we provide Highest Quality Microsoft microsoft 70 412 exam engine which are the best for clearing microsoft 70 412 test, and to get certified by Microsoft Configuring Advanced Windows Server 2012 Services. The microsoft 70 412 Questions & Answers covers all the knowledge points of the real 70 412 exam exam. Crack your Microsoft 70 412 dumps Exam with latest dumps, guaranteed!


♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for Microsoft 70-412 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-412 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/70-412-exam-dumps.html

Q21. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains two Active Directory sites named Site1 and Site2. 

You discover that when the account of a user in Site1 is locked out, the user can still log on to the servers in Site2 for up to 15 minutes by using Remote Desktop Services (RDS). 

You need to reduce the amount of time it takes to synchronize account lockout information across the domain. 

Which attribute should you modify? 

To answer, select the appropriate attribute in the answer area. 

Answer: 


Q22. Your network contains an Active Directory domain named contoso.com. The domain contains two sites named Site1 and Site2 and two domain controllers named DC1 and DC2. Both domain controllers are located in Site1. 

You install an additional domain controller named DC3 in Site1 and you ship DC3 to Site2. 

A technician connects DC3 to Site2. 

You discover that users in Site2 are authenticated by all three domain controllers. 

You need to ensure that the users in Site2 are authenticated by DC1 or DC2 only if DC3 is unavailable. 

What should you do? 

A. From Network Connections, modify the IP address of DC3. 

B. In Active Directory Sites and Services, modify the Query Policy of DC3. 

C. From Active Directory Sites and Services, move DC3. 

D. In Active Directory Users and Computers, configure the insDS-PrimaryComputer attribute for the users in Site2. 

Answer:

Explanation: 

DC3 needs to be moved to Site2 in AD DS 

Incorrect: 

Not A. Modifying IP will not affect authentication 

Not B. A query policy prevents specific Lightweight Directory Access Protocol (LDAP) 

operations from adversely impacting the performance of the domain controller and also 

makes the domain controller more resilient to denial-of-service attacks. 

Reference: Move a domain controller between sites 

http://technet.microsoft.com/en-us/library/cc759326(v=ws.10).aspx 


Q23. Your network contains an Active Directory domain named contoso.com. 

You deploy a server named Server1 that runs Windows Server 2012 R2. 

A local administrator installs the Active Directory Rights Management Services server role 

on Server1. 

You need to ensure that AD RMS clients can discover the AD RMS cluster automatically. 

What should you do? 

A. Run the Active Directory Rights Management Services console by using an account that is a member of the Schema Admins group, and then configure the proxy settings. 

B. Run the Active Directory Rights Management Services console by using an account that is a member of the Schema Admins group, and then register the Service Connection Point (SCP). 

C. Run the Active Directory Rights Management Services console by using an account that is a member of the Enterprise Admins group, and then register the Service Connection Point (SCP). 

D. Run the Active Directory Rights Management Services console by using an account that is a member of the Enterprise Admins group, and then configure the proxy settings. 

Answer:

Explanation: 

* The Active Directory Rights Management Services (AD RMS) Service Connection Point (SCP) is an object in Active Directory that holds the web address of the AD RMS certification cluster. AD RMS-enabled applications use the SCP to discover the AD RMS service; it is the first connection point for users to discover the AD RMS web services. 

* To register the SCP you must be a member of the local AD RMS Enterprise Administrators group and the Active Directory Domain Services (AD DS) Enterprise Admins group, or you must have been given the appropriate authority. 

Reference: The AD RMS Service Connection Point 


Q24. Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 are configured as shown in the following table. 

You need to ensure that when new targets are added to Server1, the targets are registered on Server2 automatically. 

What should you do on Server1? 

A. Configure the Discovery settings of the iSCSI initiator. 

B. Configure the security settings of the iSCSI target. 

C. Run the Set-WmiInstance cmdlet. 

D. Run the Set-IscsiServerTarget cmdlet. 

Answer:

Explanation: 

Explanation/Reference: 

Manage iSNS server registration 

The iSNS server registration can be done using the following cmdlets, which manages the 

WMI objects. 

To add an iSNS server: 

Set-WmiInstance -Namespace rootwmi -Class WT_iSNSServer –Arguments 

@{ServerName="ISNSservername"} 

Note: The Set-WmiInstance cmdlet creates or updates an instance of an existing WMI 

class. The created or updated instance is written to the WMI repository. 

Reference: iSCSI Target cmdlet reference 

http://blogs.technet.com/b/filecab/archive/2012/06/08/iscsi-target-cmdlet-reference.aspx 


Q25. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. Server1 is a BranchCache hosted cache server that is located in a branch office. 

The network contains client computers that run either Windows 7 or Windows 8. 

For the branch office, all of the user accounts and the client computer accounts are located in an organizational unit (OU) named Branch1. A Group Policy object (GPO) named GPO1 is linked to Branch 1. GPO1 contains the BranchCache settings. 

You discover that users in the branch office who have client computers that run Windows 7 do not access cached content from Server1. Users in the branch office who have Windows 8 computers access cached content from Server1. 

You need to configure the Windows 7 computers to use BranchCache on Server1. Which setting should you configure in GPO1? 

To answer, select the appropriate setting in the answer area. 

Answer: 


Q26. You have a virtual machine named VM1 that runs on a host named Host1. 

You configure VM1 to replicate to another host named Host2. Host2 is located in the same physical location as Host1. 

