Proper study guides for Improved Microsoft Configuring Advanced Windows Server 2012 Services certified begins with Microsoft examcollection 70 412 preparation products which designed to deliver the High value 70 412 dumps questions by making you pass the exam 70 412 test at your first time. Try the free exam 70 412 demo right now.
Q31. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Guster1. Cluster1 contains a file server role named FS1 and a generic service role named SVC1. Server1 is the preferred node for FS1. Server 2 is the preferred node for SVC1.
You plan to run a disk maintenance tool on the physical disk used by FS1.
You need to ensure that running the disk maintenance tool does not cause a failover to occur.
What should you do before you run the tool?
A. Run Suspend-ClusterResource.
B. Run Suspend-GusterNode.
C. Run cluster.exe and specify the pause parameter.
D. Run cluster.exe and specify the offline parameter.
Answer: D
Q32. Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that has the Active Directory Federation Services server role installed. All servers run Windows Server 2012.
You complete the Active Directory Federation Services Configuration Wizard on Server1. You need to ensure that client devices on the internal network can use Workplace Join. Which two actions should you perform on Server1? (Each correct answer presents part of the solution. Choose two.)
A. Run Enable-AdfsDeviceRegistration -PrepareActiveDirectory.
B. Edit the multi-factor authentication global authentication policy settings.
C. Run Enable-AdfsDeviceRegistration.
D. Run Set-AdfsProxyProperties HttpPort 80.
E. Edit the primary authentication global authentication policy settings.
Answer: C,E
Explanation:
C. To enable Device Registration Service
On your federation server, open a Windows PowerShell command window and type:
Enable-AdfsDeviceRegistration
Repeat this step on each federation farm node in your AD FS farm.
E. Enable seamless second factor authentication
Seamless second factor authentication is an enhancement in AD FS that provides an
added level of access protection to corporate resources and applications from external
devices that are trying to access them. When a personal device is Workplace Joined, it
becomes a ‘known’ device and administrators can use this information to drive conditional
access and gate access to resources.
To enable seamless second factor authentication, persistent single sign-on (SSO) and
conditional access for Workplace Joined devices.
In the AD FS Management console, navigate to Authentication Policies. Select Edit Global
Primary Authentication. Select the check box next to Enable Device Authentication, and
then click OK.
Reference: Configure a federation server with Device Registration Service.
Q33. Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. The functional level of the forest is Windows Server 2003.
You have a domain outside the forest named adatum.com.
You need to configure an access solution to meet the following requirements:
* Users in adatum.com must be able to access resources in contoso.com.
* Users in adatum.com must be prevented from accessing resources in fabrikam.com.
* Users in both contoso.com and fabrikam.com must be prevented from accessing resources in adatum.com.
What should you create?
A. a one-way realm trust from contoso.com to adatum.com
B. a one-way realm trust from adatum.com to contoso.com
C. a one-way external trust from contoso.com to adatum.com
D. a one-way external trust from adatum.com to contoso.com
Answer: C
Explanation:
The contoso domain must trust the adatum domain.
Note: In a One-way: incoming trust, users in your (trusted) domain can be authenticated in
the other (trusting) domain. Users in the other domain cannot be authenticated in your
domain.
Incorrect:
Not A, not B. Use realm trusts to form a trust relationship between a non-Windows
Kerberos realm and a Windows Server domain.
Not D. The resources that are to be shared are in the contoso domain.
Reference: Trust types
Q34. You deploy an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as the attribute store.
Some users report that they fail to authenticate to the AD FS infrastructure.
You discover that only users who run third-party web browsers experience issues.
You need to ensure that all of the users can authenticate to the AD FS infrastructure successfully.
Which Windows PowerShell command should you run?
A. Set-ADFSProperties -ProxyTrustTokenLifetime 1:00:00
B. Set-ADFSProperties -AddProxyAuthenticationRules None
C. Set-ADFSProperties -SSOLifetime 1:00:00
D. Set-ADFSProperties -ExtendedProtectionTokenCheck None
Answer: D
Explanation:
Explanation/Reference: Certain client browser software, such as Firefox, Chrome, and Safari, do not support the Extended Protection for Authentication capabilities that can be used across the Windows platform to protect against man-in-the-middle attacks. To prevent this type of attack from occurring over secure AD FS communications, AD FS 2.0 enforces (by default) that all communications use a channel binding token (CBT) to mitigate against this threat.
Note: Disable the extended Protection for authentication To disable the Extended Protection for Authentication feature in AD FS 2.0
. On a federation server, login using the Administrator account, open the Windows PowerShell command prompt, and then type the following command: Set-ADFSProperties –ExtendedProtectionTokenCheck None . Repeat this step on each federation server in the farm.
