aiotestking uk

70-412 Exam Questions - Online Test


70-412 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. Your network contains an Active Directory domain named contoso.com. 

A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS) on a server named Server1. 

After the proof of concept was complete, the Active Directory Rights Management Services server role was removed. 

You attempt to deploy AD RMS. 

During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service Connection Point (SCP) was found. 

You need to ensure that clients will only attempt to establish connections to the new AD RMS deployment. 

Which should you do? 

A. From DNS, remove the records for Server1. 

B. From DNS, increase the priority of the DNS records for the new deployment of AD RMS. 

C. From Active Directory, remove the computer object for Server1. 

D. From Active Directory, remove the SCP. 

Answer:

Explanation: The Active Directory Rights Management Services (AD RMS) Service Connection Point (SCP) is an object in Active Directory that holds the web address of the AD RMS certification cluster. AD RMS-enabled applications use the SCP to discover the AD RMS service; it is the first connection point for users to discover the AD RMS web services. 

Only one SCP can exist in your Active Directory forest. If you try to install AD RMS and an SCP already exists in your forest from a previous AD RMS installation that was not properly deprovisioned, the new SCP will not install properly. It must be removed before you can establish the new SCP. 

Reference: The AD RMS Service Connection Point 

http://social.technet.microsoft.com/wiki/contents/articles/710.the-ad-rms-service-connection-point.aspx 

Q2. Your network contains an Active Directory forest. The forest contains one domain named contoso.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table. 

DC1 has all of the operations master roles installed. 

You transfer all of the operations master roles to DC2, and then you uninstall Active Directory from DC1. 

You need to ensure that you can use Password Settings objects (PSOs) in the domain. 

What should you do? 

A. Change the domain functional level. 

B. Upgrade DC2. 

C. Run the dcgpofix.exe command. 

D. Transfer the schema master role. 

Answer:

Explanation: 

The domain functional level must be Windows Server 2008 to use PSO's 

Requirements and special considerations for fine-grained password and account lockout policies: 

* Domain functional level: The domain functional level must be set to Windows Server 2008 

or higher. 

Etc. 

Incorrect: 

Not B. DC2 is also Windows Server 2008. 

Not C. Recreates the default Group Policy Objects (GPOs) for a domain 

Not D. Schema isn't up to right level 

Reference: AD DS: Fine-Grained Password Policies 

http://technet.microsoft.com/en-us/library/cc770394(v=ws.10).aspx 

Q3. DRAG DROP 

Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2. 

All domain user accounts have the Division attribute automatically populated as part of the user provisioning process. The Support for Dynamic Access Control and Kerberos armoring policy is enabled for the domain. 

You need to control access to the file shares on Server1 based on the values in the Division attribute and the Division resource property. 

Which three actions should you perform in sequence? 

Answer:  

Q4. Your network contains one Active Directory forest named contoso.com. The forest contains two child domains and six domain controllers. The domain controllers are configured as shown in the following table. 

For the contoso.com domain, a company policy states that administrators must be able to retrieve a list of all the users who have not logged on to the network in the last seven days from any domain controller. 

You need to ensure that the users’ last logon information from the last seven days is replicated to all of the domain controllers. 

What should you use? 

A. Set-ADSite 

B. Set-ADReplicationSite 

C. Set-ADDomain 

D. Set-ADReplicationSiteLink 

E. Set-ADGroup 

F. Set-ADForest 

G. Netdom 

Answer:

Reference: Technet, Set-ADDomain 

https://technet.microsoft.com/en-us/library/ee617212.aspx 

Q5. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. 

Server1 is an enterprise root certification authority (CA) for contoso.com. 

You need to ensure that the members of a group named Group1 can request code signing certificates. The certificates must be issued automatically to the members. 

Which two actions should you perform? (Each correct answer presents part of the solution. 

Choose two.) 

A. From Certificate Templates, modify the certificate template. 

B. From Certification Authority, add a certificate template to be issued. 

C. From Certificate Authority, modify the CA properties. 

D. From Certificate Templates, duplicate a certificate template. 

E. From Certificate Authority, stop and start the Active Directory Certificate Services (AD CS) service. 

Answer: A,D 

Explanation: 

Explanation/Reference: 

Best Practices include: Duplicate new templates from existing templates closest in function 

to the intended template. 

New certificate templates are duplicated from existing templates. Many settings are copied 

from the original template. Because of this, duplicating one template to another of a totally 

different type may carry over some unintended settings. When duplicating a template, 

examine the subject type of the original template and ensure that you duplicate one that 

has a similar function to that of the intended template. Although most settings for certificate 

templates can be edited once the template is duplicated, the subject type cannot be 

changed. 

Reference: Deploying Certificate Templates 

https://technet.microsoft.com/en-us/library/cc770794%28v=ws.10%29.aspx 

Q6. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA). 

The domain contains a server named Server1 that runs Windows Server 2012 R2. You install the Active Directory Federation Services server role on Server1. 

You plan to configure Server1 as an Active Directory Federation Services (AD FS) server. The Federation Service name will be set to adfs1.contoso.com. 

You need to identify which type of certificate template you must use to request a certificate for AD FS. 

Answer:  

Q7. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. 

Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured as nodes in an NLB cluster named Cluster1. Both servers connect to the same switch. 

Cluster1 hosts a secure web Application named WebApp1. WebApp1 saves user state information in a central database. 

You need to ensure that the connections to WebApp1 are distributed evenly between the nodes. The solution must minimize port flooding. 

What should you configure? To answer, configure the appropriate affinity and the appropriate mode for Cluster1 in the answer area. 

Answer:  

Q8. You have a file server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. 

Server1 has a volume named D that contains user data. Server1 has a volume named E that is empty. 

Server1 is configured to create a shadow copy of volume D every hour. You need to configure the shadow copies of volume D to be stored on volume E. 

What should you run? 

A. The Set-Volume cmdlet with the -driveletter parameter 

B. The Set-Volume cmdlet with the -path parameter 

C. The vssadmin.exe add shadowstorage command 

D. The vssadmin.exe create shadow command 

Answer:

Explanation: 

Add ShadowStorage 

Adds a shadow copy storage association for a specified volume. 

Incorrect: 

Not A. Sets or changes the file system label of an existing volume. -DriveLetter Specifies a 

letter used to identify a drive or volume in the system. 

Not B. Create Shadow 

Creates a new shadow copy of a specified volume. 

Not C. Sets or changes the file system label of an existing volume -Path Contains valid 

path information. 

Reference: Vssadmin; Set-Volume 

http://technet.microsoft.com/en-us/library/cc754968(v=ws.10).aspx 

http://technet.microsoft.com/en-us/library/hh848673(v=wps.620).aspx 

Q9. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. 

The network has the physical sites and TCP/IP subnets configured as shown in the following table. 

You have a web application named App1 that is hosted on six separate Web servers. DNS has the host names and IP addresses registered as shown in the following table. 

You discover that when users connect to appl.contoso.com, they are connected frequently to a server that is not on their local subnet. 

You need to ensure that when the users connect to appl.contoso.com, they connect to a server on their local subnet. The connections must be distributed across the servers that host appl.contoso.com on their subnet. 

Which two settings should you configure? 

To answer, select the appropriate two settings in the answer area. 

Answer:  

Q10. HOTSPOT 

You have a server that runs Windows Server 2012 R2 and has the iSCSI Target Server role service installed. 

You run the New-IscsiVirtualDisk cmdlet as shown in the New-IscsiVirtualDisk exhibit. (Click the Exhibit button.) 

To answer, complete each statement according to the information presented in the exhibits. Each correct selection is worth one point. 

Answer: