Category: 70-412 Dumps

QUESTION 271
Your network contains an Active Directory domain named adatum.com. You create a new Group Policy object (GPO) named GPO1.
You need to verify that GPO1 was replicated to all of the domain controllers.
Which tool should you use?

A.    Gpupdate
B.    Gpresult
C.    Group Policy Management
D.    Active Directory Sites and Services

Answer: C

QUESTION 272
Your network contains two Web servers named Server1 and Server2. Both servers run Windows Server 2012 R2.
Server1 and Server2 are nodes in a Network Load Balancing (NLB) cluster. The NLB cluster contains an application named App1 that is accessed by using the URL http://app1.contoso.com.
You plan to perform maintenance on Server1.
You need to ensure that all new connections to App1 are directed to Server2. The solution must not disconnect the existing connections to Server1.
What should you run?

A.    The Set-NlbCluster cmdlet
B.    The Set-NlbClusterNode cmdlet
C.    The Stop-NlbCluster cmdlet
D.    The Stop-NlbClusterNode cmdlet

Answer: D
Explanation:
The Stop-NlbClusterNode cmdlet stops a node in an NLB cluster. When you use the stop the nodes in the cluster, client connections that are already in progress are interrupted. To avoid interrupting active connections, consider using the -drain parameter, which allows the node to continue servicing active connections but disables all new traffic to that node.
-Drain <SwitchParameter>
Drains existing traffic before stopping the cluster node. If this parameter is omitted, existing traffic will be dropped.

QUESTION 273
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
You have a failover cluster named Cluster1 that contains two nodes named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed.
You plan to create two virtual machines that will run an application named App1. App1 will store data on a virtual hard drive named App1data.vhdx. App1data.vhdx will be shared by both virtual machines.
The network contains the following shared folders:
– An SMB file share named Share1 that is hosted on a Scale-Out File Server.
– An SMB file share named Share2 that is hosted on a standalone file server.
– An NFS share named Share3 that is hosted on a standalone file server.
You need to ensure that both virtual machines can use App1data.vhdx simultaneously.
What should you do?
To answer, select the appropriate configurations in the answer area.
 
 
Answer:
 

QUESTION 274
Your network contains an Active directory forest named contoso.com. The forest contains two child domains named east.contoso.com and west.contoso.com.
You install an Active Directory Rights Management Services (AD RMS) cluster in each child domain.
You discover that all of the users in the contoso.com forest are directed to the AD RMS cluster in east.contoso.com.
You need to ensure that the users in west.contoso.com are directed to the AD RMS cluster in west.contoso.com and that the users in east.contoso.com are directed to the AD RMS cluster in east.contoso.com.
What should you do?

A.    Modify the Service Connection Point (SCP).
B.    Configure the Group Policy object (GPO) settings of the users in the west.contoso.com domain.
C.    Configure the Group Policy object (GPO) settings of the users in the east.contoso.com domain.
D.    Modify the properties of the AD RMS cluster in west.contoso.com.

Answer: C

QUESTION 275
You have a server named Server1 that runs Windows Server 2012 R2.
From Server Manager, you install the Active Directory Certificate Services server role on Server1.
A domain administrator named Admin1 logs on to Server1.
When Admin1 runs the Certification Authority console, Admin1 receive the following error message.
 
You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error message does not appear.
What should you do?

A.    Install the Active Directory Certificate Services (AD CS) tools.
B.    Run the regsvr32.exe command.
C.    Modify the PATH system variable.
D.    Configure the Active Directory Certificate Services server role from Server Manager.

Answer: D

QUESTION 276
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that has the Active Directory Federation Services server role installed. All servers run Windows Server 2012.d
You complete the Active Directory Federation Services Configuration Wizard on Server1.
You need to ensure that client devices on the internal network can use Workplace Join.
Which two actions should you perform on Server1? (Each correct answer presents part of the solution. Choose two.)

A.    Run Enable-AdfsDeviceRegistration -PrepareActiveDirectory.
B.    Edit the multi-factor authentication global authentication policy settings.
C.    Run Enable-AdfsDeviceRegistration.
D.    Run Set-AdfsProxyProperties HttpPort 80.
E.    Edit the primary authentication global authentication policy settings.

Answer: CE
Explanation:
* To enable Device Registration Service On your federation server, open a Windows PowerShell command window and type:
Enable-AdfsDeviceRegistration
Repeat this step on each federation farm node in your AD FS farm..
Enable seamless second factor authentication
Seamless second factor authentication is an enhancement in AD FS that provides an added level of access protection to corporate resources and applications from external devices that are trying to access them. When a personal device is Workplace Joined, it becomes a `known’ device and administrators can use this information to drive conditional access and gate access to resources.
To enable seamless second factor authentication, persistent single sign-on (SSO) and conditional access for Workplace Joined devices
In the AD FS Management console, navigate to Authentication Policies. Select Edit Global Primary Authentication. Select the check box next to Enable Device Authentication, and then click OK.

QUESTION 277
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com.
You need to ensure that third-party devices can use Workplace Join to access domain resources on the Internet.
Which four actions should you perform in sequence?
To answer, move the appropriate four actions from the list of actions to the answer area and arrange them in the correct order.
 
Answer:
 

QUESTION 278
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
You need to create an IPv6 scope on Server1. The scope must use an address space that is reserved for private networks. The addresses must be routable.
Which IPV6 scope prefix should you use?

A.    2001:123:4567:890A::
B.    FE80:123:4567::
C.    FF00:123:4567:890A::
D.    FD00:123:4567::

Answer: D

QUESTION 279
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. All servers run Windows Server 2012 R2.
You install the DHCP Server server role on both servers.
On Server1, you have the DHCP scope configured as shown in the exhibit. (Click the Exhibit button.)
 
You need to configure the scope to be load-balanced across Server1 and Server2.
What Windows PowerShell cmdlet should you run on Server1?
To answer, select the appropriate options in the answer area.
 
Answer:
 

QUESTION 280
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains two DHCP servers named Server1 and Server2. Both servers have multiple IPv4 scopes.
Server1 and Server2 are used to assign IP addresses for the network IDs of 172.20.0.0/16 and 131.107.0.0/16.
You install the IP Address Management (IPAM) Server feature on a server named IPAM1 and configure IPAM1 to manage Server1 and Server2.
Some users from the 172.20.0.0 network report that they occasionally receive an IP address conflict error message.
You need to identify whether any scopes in the 172.20.0.0 network ID conflict with one another.
What Windows PowerShell cmdlet should you run?
To answer, select the appropriate options in the answer area.
 
Answer:
 

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-412 Dump: http://www.braindump2go.com/70-412.html

QUESTION 261
Your network contains a Hyper-V host named Server1 that hosts 20 virtual machines. You need to view the amount of memory resources and processor resources each virtual machine uses currently.
Which tool should you use on Server1?

A.    Hyper-V Manager
B.    Windows System Resource Manager (WSRM)
C.    Task Manager
D.    Resource Monitor

Answer: A
Explanation:
You get it from the Hyper-V Manager
 

QUESTION 262
You have a server named Server1 that runs Windows Server 2012 R2. You create a Data Collector Set (DCS) named DCS1. You need to configure DCS1 to log data to D:\logs. What should you do?

A.    Right-click DCS1 and click Data Manager…
B.    Right-click DCS1 and click Save Template…
C.    Right-click DCS1 and click Properties.
D.    Right-click DCS1 and click Export list…

Answer: C
Explanation:
It is under the Directory tab from the DCS properties.
http://technet.microsoft.com/en-us/library/cc749267.aspx

QUESTION 263
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a server named Server1. You open Review Options in the Active Directory Domain Services Configuration Wizard, and then you click View script. You need to ensure that you can use the script to promote Server1 to a domain controller. Which file extension should you use to save the script?

A.    .xml
B.    .ps1
C.    .bat
D.    .cmd

Answer: B
Explanation:
The View Script button is used to view the corresponding PowerShell script The PowerShell script extension is .ps1, The Answer could logically be either a .cmd file or a .bat file.
According to http://www.fileinfo.com/:
PAL – Settings file created by Corel Painter or Palette of colors used by Dr. Halo bitmap images BAT – DOS batch file used to execute commands with the Windows Command Prompt (cmd.exe); contains aseries of line commands that typically might be entered at the DOS command prompt; most commonly used tostart programs and run maintenance utilities within Windows. XML – XML (Extensible Markup Language) data file that uses tags to define objects and object attributes;formatted much like an .HTML document, but uses custom tags to define objects and the data within eachobject; can be thought of as a text-based database. CMD – Batch file that contains a series of commands executed in order; introduced with Windows NT, but canbe run by DOS or Windows NT systems; similar to a .BAT file, but is run by CMD.EXE instead of COMMAND.COM.
 

QUESTION 264
Your network contains an Active Directory domain named adatum.com. You have a standard primary zone named adatum.com. You need to provide a user named User1 the ability to modify records in the zone. Other users must be prevented from modifying records in the zone. What should you do first?

A.    Run the Zone Signing Wizard for the zone.
B.    From the properties of the zone, change the zone type.
C.    Run the new Delegation Wizard for the zone.
D.    From the properties of the zone, modify the Start Of Authority (SOA) record.

Answer: C

QUESTION 265
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. One of the domain controllers is named DC1. The DNS zone for the contoso.com zone is Active Directory-integrated and has the default settings. A server named Server1 is a DNS server that runs a UNIX-based operating system. You plan to use Server1 as a secondary DNS server for the contoso.com zone. You need to ensure that Server1 can host a secondary copy of the contoso.com zone. What should you do?

A.    From Windows PowerShell, run the Set-DnsServerForwarder cmdlet and specify the contoso.com zone
as a target.
B.    From Windows PowerShell, run the Set-DnsServerSetting cmdlet and specify DC1 as a target.
C.    From Windows PowerShell, run the Set-DnsServerPrimaryZone cmdlet and specify the contoso.com zone
as a target.
D.    From DNS Manager, modify the Advanced settings of DC1.

Answer: C
Explanation:
C. The Set-DnsServerSecondaryZone cmdlet changes settings for an existing secondary zone on a Domain Name System (DNS) server.
http://technet.microsoft.com/en-us/library/jj649920(v=wps.620).aspx

QUESTION 266
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed. Server1 hosts 10 virtual machines. A virtual machine named VM1 runs Windows Server 2012 R2 and hosts a processor-intensive Application named App1. Users report that App1 responds more slowly than expected. You need to monitor the processor usage on VM1 to identify whether changes must be made to the hardware settings of VM1. Which performance object should you monitor on Server1?

A.    Hyper-V Hypervisor Logical Processor
B.    Processor
C.    Hyper-V Hypervisor Root Virtual Processor
D.    Process
E.    Hyper-V Hypervisor Virtual Processor

Answer: E

QUESTION 267
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that has the Active Directory Federation Services server role installed. All servers run Windows Server 2012 R2.
You complete the Active Directory Federation Services Configuration Wizard on Server1.
You need to ensure that client devices on the internal network can use Workplace Join.
Which two actions should you perform on Server1? (Each correct answer presents part of the solution. Choose two.)

A.    Run Enable AdfsDeviceRegistration -PrepareActiveDirectory.
B.    Edit the multi-factor authentication global authentication policy settings.
C.    Edit the primary authentication global authentication policy settings.
D.    Run Set-AdfsProxyPropertiesHttpPort 80.
E.    Run Enable-AdfsDeviceRegistration.

