Exam Code: 70-412 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Configuring Advanced Windows Server 2012 Services
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass 70-412 Exam.

2017 Mar 70-412 exam fees

Q61. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. 

The network has the physical sites and TCP/IP subnets configured as shown in the following table. 

You have a web application named App1 that is hosted on six separate Web servers. DNS has the host names and IP addresses registered as shown in the following table. 

You discover that when users connect to appl.contoso.com, they are connected frequently to a server that is not on their local subnet. 

You need to ensure that when the users connect to appl.contoso.com, they connect to a server on their local subnet. The connections must be distributed across the servers that host appl.contoso.com on their subnet. 

Which two settings should you configure? 

To answer, select the appropriate two settings in the answer area. 

Answer: 


Q62. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. 

Server1 and Server2 have the Hyper-V server role installed. The servers are configured as shown in the following table. 

You add a third server named Server3 to the network. Server3 has Intel processors. 

You need to move VM3 and VM6 to Server3. The solution must minimize downtime on the 

virtual machines. 

Which method should you use to move each virtual machine? 

To answer, select the appropriate method for each virtual machine in the answer area. 

Answer: 


Q63. Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the Hyper-V server role installed. 

You plan to replicate virtual machines between Server1 and Server2. The replication will be encrypted by using Secure Sockets Layer (SSL). 

You need to request a certificate on Server1 to ensure that the virtual machine replication is encrypted. 

Which two intended purposes should the certificate for Server1 contain? (Each correct answer presents part of the solution. Choose two.) 

A. Client Authentication 

B. Kernel Mode Code Signing 

C. Server Authentication 

D. IP Security end system 

E. KDC Authentication 

Answer: A,C 

Explanation: 

You need to use certificate-based authentication if you want transmitted data to be encrypted. 

Replica Server Certificate Requirements 

To enable a server to receive replication traffic, the certificate in the replica server must meet the following conditions 

* Enhanced Key Usage must support both Client and Server authentication 

Etc. 

Reference: Hyper-V Replica - Prerequisites for certificate based deployments 

http://blogs.technet.com/b/virtualization/archive/2012/03/13/hyper-v-replica-certificate-requirements.aspx 


Q64. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. 

You are creating a central access rule named TestFinance that will be used to audit members of the Authenticated Users group for access failure to shared folders in the finance department. 

You need to ensure that access requests are unaffected when the rule is published. 

What should you do? 

A. Add a User condition to the current permissions entry for the Authenticated Users principal. 

B. Set the Permissions to Use the following permissions as proposed permissions. 

C. Add a Resource condition to the current permissions entry for the Authenticated Users principal. 

D. Set the Permissions to Use following permissions as current permissions. 

Answer:

Explanation: 

Proposed permissions enable an administrator to more accurately model the impact of potential changes to access control settings without actually changing them. Reference: Access Control and Authorization Overview http://technet.microsoft.com/en-us/library/jj134043.aspx 


Q65. You have an Active Directory Rights Management Services (AD RMS) cluster. 

You need to prevent users from encrypting new content. The solution must ensure that the users can continue to decrypt content that was encrypted already. 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. From the Active Directory Rights Management Services console, enable decommissioning. 

B. From the Active Directory Rights Management Services console, create a user exclusion policy. 

C. Modify the NTFS permissions of %systemdrive%\\inetpub\\wwwroot\\_wmcs\\licensing. 

D. Modify the NTFS permissions of %systemdrive%\\inetpub\\wwwroot\\_wmcs\\decommission. 

E. From the Active Directory Rights Management Services console, modify the rights policy templates. 

Answer: A,D 

Explanation: 

* Decommissioning refers to the entire process of removing the AD RMS cluster and its 

associated databases from an organization. This process allows you to save rights-

protected files as ordinary files before you remove AD RMS from your infrastructure so that 

you do not lose access to these files. 

Decommissioning an AD RMS cluster is achieved by doing the following: 

/ Enable the decommissioning service. (A) 

/ Modify permissions on the decommissioning pipeline. 

/ Configure the AD RMS-enabled application to use the decommissioning pipeline. 

* To modify the permissions on the decommissioning pipeline 

1. Log on to ADRMS-SRV as cpandl\\administrator. 

2. Click Start, type %systemdrive%\\inetpub\\wwwroot\\_wmcs in the Start Search box, and 

then press ENTER. 

