♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for Microsoft 70-412 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-412 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/70-412-exam-dumps.html

Q141. You have a failover cluster named Cluster1 that contains four nodes. All of the nodes run Windows Server 2012 R2. 

You need to schedule the installation of Windows updates on the cluster nodes. 

Which tool should you use? 

A. the Add-CauClusterRole cmdlet 

B. the Wusa command 

C. the Wuauclt command 

D. the Invoke-CauScan cmdlet 

Answer:

Explanation: 

To enable self-updating mode, the CAU clustered role must also be added to the failover cluster. To do this by using the CAU UI, under Cluster Actions, use the Configure Self-Updating Options action. Alternatively, run the Add-CauClusterRole Windows PowerShell cmdlet. 

Note: The process for installing service packs and hotfixes on Windows Server 2012 differs from the process in earlier versions. In Windows Server 2012, you can use the Cluster-Aware Updating (CAU) feature. CAU automates the software-updating process on clustered servers while maintaining availability. 

Reference: Cluster-Aware Updating Overview 


Q142. Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the Active Directory Federation Services server role installed. Server2 is a file server. 

Your company introduces a Bring Your Own Device (BYOD) policy. 

You need to ensure that users can use a personal device to access domain resources by using Single Sign-On (SSO) while they are connected to the internal network. 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. Enable the Device Registration Service in Active Directory. 

B. Publish the Device Registration Service by using a Web Application Proxy. 

C. Configure Active Directory Federation Services (AD FS) for the Device Registration Service. 

D. Create and configure a sync share on Server2. 

E. Install the Work Folders role service on Server2. 

Answer: A,C 

Explanation: 

* Workplace Join leverages a feature included in the Active Directory Federation Services (AD FS) Role in Windows Server 2012 R2, called Device Registration Service (DRS). DRS provisions a device object in Active Directory when a device is Workplace Joined. Once the device object is in Active Directory, attributes of that object can be retrieved and used to provide conditional access to resources and applications. The device identity is represented by a certificate which is set on the personal device by DRS when the device is Workplace Joined. 

* In Windows Server 2012 R2, AD FS and Active Directory Domain Services have been extended to comprehend the most popular mobile devices and provide conditional access to enterprise resources based on user+device combinations and access policies. With these policies in place, you can control access based on users, devices, locations, and access times. 

Reference: BYOD Basics: Enabling the use of Consumer Devices using Active Directory in Windows Server 2012 R2 


Q143. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. 

Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 has access to four physical disks. The disks are configured as shown in the following table. 

You need to ensure that all of the disks can be added to a Cluster Shared Volume (CSV). 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. Format Disk2 to use NTFS. 

B. Format Disk3 to use NTFS. 

C. Enable BitLocker on Disk4. 

D. Disable BitLocker on Disk1. 

Answer: A,D 

Explanation: 

A. In Windows Server 2012 R2, a disk or storage space for a CSV volume must be a basic disk that is partitioned with NTFS or ReFS, but you cannot use a disk for a CSV that is formatted with FAT or FAT32. 

D. CSV supports bitlocker, but you would have to enable it on all nodes in the cluster. Therefore we need to disable bitlocker on Disk1. 

Incorrect: 

Not B. ReFS would work fine. In Windows Server 2012 R2, a disk or storage space for a 

CSV volume must be a basic disk that is partitioned with NTFS or ReFS. 

Not C. Bitlocker must be enabled on all disks for it to work for a CSV. 

Reference: Use Cluster Shared Volumes in a Failover Cluster 

https://technet.microsoft.com/en-us/library/jj612868.aspx 

Reference: How to Configure BitLocker Encrypted Clustered Disks in Windows Server 

2012 

http://blogs.msdn.com/b/clustering/archive/2012/07/20/10332169.aspx 


Q144. Your network contains two Active Directory forests named contoso.com and litwareinc.com. A two-way forest trusts exists between the forest. Selective authentication is enabled on 

the trust. 

The contoso.com forest contains a server named Server1. 

You need to ensure that users in litwareinc.com can access resources on Server1. 

What should you do? 

A. Install Active Directory Rights Management Services on a domain controller in contoso.com. 

B. Modify the permission on the Server1 computer account. 

C. Install Active Directory Rights Management Services on a domain controller in litwareinc.com. 

D. Configure SID filtering on the trust. 

Answer:

Explanation: 

Selective authentication between forests If you decide to set selective authentication on an incoming forest trust, you need to manually assign permissions on each computer in the domain as well as the resources to which you want users in the second forest to have access. To do this, set a control access right Allowed to authenticate on the computer object that hosts the resource in Active Directory Users and Computers in the second forest. Then, allow user or group access to the particular resources you want to share. 

Reference: Accessing resources across forests 


Q145. HOTSPOT 

Your network contains three Active Directory forests. The forests are configured as shown in the following table. 

A two-way forest trust exists between contoso.com and divisionl.contoso.com. A two-way forest trust also exists between contoso.com and division2.contoso.com. 

You plan to create a one-way forest trust from divisionl.contoso.com to division2.contoso.com. 

You need to ensure that any cross-forest authentication requests are sent to the domain controllers in the appropriate forest after the trust is created. 

How should you configure the existing forest trust settings? 

In the table below, identify which configuration must be performed in each forest. Make only one selection in each column. Each correct selection is worth one point. 

Answer: 


Q146. Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. The domains contain three domain controllers. The domain controllers are configured as shown in the following table. 

You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring setting is enforced in both domains. 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. Raise the domain functional level of contoso.com. 

B. Raise the domain functional level ofchildl.contoso.com. 

C. Raise the forest functional level of contoso.com. 

D. Upgrade DC11 to Windows Server 2012 R2. 

E. Upgrade DC1 to Windows Server 2012 R2. 

Answer: A,E 

Explanation: 

The root domain in the forest must be at Windows Server 2012 level. First upgrade DC1 to this level (E), then raise the contoso.com domain functional level to Windows Server 2012 (A). 

* (E) To support resources that use claims-based access control, the principal’s domains 

will need to be running one of the following: 

/ All Windows Server 2012 domain controllers. 

/ Sufficient Windows Server 2012 domain controllers to handle all the Windows 8 device 

authentication requests. 

/ Sufficient Windows Server 2012 domain controllers to handle all the Windows Server 

2012 resource protocol transition requests to support non-Windows 8 devices. 

Reference: What's New in Kerberos Authentication 

http://technet.microsoft.com/en-us/library/hh831747.aspx.