You need to add an additional replica of VM1. The replica will be located in a different physical site. 

What should you do? 

A. From VM1 on Host2, click Extend Replication. 

B. On Host1, configure the Hyper-V settings. 

C. From VM1 on Host1, click Extend Replication. 

D. On Host2, configure the Hyper-V settings. 

Answer:

Explanation: 

Extend Replication through UI: 

Before you Extend Replication to third site, you need to establish the replication between a primary server and replica server. Once that is done, go to replica site and from Hyper-V UI manager select the VM for which you want to extend the replication. Right click on VM and select “Replication->Extend Replication …”. This will open Extend Replication Wizard which is similar to Enable Replication Wizard. 

NOTE: You configure a server to receive replication with Hyper-V Manager, in this situation the replica site is assumed to be the Replica Server. Therefore you extend replication from VM1 on Host2. 

Note 2: With Hyper-V Extend Replication feature in Windows Server 2012 R2, customers can have multiple copies of data to protect them from different outage scenarios. For example, as a customer I might choose to keep my second DR site in the same campus or a few miles away while I want to keep my third copy of data across the continents to give added protection for my workloads. Hyper-V Replica Extend replication exactly addresses this problem by providing one more copy of workload at an extended site apart from replica site. 

Reference: Hyper-V Replica: Extend Replication 

http://blogs.technet.com/b/virtualization/archive/2013/12/10/hyper-v-replica-extend-replication.aspx


Q27. You deploy an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as the attribute store. 

Some users report that they fail to authenticate to the AD FS infrastructure. 

You discover that only users who run third-party web browsers experience issues. 

You need to ensure that all of the users can authenticate to the AD FS infrastructure successfully. 

Which Windows PowerShell command should you run? 

A. Set-ADFSProperties -ProxyTrustTokenLifetime 1:00:00 

B. Set-ADFSProperties -AddProxyAuthenticationRules None 

C. Set-ADFSProperties -SSOLifetime 1:00:00 

D. Set-ADFSProperties -ExtendedProtectionTokenCheck None 

Answer:

Explanation: 

Explanation/Reference: Certain client browser software, such as Firefox, Chrome, and Safari, do not support the Extended Protection for Authentication capabilities that can be used across the Windows platform to protect against man-in-the-middle attacks. To prevent this type of attack from occurring over secure AD FS communications, AD FS 2.0 enforces (by default) that all communications use a channel binding token (CBT) to mitigate against this threat. 

Note: Disable the extended Protection for authentication To disable the Extended Protection for Authentication feature in AD FS 2.0 

. On a federation server, login using the Administrator account, open the Windows PowerShell command prompt, and then type the following command: Set-ADFSProperties –ExtendedProtectionTokenCheck None . Repeat this step on each federation server in the farm. 

Reference: Configuring Advanced Options for AD FS 2.0 


Q28. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC2 that runs Windows Server 2012 R2. DC2 has the DHCP Server server role installed. 

DHCP is configured as shown in the exhibit. (Click the Exhibit button.) 

You discover that client computers cannot obtain IPv4 addresses from DC2. 

You need to ensure that the client computers can obtain IPv4 addresses from DC2. 

What should you do? 

A. Disable the Deny filters. 

B. Enable the Allow filters. 

C. Authorize DC2. 

D. Restart the DHCP Server service 

Answer:

Explanation: 

From the exhibit we see a red marker on the IPv4 server icon. The DHCP server is not 

authorized. 

Authorize DHCP Server 

The final step is to authorize the server. 

Right-click your FQDN and select Authorize. 

Refresh the view by right-clicking your FQDN and selecting Refresh. 

You should now see green check mark next to IPv4. 

Example: 

Reference: Server 2012 DHCP Server Role 


Q29. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. The system properties of Server1 are shown in the exhibit. (Click the Exhibit button.) 

You need to configure Server1 as an enterprise subordinate certification authority (CA). 

What should you do first? 

A. Add RAM to the server. 

B. Set the Startup Type of the Certificate Propagation service to Automatic. 

C. Install the Certification Authority Web Enrollment role service. 

D. Join Server1 to the contoso.com domain. 

Answer:

Explanation: 

Enterprise CAs must be domain members. From the exhibit we see that it is only a 

Workgroup member. 

Note: 

A new CA can be the root CA of a new PKI or subordinate to another in an existing PKI. 

Enterprise subordinate certification authority. 

An enterprise subordinate CA must get a CA certificate from an enterprise root CA but can 

then issue certificates to all users and computers in the enterprise. These types of CAs are 

often used for load balancing of an enterprise root CA. 

Reference: Install a Subordinate Certification Authority 


Q30. You have a server named Server1 that runs Windows Server 2012 R2. 

You install the File and Storage Services server role on Server1. 

From Windows Explorer, you view the properties of a folder named Folder1 and you discover that the Classification tab is missing. 

You need to ensure that you can assign classifications to Folder1 from Windows Explorer manually. 

What should you do? 

A. From Folder Options, clear Hide protected operating system files (Recommended). 

B. Install the File Server Resource Manager role service. 

C. From Folder Options, select the Always show menus. 

D. Install the Share and Storage Management Tools. 

Answer:

Explanation: 

On the Classification tab of the file properties in Windows Server 2012, File Classification Infra-structure adds the ability to manually classify files. You can also classify folders so that any file added to the classified folder will inherit the classifications of the parent folder. 

Reference: What's New in File Server Resource Manager in Windows Server.