Answer: AB

QUESTION 268
Your network contains an Active Directory domain named contoso.com. All user accounts reside in an organizational unit (OU) named OU1. You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU1. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop of each user. You discover that when a user deletes Link1, the shortcut is removed permanently from the desktop. You need to ensure that if a user deletes Link1, the shortcut is added to the desktop again. What should you do?

A.    Modify the Link1 shortcut preference of GPO1.
B.    Enable loopback processing in GPO1.
C.    Enforce GPO1.
D.    Modify the Security Filtering settings of GPO1.

Answer: A

QUESTION 269
Your network contains an Active Directory forest named contoso.com. The forest contains two sites named Main and Branch. The Main site contains 400 desktop computers and the Branch site contains 150 desktop computers. All of the desktop computers run Windows 8. In Main, the network contains a member server named Server1 that runs Windows Server 2012. You install the Windows Server Update Services server role on Server1. You need to ensure that Windows updates obtained from Windows Server Update Services (WSUS) are the same for the computers in each site. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?

A.    From the Update Services console, create computer groups.
B.    From the Update Services console, configure the Computers options.
C.    From the Group Policy Management console, configure the Windows Update settings.
D.    From the Group Policy Management console, configure the Windows Anytime Upgrade settings.
E.    From the Update Services console, configure the Synchronization Schedule options.

Answer: C
Explanation:
Create one computer group for Main site and another group for Branch site. You can deploy Windows updates by computer group.

QUESTION 270
Hotspot Question
Your network contains three Active Directory forests. The forests are configured as shown in the following table.
 
A two-way forest trust exists between contoso.com and divisionl.contoso.com. A two-way forest trust also exists between contoso.com and division2.contoso.com.
You plan to create a one-way forest trust from divisionl.contoso.com to division2.contoso.com.
You need to ensure that any cross-forest authentication requests are sent to the domain controllers in the appropriate forest after the trust is created.
How should you configure the existing forest trust settings?
In the table below, identify which configuration must be performed in each forest. Make only one selection in each column. Each correct selection is worth one point.
 
Answer:

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-412 Dump: http://www.braindump2go.com/70-412.html

QUESTION 251
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. You create an Active Directory snapshot of DC1 each day. You need to view the contents of an Active Directory snapshot from two days ago. What should you do first?

A.    Stop the Active Directory Domain Services (AD DS) service.
B.    Run the ntdsutil.exe command.
C.    Run the dsamain.exe command.
D.    Start the Volume Shadow Copy Service (VSS).

Answer: B

QUESTION 252
You have a server named Server1 that runs Windows Server 2012 R2. You need to configure Server1 to create an entry in an event log when the processor usage exceeds 60 percent. Which type of data collector should you create?

A.    an event trace data collector
B.    a performance counter data collector
C.    a performance counter alert
D.    a configuration data collector

Answer: C

QUESTION 253
Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2, On Server1, you create a Data Collector Set (DCS) named Data1. You need to export Data1 to Server2. What should you do first?

A.    Right-click Data1 and click Data Manager…
B.    Right-click Data1 and click Save template…
C.    Right-click Data1 and click Properties.
D.    Right-click Data1 and click Export list…

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc766318.aspx

QUESTION 254
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1. You make a change to GPO1. You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort. Which tool should you use?

A.    The Set-AdComputercmdlet
B.    Group Policy Object Editor
C.    Active Directory Users and Computers
D.    Group Policy Management Console (GPMC)

Answer: D
Explanation:
In the previous versions of Windows, this was accomplished by having the user run GPUpdate.exe on their computer. Starting with Windows Server?2012 and Windows?8, you can now remotely refresh Group Policy settings for all computers in an OU from one central location through the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdate cmdlet to refresh Group Policy for a set of computers, not limited to the OU structure, for example, if the computers are located in the default computers container.
Note: Group Policy Management Console (GPMC) is a scriptable Microsoft Management Console (MMC) snap-in, providing a single administrative tool for managing Group Policy across the enterprise. GPMC is the standard tool for managing Group Policy.
Incorrect:
Not B: Secedit configures and analyzes system security by comparing your current configuration to at least one template.
Reference: Force a Remote Group Policy Refresh (GPUpdate)

QUESTION 255
Your network contains an Active Directory domain named contoso.com. Network Access Protection (NAP) is deployed to the domain. You need to create NAP event trace log files on a client computer.
What should you run?

A.    Logman
B.    Tracert
C.    Register-EngineEvent
D.    Register-ObjectEvent

Answer: A

QUESTION 256
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2. You create a group Managed Service Account named gService1. You need to configure a service named Service1 to run as the gService1 account. How should you configure Service1?

A.    From a command prompt, run sc.exe and specify the sdset parameter.
B.    From the Services console, configure the General settings.
C.    From Windows PowerShell, run Set-Service and specify the -StartupType parameter.
D.    From the Services console, configure the Log On settings.

Answer: A
Explanation:
http://windows.microsoft.com/en-us/windows-vista/using-systemconfiguration http://technet.microsoft.com/en-us/library/ee176963.aspx
http://technet.microsoft.com/en-us/library/cc990290(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc738230(v=ws.10).aspx

QUESTION 257
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has 2 dual-core processors and 16 GB of RAM.
You install the Hyper-V server role in Server1.
You plan to create two virtual machines on Server1. You need to ensure that both virtual machines can use up to 8 GB of memory. The solution must ensure that both virtual machines can be started simultaneously. What should you configure on each virtual machine?

A.    Dynamic Memory
B.    NUMA topology
C.    Memory weight
D.    Ressource Control

Answer: A

QUESTION 258
You perform a Server Core Installation of Windows Server 2012 R2 on a server named Server1. You need to add a graphical user interface (GUI) to Server1. Which tool should you use?

A.    the dism.exe command
B.    the ocsetup.exe command
C.    the setup.exe command
D.    the Install-Module cmdlet

Answer: A
Explanation:
The DISM command is called by the Add-WindowsFeature command. Here is the systax for DISM:
Dism /online /enable-feature /featurename:ServerCore-FullServer /featurename:ServerGui-Shell /featurename:Server-Gui-Mgmt
 

QUESTION 259
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two organizational units (OUs) named OU1 and OU2 in the root of the domain. Two Group Policy objects (GPOs) named GPO1 and GPO2 are created. GPO1 is linked to OU1. GPO2 is linked to OU2. OU1 contains a client computer named Computer1. OU2 contains a user named User1. You need to ensure that the GPOs Applied to Computer1areApplied to User1 when User1 logs on. What should you configure?

A.    Item-level targeting
B.    Block Inheritance
C.    GPO links
D.    The Enforced setting

Answer: C

QUESTION 260
Your network contains an Active Directory domain named contoso.com. The domain contains client computers that run either Windows XP, Windows 7, or Windows 8. Network Policy Server (NPS) is deployed to the domain. You plan to create a system health validator (SHV). You need to identify which policy settings can be Applied to all of the computers. Which three policy settings should you identify? (Each correct answer presents part of the solution. Choose three.)

A.    A firewall is enabled for all network connections.
B.    An antispyware application is on.
C.    Automatic updating is enabled.
D.    Antivirus is up to date.
E.    Antispyware is up to date.

Answer: ACD
Explanation:
* System health agent (SHA) is a NAP component.
* System health agent (SHA)
A component that checks the state of the client computer to determine whether the settings monitored by the SHA are up-to-date and configured correctly. For example, the Windows Security Health Agent (WSHA) can monitor Windows Firewall, whether antivirus software is installed, enabled, and updated, whether antispyware software is installed, enabled, and updated, and whether Microsoft Update Services is enabled and the computer has the most recent security updates from Microsoft Update Services. There might also be SHAs (and corresponding system health validators) available from other companies that provide different functionality.

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-412 Dump: http://www.braindump2go.com/70-412.html

QUESTION 241
Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 and Server2 are nodes in a failover cluster named Cluster1. The network contains two servers named Server3 and Server4 that run Windows Server 2012 R2. Server3 and Server4 are nodes in a failover cluster named Cluster2. You need to move all of the applications and the services from Cluster1 to Cluster2. What should you do first from Failover Cluster Manager?

A.    On a server in Cluster1, click Move Core Cluster Resources, and then click Select Node.
B.    On a server in Cluster2, configure Cluster-Aware Updating.
C.    On a server in Cluster1, configure Cluster-Aware Updating.
D.    On a server in Cluster2, click Migrate Roles.

Answer: A

QUESTION 242
Your network contains two servers named HV1 and HV2. Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed. HV1 hosts 25 virtual machines. The virtual machine configuration files and the virtual hard disks are stored in D:\VM. You shut down all of the virtual machines on HV1. You copy D:\VM to D:\VM on HV2. You need to start all of the virtual machines on HV2. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?

A.    Run the Import-VMInitialReplication cmdlet.
B.    From HV1, export all virtual machines to D:\VM.
Copy D:\VM to D:\VM on HV2 and overwrite the existing files.
On HV2, run the Import Virtual Machine wizard.
C.    From HV1, export all virtual machines to D:\VM.
Copy D:\VM to D:\VM on HV2 and overwrite the existing files.
On HV2, run the New Virtual Machine wizard.
D.    Run the Import-VM cmdlet.

Answer: D

QUESTION 243
Your company recently deployed a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2. You need to identify the time-to-live (TTL) value for domain referrals to the NETLOGON and SYSVOL shared folders. Which tool should you use?

A.    Ultrasound
B.    Replmon
C.    Dfsdiag
D.    Frsutil

Answer: C

QUESTION 244
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has Microsoft SQL Server 2012 installed. You install the Active Directory Federation Services server role on Server2. You need to configure Server2 as the first Active Directory Federation Services (AD FS) server in the domain. The solution must ensure that the AD FS database is stored in a SQL Server database on Server1. What should you do on Server2?

A.    From the AD FS console, run the AD FS Federation Server Configuration Wizard and select the Stand-alone
federation server option.
B.    From Server Manager, install the Federation Service Proxy.
C.    From Windows PowerShell, run Install-ADFSFarm.
D.    From Server Manager, install the AD FS Web Agents.

Answer: A
Explanation:
To create the first federation server in a federation server farm There are two ways to start the AD FS Federation Server Configuration Wizard. On the Welcome page, verify that Create a new Federation Service is selected, and then click Next. On the Select Stand-Alone or Farm Deployment page, click New federation server farm, and then click Next.
On the Specify the Federation Service Name page, verify that the SSL certificate that is showing is correct. If this is not the correct certificate, select the appropriate certificate from the SSL certificate list.
Etc.
Note:
After you install the Federation Service role service and configure the required certificates on a computer, you are ready to configure the computer to become a federation server. You can use the following procedure to set up the computer to become the first federation server in a new federation server farm using the AD FS Federation Server Configuration Wizard. The act of creating the first federation server in a farm also creates a new Federation Service and makes this computer the primary federation server. This means that this computer will be configured with a read/write copy of the AD FS configuration database. All other federation servers in this farm must replicate any changes that are made on the primary federation server to their read-only copies of the AD FS configuration database that they store locally. Reference: To create the first federation server in a federation server farm

QUESTION 245
Your network contains two servers that run Windows Server 2012 R2 named Server1 and Server2. Both servers have the File Server role service installed. On Server2, you create a share named Backups. From Windows Server Backup on Server1, you schedule a full backup to run every night. You set the backup destination to \\Server2 \Backups.
After several weeks, you discover that \\Server2\Backups only contains the last backup that completed on Server1. You need to ensure that multiple backups of Server1 are maintained. What should you do?

