Cause all that matters here is passing the Microsoft 70 412 dumps exam. Cause all that you need is a high score of examcollection 70 412 Configuring Advanced Windows Server 2012 Services exam. The only one thing you need to do is downloading Examcollection 70 412 dumps exam study guides now. We will not let you down with our money-back guarantee.
Q1. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains the two servers.
The servers are configured as shown in the following table.
You investigate a report about the potential compromise of a private key for a certificate issued to Server2.
You need to revoke the certificate issued to Server2. The solution must ensure that the revocation can be reverted.
Which reason code should you select?
To answer, select the appropriate reason code in the answer area.
Answer:
Q2. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed. Server1 has an IPv6 scope named Scope1.
You implement an additional DHCP server named Server2 that runs Windows Server 2012 R2.
You need to provide high availability for Scope1. The solution must minimize administrative effort.
What should you do?
A. Install and configure Network Load Balancing (NLB) on Server1 and Server2.
B. Create a scope on Server2.
C. Configure DHCP failover on Server1.
D. Install and configure Failover Clustering on Server1 and Server2.
Answer: C
Explanation:
Overview: Configure DHCP failover using the DHCP console To configure DHCP failover using the DHCP console, right-click a DHCP scope or right-click IPv4 and then click Configure Failover.
Configure Failover
The Configure Failover wizard guides you through configuring DHCP failover on the
selected scope.
Note: The DHCP server failover feature, available in Windows Server 2012 and later,
provides the ability to have two DHCP servers provide IP addresses and option
configuration to the same subnet or scope, providing for continuous availability of DHCP
service to clients.
Incorrect:
Not A. NLB is not related to DHCP scope availability.
Not B. DHCP failover requirements include:
DHCP Scopes requirement:
At least one IPv4 DHCP scope must be configured on the primary DHCP server.
The same DHCP scope ID, or an overlapping scope, must not be configured on the failover
partner.
Not D. Failover clustering is possibly, but would not minimize administration.
Reference: Deploy DHCP Failover
Q3. Your network contains an Active Directory forest named contoso.com. The forest contains
a single domain. The forest functional level is Windows Server 2012 R2.
You have a domain controller named DC1.
On DC1, you create a new Group Policy object (GPO) named GPO1. You need to verify that GPO1 was replicated to all of the domain controllers.
Which tool should you use?
A. Group Policy Management
B. Active Directory Sites and Services
C. DFS Management
D. Active Directory Administrative Center
Answer: A
Explanation:
In Windows Server 2012, the Group Policy Management Console (GPMC) was enhanced to provide a report for the overall health state of the Group Policy infrastructure for a domain, or to scope the health view to a single GPO.
Reference: Check Group Policy Infrastructure Status
http://technet.microsoft.com/en-us/library/jj134176.aspx
Q4. Your network contains an Active Directory forest named contoso.com. The forest contains four domains. All servers run Windows Server 2012 R2.
Each domain has a user named User1.
You have a file server named Server1 that is used to synchronize user folders by using the Work Folders role service.
Server1 has a work folder named Sync1.
You need to ensure that each user has a separate folder in Sync1.
What should you do?
A. From Windows Explorer, modify the Sharing properties of Sync1.
B. Run the Set-SyncServerSetting cmdlet.
C. From File and Storage Services in Server Manager, modify the properties of Sync1.
D. Run the Set-SyncShare cmdlet.
Answer: D
Explanation:
The Set-SyncShare cmdlet modifies the settings for a sync share.
Example: Modify a sync share to add a user group
This example modifies settings on the share named Share01, and enables the user group
named ContosoEngGroup to access the share.
The first command uses the Get-SyncShare cmdlet to retrieve the sync share for Share01,
and assigns the results to the variable $Current.
The second command uses the Set-SyncShare cmdlet to modify the sync share and add
the current user and the ContosoEngGroup to the list of users allowed to access the share.
PS C:\> $Current = Get-SyncShare Share01
PS C:\> Set-SyncShare Share01 -User $Current.user,"ContosoEngGroup"
PS C:\> Get-SyncShare Share01 // See %username below% !!
ConflictResolutionPolicy : KeepLatest
Description :
DevicePolicy : Share01
Enabled : True ExclusiveAccessToUser : False Name : Share01 Path : K:\Share01 StagingFolder : K:\EcsStagingArea\Share01 StagingQuota : 1099511627776 StagingQuotaPerUser : 10737418240 Type : User Data User : {HRGroup, EngGroup} UserFolderName : %username% // <-- This line!! PSComputerName
Reference: Set-SyncShare
http://technet.microsoft.com/en-US/library/dn296649.aspx
Q5. HOTSPOT
Your network contains two application servers that run Windows Server 2012 R2. The application servers have the Network Load Balancing (NLB) feature installed.
You create an NLB cluster that contains the two servers.
You plan to deploy an application named App1 to the nodes in the cluster. App1 uses TCP port 8080 and TCP port 8081.
Clients will connect to App1 by using HTTP and HTTPS via a single reverse proxy. App1 does not use session state information.