Reference: Configuring Advanced Options for AD FS 2.0
Q35. DRAG DROP
You have a server named Server2 that runs Windows Server 2012 R2. You have storage provisioned on Server2 as shown in the exhibit. (Click the Exhibit button.)
You need to configure the storage so that it appears in Windows Explorer as a drive letter on Server1.
Which three actions should you perform in sequence? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q36. DRAG DROP
You have a file server named Server1 that runs Windows Server 2012 R2. The folders on Server1 are configured as shown in the following table.
A new corporate policy states that backups must use Windows Azure Online Backup whenever possible.
You need to identify which technology you must use to back up Server1. The solution must use Windows Azure Online Backup whenever possible.
What should you identify?
To answer, drag the appropriate backup type to the correct location or locations. Each backup type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q37. Your network contains an Active Directory forest named contoso.com. The contoso.com domain only contains domain controllers that run Windows Server 2012 R2.
The forest contains a child domain named child.contoso.com. The child.contoso.com domain only contains domain controllers that run Windows Server 2008 R2. The child.contoso.com domain contains a member server named Server1 that runs Windows Server 2012 R2.
You have access to four administrative user accounts in the forest. The administrative user accounts are configured as shown in the following table.
You need to ensure that you can add a domain controller that runs Windows Server 2012 R2 to the child.contoso.com domain.
Which account should you use to run adprep.exe?
A. Admin1
B. Admin2
C. Admin3
D. Admin4
Answer: C
Explanation:
Adprep.exe performs operations that must be completed on the domain controllers that run
in an existing Active Directory environment before you can add a domain controller that
runs that version of Windows Server.
Preparing to run adprep /domainprep (see step 2 below).
To help ensure that the adprep /domainprep command runs successfully, complete these
steps before you run the command on the infrastructure operations master role holder in
each domain:
. Make sure that the schema updates that adprep /forestprep performs replicated throughout the forest or that they at least replicated to the infrastructure master for the domain where you plan to run adprep /domainprep.
. Make sure that you can log on to the infrastructure master with an account that is a member of the Domain Admins group. . Verify that the domain functional level is appropriate.
Reference: Running Adprep.exe
http://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx
Q38. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs a Server Core installation of Windows Server 2012 R2.
You need to deploy a certification authority (CA) to Server1. The CA must support the auto-enrollment of certificates.
Which two cmdlets should you run? (Each correct answer presents part of the solution.
Choose two.)
A. Add-CAAuthoritylnformationAccess
B. Install-AdcsCertificationAuthority
C. Add-WindowsFeature
D. Install-AdcsOnlineResponder
E. Install-AdcsWebEnrollment
Answer: B,E
Explanation:
Explanation
B. The Install-AdcsCertificationAuthority cmdlet performs installation and configuration of
the AD CS CA role service. It can be used to install a root CA.
Example:
Install-AdcsCertificationAuthority –CAType StandaloneRootCA –CACommonName
"ContosoRootCA" –KeyLength 2048 –HashAlgorithm SHA1 –CryptoProviderName
"RSA#Microsoft Software Key Storage Provider"
E: The Install-AdcsWebEnrollment cmdlet performs initial installation and configuration of
the Certification Authority Web Enrollment role service.
Note: Prior to the availability of Certificate Enrollment Web Services, AD CS required that client computers configured for certificate auto-enrollment be connected directly to the corporate network. Certificate Enrollment Web Services allows organizations to enable AD CS using a perimeter network. This allows users and computers outside the corporate network to enroll for certificates.
Certificate Enrollment web service
Reference: Deploying AD CS Using Windows PowerShell
Q39. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012.
Server1 and Server2 have the Hyper-V server role and the Failover Clustering feature installed.
Server1 and Server2 are members of a cluster named Cluster1. Cluster1 hosts 10 virtual machines.
When you try to migrate a running virtual machine from one server to another, you receive the following error message: "There was an error checking for virtual machine compatibility on the target node."
You need to ensure that the virtual machines can be migrated from one node to another.
From which node should you perform the configuration?
To answer, select the appropriate node in the answer area.
Answer:
Q40. HOTSPOT
Your network contains an Active Directory domain named contoso.com.
You install the IP Address Management (IPAM) Server feature on a server named Server1
and select Manual as the provisioning method.
The IPAM database is located on a server named SQL1.
You need to configure IPAM to use Group Policy Based provisioning.
What command should you run first?
To answer, select the appropriate options in the answer area.
Answer: