aiotestking uk

70-412 Exam Questions - Online Test


70-412 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. Your network contains one Active Directory domain named contoso.com. The domain contains the domain controllers configured as shown in the following table. 

The functional level of the domain and the forest is Windows Server 2008. 

An administrator named Admin1 is a member of the Domain Admins group. 

You need to ensure that Admin1 can deploy a Windows Server 2012 R2 domain controller to contoso.com. 

What should you do? 

A. Raise the forest functional level. 

B. Run the Set-ADForestMode cmdlet. 

C. Raise the domain functional level. 

D. Run the adprep.exe command. 

Answer:

Explanation: Adprep.exe commands run automatically as needed as part of the AD DS installation process on servers that run Windows Server 2012 or later. The commands need to run in the following cases: 

* Before you add the first domain controller that runs a version of Windows Server that is later than the latest version that is running in your existing domain. 

* Before you upgrade an existing domain controller to a later version of Windows Server, if that domain controller will be the first domain controller in the domain or forest to run that version of Windows Server. 

Reference: Running Adprep.exe 

https://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx 

Q2. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and configured. 

For all users, you are deploying smart cards for logon. You are using an enrollment agent to enroll the smart card certificates for the users. 

You need to configure the Contoso Smartcard Logon certificate template to support the use of the enrollment agent. 

Which setting should you modify? To answer, select the appropriate setting in the answer area. 

Answer:  

Q3. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 and a member server named Server1. All servers run Windows Server 2012 R2. 

You install the IP Address Management (IPAM) Server feature on Server1. 

From the Provision IPAM wizard, you select the Group Policy Based provisioning method and enter a GPO name prefix of IPAM1. 

You need to provision IPAM by using Group Policy. 

What command should you run on Server1 to complete the process? To answer, select the appropriate options in the answer area. 

Answer:  

Q4. Your network contains two Active Directory forests named contoso.com and adatum.com. All of the domain controllers in both of the forests run Windows Server 2012 R2. The adatum.com domain contains a file server named Servers. 

Adatum.com has a one-way forest trust to contoso.com. 

A contoso.com user name User10 attempts to access a shared folder on Servers and receives the error message shown in the exhibit. (Click the Exhibit button.) 

You verify that the Authenticated Users group has Read permissions to the Data folder. 

You need to ensure that User10 can read the contents of the Data folder on Server5 in the 

adatum.com domain. 

What should you do? 

A. Grant the Other Organization group Read permissions to the Data folder. 

B. Modify the list of logon workstations of the contoso\User10 user account. 

C. Enable the Netlogon Service (NP-In) firewall rule on Server5. 

D. Modify the permissions on the Server5 computer object in Active Directory. 

Answer:

Explanation: 

* To resolve the issue, I had to open up AD Users and Computers --> enable Advanced Features --> Select the Computer Object --> Properties --> Security --> Add the Group I want to allow access to the computer (in this case, DomainA\Domain users) and allow "Allowed to Authenticate". Once I did that, everything worked: 

* For users in a trusted Windows Server 2008 or Windows Server 2003 domain or forest to be able to access resources in a trusting Windows Server 2008 or Windows Server 2003 domain or forest where the trust authentication setting has been set to selective authentication, each user must be explicitly granted the Allowed to Authenticate permission on the security descriptor of the computer objects (resource computers) that reside in the trusting domain or forest. 

Reference: Grant the Allowed to Authenticate Permission on Computers in the Trusting Domain or Forest. 

http://technet.microsoft.com/en-us/library/cc816733(v=ws.10).aspx 

Q5. Your network contains an Active Directory domain named corp.contoso.com. 

You deploy Active Directory Rights Management Services (AD RMS). 

You have a rights policy template named Template1. Revocation is disabled for the template. 

A user named User1 can open content that is protected by Template1 while the user is connected to the corporate network. 

When User1 is disconnected from the corporate network, the user cannot open the protected content even if the user previously opened the content. 

You need to ensure that the content protected by Template1 can be opened by users who are disconnected from the corporate network. 

What should you modify? 

A. The User Rights settings of Template1 

B. The templates file location of the AD RMS cluster 

C. The Extended Policy settings of Template1 

D. The exclusion policies of the AD RMS cluster 

Answer:

Explanation: 

* The extended rights policy of a template controls how content licenses are to be implemented. The extended rights policy template settings are specified by using the Active Directory Rights Management Services (AD RMS) administration site. The available settings control persistence of author rights, whether trusted browsers are supported, license persistence within the content, and enforcement of any application-specific data. 

* You can add trust policies so that AD RMS can process licensing requests for content that was rights protected. 

Reference: Extended Policy Template Information; AD RMS and Server Design 

http://technet.microsoft.com/en-us/library/ee221071(v=ws.10).aspx 

Q6. Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains three Active Directory sites named SiteA, SiteB, and SiteC. The sites contain four domain controllers. The domain controllers are configured as shown in the following table. 

An IP site link exits between each site. 

You discover that the users in SiteC are authenticated by the domain controllers in SiteA and SiteB. You need to ensure that the SiteC users are authenticated by the domain controllers in 

SiteB, unless all of the domain controllers in SiteB are unavailable. What should you do? 

A. Create an SMTP site link between SiteB and SiteC. 

B. Decrease the cost of the site link between SiteB and SiteC. 

C. Disable site link bridging. 

D. Create additional connection objects for DC1 and DC2. 

Answer:

Explanation: 

By decreasing the site link cost between SiteB and SiteC the SiteC users would be authenticated by SiteB rather than by SiteA. 

Q7. Your network contains one Active Directory forest named contoso.com. The forest contains two child domains and six domain controllers. The domain controllers are configured as shown in the following table. 

You need to enable universal group membership caching for the Europe office and Asia office sites. 

What should you use? 

A. Set-ADSite 

B. Set-ADReplicationSite 

C. Set-ADDomain 

D. Set-ADReplicationSiteLink 

E. Set-ADGroup 

F. Set-ADForest 

G. Netdom 

Answer:

Explanation: 

https://technet.microsoft.com/en-us/library/hh852305(v=wps.630).aspx 

Q8. DRAG DROP 

You have 3 server named Server1 that runs Windows Server 2012 R2. You are asked to test Windows Azure Online Backup to back up Server1. You need to back up Server1 by using Windows Azure Online Backup. Which four actions should you perform in sequence? 

To answer, move the appropriate four actions from the list of actions to the answer area and arrange them in the correct order. 

Answer:  

Q9. HOTSPOT 

Your network contains two Web servers named Server1 and Server2. Both servers run Windows Server 2012 R2. 

Server1 and Server2 are nodes in a Network Load Balancing (NLB) cluster. The NLB cluster contains an application named App1 that is accessed by using the URL http://app1.contoso.com. 

You deploy a new server named Server3 that runs Windows Server 2012 R2. The contoso.com DNS zone contains the records shown in the following table. 

You need to add Server3 to the NLB cluster. 

What command should you run? 

To answer, select the appropriate options in the answer area. 

Answer:  

Q10. Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as a standalone certification authority (CA). 

You install a second server named Server2. You install the Online Responder role service on Server2. 

You need to ensure that Server1 can issue an Online Certificate Status Protocol (OCSP) Response Signing certificate to Server2. 

What should you run on Server1? 

A. The certreq.exe command and specify the -policy parameter 

B. The certutil.exe command and specify the -getkey parameter 

C. The certutil.exe command and specify the -setreg parameter 

D. The certreq.exe command and specify the -retrieve parameter 

Answer:

Explanation: To prepare a computer running Windows Server to issue OCSP Response Signing certificates 

On the server hosting the CA, open a command prompt, and type: certutil -v -setreg policy\EnableRequestExtensionList +1.3.6.1.5.5.7.48.1.5 Stop and restart the CA. You can do this at a command prompt by running the following commands: net stop certsvc 

net start certsvc 

Reference: Configure a CA to Support OCSP Responders 

https://technet.microsoft.com/en-us/library/cc732526.aspx