3. Right-click the decommission folder, and then click Properties. 

4. Click the Security tab, click Edit, and then click Add. (D) 

Etc. 

Reference: Step 1: Decommission AD RMS Root Cluster 


Update 70-412 exam answers:

Q66. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as an enterprise certification authority (CA). 

You need to ensure that all of the users in the domain are issued a certificate that can be used for the following purposes: 

Email security 

Client authentication 

Encrypting File System (EFS) 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. From a Group Policy, configure the Certificate Services Client – Auto-Enrollment settings. 

B. From a Group Policy, configure the Certificate Services Client – Certificate Enrollment Policy settings. 

C. Modify the properties of the User certificate template, and then publish the template. 

D. Duplicate the User certificate template, and then publish the template. 

E. From a Group Policy, configure the Automatic Certificate Request Settings settings. 

Answer: A,D 

Explanation: 

The default user template supports all of the requirements EXCEPT auto enroll as shown below: 

However a duplicated template from users has the ability to autoenroll: 

The Automatic Certificate Request Settings GPO setting is only available to Computer, not user. 

Reference: Manage Certificate Enrollment Policy by Using Group Policy. http://technet.microsoft.com/en-us/library/dd851772.aspx 


Q67. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed. 

You are creating a file management task as shown in the exhibit. (Click the Exhibit button.) 

You need to ensure that the Include all folders that store the following kinds of data list displays an entry named Corporate Data. 

What should you do? 

A. Create a new file group. 

B. Create a new classification property. 

C. Modify the properties of the System Files file group. 

D. Modify the Folder Usage classification property. 

Answer:

Explanation: 

Classification properties are used to assign values to files. Reference: Working with File Classification 


Q68. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains the two servers. 

The servers are configured as shown in the following table. 

You investigate a report about the potential compromise of a private key for a certificate issued to Server2. 

You need to revoke the certificate issued to Server2. The solution must ensure that the revocation can be reverted. 

Which reason code should you select? 

To answer, select the appropriate reason code in the answer area. 

Answer: 


Q69. You have a server named Server1 that runs Windows Server 2012 R2. 

From Server Manager, you install the Active Directory Certificate Services server role on Server1. 

A domain administrator named Admin1 logs on to Server1. 

When Admin1 runs the Certification Authority console, Admin1 receive the following error message. 

You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error message does not appear. 

What should you do? 

A. Install the Active Directory Certificate Services (AD CS) tools. 

B. Run the regsvr32.exe command. 

C. Modify the PATH system variable. 

D. Configure the Active Directory Certificate Services server role from Server Manager. 

Answer:

Explanation: 

The error message is related to missing role configuration. 

* Cannot Manage Active Directory Certificate Services Resolution: configure the two Certification Authority and Certification Authority Web Enrollment Roles: 

image 

Reference: Cannot manage Active Directory Certificate Services in Server 2012 Error 0x800070002 


Q70. You have a server named LON-DC1 that runs Windows Server 2012 R2. An iSCSI virtual disk named VirtualiSCSI1.vhd exists on LON-DC1 as shown in the exhibit. (Click the Exhibit button.) 

You create a new iSCSI virtual disk named VirtualiSCSI2.vhd by using the existing itgt 

iSCSI target. 

VirtualiSCSIl.vhd is removed from LON-DC1. 

You need to assign VirtualiSCSI2.vhd a logical unit value of 0. 

What should you do? 

A. Run the Set-VirtualDisk cmdlet and specify the -Uniqueld parameter. 

B. Run the Add-IscsiVirtualDiskTargetMapping cmdlet and specify the –Lun parameter. 

C. Run the iscsicli command and specify the reportluns parameter. 

D. Run the Set-IscsiVirtualDisk cmdlet and specify the –DevicePath parameter. 

Answer:

Explanation: The Add-IscsiVirtualDiskTargetMapping cmdlet assigns a virtual disk to an 

iSCSI target. Once a virtual disk has been assigned to a target, and after the iSCSi initiator 

connects to that target, the iSCSI initiator can access the virtual disk. All of the virtual disks 

assigned to the same iSCSI target will be accessible by the connected iSCSI initiator. 

Parameter include: -Lun<Int32> 

Specifies the logical unit number (LUN) associated with the virtual disk. By default, the 

lowest available LUN number will be assigned. 

Reference: Add-IscsiVirtualDiskTargetMapping 

https://technet.microsoft.com/en-us/library/jj612800(v=wps.630).aspx