♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for Microsoft 70-412 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-412 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/70-412-exam-dumps.html

2021 Apr 70-412 exam question

Q121. You have a server named Server1 that runs Windows Server 2012 R2. 

Windows Server 2012 R2 is installed on volume C. 

You need to ensure that Safe Mode with Networking loads the next time Server1 restarts. 

Which tool should you use? 

A. The Msconfig command 

B. The Bootcfg command 

C. The Restart-Computer cmdlet 

D. The Restart-Server cmdlet 

Answer:

Explanation: 

Use system config (Msconfig) to configure boot options. 

Reference: System Configuration – aka MSCONFIG. 


Q122. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 has the DNS Server server role installed. 

The network contains client computers that run either Linux, Windows 7, or Windows 8. 

You have a standard primary zone named adatum.com as shown in the exhibit. (Click the Exhibit button.) 

You plan to configure Name Protection on all of the DHCP servers. 

You need to configure the adatum.com zone to support Name Protection. 

Which two configurations should you perform from DNS Manager? (Each correct answer presents part of the solution. Choose two.) 

A. Sign the zone. 

B. Store the zone in Active Directory. 

C. Modify the Security settings of the zone. 

D. Configure Dynamic updates. 

E. Add a DNS key record 

Answer: B,D 

Explanation:

Name protection requires secure update to work. Without name protection DNS names may be hijacked.

You can use the following procedures to allow only secure dynamic updates for a zone.

Secure dynamic update is supported only for Active Directory–integrated zones. If the zone type is configured differently, you must change the zone type and directory-integrate the zone before securing it for Domain Name System (DNS) dynamic updates.

1. (B) Convert primary DNS server to Active Directory integrated primary

2. (D) Enable secure dynamic updates

Reference: DHCP: Secure DNS updates should be configured if Name Protection is enabled on any IPv4 scope

http://technet.microsoft.com/en-us/library/ee941152(v=ws.10).aspx


Q123. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured to support key archival and recovery. 

You create a new Active Directory group named Group1. 

You need to ensure that the members of Group1 can request a Key Recovery Agent certificate. 

The solution must minimize the permissions assigned to Group1. 

Which two permissions should you assign to Group1? (Each correct answer presents part of the solution. Choose two.) 

A. Read 

B. Auto enroll 

C. Write 

D. Enroll 

E. Full control 

Answer: A,D 

Explanation: 

See step 6 below. To configure the Key Recovery Agent certificate template Open the Certificate Templates snap-in. In the console tree, right-click the Key Recovery Agent certificate template. Click Duplicate Template. In Template, type a new template display name, and then modify any other optional properties as needed. On the Security tab, click Add, type the name of the users you want to issue the key recovery agent certificates to, and then click OK. Under Group or user names, select the user names that you just added. Under Permissions, select the Read and Enroll check boxes, and then click OK. 

Reference: Identify a Key Recovery Agent 


Q124. Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as a standalone certification authority (CA). 

You install a second server named Server2. You install the Online Responder role service on Server2. 

You need to ensure that Server1 can issue an Online Certificate Status Protocol (OCSP) Response Signing certificate to Server2. 

What should you run on Server1? 

A. The certreq.exe command and specify the -policy parameter 

B. The certutil.exe command and specify the -getkey parameter 

C. The certutil.exe command and specify the -setreg parameter 

D. The certreq.exe command and specify the -retrieve parameter 

Answer:

Explanation: To prepare a computer running Windows Server to issue OCSP Response Signing certificates 

On the server hosting the CA, open a command prompt, and type: certutil -v -setreg policyEnableRequestExtensionList +1.3.6.1.5.5.7.48.1.5 Stop and restart the CA. You can do this at a command prompt by running the following commands: net stop certsvc 

net start certsvc 

Reference: Configure a CA to Support OCSP Responders 

https://technet.microsoft.com/en-us/library/cc732526.aspx 


Q125. Your network contains an Active Directory domain named contoso.com. The domain 

contains a certification authority (CA). 

You suspect that a certificate issued to a Web server is compromised. 

You need to minimize the likelihood that users will trust the compromised certificate. 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. Stop the Certificate Propagation service. 

B. Modify the validity period of the Web Server certificate template. 

C. Run certutil and specify the -revoke parameter. 

D. Run certutil and specify the -deny parameter. 

E. Publish the certificate revocation list (CRL). 

Answer: C,E 

Explanation: First revoke the certificate, then publish the CRL. 


Q126. Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains three Active Directory sites named SiteA, SiteB, and SiteC. The sites contain four domain controllers. The domain controllers are configured as shown in the following table. 

An IP site link exits between each site. 

You discover that the users in SiteC are authenticated by the domain controllers in SiteA and SiteB. 

You need to ensure that the SiteC users are authenticated by the domain controllers in SiteB, unless all of the domain controllers in SiteB are unavailable. 

What should you do? 

