackage command. 

Reference: Prehashing and Preloading Content on Hosted Cache Servers (Optional) 


Q78. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. 

You have a failover cluster named Cluster1 that contains two nodes named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed. 

You plan to create two virtual machines that will run an application named App1. App1 will store data on a virtual hard drive named App1data.vhdx. App1data.vhdx will be shared by both virtual machines. 

The network contains the following shared folders: 

An SMB file share named Share1 that is hosted on a Scale-Out File Server. An SMB file share named Share2 that is hosted on a standalone file server. An NFS share named Share3 that is hosted on a standalone file server. 

You need to ensure that both virtual machines can use App1data.vhdx simultaneously. 

What should you do? 

To answer, select the appropriate configurations in the answer area. 

Answer: 


Q79. Your network contains one Active Directory forest named contoso.com. The forest contains two child domains and six domain controllers. The domain controllers are configured as shown in the following table. 

You have a trust from contoso.com to another forest named fabrikam.com. 

You plan to migrate users from contoso.com to fabrikam.com. 

You need to ensure that the users who migrated to fabrikam.com can continue to access shared resources in contoso.com. The solution must not require administrators to modify permissions to shared resources. 

What should you use? 

A. Set-ADSite 

B. Set-ADReplicationSite 

C. Set-ADDomain 

D. Set-ADReplicationSiteLink 

E. Set-ADGroup 

F. Set-ADForest 

G. Netdom 

Answer:

Explanation: The Netdom move command moves a workstation or member server to a new domain. The act of moving a computer to a new domain creates an account for the computer on the domain, if it does not already exist. 

Reference: Technet, Netdom move 

https://technet.microsoft.com/en-us/library/cc788127.aspx 


Q80. You have a virtual machine named VM1 that runs on a host named Host1. 

You configure VM1 to replicate to another host named Host2. Host2 is located in the same physical location as Host1. 

You need to add an additional replica of VM1. The replica will be located in a different physical site. 

What should you do? 

A. From VM1 on Host2, click Extend Replication. 

B. On Host1, configure the Hyper-V settings. 

C. From VM1 on Host1, click Extend Replication. 

D. On Host2, configure the Hyper-V settings. 

Answer:

Explanation: 

Extend Replication through UI: 

Before you Extend Replication to third site, you need to establish the replication between a primary server and replica server. Once that is done, go to replica site and from Hyper-V UI manager select the VM for which you want to extend the replication. Right click on VM and select “Replication->Extend Replication …”. This will open Extend Replication Wizard which is similar to Enable Replication Wizard. 

NOTE: You configure a server to receive replication with Hyper-V Manager, in this situation the replica site is assumed to be the Replica Server. Therefore you extend replication from VM1 on Host2. 

Note 2: With Hyper-V Extend Replication feature in Windows Server 2012 R2, customers can have multiple copies of data to protect them from different outage scenarios. For example, as a customer I might choose to keep my second DR site in the same campus or a few miles away while I want to keep my third copy of data across the continents to give added protection for my workloads. Hyper-V Replica Extend replication exactly addresses this problem by providing one more copy of workload at an extended site apart from replica site. 

Reference: Hyper-V Replica: Extend Replication 

http://blogs.technet.com/b/virtualization/archive/2013/12/10/hyper-v-replica-extend-replication.aspx