You need to configure a port rule for Appl. The solution must ensure that connections to App1 are distributed evenly between the nodes.
Which port rule should you use?
To answer, select the appropriate rule in the answer area.
Answer:
Q6. Your company has a main office and a remote office. The remote office is used for disaster recovery.
The network contains an Active Directory domain named contoso.com. The domain contains member servers named Server1, Server2, Server3, and Server4. All servers run Windows Server 2012 R2.
Server1 and Server2 are located in the main office. Server3 and Server4 are located in the remote office.
All servers have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Storage is replicated between the main office and the remote site.
You need to ensure that Cluster1 is available if two nodes in the same office fail.
What are two possible quorum configurations that achieve the goal? (Each correct answer presents a complete solution. Choose two.)
A. No Majority: Disk Only
B. Node Majority
C. Node and File Share Majority
D. Node and Disk Majority
Answer: A,B
Explanation:
Depending on the quorum configuration option that you choose and your specific settings, the cluster will be configured in one of the following quorum modes:
* (A) No majority (disk witness only)
* (B) Node majority (no witness)
* Node majority with witness (disk or file share)
Reference: Configure and Manage the Quorum in a Windows Server 2012 R2 Failover Cluster
Q7. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is an enterprise root certification authority (CA) for contoso.com.
Your user account is assigned the certificate manager role and the auditor role on the contoso.com CA. Your account is a member of the local Administrators group on Server1.
You enable CA role separation on Server1.
You need to ensure that you can manage the certificates on the CA.
What should you do?
A. Remove your user account from the local Administrators group.
B. Assign the CA administrator role to your user account.
C. Assign your user account the Bypass traverse checking user right.
D. Remove your user account from the Manage auditing and security log user right.
Answer: D
Explanation:
The separation of CA roles can be enforced using role separation. Once enforced, role separation only allows a user to be assigned a single role. If a user is assigned to more than one role and attempts to perform an operation on the CA, the operation is denied. For this reason, before role separation is enabled, a user should be assigned only one CA role.
Reference: Role Separation
Q8. You have a server named Server1 that runs Windows Server 2012 R2.
Server1 has a single volume that is encrypted by using BitLocker Drive Encryption
(BitLocker).
BitLocker is configured to save encryption keys to a Trusted Platform Module (TPM).
Server1 is configured to perform a daily system image backup.
The motherboard on Server1 is upgraded.
After the upgrade, Windows Server 2012 R2 on Server1 fails to start.
You need to start the operating system on Server1 as soon as possible.
What should you do?
A. Start Server1 from the installation media. Run startrec.exe.
B. Move the disk to a server that has a model of the old motherboard. Start the server from the installation media. Run bcdboot.exe.
C. Move the disk to a server that has a model of the old motherboard. Start the server. Run tpm.msc.
D. Start Server1 from the installation media. Perform a system image recovery.
Answer: C
Explanation:
By moving the hard drive to server with that has a model of the old motherboard the system
would be able to start. As BitLocker was configured to save encryption keys to a Trusted
Platform Module (TPM), we can use tpm.msc to access the TPM settings.
Note: After you replaced the motherboard, you need to repopulate the TPM with new
information regarding the encryption of the hard disk.
We use these commands to repopulate the information in the TPM (without PIN):
manage-bde –delete -protectors C: -type TPM
manage-bde –protectors –add C: -tpm
Incorrect:
Not D. After the system image recovery you would still have the new motherboard installed.
The problem would return.
Reference: BitLocker - New motherboard replacement
Q9. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains two DHCP servers named Server1 and Server2. Both servers have multiple IPv4 scopes.
Server1 and Server2 are used to assign IP addresses for the network IDs of 172.20.0.0/16 and 131.107.0.0/16.
You install the IP Address Management (IPAM) Server feature on a server named IPAM1 and configure IPAM1 to manage Server1 and Server2.
Some users from the 172.20.0.0 network report that they occasionally receive an IP address conflict error message.
You need to identify whether any scopes in the 172.20.0.0 network ID conflict with one another.
What Windows PowerShell cmdlet should you run?
To answer, select the appropriate options in the answer area.
Answer:
Q10. HOTSPOT
You have a server named Server1 that runs Windows Server 2012 R2.
You are configuring a storage space on Server1.
You need to ensure that the storage space supports tiered storage.
Which settings should you configure?
To answer, select the appropriate options in the answer area.
Answer:
Q11. DRAG DROP
Your network contains two Active Directory forests named contoso.com and adatum.com. All domain controllers run Windows Server 2012 R2.
A federated trust exists between adatum.com and contoso.com. The trust provides adatum.com users with access to contoso.com resources.
You need to configure Active Directory Federation Services (AD FS) claim rules for the federated trust.
The solution must meet the following requirements:
. In contoso.com, replace an incoming claim type named Group with an outgoing claim type named Role. . In adatum.com, allow users to receive their tokens for the relying party by using their Active Directory group membership as the claim type.
The AD FS claim rules must use predefined templates.
Which rule types should you configure on each side of the federated trust?
To answer, drag the appropriate rule types to the correct location or locations. Each rule type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q12. You have a server named Server1.
