Exam Code: microsoft 70 412 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Configuring Advanced Windows Server 2012 Services
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass microsoft 70 412 Exam.
Q111. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and configured.
For all users, you are deploying smart cards for logon. You are using an enrollment agent to enroll the smart card certificates for the users.
You need to configure the Contoso Smartcard Logon certificate template to support the use of the enrollment agent.
Which setting should you modify? To answer, select the appropriate setting in the answer area.
Answer:
Q112. You have a server named Server1 that runs Windows Server 2012 R2.
When you install a custom Application on Server1 and restart the server, you receive the
following error message: "The Boot Configuration Data file is missing some required information. File: \Boot\BCD
Error code: 0x0000034."
You start Server1 by using Windows RE.
You need to ensure that you can start Windows Server 2012 R2 on Server1.
Which tool should you use?
A. Bootsect
B. Bootim
C. Bootrec
D. Bootcfg
Answer: C
Explanation:
* Bootrec.exe tool to troubleshoot "Bootmgr Is Missing" issue. The /ScanOs option scans all disks for installations that are compatible with Windows Vista or Windows 7. Additionally, this option displays the entries that are currently not in the BCD store. Use this
option when there are Windows Vista or Windows 7 installations that the Boot Manager menu does not list.
* Error code 0x0000034 while booting.
Resolution:
1. Put the Windows Windows 7 installation disc in the disc drive, and then start the computer.
2. Press any key when the message indicating "Press any key to boot from CD or DVD …". appears.
3. Select a language, time, currency, and a keyboard or another input method. Then click Next.
4. Click Repair your computer.
5. Click the operating system that you want to repair, and then click Next.
6. In the System Recovery Options dialog box, click Command Prompt.
7. Type Bootrec /RebuildBcd, and then press ENTER.
Incorrect:
Not A. Bootsect.exe updates the master boot code for hard disk partitions to switch
between BOOTMGR and NTLDR. You can use this tool to restore the boot sector on your
computer. This tool replaces FixFAT and FixNTFS.
Not D. The bootcfg command is a Microsoft Windows Server 2003 utility that modifies the
Boot.ini file.
Reference: Bootsect Command-Line Options
http://technet.microsoft.com/en-us/library/cc749177(v=ws.10).aspx
http://support.microsoft.com/kb/927392/en-us
http://answers.microsoft.com/en-us/windows/forum/windows_7-system/error-code-0x0000034-in-windows-7/4dcb8d38-a206-40ed-bced-55e4a4de9bf2
Q113. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is an enterprise root certification authority (CA) for contoso.com.
Your user account is assigned the certificate manager role and the auditor role on the contoso.com CA. Your account is a member of the local Administrators group on Server1.
You enable CA role separation on Server1.
You need to ensure that you can manage the certificates on the CA.
What should you do?
A. Remove your user account from the local Administrators group.
B. Assign the CA administrator role to your user account.
C. Assign your user account the Bypass traverse checking user right.
D. Remove your user account from the Manage auditing and security log user right.
Answer: D
Explanation:
The separation of CA roles can be enforced using role separation. Once enforced, role separation only allows a user to be assigned a single role. If a user is assigned to more than one role and attempts to perform an operation on the CA, the operation is denied. For this reason, before role separation is enabled, a user should be assigned only one CA role.
Reference: Role Separation
Q114. DRAG DROP
Your network contains two Active Directory forests named contoso.com and adatum.com. Each forest contains an Active Directory Rights Management Services (AD RMS) root cluster. All servers run Windows Server 2012 R2.
You need to ensure that the rights account certificates issued in adatum.com are accepted by the AD RMS root cluster in contoso.com.
What should you do in each forest?
To answer, drag the appropriate actions to the correct forests. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q115. Your network contains one Active Directory domain named contoso.com. The domain contains three users named User1, User2, and User3.
You need to ensure that the users can log on to the domain by using the user principal names (UPNs) shown in the following table.
What should you use?
A. the Set-ADDomain cmdlet
B. the Add-DNSServerSecondaryZone cmdlet
C. the Setspn command
D. the Set-ADUser cmdlet
Answer: D
Reference: Technet, Set-ADUser https://technet.microsoft.com/en-us/library/ee617215.aspx
Q116. Your company has a main office and a branch office.
The main office contains a file server named Server1. Server1 has the BranchCache for
Network Files role service installed. The branch office contains a server named Server2.
Server2 is configured as a BranchCache hosted cache server.
You need to preload the data from the file shares on Server1 to the cache on Server2.
What should you run first?
A. Publish-BCFileContent
B. Add- BCDataCacheExtension
C. Set-BCCache
D. Export-BCCachePackage
Answer: A
Explanation:
See step 2 below.
