♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for Microsoft 70-412 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-412 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/70-412-exam-dumps.html

Q31. Your network contains an Active Directory forest named adatum.com. All servers run Windows Server 2012 R2. The domain contains four servers. The servers are configured as shown in the following table. 

You need to deploy IP Address Management (IPAM) to manage DNS and DHCP. 

On which server should you install IPAM? 

A. Server1 

B. Server2 

C. Server3 

D. Server4 

Answer:

Explanation: 

An IPAM server is intended as a single-purpose server. It is not recommended to collocate 

other network infrastructure roles such as DNS or DHCP on the same server. IPAM installation is not supported on a domain controller, and discovery of DHCP servers will be disabled if you install IPAM on a server that is also running the DHCP Server service. The following features and tools are automatically installed when you install IPAM Server. 

Reference: IPAM Deployment Planning 


Q32. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed. 

You need to store the contents of all the DNS queries received by Server1. 

What should you configure? 

A. Logging from Windows Firewall with Advanced Security 

B. Debug logging from DNS Manager 

C. A Data Collector Set (DCS) from Performance Monitor 

D. Monitoring from DNS Manager 

Answer:

Explanation: 

Debug logging allows you to log the packets sent and received by a DNS server. Debug logging is disabled by default, and because it is resource intensive, you should only activate it temporarily when you need more specific detailed information about server performance. 

Reference: Active Directory 2008: DNS Debug Logging Facts… 


Q33. Your network contains four Active Directory forests. Each forest contains an Active 

Directory Rights Management Services (AD RMS) root cluster. 

All of the users in all of the forests must be able to access protected content from any of 

the forests. 

You need to identify the minimum number of AD RMS trusts required. How many trusts should you identify? 

A. 3 

B. 6 

C. 12 

D. 16 

Answer:

Explanation: 

The number of AD RMS trusts required to interact between all AD RMS forests can be 

defined by using the following formula: N*(N-1). 

Here N=4, so the number of trust is 12 (4*3). 

Reference: AD RMS Prerequisites, Important considerations for installing AD RMS in a 

multi-forest environment 


Q34. HOTSPOT 

You build a test environment. The test environment contains one Active Directory forest. The forest contains a single domain named contoso.com. The domain contains the servers configured as shown in the following table. 

You run the following commands. 

New-ADReplicationSite Site1 New-ADReplicationSite Site2 New-ADReplicationSubnet -Name “192.168.1.0/24” -Site Site1 New-ADReplicationSubnet -Name “192.168.2.0/24” -Site Site2 New-ADReplicationSiteLink -Name “SiteLink1” –SitesIncluded Site1,Site2 -Cost 100 -

ReplicationFrequencyInMinutes 15 

You promote Server3 and Server4 to domain controllers by using the default options. 

Use the drop-down menus to select the answer choice that completes each statement. 

Answer: 


Q35. Your network contains two Active Directory forests named contoso.com and corp.contoso.com. 

User1 is a member of the DnsAdmins domain local group in contoso.com. 

User1 attempts to create a conditional forwarder to corp.contoso.com but receive an error message shown in the exhibit. (Click the Exhibit button.) 

You need to configure bi-directional name resolution between the two forests. 

What should you do first? 

A. Add User1 to the DnsUpdateProxy group. 

B. Configure the zone to be Active Directory-integrated. 

C. Enable the Advanced view from DNS Manager. 

D. Run the New Delegation Wizard. 

Answer:

Explanation: 

The zone must be Active Directory-integrated. 


Q36. Your network contains an Active Directory domain named contoso.com. The domain 

contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Rights Management Services server role installed. 

Your company works with a partner organization that does not have its own Active Directory Rights Management Services (AD RMS) implementation. 

You need to create a trust policy for the partner organization. 

The solution must meet the following requirements: 

. Grant users in the partner organization access to protected content. . Provide users in the partner organization with the ability to create protected content. 

Which type of trust policy should you create? 

A. A federated trust 

B. Windows Live ID 

C. A trusted publishing domain 

D. A trusted user domain 

Answer:

Explanation: 

In AD RMS rights can be assigned to users who have a federated trust with Active 

Directory Federation Services (AD FS). This enables an organization to share access to 

rights-protected content with another organization without having to establish a separate 

Active Directory trust or Active Directory Rights Management Services (AD RMS) 

infrastructure. 