A.    Modify the Volume Shadow Copy Service (VSS) settings.
B.    Modify the properties of the Windows Store Service (WSService) service.
C.    Change the backup destination,
D.    Configure the permission of the Backups share.

Answer: C

QUESTION 246
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has an enterprise root certification authority (CA) for contoso.com. You deploy another member server named Server2 that runs Windows Server 2012 R2 and has the Web Server (IIS) server role installed. You need to designate a website on Server1 as the certificate revocation list (CRL) distribution point for the C A. The solution must ensure that CRLs are published automatically to Server2. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Create an http:// CRL distribution point (CDP) entry.
B.    Configure a CA exit module.
C.    Create a file:// CRL distribution point (CDP) entry
D.    Configure an enrollment agent.
E.    Configure a CA policy module.

Answer: AE
Explanation:
A: To specify CRL distribution points in issued certificates Open the Certification Authority snap-in.
In the console tree, click the name of the CA.
On the Action menu, click Properties , and then click the Extensions tab. Confirm that Select extension is set to CRL Distribution Point (CDP) .
Do one or more of the following. (The list of CRL distribution points is in the Specify locations from which users can obtain a certificate revocation list (CRL) box.) / To indicate that you want to use a URL as a CRL distribution point Click the CRL distribution point, select the Include in the CDP extension of issued certificates check box, and then click OK .
Click Yes to stop and restart Active Directory Certificate Services (AD CS).
E: You can specify CRL Distribution Points (CDPs) in CAPolicy.inf. Note that any CDP in CAPolicy.inf will take precedence for certificate verifiers over the CDP’s specified in the CA policy module.
Note:
CRLDistributionPoint
You can specify CRL Distribution Points (CDPs) for a root CA certificate in the CAPolicy.inf. This section does not configure the CDP for the CA itself. After the CA has been installed you can configure the CDP URLs that the CA will include in each certificate that it issues. The URLs specified in this section of the CAPolicy.inf file are included in the root CA certificate itself.
Example:
[CRLDistributionPoint]
URL=http://pki.wingtiptoys.com/cdp/WingtipToysRootCA.crl

QUESTION 247
Your network contains an Active Directory domain named adatum.com. You create a new Group Policy object (GPO) named GPO1. You need to verify that GPO1 was replicated to all of the domain controllers. Which tool should you use?

A.    Gpupdate
B.    Gpresult
C.    Group Policy Management
D.    Active Directory Sites and Services

Answer: C

QUESTION 248
Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2. You install Windows Server 2012 R2 on a new computer named DC3. You need to manually configure DC3 as a domain controller. Which tool should you use?

A.    winrm.exe
B.    Server Manager
C.    dcpromo.exe
D.    Active Directory Domains and Trusts

Answer: B
Explanation:
When you try to DCpromo a Server 2012, you get this message:
 

QUESTION 249
Your network contain an active directory domain named Contoso.com. The domain contains two servers named server1 and server2 that run Windows Server 2012 R2. You create a security template named template1 by using the security template snap-in. You need to apply template1 to server2. Which tool should you use?

A.    Security Configuration and Analysis
B.    Server Manager
C.    Security Template
D.    Computer management

Answer: A

QUESTION 250
Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2012 R2. You need to create a custom Active Directory Application partition. Which tool should you use?

A.    Netdom
B.    Ntdsutil
C.    Dsmod
D.    Dsamain

Answer: B
Explanation:
* To create or delete an application directory partition Open Command Prompt.
Type:ntdsutil
At the ntdsutil command prompt, type:domain management
At the domain management command prompt, type:connection At the server connections command prompt, type:connect to server ServerName At the server connections command prompt, type:quit
At the domain management command prompt, do one of the following:
* partition management
Manages directory partitions for Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS).
This is a subcommand of Ntdsutil and Dsmgmt. Ntdsutil and Dsmgmt are command-line tools that are built into Windows Server 2008 and Windows Server 2008 R2.
/ partition management create nc %s1 %s2
Creates the application directory partition with distinguished name %s1, on the Active Directory domain controller or AD LDS instance with full DNS name %s2. If you specify "NULL" for %s2, this command uses the currently connected Active Directory domain controller. Use this command only with AD DS. For AD LDS, use create nc %s1 %s2 %s3.
Note:
* An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the replication of a particular application directory partition hosts a replica of that partition.

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-412 Dump: http://www.braindump2go.com/70-412.html

QUESTION 231
You have a server named Server1 that runs Windows Server 2012 R2. You download and install the Windows Azure Online Backup Service Agent on Server1. You need to ensure that you can configure an online backup from Windows Server Backup. What should you do first?

A.    From Windows Server Backup, run the Register Server Wizard.
B.    From Computer Management, add the Server1 computer account to the Backup Operators group.
C.    From a command prompt, run wbadmin.exe enable backup.
D.    From the Services console, modify the Log On settings of the Windows Azure Online Backup Service Agent.

Answer: A
Explanation:
A. Enables you to back up and restore your operating system, volumes, files, folders, and applications from a command prompt.
B. To register a server for use with Windows Azure Backup you must run the register server wizard
http://technet.microsoft.com/en-us/library/hh831677.aspx

QUESTION 232
Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. The domains contain three domain controllers. The domain controllers are configured as shown in the following table.
 
You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring setting is enforced in the child1.contoso.com domain. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Upgrade DC1 to Windows Server 2012 R2.
B.    Upgrade DC11 to Windows Server 2012 R2.
C.    Raise the domain functional level ofchildl.contoso.com.
D.    Raise the domain functional level of contoso.com.
E.    Raise the forest functional level of contoso.com.

Answer: BD
Explanation:
If you want to create access control based on claims and compound authentication, you need to deploy Dynamic Access Control. This requires that you upgrade to Kerberos clients and use the KDC, which support these new authorization types. With Windows Server 2012 R2, you do not have to wait until all the domain controllers and the domain functional level are upgraded to take advantage of new access control options
http://technet.microsoft.com/en-us/library/hh831747.aspx.

QUESTION 233
Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 
DC1 hosts an Active Directory-integrated zone for contoso.com. You add the DNS Server server role to DC2. You discover that the contoso.com DNS zone fails to replicate to DC2. You verify that the domain, schema, and configuration naming contexts replicate from DC1 to DC2. You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication. Which tool should you use?

A.    Active Directory Domains and Trusts
B.    Active Directory Users and Computers
C.    Repadmin
D.    Ntdsutil

Answer: C
Explanation:
Repadmin.exe is a command line tool that is designed to assist administrators in diagnosing, monitoring, and troubleshooting Active Directory replication problems.
Reference: Repadmin Introduction and Technology Overview
Note: If you see question about AD Replication, First preference is AD sites and services, then
Repadmin and then DNSLINT.

QUESTION 234
Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 
DC1 hosts an Active Directory-integrated zone for contoso.com. You add the DNS Server server role to DC2. You discover that the contoso.com DNS zone fails to replicate to DC2. You verify that the domain, schema, and configuration naming contexts replicate from DC1 to DC2. You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication. Which tool should you use?

A.    Active Directory Users and Computers
B.    Ntdsutil
C.    DNS Manager
D.    Active Directory Domains and Trusts

Answer: C
Explanation:
The primary tool that you use to manage DNS servers is DNS Manager, the DNS snap-in in Microsoft Management Console (MMC), which appears as DNS in Administrative Tools on the Start menu. You can use DNS Manager along with other snapins in MMC, further integrating DNS administration into your total network management. It is also available in Server Manager on computers with the DNS Server role installed. You can use DNS Manager to perform the following basic administrative server tasks:
* Performing initial configuration of a new DNS server.
* Connecting to and managing a local DNS server on the same computer or remote DNS servers on other computers.
* Adding and removing forward and reverse lookup zones, as necessary.
* Adding, removing, and updating resource records in zones.
* Modifying how zones are stored and replicated between servers.
* Modifying how servers process queries and handle dynamic updates.
Modifying security for specific zones or resource records.
In addition, you can also use DNS Manager to perform the following tasks:
* Perform maintenance on the server. You can start, stop, pause, or resume the server or manually update server data files.
* Monitor the contents of the server cache and, as necessary, clear it.
* Tune advanced server options.
Configure and perform aging and scavenging of stale resource records that are stored by the server.
Reference: DNS Tools

QUESTION 235
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 
The Branch site contains a perimeter network. For security reasons, client computers in the perimeter network can communicate with client computers in the Branch site only. You plan to deploy a new RODC to the perimeter network in the Branch site. You need to ensure that the new RODC will be able to replicate from DC10. What should you do first on DC10?

A.    Run dcpromo and specify the /createdcaccount parameter.
B.    Run the Active Directory Domain Services Configuration Wizard.
C.    Run the Add-ADDSReadOnlyDomainControllerAccount cmdlet.
D.    Enable the Bridge all site links setting.

Answer: C
Explanation:
Creates a read-only domain controller (RODC) account that can be used to install an RODC in Active Directory.
Note:
* Notes
Once you have added the RODC account, you can add an RODC to a server computer by using the Install-ADDSDomainController cmdlet with the -ReadOnlyReplica switch parameter.
* Example
Adds a new read-only domain controller (RODC) account to the corp.contoso.com domain using the North America site as the source site for the replication source domain controller.
C:\PS>Add-ADDSReadOnlyDomainControllerAccount -DomainControllerAccountName RODC1 -DomainName corp.contoso.com -SiteName NorthAmerica
Reference: Add-ADDSReadOnlyDomainControllerAccount

QUESTION 236
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA). All users in the domain are issued a smart card and are required to log on to their domainjoined client computer by using their smart card. A user named User1 resigned and started to work for a competing company. You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not prevent other users from logging on to the domain. Which tool should you use?

A.    The Security Configuration Wizard
B.    The Certification Authority console
C.    Active Directory Administrative Center
D.    Certificate Templates

Answer: B
Explanation:
You can use the Certification Authority console to configure CAs. This includes the following tasks:
(B) Scheduling certificate revocation list publication.
Installing the CA certificate when necessary.
Configuring exit module settings.
Configuring policy module settings.
Modifying security permissions and delegate control of CAs. Enabling optional Netscape-compatible Web-based revocation checking.
Reference: Configure Certification Authorities

QUESTION 237
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed. You need to store the contents of all the DNS queries received by Server1. What should you configure?

A.    Logging from Windows Firewall with Advanced Security
B.    Debug logging from DNS Manager
C.    A Data Collector Set (DCS) from Performance Monitor
D.    Monitoring from DNS Manager

Answer: D
Explanation:
The following DNS debug logging options are available:
* Direction of packets
Send Packets sent by the DNS server are logged in the DNS server log file. Receive Packets received by the DNS server are logged in the log file.
* Content of packets
(D) Standard queries Specifies that packets containing standard queries (per RFC 1034) are logged in the DNS server log file.
Updates Specifies that packets containing dynamic updates (per RFC 2136) are logged in the DNS server log file.
Notifies Specifies that packets containing notifications (per RFC 1996) are logged in the DNS server log file.
Etc.
Reference: Using server debug logging options

QUESTION 238
You have a server named LON-DC1 that runs Windows Server 2012 R2. An iSCSI virtual disk named VirtuahSCSIl.vhd exists on LON-DC1 as shown in the exhibit. (Click the Exhibit button.)
 
