★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 70-412 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/70-412-dumps.html
Want to know Actualtests 70 412 vce Exam practice test features? Want to lear more about Microsoft Configuring Advanced Windows Server 2012 Services certification experience? Study High quality Microsoft mcsa 70 412 answers to Most recent examcollection 70 412 questions at Actualtests. Gat a success with an absolute guarantee to pass Microsoft 70 412 exam dumps (Configuring Advanced Windows Server 2012 Services) test on your first attempt.
Q111. DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains two DHCP servers named DHCP1 and DHCP2 that run Windows Server 2012 R2.
You install the IP Address Management (IPAM) Server feature on a member server named Server1 and you run the Run Invoke-IpamGpoProvisioning cmdlet.
You need to manage the DHCP servers by using IPAM on Server1.
Which three actions should you perform?
To answer, move the three appropriate actions from the list of actions to the answer area
and arrange them in the correct order.
Answer:
Q112. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
Server1 is an enterprise root certification authority (CA) for contoso.com.
You need to ensure that the members of a group named Group1 can request code signing certificates. The certificates must be issued automatically to the members.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A. From Certificate Templates, modify the certificate template.
B. From Certification Authority, add a certificate template to be issued.
C. From Certificate Authority, modify the CA properties.
D. From Certificate Templates, duplicate a certificate template.
E. From Certificate Authority, stop and start the Active Directory Certificate Services (AD CS) service.
Answer: A,D
Explanation:
Explanation/Reference:
Best Practices include: Duplicate new templates from existing templates closest in function
to the intended template.
New certificate templates are duplicated from existing templates. Many settings are copied
from the original template. Because of this, duplicating one template to another of a totally
different type may carry over some unintended settings. When duplicating a template,
examine the subject type of the original template and ensure that you duplicate one that
has a similar function to that of the intended template. Although most settings for certificate
templates can be edited once the template is duplicated, the subject type cannot be
changed.
Reference: Deploying Certificate Templates
https://technet.microsoft.com/en-us/library/cc770794%28v=ws.10%29.aspx
Q113. Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. The domains contain three domain controllers. The domain controllers are configured as shown in the following table.
You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring setting is enforced in both domains.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Raise the domain functional level of contoso.com.
B. Raise the domain functional level ofchildl.contoso.com.
C. Raise the forest functional level of contoso.com.
D. Upgrade DC11 to Windows Server 2012 R2.
E. Upgrade DC1 to Windows Server 2012 R2.
Answer: A,E
Explanation:
The root domain in the forest must be at Windows Server 2012 level. First upgrade DC1 to this level (E), then raise the contoso.com domain functional level to Windows Server 2012 (A).
* (E) To support resources that use claims-based access control, the principal’s domains
will need to be running one of the following:
/ All Windows Server 2012 domain controllers.
/ Sufficient Windows Server 2012 domain controllers to handle all the Windows 8 device
authentication requests.
/ Sufficient Windows Server 2012 domain controllers to handle all the Windows Server
2012 resource protocol transition requests to support non-Windows 8 devices.
Reference: What's New in Kerberos Authentication
http://technet.microsoft.com/en-us/library/hh831747.aspx.
Q114. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 has the
DHCP Server server role installed.
DHCP is configured as shown in the exhibit. (Click the Exhibit button.)
You discover that client computers cannot obtain IPv4 addresses from DC1.
You need to ensure that the client computers can obtain IPv4 addresses from DC1.
What should you do?
A. Activate the scope.
B. Authorize DC1.
C. Disable the Allow filters.
D. Disable the Deny filters.
Answer: C
Explanation:
You have enabled the Allow list but haven't entered any MAC addresses, thus everyone is denied. Either Disable the Allow filters or start adding MAC addresses to the Allow filter.
Note: MAC address based filtering allows specific control over which clients have access to DHCP addresses. You can create a list of computers that are allowed to obtain DHCP addresses from the server by adding the client MAC address to the list of allowed client computers. By enabling the allow list, you automatically deny access to the DHCP server addresses to any client computer not on the list.
Reference: DHCP: If the allow list is enabled, MAC address filtering should be populated https://technet.microsoft.com/en-us/library/ee956897(v=ws.10)
Q115. Your network contains one Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. All domain computers have certificates that are issued by a certification authority (CA) named Contoso CA.
A user named User1 performs daily backups of the data on Server1 to a backup vault named Vault1. A user named User2 performs daily backups of the data on Server2 to a vault named Vault2.
You have the administrative credentials for Server2.
You need to restore the data from that last backup of Server1 to Server2.
Which two pieces of information do you require to complete the task? Each correct answer presents part of the solution.