You install the IP Address Management (IPAM) Server feature on Server1.
You need to provide a user named User1 with the ability to set the access scope of all the DHCP servers that are managed by IPAM. The solution must use the principle of least privilege.
Which user role should you assign to User1?
A. DNS Record Administrator Role
B. IPAM DHCP Reservations Administrator Role
C. IPAM Administrator Role
D. IPAM DHCP Administrator Role
Answer: D
Explanation:
The IPAM DHCP administrator role completely manages DHCP servers.
C:\Users\Chaudhry\Desktop\1.jpg
Reference: What's New in IPAM
Q13. You have a cluster named Cluster1 that contains two nodes. Both nodes run Windows Server 2012 R2. Cluster1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2.
You configure a custom service on VM1 named Service1.
You need to ensure that VM1 will be moved to a different node if Service1 fails.
Which cmdlet should you run on Cluster1?
A. Add-ClusterVmMonitoredItem
B. Set-ClusterResourceDependency
C. Enable- VmResourceMetering
D. Add-ClusterGenericServiceRole
Answer: A
Explanation:
* The Add-ClusterVMMonitoredItem cmdlet configures monitoring for a service or an Event Tracing for Windows (ETW) event so that it is monitored on a virtual machine. If the service fails or the event occurs, then the system responds by taking an action based on the failover configuration for the virtual machine resource. For example, the configuration might specify that the virtual machine be restarted or failover.
* The decision on whether to failover or restart on the same node is configurable and determined by the failover properties for the virtual machine.
Reference: Add-ClusterVMMonitoredItem
Q14. Your network contains one Active Directory domain named contoso.com. The domain contains an IP Address Management (IPAM) server named Server1. Server1 manages several DHCP and DNS servers.
From Server Manager on Server1, you create a custom role for IPAM.
You need to assign the role to a group named IP_Admins.
What should you do?
A. From Windows PowerShell, run the Add-Member cmdlet.
B. From Server Manager, create an access policy.
C. From Windows PowerShell, run the Set-IpamConfiguration cmdlet.
D. From Server Manager, create an access scope.
Answer: B
Explanation: A role is a collection of IPAM operations. You can associate a role with a user or group in Windows using an access policy. Several built-in roles are provided, but you can also create customized roles to meet your business requirements.
Reference: Manage IPAM, Access Control
https://technet.microsoft.com/en-us/library/dn741281.aspx
Q15. Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that has the Active Directory Federation Services server role installed. All servers run Windows Server 2012.
You complete the Active Directory Federation Services Configuration Wizard on Server1. You need to ensure that client devices on the internal network can use Workplace Join. Which two actions should you perform on Server1? (Each correct answer presents part of the solution. Choose two.)
A. Run Enable-AdfsDeviceRegistration -PrepareActiveDirectory.
B. Edit the multi-factor authentication global authentication policy settings.
C. Run Enable-AdfsDeviceRegistration.
D. Run Set-AdfsProxyProperties HttpPort 80.
E. Edit the primary authentication global authentication policy settings.
Answer: C,E
Explanation:
C. To enable Device Registration Service
On your federation server, open a Windows PowerShell command window and type:
Enable-AdfsDeviceRegistration
Repeat this step on each federation farm node in your AD FS farm.
E. Enable seamless second factor authentication
Seamless second factor authentication is an enhancement in AD FS that provides an
added level of access protection to corporate resources and applications from external
devices that are trying to access them. When a personal device is Workplace Joined, it
becomes a ‘known’ device and administrators can use this information to drive conditional
access and gate access to resources.
To enable seamless second factor authentication, persistent single sign-on (SSO) and
conditional access for Workplace Joined devices.
In the AD FS Management console, navigate to Authentication Policies. Select Edit Global
Primary Authentication. Select the check box next to Enable Device Authentication, and
then click OK.
Reference: Configure a federation server with Device Registration Service.
Q16. You have a server named Server1 that runs Windows Server 2012 R2 and is used for testing.
A developer at your company creates and installs an unsigned kernel-mode driver on Server1. The developer reports that Server1 will no longer start.
You need to ensure that the developer can test the new driver. The solution must minimize the amount of data loss.
Which Advanced Boot Option should you select?
A. Disable Driver Signature Enforcement
B. Disable automatic restart on system failure
C. Last Know Good Configuration (advanced)
D. Repair Your Computer
Answer: A
Explanation:
A. By default, 64-bit versions of Windows Vista and later versions of Windows will load a kernel-mode driver only if the kernel can verify the driver signature. However, this default behavior can be disabled to facilitate early driver development and non-automated testing.
Incorrect:
Not B. specifies that Windows automatically restarts your computer when a failure occurs.
Not C. Developer would not be able to test the driver as needed.
Not D. Removes or repairs critical windows files, Developer would not be able to test the
driver as needed and some file loss.
Reference: Installing Windows Server 2012.
http://technet.microsoft.com/en-us/library/jj134246.aspx
http://msdn.microsoft.com/en-us/library/windows/hardware/ff547565(v=vs.85).aspx