To prehash content and preload the content on hosted cache servers . Log on to the file or Web server that contains the data that you wish to preload, and identify the folders and files that you wish to load on one or more remote hosted cache servers. . Run Windows PowerShell as an Administrator. For each folder and file, run either the Publish-BCFileContent command or the Publish-BCWebContent command, depending on the type of content server, to trigger hash generation and to add data to a data package. . After all the data has been added to the data package, export it by using the Export-BCCachePackage command to produce a data package file. . Move the data package file to the remote hosted cache servers by using your choice of file transfer technology. FTP, SMB, HTTP, DVD and portable hard disks are all viable transports. . Import the data package file on the remote hosted cache servers by using the Import-BCCachePackage command.
Reference: Prehashing and Preloading Content on Hosted Cache Servers (Optional)
Q117. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has an enterprise root certification authority (CA) for contoso.com.
You deploy another member server named Server2 that runs Windows Server 2012 R2 and has the Web Server (IIS) server role installed.
You need to designate a website on Server1 as the certificate revocation list (CRL) distribution point for the CA. The solution must ensure that CRLs are published automatically to Server2.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Create an http:// CRL distribution point (CDP) entry.
B. Configure a CA exit module.
C. Create a file:// CRL distribution point (CDP) entry.
D. Configure a CA policy module.
E. Configure an enrollment agent.
Answer: A,D
Explanation:
A. To specify CRL distribution points in issued certificates Open the Certification Authority snap-in. In the console tree, click the name of the CA. On the Action menu, click Properties , and then click the Extensions tab. Confirm that Select extension is set to CRL Distribution Point (CDP) .
. Do one or more of the following. (The list of CRL distribution points is in the Specify locations from which users can obtain a certificate revocation list (CRL) box.)
/ To indicate that you want to use a URL as a CRL distribution point Click the CRL distribution point, select the Include in the CDP extension of issued certificates check box, and then click OK .
. Click Yes to stop and restart Active Directory Certificate Services (AD CS).
D. You can specify CRL Distribution Points (CDPs) in CAPolicy.inf. Note that any CDP in CAPolicy.inf will take precedence for certificate verifiers over the CDP's specified in the CA policy module.
Note:
CRLDistributionPoint
You can specify CRL Distribution Points (CDPs) for a root CA certificate in the CAPolicy.inf.
This section does not configure the CDP for the CA itself. After the CA has been installed
you can configure the CDP URLs that the CA will include in each certificate that it issues.
The URLs specified in this section of the CAPolicy.inf file are included in the root CA
certificate itself.
Example:
[CRLDistributionPoint]
URL=http://pki.wingtiptoys.com/cdp/WingtipToysRootCA.crl
Q118. HOTSPOT
Your network contains two application servers that run Windows Server 2012 R2. The application servers have the Network Load Balancing (NLB) feature installed.
You create an NLB cluster that contains the two servers.
You plan to deploy an application named App1 to the nodes in the cluster. App1 uses TCP port 8080 and TCP port 8081.
Clients will connect to App1 by using HTTP and HTTPS via a single reverse proxy. App1 does not use session state information.
You need to configure a port rule for Appl. The solution must ensure that connections to App1 are distributed evenly between the nodes.
Which port rule should you use?
To answer, select the appropriate rule in the answer area.
Answer:
Q119. Your network contains two Active Directory forests named contoso.com and adatum.com. Each forest contains one domain. Contoso.com has a two-way forest trust to adatum.com. Selective authentication is enabled on the forest trust.
Contoso contains 10 servers that have the File Server role service installed. Users successfully access shared folders on the file servers by using permissions granted to the Authenticated Users group.
You migrate the file servers to adatum.com.
Contoso users report that after the migration, they are unable to access shared folders on the file servers.
You need to ensure that the Contoso users can access the shared folders on the file servers.
What should you do?
A. Disable selective authentication on the existing forest trust.
B. Disable SID filtering on the existing forest trust.
C. Run netdom and specify the /quarantine attribute.
D. Replace the existing forest trust with an external trust.
Answer: B
Explanation:
Although it is not recommended, you can use this procedure to disable security identifier (SID) filter quarantining for an external trust with the Netdom.exe tool. You should consider disabling SID filter quarantining only in the following situations:
* Users have been migrated to the trusted domain with their SID histories preserved, and you want to grant those users access to resources in the trusting domain (the former domain of the migrated users) based on the sIDHistory attribute.
Etc.
Reference: Disabling SID filter quarantining
http://technet.microsoft.com/en-us/library/cc794713(v=ws.10).aspx
Q120. You have a server named Server1 that runs Windows Server 2012 R2.
Windows Server 2012 R2 is installed on volume C.
You need to ensure that Safe Mode with Networking loads the next time Server1 restarts.
Which tool should you use?
A. The Msconfig command
B. The Bootcfg command
C. The Restart-Computer cmdlet
D. The Restart-Server cmdlet
Answer: A
Explanation:
Use system config (Msconfig) to configure boot options.
Reference: System Configuration – aka MSCONFIG.