You create a new iSCSI virtual disk named VirtualiSCSI2.vhd by using the existing itgt iSCSI target. VirtuahSCSI1.vhd is removed from LON-DC1. You need to assign VirtualiSCSI2.vhd a logical unit value of 0. What should you do?

A.    Run the Set-IscsiVirtualDisk cmdlet and specify the -DevicePath parameter.
B.    Run the iscsicpl command and specify the virtualdisklun parameter.
C.    Modify the properties of the itgt ISCSI target.
D.    Run the Set-VirtualDisk cmdlet and specify the -Uniqueld parameter.

Answer: D
Explanation:
Set-VirtualDisk
Modifies the attributes of an existing virtual disk.
Applies To: Windows Server 2012 R2
-UniqueId<String>
Specifies an ID used to uniquely identify a Disk object in the system. The ID persists through restarts. Note: Logical unit numbers (LUNs) created on an iSCSI disk storage subsystem are not directly assigned to a server. For iSCSI, LUNs are assigned to logical entities called targets.
Incorrect:
Not A: Set-IscsiVirtualDisk
Modifies the settings for the specified iSCSI virtual disk.
-Path<String> (alias: DevicePath)
Specifies the path of the virtual hard disk (VHD) file that is associated with the iSCSI virtual disk. Filter the iSCSI Virtual Disk object using this parameter.
Not B: iscsicpl.exe could is the Microsoft iSCSI Initiator Configuration Tool.
Microsoft Internet iSCSI Initiator enables you to connect a host computer that is running Windows 7 or Windows Server 2008 R2 to an external iSCSI-based storage array through an Ethernet network adapter.

QUESTION 239
You have a Hyper-V host named Server1 that runs Windows Server 2012 R2. Server1 contains a virtual machine named VM1 that runs Windows Server 2012 R2. You fail to start VM1 and you suspect that the boot files on VM1 are corrupt. On Server1, you attach the virtual hard disk (VHD) of VM1 and you assign the VHD a drive letter of F. You need to repair the corrupt boot files on VM1. What should you run?

A.    bootrec.exe /rebuildbcd
B.    bootrec.exe /scanos
C.    bcdboot.exe f:\windows /s c:
D.    bcdboot.exe c:\windows /s f:

Answer: D

QUESTION 240
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DNS Server server role installed. Server1 has a zone named contoso.com. The zone is configured as shown in the exhibit. (Click the Exhibit button.)
 
You need to assign a user named User1 permission to add and delete records from the contoso.com zone only. What should you do first?

A.    Enable the Advanced view from DNS Manager.
B.    Add User1 to the DnsUpdateProxy group.
C.    Run the New Delegation Wizard.
D.    Configure the zone to be Active Directory-integrated.

Answer: D

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-412 Dump: http://www.braindump2go.com/70-412.html

QUESTION 221
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a file server role named FS1 and a generic service role named SVC1. Server1 is the preferred node for FS1. Server2 is the preferred node for SVC1. You plan to run a disk maintenance tool on the physical disk used by FS1. You need to ensure that running the disk maintenance tool does not cause a failover to occur. What should you do before you run the tool?

A.    Run cluster.exe and specify the pause parameter.
B.    Run cluster.exe and specify the offline parameter.
C.    Run Suspend-ClusterResource
D.    Run Suspend-ClusterNode.

Answer: B

QUESTION 222
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a Clustered Shared Volume (CSV). A developer creates an Application named App1. App1 is NOT a cluster-aware Application. App1 stores data in the file system. You need to ensure that App1 runs in Cluster1. The solution must minimize development effort.
Which cmdlet should you run?

A.    Add-ClusterGenericApplicationRole
B.    Add-ClusterGenericServiceRole
C.    Add ClusterServerRole
D.    Add-ClusterScaleOutFileServerRole

Answer: A

QUESTION 223
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is an enterprise root certification authority (CA) for contoso.com. Your user account is assigned the certificate manager role and the auditor role on the contoso.com CA. Your account is a member of the local Administrators group on Server1. You enable CA role separation on Server1.
You need to ensure that you can manage the certificates on the CA. What should you do?

A.    Remove your user account from the local Administrators group.
B.    Assign the CA administrator role to your user account.
C.    Assign your user account the Bypass traverse checking user right.
D.    Remove your user account from the Manage auditing and security log user right.

Answer: D

QUESTION 224
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed. An administrator installs the IP Address Management (IPAM) Server feature on a server named Server2. The administrator configures IPAM by using Group Policy based provisioning and starts server discovery. You plan to create Group Policies for IPAM provisioning. You need to identify which Group Policy object (GPO) name prefix must be used for IPAM Group Policies.
What should you do on Server2?

A.    From Server Manager, review the IPAM overview.
B.    Run the ipamgc.exe tool.
C.    From Task Scheduler, review the IPAM tasks.
D.    Run the Get-IpamConfiguration cmdlet.

Answer: A

QUESTION 225
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. The system properties of Server1 are shown in the exhibit. (Click the Exhibit button.)
 
You need to configure Server1 as an enterprise subordinate certification authority (CA). What should you do first?

A.    Add RAM to the server.
B.    Set the Startup Type of the Certificate Propagation service to Automatic.
C.    Install the Certification Authority Web Enrollment role service.
D.    Join Server1 to the contoso.com domain.

Answer: D

QUESTION 226
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com. The domain contains four member servers named Server1, Server2, Server3, and Server4. Server1 and 5erver2 run Windows Server 2008 R2. Server1 and Server2 have the Hyper-V server role and the Failover Clustering feature installed. Failover Clustering is configured to provide highly available virtual machines by using a cluster named Cluster1. Cluster1 hosts 10 virtual machines.
Server3 and Server4 run Windows Server 2012 R2.
You install the Hyper-V server role and the Failover Clustering feature on Server3 and Server4.
You create a cluster named Cluster2.
You need to migrate cluster resources from Cluster1 to Cluster2. The solution must minimize downtime on the virtual machines.
Which five actions should you perform?
To answer, move the appropriate five actions from the list of actions to the answer area and arrange them in the correct order.
 
Answer:
 
Explanation:
Migrate a Cluster Wizard
Box 1: Shut down
all of the virtual machines in Cluster1.
Box 2: Unmask the shared storage to present the storage to Cluster2.
Box 3: Mask the shared storage to prevent the storage from being accessed by Cluster1.
Box 4: Start the virtual machines in Cluster2.
Box 5: From the Failover Cluster Manager in Cluster1, run the Migrate a Cluster Wizard.
Note:
* The new cluster roles are always created offline – when VMs and users are ready, the following steps should be used during a maintenance window:
i. The source VMs should be shut down and turned off.
ii. The source cluster CSV volumes that have been migrated should be off-lined. iii. The storage that is common to both clusters (LUNS) should be masked (hidden) from the source cluster, to prevent accidental usage by both clusters.
iv. The storage that is common to both clusters (LUNS) should be presented to the new cluster. v. The CSV volumes on the target cluster should be on-lined.
vi. The VMs on the target cluster should be on-lined.
vii. VMs are migrated and ready for use!
* Now that the target cluster has been pre-staged, use the following steps during a maintenance window to cut over to the new Windows Server 2012 R2 cluster:
1. Shutdown all VMs on the source Windows Server 2008 R2 cluster that have been migrated.
2. Configure the storage:
a. Unmask the common shared storage (LUNs) so that they are not presented to the Windows Server 2008 R2source cluster
Note: Data could become corrupt if they are presented to multiple clusters at the same time.
b. Mask the common shared storage (LUNs) to the Windows Server 2012 R2 target cluster.

QUESTION 227
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 has access to four physical disks. The disks are configured as shown in the following table.
 
You need to identify which disk can be added to a Clustered Storage Space in Cluster1. Which disk should you identify?

A.    Disk1
B.    Disk2
C.    Disk3
D.    Disk4

Answer: B

QUESTION 228
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed. You attempt to delete a classification property and you receive the error message as shown in the exhibit. (Click the Exhibit button.)
 
You need to delete the is Confidential classification property. What should you do?

A.    Delete the classification rule that is assigned the isConfidential classification property.
B.    Disable the classification rule that is assigned the isConfidential classification property.
C.    Set files that have an isConfidential classification property value of Yes to No.
D.    Clear the isConfidential classification property value of all files.

Answer: A

QUESTION 229
You have a server named Server1 that runs Windows Server 2012 R2. Windows Server 2012 R2 is installed on volume C. You need to ensure that Safe Mode with Command Prompt loads the next time Server1 restarts. Which tool should you use?

A.    The Restart-Server cmdlet
B.    The Bootcfg command
C.    The Restart-Computer cmdlet
D.    The Bcdedit command

Answer: D

QUESTION 230
You have a failover cluster named Cluster1 that contains four nodes. All of the nodes run Windows Server 2012 R2. You need to schedule the installation of Windows updates on the cluster nodes. Which tool should you use?

A.    The Wusa command
B.    The Invoke-CauScan cmdlet
C.    The Add-CauClusterRole cmdlet
D.    The Wuauclt command

Answer: C

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-412 Dump: http://www.braindump2go.com/70-412.html

QUESTION 211
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Node1 and Node2. Node1 and Node2 run Windows Server 2012 R2. Node1 and Node2 are configured as a two-node failover cluster named Cluster2. The computer accounts for all of the servers reside in an organizational unit (OU) named Servers. A user named User1 is a member of the local Administrators group on Node1 and Node2. User1 creates a new clustered File Server role named File1 by using the File Server for general use option. A report is generated during the creation of File1 as shown in the exhibit. (Click the Exhibit button.)
 
File1 fails to start.
You need to ensure that you can start File1. What should you do?

A.    Log on to the domain by using the built-in Administrator for the domain, and then recreate the clustered
File Server role by using the File Server for general use option.
B.    Recreate the clustered File Server role by using the File Server for scale-out Application data option.
C.    Assign the computer account permissions of Cluster2 to the Servers OU.
D.    Assign the user account permissions of User1 to the Servers OU.
E.    Increase the value of the ms-DS-MachineAccountQuota attribute of the domain.

Answer: B

QUESTION 212
Your network contains two servers named Server1 and Server 2. Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed. Server1 hosts a virtual machine named VM1. The virtual machine configuration files and the virtual hard disks for VM1 are stored in D: \VM1.
You shut down VM1 on Server1.
You copy D:\VM1 to D:\VM1 on Server2.
You need to start VM1 on Server2. You want to achieve this goal by using the minimum amount of administrative effort.
What should you do?

A.    Run the Import-VMIntialReplication cmdlet.
B.    Create a new virtual machine on Server2 and attach the VHD from VM1 to the new virtual machine.
C.    From Hyper-V Manager, run the Import Virtual Machine wizard.
D.    Run the Import-IscsiVirtualDisk cmdlet.

Answer: C

QUESTION 213
Your network contains an Active Directory forest. The forest contains one domain named adatum.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.
 
DC2 has all of the domain-wide operations master roles. DC3 has all of the forest-wide operation master roles. You need to ensure that you can use Password Settings objects (PSOs) in the domain.
What should you do first?

A.    Uninstall Active Directory from DC1.
B.    Change the domain functional level.
C.    Transfer the domain-wide operations master roles.
D.    Transfer the forest-wide operations master roles.

Answer: A

QUESTION 214
Your network contains an Active Directory forest named contoso.com. The forest contains three domains. All domain controllers run Windows Server 2012 R2. The forest has a two-way realm trust to a Kerberos realm named adatum.com. You discover that users in adatum.com can only access resources in the root domain of contoso.com. You need to ensure that the adatum.com users can access the resources in all of the domains in the forest.
What should you do in the forest?

A.    Delete the realm trust and create a forest trust.
B.    Delete the realm trust and create three external trusts.
C.    Modify the incoming realm trust.
D.    Modify the outgoing realm trust.

Answer: D

QUESTION 215
Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2. DC1 and DC2 fail to replicate Active Directory information. You confirm that DC1 and DC2 have network connectivity. The NTDS Settings of DC2 are configured as shown in the NTDS Settings exhibit. (Click tie Exhibit button.)

 
DNS is configured as shown in the DNS exhibit. (Click the Exhibit button.)
 
You need to ensure that DC1 and DC2 can replicate immediately. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    From DC1, restart the Netlogon service.
B.    From DC2, run nltest.exe /sync.
C.    From DC1, run ipconfig /flushdns.
D.    From DO, run repadmin /syncall.
E.    From DC2, run ipconfig /registerdns.
F.    From DC2, restart the Netlogon service.

Answer: DE
Explanation:
The DC2 name/alias is not available in DNS.
First we register the DC2 name from DC with the ipcpnfig /registerdns. (E) Then we synchronizes a specified domain controller DC1 (DC2 would also work) with all of its replication partners with repadmin /syncall. (D)

QUESTION 216
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a Clustered Shared Volume (CSV). A developer creates an Application named App1. App1 is NOT a cluster-aware Application. App1 stores data in the file system. You need to ensure that App1 runs in Cluster1. The solution must minimize development effort.
Which cmdlet should you run?

A.    Add-ClusterGenericServiceRole
B.    Add-ClusterServerRole
C.    Add-ClusterGenericApplicationRole
D.    Add-ClusterScaleOutFileServerRole

Answer: C
Explanation:
* Add-ClusterGenericApplicationRole
Configure high availability for an application that was not originally designed to run in a failover cluster.
* If you run an application as a Generic Application, the cluster software will start the application, then periodically query the operating system to see whether the application appears to be running. If so, it is presumed to be online, and will not be restarted or failed over.

QUESTION 217
You have a server named Server1 that runs Windows Server 2012 R2.
You start Server1 by using Windows PE.
You need to repair the Boot Configuration Data (BCD) store on Server1.
Which tool should you use?

A.    Bootim
B.    Bootsect
C.    Bootrec
D.    Bootcfg

Answer: C

QUESTION 218
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a Clustered Shared Volume (CSV). A developer creates an application named Appl. App1 is NOT a cluster-aware application. App1 stores data in the file system. You need to ensure that App1 runs in Cluster1. The solution must minimize development effort. Which cmdlet should you run?

A.    Add-ClusterServerRole
B.    Add-ClusterGenericServiceRole
C.    Add ClusterScaleOutFileServerRole
D.    Add ClusterGenericApplicationRole

Answer: D
Explanation:
* Add-ClusterGenericApplicationRole Configure high availability for an application that was not orig
inally designed to run in a failover cluster.
* If you run an application as a Generic Application, the cluster software will start the application, then periodically query the operating system to see whether the application appears to be running. If so, it is presumed to be online, and will not be restarted or failed over.

QUESTION 219
Hotspot Question
Your network contains three Application servers that run Windows Server 2012 R2. The Application servers have the Network Load Balancing (NLB) feature installed. You create an NLB cluster that contains the three servers. You plan to deploy an Application named App1 to the nodes in the cluster. App1 uses TCP port 8080 and TCP port 8081.
Clients will connect to App1 by using HTTP and HTTPS. When clients connect to App1 by using HTTPS, session state information will be retained locally by the cluster node that responds to the client request.
You need to configure a port rule for App1. Which port rule should you use? To answer, select the appropriate rule in the answer area.
 
Answer:
 

QUESTION 220
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. The servers have the Hyper- V server role installed.
A certification authority (CA) is available on the network. A virtual machine named vml.contoso.com is replicated from Server1 to Server2. A virtual machine named vm2.contoso.com is replicated from Server2 to Server1. You need to configure Hyper-V to encrypt the replication of the virtual machines. Which common name should you use for the certificates on each server? To answer, configure the appropriate common name for the certificate on each server in the answer area.
 

 
Answer:

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-412 Dump: http://www.braindump2go.com/70-412.html

QUESTION 201
You have a server named Server1 that runs Windows Server 2012 R2. When you install a custom Application on Server1 and restart the server, you receive the following error message: "The Boot Configuration Data file is missing some required information.

File: \Boot\BCD
Error code: 0x0000034."
You start Server1 by using Windows PE. You need to ensure that you can start Windows Server 2012 R2 on Server1.
Which tool should you use?

A.    Bootsect
B.    Bootim
C.    Bootrec
D.    Bootcfg

Answer: C
Explanation:
http://answers.microsoft.com/en-us/windows/forum/windows_7-system/error-code-0x0000034-in-windows-7/4dcb8d38-a206-40ed-bced-55e4a4de9bf2

QUESTION 202
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Rights Management Services server role installed. Your company works with a partner organization that does not have its own Active Directory Rights Management Services (AD RMS) implementation. You need to create a trust policy for the partner organization. The solution must meet the following requirements:
Grant users in the partner organization access to protected content. Provide users in the partner organization with the ability to create protected content. Which type of trust policy should you create?

A.    a federated trust
B.    Windows Live ID
C.    a trusted publishing domain
D.    a trusted user domain

Answer: A

QUESTION 203
Hotspot Question
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 
On DC1, you create an Active Directory-integrated zone named Zone1. You verify that Zone1 replicates to DC2.
You use DNSSEC to sign Zone1.
You discover that the updates to Zone1 fail to replicate to DC2.
You need to ensure that Zone1 replicates to DC2.
What should you configure on DC1?
To answer, select the appropriate tab in the answer area.
 
Answer:

QUESTION 204
Hotspot Question
Your network contains two Hyper-V hosts that are configured as shown in the following table.
 
You create a virtual machine on Server1 named VM1.
You plan to export VM1 from Server1 and import VM1 to Server2. You need to ensure that you can start the imported copy of VM1 from snapshots.
What should you configure on VM1?
To answer, select the appropriate node in the answer area.
 
Answer:

 
Note:
* If the CPUs are from the same manufacturer but not from the same type, you may need to use Processor Compatibility.
*(incorrect) The network adapter is already disconnected.

QUESTION 205
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 
You configure a user named User1 as a delegated administrator of DC10. You need to ensure that User1 can log on to DC10 if the network link between the Main site and the Branch site fails.
What should you do?

A.    On DC10, run ntdsutil and configure the settings in the Roles context.
B.    On DC10, run ntdsutil and configure the settings in the Local Roles context.
C.    Modify the properties of the DCIO computer account.
D.    Run repadmin and specify /replsingleobject parameter.

Answer: B
Explanation:
Modify the following policy:
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights
Assignment\Allow log on locally
Note:
* User Rights Assignment policies determines which users or groups have logon rights or privileges on the computer.
* Delegated administrator accounts gain local administrative permissions to the RODC. These users can operate with privileges equivalent to the local computer’s Administrators group. They are not members of the Domain Admins or the domain built-in Administrators groups. This option is useful for delegating branch office administration without giving out domain administrative permissions. Configuring delegation of administration is not required.

QUESTION 206
You have a server named Server1 that runs Windows Server 2012 R2. You install the File and Storage Services server role on Server1.
From Windows Explorer, you view the properties of a folder named Folder1 and you discover that the Classification tab is missing. You need to ensure that you can assign classifications to Folder1 from Windows Explorer manually.
What should you do?

A.    From Folder Options, clear Hide protected operating system files (Recommended).
B.    Install the File Server Resource Manager role service.
C.    From Folder Options, select the Always show menus.
D.    Install the Share and Storage Management Tools.

Answer: B
Explanation:
B. Classification Management is a feature of FSRM
http://technet.microsoft.com/en-us/library/dd759252.aspx
http://technet.microsoft.com/en-us/library/dd758759(v=WS.10).aspx

QUESTION 207
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains three Active Directory sites named SiteA, SiteB, and SiteC. The sites contain four domain controllers. The domain controllers are configured as shown in the following table.
 
An IP site link exits between each site.
You discover that the users in SiteC are authenticated by the domain controllers in SiteA and SiteB. You need to ensure that the SiteC users are authenticated by the domain controllers in SiteB, unless all of the domain controllers in SiteB are unavailable.
What should you do?

A.    Create an SMTP site link between SiteB and SiteC.
B.    Create additional connection objects for DC3 and DC4.
C.    Decrease the cost of the site link between SiteB and SiteC.
D.    Create additional connection objects for DC1 and DC2.

Answer: C
Explanation:
By decreasing the site link cost between SiteB and SiteC the SiteC users would be authenticated by SiteB rather than by SiteA.

QUESTION 208
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 have the Hyper-V server role installed. Server1 and Server2 are configured as Hyper-V replicas of each other. Server2 hosts a virtual machine named VM5. VM5 is replicated to Server1. You need to verify whether the replica of VM5 on Server1 is functional. The solution must ensure that VM5 remains accessible to clients.
What should you do from Hyper-V Manager?

A.    On a server in Cluster2, click Migrate Roles.
B.    On a server in Cluster2, configure Cluster-Aware Updating.
C.    On a server in Cluster1, click Move Core Cluster Resources, and then click Select Node.
D.    On a server in Cluster1, configure Cluster-Aware Updating.

Answer: B
Explanation:
Note:
* Cluster-Aware Updating (CAU) is an automated feature that allows you to update clustered servers with little or no loss in availability during the update process. During an Updating Run, CAU transparently performs the following tasks:
Puts each node of the cluster into node maintenance mode Moves the clustered roles off the node
Installs the updates and any dependent updates
Performs a restart if necessary
Brings the node out of maintenance mode
Restores the clustered roles on the node
Moves to update the next node
For many clustered roles (formerly called clustered applications and services) in the cluster, the automatic update process triggers a planned failover, and it can cause a transient service interruption for connected clients. However, in the case of continuously available workloads in Windows Server 2012 R2, such as Hyper-V with live migration or file server with SMB Transparent Failover, CAU can coordinate cluster updates with no impact to the service availability.

QUESTION 209
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a
failover cluster named Cluster1. Cluster1 has access to four physical disks. The disks are configured as shown in the following table.
 
You need to ensure that all of the disks can be added to a Cluster Shared Volume (CSV). Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Enable BitLocker on Disk4.
B.    Format Disk3 to use NTFS.
C.    Format Disk2 to use NTFS.
D.    Disable BitLocker on Disk1.

Answer: BC
Explanation:
You cannot use a disk for a CSV that is formatted with FAT, FAT32, or Resilient File System (ReFS).

QUESTION 210
Your network contains an Active Directory forest named contoso.com. The contoso.com domain only contains domain controllers that run Windows Server 2012 R2. The forest contains a child domain named child.contoso.com. The child.contoso.com domain only contains domain controllers that run Windows Server 2008 R2. The child.contoso.com domain contains a member server named Server1 that runs Windows Server 2012 R2. You have access to four administrative user accounts in the forest. The administrative user accounts are configured as shown in the following table.
 
You need to ensure that you can add a domain controller that runs Windows Server 2012 R2 to the child.contoso.com domain. Which account should you use to run adprep.exe?

A.    Admin1
B.    Admin2
C.    Admin3
D.    Admin4

Answer: C

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-412 Dump: http://www.braindump2go.com/70-412.html

QUESTION 191
Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. The domains contain three domain controllers.
The domain controllers are configured as shown in the following table.
 
You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring setting is enforced in the child1.contoso.com domain.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Upgrade DC1 to Windows Server 2012 R2.
B.    Upgrade DC11 to Windows Server 2012 R2.
C.    Raise the domain functional level ofchildl.contoso.com,
D.    Raise the domain functional level of contoso.com.
E.    Raise the forest functional level of contoso.com.

Answer: BD

QUESTION 192
You have a server named Server1 that runs Windows Server 2012 R2. The storage on Server1 is configured as shown in the following table.
 
You plan to implement Data Deduplication on Server1. You need to identify on which drives you can enable Data Deduplication. Which three drives should you identify? (Each correct answer presents part of the solution. Choose three.)

A.    C
B.    D
C.    E
D.    F
E.    G

Answer: BDE
Explanation:
Volumes that are candidates for deduplication must conform to the following requirements:
* (not A) Must not be a system or boot volume. Deduplication is not supported on operating system volumes.
* Can be partitioned as a master boot record (MBR) or a GUID Partition Table (GPT), and must be formatted using the NTFS file system.
* Can reside on shared storage, such as storage that uses a Fibre Channel or an SAS array, or when an iSCSI SAN and Windows Failover Clustering is fully supported.
* Do not rely on Cluster Shared Volumes (CSVs). You can access data if a deduplicationenabled volume is converted to a CSV, but you cannot continue to process files for deduplication.
* (not C) Do not rely on the Microsoft Resilient File System (ReFS).
* Must be exposed to the operating system as non-removable drives. Remotely-mapped drives are not supported.
http://technet.microsoft.com/en-us/library/hh831700.aspx

QUESTION 193
You have 20 servers that run Windows Server 2012 R2.
You need to create a Windows PowerShell script that registers each server in Windows Azure Online Backup and sets an encryption passphrase. Which two PowerShell cmdlets should you run in the script? (Each correct answer presents part of the solution. Choose two.)

A.    New-OBPolicy
B.    New-OBRetentionPolicy
C.    Add-OBFileSpec
D.    Start-OBRegistration
E.    Set OBMachineSetting

Answer: DE
Explanation:
D: Start-OBRegistration
Registers the current computer with Windows Azure Online Backup using the credentials (username and password) created during enrollment.
E: The Set-OBMachineSetting cmdlet sets a OBMachineSetting object for the server that includes proxy server settings for accessing the internet, network bandwidth throttling settings, and the encryption passphrase that is required to decrypt the files during recovery to another server.
Incorrect:
Not C: The Add-OBFileSpec cmdlet adds the OBFileSpec object, which specifies the items to include or exclude from a backup, to the backup policy (OBPolicy object). The OBFileSpec object can include or exclude multiple files, folders, or volumes. T http://technet.microsoft.com/en-us/library/hh770416(v=wps.620).aspx
http://technet.microsoft.com/en-us/library/hh770425(v=wps.620).aspx http://technet.microsoft.com/en-us/library/hh770424.aspx
http://technet.microsoft.com/en-us/library/hh770398.aspx
http://technet.microsoft.com/en-us/library/hh770409.aspx

QUESTION 194
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
You need to ensure that a WIM file that is located on a network share is used as the installation source when installing server roles and features on Server1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Run the dism.exe command and specify the /remove-package parameter.
B.    Run the Remove-WindowsFeature cmdlet.
C.    Enable and configure the Specify settings for optional component installation and component repair
policy setting by using a Group Policy object (GPO).
D.    Enable the Enforce upgrade component rules policy setting by using a Group Policy object (GPO).
E.    Run the Remove-WindowsPackage cmdlet.

Answer: AC
Explanation:
A: To remove packages from an offline image by using DISM Example:
At a command prompt, specify the package identity to remove it from the image. You can remove multiple packages on one command line.
DISM /Image:C:\test\offline /Remove-Package
/PackageName:Microsoft.Windows.Calc.Demo~6595b6144ccf1df~x86~en~1.0.0.0 /PackageName:Microsoft-Windows-MediaPlayerPackage~31bf3856ad364e35~x86~~6.1.6801.0
C:
* You can use Group Policy to specify a Windows image repair source to use within your network. The repair source can be used to restore Windows features or to repair a corrupted Windows image.
* Set Group Policy
You can use Group Policy to specify when to use Windows Update, or a network location as a repair source for features on demand and automatic corruption repair. To configure Group Policy for Feature on Demand
Open the group policy editor. For example, on a computer that is running Windows?8, click Search, click Settings, type Edit Group Policy, and then select the Edit Group Policy setting.
Click Computer Configuration, click Administrative Templates, click System, and then double-click the Specify settings for optional component uninstallation and component repair setting. Select the settings that you want to use for Features on Demand.
Note:
* The Windows Imaging Format (WIM) is a file-based disk image format. It was developed by Microsoft to help deploy Windows Vista and subsequent versions of Windows operating system family, as well as Windows Fundamentals for Legacy PCs.

QUESTION 195
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. The functional level of the forest is Windows Server 2003. You have a domain outside the forest named litwareinc.com. You need to configure an access solution to meet the following requirements:
– Users in litwareinc.com must be able to access resources on a server named Server1 in contoso.com.
– Users in the contoso.com forest must be prevented from accessing any resources in litwareinc.com.
– Users in litwareinc.com must be prevented from accessing any other resources in the contoso.com forest.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

A.    Configure SID filtering on the trust.
B.    Configure forest-wide authentication on the trust.
C.    Create a one-way forest trust.
D.    Create a one-way external trust
E.    Modify the permission on the Server1 object.
F.    Configure selective authentication on the trust.

Answer: DEF
Explanation:
D (not C): litwareinc.com is outside the forest so we need an external trust (not a forest trust).
E: Must grant the required permissions on Server1.
F(not B): For external trust we must either select Domain-Wide or Selective Authentication (forst- wide authentication is not an option)
BCE
Note:
* You can create an external trust to form a one-way or two-way, nontransitive trust with domains that are outside your forest. External trusts are sometimes necessary when users need access to resources in a Windows NT 4.0 domain or in a domain that is located in a separate forest that is not joined by a forest trust.
/ To select the scope of authentication for users that are authenticating through a forest trust, click the forest trust that you want to administer, and then click Properties . On the Authentication tab, click either Forest-wide authentication or Selective authentication .
/ To select the scope of authentication for users that are authenticating through an external trust, click the external trust that you want to administer, and then click Properties . On the Authentication tab, click either Domain-wide authentication or Selective authentication .
* The forest-wide authentication setting permits unrestricted access by any users in the trusted forest to all available shared resources in any of the domains in the trusting forest.
* Forest-wide authentication is generally recommended for users within the same organization. Reference: Select the Scope of Authentication for Users
http://technet.microsoft.com/en-us/library/cc776245(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc755844(v=ws.10).aspx

QUESTION 196
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. All client computers run Windows 8. You need to configure a custom Access Denied message that will be displayed to users when they are denied access to folders or files on Server1.
What should you configure?

A.    A classification property
B.    The File Server Resource Manager Options
C.    A file management task
D.    A file screen template

Answer: B

QUESTION 197
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains three Active Directory sites named SiteA, SiteB, and SiteC. The sites contain four domain controllers. The domain controllers are configured as shown in the following table.
 
You discover that the users in SiteC are authenticated by the domain controllers in SiteA and SiteB. You need to ensure that the SiteC users are authenticated by the domain controllers in SiteB, unless all of the domain controllers in SiteB are unavailable. What should you do?

A.    Create additional connection objects for DC3 and DC4.
B.    Decrease the cost of the site link between SiteB and SiteC.
C.    Create a site link bridge.
D.    Disable site link bridging.

Answer: B
Explanation:
By decreasing the cost between SiteB and SiteC, the SiteC users will be authenticated by SiteB domain controllers.
Note:
* A site link bridge connects two or more site links and enables transitivity between site links. Each site link in a bridge must have a site in common with another site link in the bridge.
* By default, all site links are transitive.

QUESTION 198
Your network contains an Active Directory domain named contoso.com. The domain contains a. DC2 has the DHCP Server server role installed. DHCP is configured as shown in the exhibit. (Click the Exhibit button.)
 
You discover that client computers cannot obtain IPv4 addresses from DC2. You need to ensure that the client computers can obtain IPv4 addresses from DC2. What should you do?

A.    Disable the Deny filters.
B.    Enable the Allow filters.
C.    Authorize DC2.
D.    Restart the DHCP Server service

Answer: C

QUESTION 199
Your network contains an Active Directory forest named adatum.com. All servers run Windows Server 2012 R2. The domain contains four servers. The servers are configured as shown in the following table.
 
You need to deploy IP Address Management (IPAM) to manage DNS and DHCP. On which server should you install IPAM?

A.    Server1
B.    Server2
C.    Server3
D.    Server4

Answer: D
Explanation:
D. IPAM cannot be installed on Domain Controllers. All other servers have the DC role http://technet.microsoft.com/en-us/library/hh831353.aspx
 

QUESTION 200
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA). All users in the domain are issued a smart card and are required to log on to their domain-joined client computer by using their smart card. A user named User1 resigned and started to work for a competing company. You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not prevent other users from logging on to the domain. Which tool should you use?

A.    Active Directory Users and Computers
B.    Server Manager
C.    The Certificates snap-in
D.    The Certification Authority console

Answer: D
Explanation:
You can use the Certification Authority console to configure CAs. This includes the following tasks:
(D) Scheduling certificate revocation list publication. Installing the CA certificate when necessary. Configuring exit module settings.
Configuring policy module settings.
Modifying security permissions and delegate control of CAs. Enabling optional Netscape-compatible Web-based revocation checking.
Reference: Configure Certification Authorities

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-412 Dump: http://www.braindump2go.com/70-412.html

QUESTION 181
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and configured. For all users, you are deploying smart cards for logon. You are using an enrollment agent to enroll the smart card certificates for the users. You need to configure the Contoso Smartcard Logon certificate template to support the use of the enrollment agent. Which setting should you modify? To answer, select the appropriate setting in the answer area.
 
Answer:
 

QUESTION 182
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains the two servers.The servers are configured as shown in the following table.
 
You investigate a report about the potential compromise of a private key for a certificate issued to Server2.
You need to revoke the certificate issued to Server2. The solution must ensure that the revocation can be reverted. Which reason code should you select? To answer, select the appropriate reason code in the answer area.
 
Answer:
 

QUESTION 183
Drag and Drop Question
Your network contains two Active Directory forests named contoso.com and adatum.com. All domain controllers run Windows Server 2012 R2. A federated trust exists between adatum.com and contoso.com. The trust provides adatum.com users with access to contoso.com resources.
You need to configure Active Directory Federation Services (AD FS) claim rules for the federated trust. The solution must meet the following requirements:
– In contoso.com, replace an incoming claim type named Group with an outgoing claim type named Role.
– In adatum.com, allow users to receive their tokens for the relying party by using their Active Directory group membership as the claim type.
The AD FS claim rules must use predefined templates.
Which rule types should you configure on each side of the federated trust?
To answer, drag the appropriate rule types to the correct location or locations. Each rule type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 
Answer:
 

QUESTION 184
Drag and Drop QuestionYour network contains four servers that run Windows Server 2012 R2. Each server has the Failover Clustering feature installed. Each server has three network adapters installed. An iSCSI SAN is available on the network.
You create a failover cluster named Cluster1.
You add the servers to the cluster.
You plan to configure the network settings of each server node as shown in the following table.
 
You need to configure the network settings for Cluster1.
What should you do?
To answer, drag the appropriate network communication setting to the correct cluster network. Each network communication setting may be used once, more than once, or not at all.
You may need to drag the split bar between panes or scroll to view content.
Select and Place:
 
Answer:
 

QUESTION 185
Hotspot Question
You have a server named Server1 that runs Windows Server 2012 R2. The volumes on Server1 are configured as shown in the following table.
 
A new corporate policy states that backups must use Windows Azure Online Backup whenever possible.
You need to identify which backup methods you must use to back up Server1. The solution must use Windows Azure Online Backup whenever possible. Which backup type should you identify for each volume? To answer, select the appropriate backup type for each volume in the answer area.
 
Answer:
 

QUESTION 186
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com. The domain contains four member servers named Server1, Server2, Servers, and Server4. All servers run Windows Server 2012 R2. Server1 and Server2 are located in a site named Site1. Server3 and Server4 are located in a site named Site2. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 is configured to use the Node Majority quorum configuration. You need to ensure that Server1 is the only server in Site1 that can vote to maintain quorum.
What should you run from Windows PowerShell? To answer, drag the appropriate commands to the correct location. Each command may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 
Answer:
 

QUESTION 187
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.
 
You plan to test an application on a server named Server1. Server1 is currently located in Site1. After the test, Server1 will be moved to Site2. You need to ensure that Server1 attempts to authenticate to DC3 first, while you test the application. What should you do?

A.    Create a new site and associate the site to an existing site link object.
B.    Modify the priority of site-specific service location (SRV) DNS records for Site2.
C.    Create a new subnet object and associate the subnet object to an existing site.
D.    Modify the weight of site-specific service location (SRV) DNS records Site1.

Answer: B
Explanation:
Service Location (SRV) Resource Record
Priority A number between 0 and 65535 that indicates the priority or level of preference given for this record to the host that is specified in Host offering this service.
Priority indicates this host’s priority with respect to the other hosts in this domain that offer the same service and are specified by different service location (SRV) resource records.
Incorrect:
Not D:
Weight: A number between 1 and 65535 to be used as a load-balancing mechanism. When you select among more than one target SRV host for the type of service (specified in Service) that use the same Priority number, you can use this field to weight preference toward specific hosts. Where several hosts share equal priority, SRV-specified hosts with higher weight values that are entered here should be returned first to resolver clients in SRV query results. Reference: Service Location (SRV) Resource Record Dialog Box

QUESTION 188
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1.
 
The File Server Resource Manager role service is installed on Server1. All servers run Windows Server 2012 R2. A Group Policy object (GPO) named GPO1 is linked to the organizational unit (OU) that contains Server1. The following graphic shows the configured settings in GPO1. Server1 contains a folder named Folder1. Folder1 is shared as Share1.
You attempt to configure access-denied assistance on Server1, but the Enable access-denied assistance option cannot be selected from File Server Resource Manager.
You need to ensure that you can configure access-denied assistance on Server1 manually by using File Server Resource Manager. Which two actions should you perform?

A.    Set the Enable access-denied assistance on client for all file types policy setting to Disabled for GPO1.
B.    Set the Customize message for Access Denied errors policy setting to Not Configured for GPO1.
C.    Set the Enable access-denied assistance on client for all file types policy setting to Enabled for GPO1.
D.    Set the Customize message for Access Denied errors policy setting to Enabled for GPO1.

Answer: D
Explanation:
D. ensure that you can configure access-denied assistance
http://technet.microsoft.com/en-us/library/hh831402.aspx#BKMK_1

QUESTION 189
Your company has a main office and a remote office. The remote office is used for disaster recovery.
The network contains an Active Directory domain named contoso.com. The domain contains member servers named Server1, Server2, Server3, and Server4. All servers run Windows Server 2012 R2. Server1 and Server2 are located in the main office. Server3 and Server4 are located in the remote office.
All servers have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Storage is replicated between the main office and the remote site. You need to ensure that Cluster1 is available if two nodes in the same office fail. What are two possible quorum configurations that achieve the goal? (Each correct answer presents a
complete solution. Choose two.)

A.    Node Majority
B.    No Majority: Disk Only
C.    Node and File Share Majority
D.    Node and Disk Majority

Answer: AB
Explanation:
Depending on the quorum configuration option that you choose and your specific settings, the cluster will be configured in one of the following quorum modes:
* (A) Node majority (no witness) Only nodes have votes. No quorum witness is configured. The cluster quorum is the majority of voting nodes in the active cluster membership.
* (B) No majority (disk witness only) No nodes have votes. Only a disk witness has a vote. The cluster quorum is determined by the state of the disk witness. The cluster has quorum if one node is available and communicating with a specific disk in the cluster storage. Generally, this mode is not recommended, and it should not be selected because it creates a single point of failure for the cluster.
* Node majority with witness (disk or file share)
Nodes have votes. In addition, a quorum witness has a vote. The cluster quorum is the majority of voting nodes in the active cluster membership plus a witness vote. A quorum witness can be a designated disk witness or a designated file share witness.
Note:
* Quorum in Windows 2008 R2 referred to a consensus , that is, a majority of votes is required in order to reach quorum and maintain stability of the cluster. A new option created in Windows Server 2012 R2 which was also back ported to Windows Server 2008 R2 SP1 was the ability to stop a node being able to participate in the voting process.
* Dynamic quorum is the ability of the cluster to recalculate quorum on the fly and still maintain a working cluster. This is a huge improvement as we are now able to continue to run a cluster even if the number of nodes remaining in the cluster is less than 50%. This was not possible before but the dynamic quorum concept now allows us to do this. In fact we can reduce the cluster down to the last node (known as last man standing) and still maintain quorum. Reference: Configure and Manage the Quorum in a Windows Server 2012 R2 Failover Cluster

QUESTION 190
Your network contains an Active Directory domain named contoso.com. The domain contains four servers named Server1, Server2, Server3, and Server4 that run Windows Server 2012 R2. All servers have the Hyper-V server role and the Failover Clustering feature installed.
The servers are configured as shown in the following table.
 
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

A.    From Hyper-V Manager on a node in Cluster2, create three virtual machines.
B.    From Hyper-V Manager on a node in Cluster2, modify the Hyper-V settings.
C.    From Failover Cluster Manager on Cluster1, configure each virtual machine for replication.
D.    From Cluster1, add and configure the Hyper-V Replica Broker role.
E.    From Cluster2, add and configure the Hyper-V Replica Broker role.

Answer: ACE
Explanation:
A: Need to have same number of replicated VMs in the replicated site.
C: Once the hosting server is configured for Replica, you can enable replication for each virtual machine that you want to be replicated.
E: The Hyper-V Replica Broker is placed in the replicated cluster Note:
* Each node of the failover cluster that is involved in Replica must have the Hyper-V server role installed.
* Windows Server 2012 R2 Hyper-V Replica is a built-in mechanism for replicating Virtual Machines (VMs). It can replicate selected VMs in real-time or asynchronously from a primary site to a designated replica site across LAN/WAN. Here a replica site hosts a replicated VM while an associated primary site is where the source VM runs. And either a replica site or a primary site can be a Windows Server 2012 R2 Hyper-V host or a Windows Server 2012 R2 Failover Cluster.

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

QUESTION 171
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured as nodes in an NLB cluster named Cluster1. Both servers connect to the same switch.
Cluster1 hosts a secure web application named WebApp1. WebApp1 saves user state information in a central database.
You need to ensure that the connections to WebApp1 are distributed evenly between the nodes.
The solution must minimize port flooding.
What should you configure?
To answer, configure the appropriate affinity and the appropriate mode for Cluster1 in the answer area.
 
Answer:
 

QUESTION 172
Drag and Drop Question
You have 3 server named Server1 that runs Windows Server 2012 R2.
You are asked to test Windows Azure Online Backup to back up Server1.
You need to back up Server1 by using Windows Azure Online Backup. Which four actions should you perform in sequence? To answer, move the appropriate four actions from the list of actions to the answer area and arrange them in the correct order.
 
Answer:
 

QUESTION 173
Hotspot Question
Your company has a primary data center and a disaster recovery data center. The network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 runs Windows Server 2012 R2. Server1 is located in the primary data center. Server1 has an enterprise root certification authority (CA) for contoso.com.
You deploy another server named Server2 to the disaster recovery data center.
You plan to configure Server2 as a secondary certificate revocation list (CRL) distribution point.
You need to configure Server2 as a CRL distribution point (CDP).
Which tab should you use to configure the required CDP entry?
To answer, select the appropriate tab in the answer area.
 
Answer:
 

QUESTION 174
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Federation Services server role installed.
You need to make configuration changes to the Windows Token-based Agent role service.
Which tool should you use?
To answer, select the appropriate tool in the answer area.
Hot Area:
 
Answer:
 

QUESTION 175
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Hyper-V server role installed. The servers are configured as shown in the following table.
 
You add a third server named Server3 to the network. Server3 has Intel processors. You need to move VM3 and VM6 to Server3. The solution must minimize downtime on the virtual machines.
Which method should you use to move each virtual machine? To answer, select the appropriate method for each virtual machine in the answer area.
 
Answer:
 

QUESTION 176
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com. The domain contains two DHCP servers named DHCP1 and DHCP2 that run Windows Server 2012 R2.
You install the IP Address Management (IPAM) Server feature on a member server named Server1 and you run the Run Invoke-IpamGpoProvisioning cmdlet.
You need to manage the DHCP servers by using IPAM on Server1. Which three actions should you perform?
To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
 
Answer:
 

QUESTION 177
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Hyper-V server role and the Failover Clustering feature installed. Server1 and Server2 are members of a cluster named Cluster1. Cluster1 hosts 10 virtual machines.
When you try to migrate a running virtual machine from one server to another, you receive the following error message:
"There was an error checking for virtual machine compatibility on the target node."
You need to ensure that the virtual machines can be migrated from one node to another.
From which node should you perform the configuration? To answer, select the appropriate node in the answer area.
 
Answer:
 

QUESTION 178
Hotspot Question
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 have the Hyper-V server role installed. Server1 and Server2 have different processor models from the same manufacturer. On Server1, you plan to create a virtual machine named VM1. Eventually, VM1 will be exported to Server2. You need to ensure that when you import VM1 to Server2, you can start VM1 from saved snapshots.
What should you configure on VM1? To answer, select the appropriate node in the answer area.
 