Incorrect: 

Not C. Trusted publishing domains allow one AD RMS server to issue use licenses that 

correspond with a publishing license issued by another AD RMS server, but in this scenario 

the partner organization does not have any Active Directory. 

Not D. A trusted user domain, often referred as a TUD, is a trust between AD RMS 

clusters, but in this scenario the partner organization does not have any Active Directory. 

Reference: AD RMS and AD FS Considerations 

http://technet.microsoft.com/en-us/library/dd772651(v=WS.10).aspx 


Q37. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. 

Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. 

You add two additional nodes in Cluster1. 

You have a folder named Folder1 on Server1 that hosts Application data. Folder1 is a folder target in a Distributed File System (DFS) namespace. 

You need to provide highly available access to Folder1. The solution must support DFS Replication to Folder1. 

What should you configure? 

A. Affinity-None 

B. Affinity-Single 

C. The cluster quorum settings 

D. The failover settings 

E. A file server for general use 

F. The Handling priority 

G. The host priority 

H. Live migration 

I. The possible owner 

J. The preferred owner 

K. Quick migration 

L. The Scale-Out File Server 

Answer:

Explanation: 

File Server for general use 

Note: You can deploy and configure a clustered file server by using either of the following methods: 

* File Server for general use. This is the continuation of the clustered file server that has been supported in Windows Server since the introduction of Failover Clustering. This type of clustered file server, and therefore all the shares associated with the clustered file server, is online on one node at a time. This is sometimes referred to as active-passive or dual-active. File shares associated with this type of clustered file server are called clustered file shares. This is the recommended file server type when deploying information worker scenarios. 

* Scale-Out File Server for application data This clustered file server feature was introduced in Windows Server 2012, and it lets you store server application data, such as Hyper-V virtual machine files, on file shares, and obtain a similar level of reliability, availability, manageability, and high performance that you would expect from a storage area network. All file shares are simultaneously online on all nodes. File shares associated with this type of clustered file server are called scale-out file shares. This is sometimes referred to as active-active. This is the recommended file server type when deploying either Hyper-V over Server Message Block (SMB) or Microsoft SQL Server over SMB. 

Reference: Scale-Out File Server for Application Data Overview 


Q38. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the IP Address Management (IPAM) Server feature installed. 

You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1 and Server2. You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2. To which group on Server2 should you add Tech1? To answer, select the appropriate group in the answer area. 

Answer: 


Q39. HOTSPOT 

You have a server that runs Windows Server 2012 R2 and has the iSCSI Target Server role service installed. 

You run the New-IscsiVirtualDisk cmdlet as shown in the New-IscsiVirtualDisk exhibit. (Click the Exhibit button.) 

To answer, complete each statement according to the information presented in the exhibits. Each correct selection is worth one point. 

Answer: 


Q40. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs a Server Core installation of Windows Server 2012 R2. 

You need to deploy a certification authority (CA) to Server1. The CA must support the auto-enrollment of certificates. 

Which two cmdlets should you run? (Each correct answer presents part of the solution. 

Choose two.) 

A. Add-CAAuthoritylnformationAccess 

B. Install-AdcsCertificationAuthority 

C. Add-WindowsFeature 

D. Install-AdcsOnlineResponder 

E. Install-AdcsWebEnrollment 

Answer: B,E 

Explanation: 

Explanation 

B. The Install-AdcsCertificationAuthority cmdlet performs installation and configuration of 

the AD CS CA role service. It can be used to install a root CA. 

Example: 

Install-AdcsCertificationAuthority –CAType StandaloneRootCA –CACommonName 

"ContosoRootCA" –KeyLength 2048 –HashAlgorithm SHA1 –CryptoProviderName 

"RSA#Microsoft Software Key Storage Provider" 

E: The Install-AdcsWebEnrollment cmdlet performs initial installation and configuration of 

the Certification Authority Web Enrollment role service. 

Note: Prior to the availability of Certificate Enrollment Web Services, AD CS required that client computers configured for certificate auto-enrollment be connected directly to the corporate network. Certificate Enrollment Web Services allows organizations to enable AD CS using a perimeter network. This allows users and computers outside the corporate network to enroll for certificates. 

Certificate Enrollment web service 

Reference: Deploying AD CS Using Windows PowerShell