A. Create an SMTP site link between SiteB and SiteC. 

B. Crate additional connection objects for DC1 and DC2. 

C. Decrease the cost of the site link between SiteB and SiteC. 

D. Create additional connection objects for DC3 and DC4. 

Answer:

Explanation: 

By decreasing the site link cost between SiteB and SiteC the SiteC users would be authenticated by SiteB rather than by SiteA. 


Q127. Your company recently deployed a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2. 

You need to identify the time-to-live (TTL) value for domain referrals to the NETLOGON and SYSVOL shared folders. 

Which tool should you use? 

A. Ultrasound 

B. Replmon 

C. Dfsdiag 

D. Frsutil 

Answer:

Explanation: 

Explanation/Reference: 

DFSDIAG can check your configuration in five different ways: 

Checking referral responses (DFSDIAG /TestReferral) 

Checking domain controller configuration 

Checking site associations 

Checking namespace server configuration 

Checking individual namespace configuration and integrity 

Reference: Five ways to check your DFS-Namespaces (DFS-N) configuration with the 

DFSDIAG.EXE tool 


Q128. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server3 that runs Windows Server 2012 R2 and has the DHCP Server server role installed. 

DHCP is configured as shown in the exhibit. (Click the Exhibit button.) 

Scope1, Scope2, and Scope3 are configured to assign the IP addresses of two DNS servers to DHCP clients. The remaining scopes are NOT configured to assign IP addresses of DNS servers to DHCP clients. 

You need to ensure that only Scope1, Scope3, and Scopes assign the IP addresses of the DNS servers to the DHCP clients. The solution must minimize administrative effort. 

What should you do? 

A. Create a superscope and a filter. 

B. Create a superscope and scope-level policies. 

C. Configure the Server Options. 

D. Configure the Scope Options. 

Answer:

Explanation: 

Scope options are applied to any clients that obtain a lease within that particular scope. 

Active scope option types always apply to all computers obtaining a lease in a given scope 

unless they are overridden by class or reserved client settings for the option type. 

Incorrect: 

Not A, not B. A superscope allows a DHCP server to provide leases from more than one 

scope to clients on a single physical network. It is not applicable here. 

Not C. If we configure the Server Options and set the DNS Servers then all DHCP clients 

would be assigned a DNS server. 

Reference: Managing DHCP Options 

https://technet.microsoft.com/en-us/library/cc958929.aspx 


Q129. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. 

Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a cluster disk resource. 

A developer creates an application named App1. App1 is NOT a cluster-aware application. App1 runs as a service. App1 stores date on the cluster disk resource. 

You need to ensure that App1 runs in Cluster1. The solution must minimize development effort. 

Which cmdlet should you run? 

A. Add-ClusterGenericServiceRole 

B. Add-ClusterGenericApplicationRole 

C. Add-ClusterScaleOutFileServerRole 

D. Add-ClusterServerRole 

Answer:

Explanation: 

Add-ClusterGenericApplicationRole 

Configure high availability for an application that was not originally designed to run in a 

failover cluster. 

If you run an application as a Generic Application, the cluster software will start the 

application, then periodically query the operating system to see whether the application 

appears to be running. If so, it is presumed to be online, and will not be restarted or failed 

over. 

EXAMPLE 1. 

Command Prompt: C:PS> 

Add-ClusterGenericApplicationRole -CommandLine NewApplication.exe 

Name OwnerNode State 

cluster1GenApp node2 Online Description 

This command configures NewApplication.exe as a generic clustered application. A default name will be used for client access and this application requires no storage. 

Reference: Add-ClusterGenericApplicationRole 

http://technet.microsoft.com/en-us/library/ee460976.aspx 


Q130. Your network contains three servers named Server1, Server2, and Server3. All servers run Windows Server 2012 R2. 

You need to ensure that Server1 can provide iSCSI storage for Server2 and Server3. 

What should you do on Server1? 

A. Start the Microsoft iSCSI Initiator Service and configure the iSCSI Initiator Properties. 

B. Install the iSNS Server service feature and create a Discovery Domain. 

C. Install the Multipath I/O (MPIO) feature and configure the MPIO Properties. 

D. Install the iSCSI Target Server role service and configure iSCSI targets. 

Answer:

Explanation: 

iSCSI Target Server: The server runs the iSCSI Target. It is also the iSCSI Target role name in Windows Server 2012. 

Note: iSCSI: it is an industry standard protocol allow sharing block storage over the Ethernet. The server shares the storage is called iSCSI Target. The server (machine) consumes the storage is called iSCSI initiator. Typically, the iSCSI initiator is an application server. For example, iSCSI Target provides storage to a SQL server, the SQL server will be the iSCSI initiator in this deployment. 

Target: It is an object which allows the iSCSI initiator to make a connection. The Target keeps track of the initiators which are allowed to be connected to it. The Target also keeps track of the iSCSI virtual disks which are associated with it. Once the initiator establishes the connection to the Target, all the iSCSI virtual disks associated with the Target will be accessible by the initiator.