A. the Microsoft Azure subscription credentials
B. the Vault2 credentials
C. the User1 credentials
D. the Vault1 credentials
E. the Server1 certificate
F. the Server2 certificate
G. the Server1 passphrase
H. the Server2 passphrase
Answer: D,G
Explanation: We need the Vault1 credentials to be able to access the data in Vault1. We need the passphrase of Server1 to access the backup that was made on Server1.
Reference: Microsoft Azure - Cloud Backup and Recovery
http://blogs.technet.com/b/rmurphy/archive/2014/12/02/microsoft-azure-backup.aspx
Q116. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
You are creating a central access rule named TestFinance that will be used to audit members of the Authenticated Users group for access failure to shared folders in the finance department.
You need to ensure that access requests are unaffected when the rule is published.
What should you do?
A. Add a User condition to the current permissions entry for the Authenticated Users principal.
B. Set the Permissions to Use the following permissions as proposed permissions.
C. Add a Resource condition to the current permissions entry for the Authenticated Users principal.
D. Set the Permissions to Use following permissions as current permissions.
Answer: B
Explanation:
Proposed permissions enable an administrator to more accurately model the impact of potential changes to access control settings without actually changing them. Reference: Access Control and Authorization Overview http://technet.microsoft.com/en-us/library/jj134043.aspx
Q117. DRAG DROP
You have a server that runs Windows Server 2012 R2.
You create a new work folder named Share1.
You need to configure Share1 to meet the following requirements:
Ensure that all synchronized copies of Share1 are encrypted.
Ensure that clients synchronize to Share1 every 30 minutes.
Ensure that Share1 inherits the NTFS permissions of the parent folder.
Which cmdlet should you use to achieve each requirement?
To answer, drag the appropriate cmdlets to the correct requirements. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q118. Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2.
You create a user account named User1 in the domain.
You need to ensure that User1 can use Windows Server Backup to back up Server1. The solution must minimize the number of administrative rights assigned to User1.
What should you do?
A. Add User1 to the Backup Operators group.
B. Add User1 to the Power Users group.
C. Assign User1 the Backup files and directories user right and the Restore files and directories user right.
D. Assign User1 the Backup files and directories user right.
Answer: D
Explanation:
Backup Operators have these permissions by default:
However the question explicitly says we need to minimize administrative rights. Since the requirement is for backing up the data only--no requirement to restore or shutdown--then assigning the "Back up files and directories user right" would be the correct answer.
Reference: Default local groups
http://technet.microsoft.com/en-us/library/cc787956(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc756898(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc771990.aspx
Q119. You have a server named Server1 that runs Windows Server 2012 R2. The storage on Server1 is configured as shown in the following table.
You plan to implement Data Deduplication on Server1.
You need to identify on which drives you can enable Data Deduplication.
Which three drives should you identify? (Each correct answer presents part of the solution. Choose three.)
A. C
B. D
C. E
D. F
E. G
Answer: B,D,E
Explanation:
Volumes that are candidates for deduplication must conform to the following requirements:
* Must not be a system or boot volume. (not A)
* Can be partitioned as a master boot record (MBR) or a GUID Partition Table (GPT), and must be formatted using the NTFS file system. (not C)
* Can reside on shared storage, such as storage that uses a Fibre Channel or an SAS array, or when an iSCSI SAN and Windows Failover Clustering is fully supported.
* Do not rely on Cluster Shared Volumes (CSVs). You can access data if a deduplication-enabled volume is converted to a CSV, but you cannot continue to process files for deduplication.
* Do not rely on the Microsoft Resilient File System (ReFS).
* Must be exposed to the operating system as non-removable drives. Remotely-mapped drives are not supported.
Ref: Plan to Deploy Data Deduplication http://technet.microsoft.com/en-us/library/hh831700.aspx
Q120. You have a server named FS1 that runs Windows Server 2012 R2.
You install the File and Storage Services server role on FS1.
From Windows Explorer, you view the properties of a shared folder named Share1 and you
discover that the Classification tab is missing.
You need to ensure that you can assign classifications to Share1 from Windows Explorer
manually.
What should you do?
A. From Folder Options, select Show hidden files, folders, and drives.
B. From Folder Options, clear Use Sharing Wizard (Recommend).
C. Install the File Server Resource Manager role service.
D. Install the Enhanced Storage feature.
Answer: C
Explanation:
On the Classification tab of the file properties in Windows Server 2012, File Classification Infrastructure adds the ability to manually classify files. You can also classify folders so that any file added to the classified folder will inherit the classifications of the parent folder.
Reference: What's New in File Server Resource Manager in Windows Server