Answer:
 

QUESTION 179
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. Server1 is a BranchCache hosted cache server that is located in a branch office.
The network contains client computers that run either Windows 7 or Windows 8.
For the branch office, all of the user accounts and the client computer accounts are located in an organizational unit (OU) named Branch1. A Group Policy object (GPO) named GPO1 is linked to Branch 1. GPO1 contains the BranchCache settings.
You discover that users in the branch office who have client computers that run Windows 7 do not access cached content from Server1. Users in the branch office who have Windows 8 computers access cached content from Server1.
You need to configure the Windows 7 computers to use BranchCache on Server1. Which setting should you configure in GPO1?
To answer, select the appropriate setting in the answer area.
 
Answer:
 

QUESTION 180
Hotspot Question
Your network contains two DHCP servers named Server1 and Server2. Server1 fails. You discover that DHCP clients can no longer receive IP address leases. You need to ensure that the DHCP clients receive IP addresses immediately. What should you configure from the View/Edit Failover Relationship settings? To answer, select the appropriate setting in the answer area.
 
Answer:

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

QUESTION 161
Your network contains an Active Directory forest.
The forest contains one domain named contoso.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.
 
DC1 has all of the operations master roles installed. You transfer all of the operations master roles to DC2, and then you uninstall Active Directory from DC1. You need to ensure that you can use Password Settings objects (PSOs) in the domain.
What should you do?

A.    Change the domain functional level.
B.    Upgrade DC2.
C.    Run the dcgpofix.exe command.
D.    Transfer the schema master role.

Answer: A
Explanation:
A. The domain functional level must be Windows Server 2008 to use PSO’s B. DC1 needs to be upgraded
C. Recreates the default Group Policy Objects (GPOs) for a domain D. Schema isn’t up to right level
http://technet.microsoft.com/en-us/library/cc770394(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh875588(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc753104.aspx

QUESTION 162
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server3 that runs Windows Server 2012 R2 and has the DHCP Server server role installed. DHCP is configured as shown in the exhibit.
 
You need to ensure that only Scope1, Scope3, and Scope5 assign the same DNS servers to DHCP clients. The solution must minimize administrative effort.
What should you do?

A.    Create a superscope and scope-level policies.
B.    Configure the Scope Options.
C.    Create a superscope and a filter.
D.    Configure the Server Options.

Answer: B
Explanation:
B. Any DHCP scope options configured for assignment to DHCP clients
http://technet.microsoft.com/en-us/library/dd759218.aspx
http://technet.microsoft.com/en-us/library/cc757682(v=WS.10).aspx

QUESTION 163
You have a server named Server1 that runs Windows Server 2012 R2. Server1 fails. You identify that the master
boot record (MBR) is corrupt. You need to repair the MBR. Which tool should you use?

A.    Bcdedit
B.    Bcdboot
C.    Bootrec
D.    Fixmbr

Answer: C
Explanation:
A. BCDEdit is a command-line tool for managing BCD stores. It can be used for a variety of purposes, including creating new stores, modifying existing stores, adding boot menu options, and so on. BCDEdit serves essentially the same purpose as Bootcfg.exe on earlier versions of Windows B. The BCDboot tool is a command-line tool that enables you to manage system partition files.
C. Bootrec.exe tool to troubleshoot "Bootmgr Is Missing" issue. The /ScanOs option scans all disks for installations that are compatible with Windows Vista or Windows 7. Additionally, this option displays the entries that are currently not in the BCD store. Use this option when there are Windows Vista or Windows 7 installations that the Boot Manager menu does not list.
D. Repairs the master boot record of the boot disk. The fixmbr command is only available when you are using the Recovery Console. Fixmbr option in Server 2008 and 2012 is a bootrec option
http://technet.microsoft.com/en-us/library/cc709667(v=ws.10).aspx http://technet.microsoft.com/en-us/library/dd744347(v=ws.10).aspx http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/enus/bootcons_fix mbr.mspx?mfr=true
http://www.youtube.com/watch?v=kFU8kngy6O0
http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/bbf4f440-50ce4ea2- a3eaa96dc2500352

QUESTION 164
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 
You configure a user named User1 as a delegated administrator of DC10.
You need to ensure that User1 can log on to DC10 if the network link between the Main site and the Branch site fails. What should you do?

A.    Add User1 to the Domain Admins group.
B.    On DC10, run ntdsutil and configure the settings in the Roles context.
C.    Run repadmin and specify the /prp parameter.
D.    On DC1, modify the User Rights Assignment in Default Domain Controllers Group Policy object (GPO).

Answer: D
Explanation:
Modify the following policy:
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights
Assignment\Allow log on locally
Note:
* User Rights Assignment policies determines which users or groups have logon rights or privileges on the computer.
* Delegated administrator accounts gain local administrative permissions to the RODC. These users can operate with privileges equivalent to the local computer’s Administrators group. They are not members of the Domain Admins or the domain built-in Administrators groups. This option is useful for delegating branch office administration without giving out domain administrative permissions. Configuring delegation of administration is not required.

QUESTION 165
You perform a full installation of Windows Server 2012 R2 on a virtual machine named Server1. You plan to use Server1 as a reference image. You need to minimize the amount of storage space used by the Windows Server 2012 R2 installation. Which cmdlet should you use?

A.    Remove-Module
B.    Optimize-VHD
C.    Optimize-Volume
D.    Uninstall-WindowsFeature

Answer: B
Explanation:
The Optimize-VHD cmdlet optimizes the allocation of space in or more virtual hard disk files, except for fixed virtual hard disks. The Compact operation is used to optimize the files. This operation reclaims unused blocks as well as rearranges the blocks to be more efficiently packed, which reduces the size of a virtual hard disk file.
Reference: Optimize-VHD
http://technet.microsoft.com/en-us/library/hh849732.aspx
http://technet.microsoft.com/en-us/library/hh848458.aspx
http://technet.microsoft.com/en-us/library/hh848675.aspx
http://technet.microsoft.com/en-us/library/jj205471.aspx

QUESTION 166
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
Server1 has a scope named Scope1. A policy named Policy1 is configured for Scope1. Policy1 is configured to provide Hyper-V virtual machines a one-day lease. All other computers receive an eight-day lease.
You implement an additional DHCP server named Server2 that runs Windows Server 2012 R2.
On Server1, you configure Scopel for DHCP failover.
You discover that virtual machines that receive IP addresses from Server2 have a lease duration of eight days.
You need to ensure that when Server2 assigns IP addresses to the Hyper-V virtual machines, the lease duration is one day. The solution must ensure that other computers that receive IP addresses from Server2 have a lease duration of eight days.
What should you do?

A.    On Server2, right-click Scope1, and then click Reconcile.
B.    On Server1, right-click Scope1, and then click Replicate Scope.
C.    On Server2, create a new DHCP policy.
D.    On Server1, delete Policy1, and then recreate the policy.

Answer: B
Explanation:
Scope 1 has been set up for DHCP failover. Now we need to replicate it from Server1 to Server2.
http://technet.microsoft.com/en-us/library/dd183579(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc772101.aspx

QUESTION 167
You deploy an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as the attribute store. Some users report that they fail to authenticate to the AD FS infrastructure. You discover that only users who run third-party web browsers experience issues. You need to ensure that all of the users can authenticate to the AD FS infrastructure successfully. Which Windows PowerShell command should you run?

A.    Set-ADFSProperties -ProxyTrustTokenLifetime 1:00:00
B.    Set-ADFSProperties -AddProxyAuthenticationRules None
C.    Set-ADFSProperties -SSOLifetime 1:00:00
D.    Set-ADFSProperties -ExtendedProtectionTokenCheck None

Answer: A
Explanation:
A. Sets the valid token lifetime for proxy trust tokens (in minutes). This value is used by the federation server proxy to authenticate with its associated federation server. B. Specifies a policy rule set that can be used to establish authorization permissions for setting up trust proxies. The default value allows the AD FS 2.0 service user account or any member of BUILTIN\Administrators to register a federation server proxy with the Federation Service. C. Specifies the duration of the single sign-on (SSO) experience for Web browser clients (in minutes). D. pecifies the level of extended protection for authentication supported by the federation server. Extended Protection for Authentication helps protect against man-in-the-middle (MITM) attacks, in which an attacker intercepts a client’s credentials and forwards them to a server.
http://technet.microsoft.com/zh-cn/library/ee892317.aspx

QUESTION 168
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a file server named Server1. The domain contains a domain controller named DC1.
Server1 contains three shared folders. The folders are configured as shown in the following table.
 
Folder2 has a conditional expression of User.Department= = MMarketing".
You discover that a user named User1 cannot access \\Server1\folder2. User1 can access \\Server1\folderl and \\Server1\folder3. You verify the group membership of User1 as shown in the Member Of exhibit. (Click the Exhibit button.)
 
You verify the organization information of User1 as shown in the Organization exhibit.
(Click the Exhibit button.)
 
You verify the general properties of User1 as shown in the General exhibit. (Click the Exhibit button.)
 
You need to ensure that User1 can access the contents of \\Server1\folder2. What should you do?

A.    From a Group Policy object (GPO), set the Support for Dynamic Access Control and Kerberos armoring
setting to Always provide claims.
B.    Change the department attribute of User1.
C.    Grant the Full Control NTFS permissions on Folder2 to User1.
D.    Remove Userl1from the Accounting global group.

Answer: B
Explanation:
B. Conditional Expression and users Department must match http://technet.microsoft.com/en-us/library/jj134043.aspx

QUESTION 169
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 
The Branch site contains a perimeter network.
For security reasons, client computers in the perimeter network can communicate with client computers in the Branch site only. You plan to deploy a new RODC to the perimeter network in the Branch site. You need to ensure that the new RODC will be able to replicate from DC10. What should you do first on DC10?

A.    Enable the Bridge all site links setting.
B.    Run the Active Directory Domain Services Configuration Wizard.
C.    Create an Active Directory site link bridge.
D.    Create an Active Directory site.

Answer: C
Explanation:
A. Site link transitivity is controlled by the Bridge all site links option on the properties pages of transport folders (such as IP or SMTP) in the Active Directory Sites and Services snapin. Site link transitivity is enabled by default.
B.
C.
If you cannot place a writable Windows Server 2008 domain controller in the nearest site to the RODC, RODC replication depends on a site link bridge between the site links that contain the site of the RODC and the site of the writable Windows Server 2008 domain controller.
D.
AD Site not readed for RODC
http://technet.microsoft.com/en-us/library/dd736189(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc738789(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc732632(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc778718(v=WS.10).aspx

QUESTION 170
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has Microsoft SQL Server 2012 installed.
You install the Active Directory Federation Services server role on Server2. You need to configure Server2 as the first Active Directory Federation Services (AD FS) server in the domain. The solution must ensure that the AD FS database is stored in a SQL Server database on Server1.
What should you do on Server2?

A.    From a command prompt, run fsutil.exe.
B.    From Windows PowerShell, run Install-ADFSFarm.
C.    From Server Manager, install the Federation Service Proxy.
D.    From Server Manager, install the AD FS Web Agents.

Answer: B
Explanation:
A. Performs tasks that are related to file allocation table (FAT) and NTFS file systems, such as managing reparse points, managing sparse files, or dismounting a volume.
B. Creates the first node of a new federation server farm
C. Not installing Proxy
D. Not Installing web agents
http://technet.microsoft.com/en-us/library/cc753059(v=ws.10).aspx http://technet.microsoft.com/en-us/library/jj553792.aspx Parameter: -SQLConnectionString<String>
Specifies the SQL Server database that will store the AD FS configuration settings. If not specified, the AD FS installer uses the Windows Internal Database to store configuration settings.

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html