Examcollection provides on the internet technical support by chat or email. Please do not hesitate to contact us when you acquire into virtually any trouble or have a number of suggestions. We may reply you since soon since possible. Still, if you cant find your own preferred Microsoft certification exam info, use the actual Search field on the home page. We hope you discover our site informative as well as practical.
2021 Dec 70-412 braindumps
Q31. You have an Active Directory Rights Management Services (AD RMS) cluster.
You need to prevent users from encrypting new content. The solution must ensure that the users can continue to decrypt content that was encrypted already.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. From the Active Directory Rights Management Services console, enable decommissioning.
B. From the Active Directory Rights Management Services console, create a user exclusion policy.
C. Modify the NTFS permissions of %systemdrive%\inetpub\wwwroot\_wmcs\licensing.
D. Modify the NTFS permissions of %systemdrive%\inetpub\wwwroot\_wmcs\decommission.
E. From the Active Directory Rights Management Services console, modify the rights policy templates.
Answer: A,D
Explanation:
* Decommissioning refers to the entire process of removing the AD RMS cluster and its
associated databases from an organization. This process allows you to save rights-
protected files as ordinary files before you remove AD RMS from your infrastructure so that
you do not lose access to these files.
Decommissioning an AD RMS cluster is achieved by doing the following:
/ Enable the decommissioning service. (A)
/ Modify permissions on the decommissioning pipeline.
/ Configure the AD RMS-enabled application to use the decommissioning pipeline.
* To modify the permissions on the decommissioning pipeline
1. Log on to ADRMS-SRV as cpandl\administrator.
2. Click Start, type %systemdrive%\inetpub\wwwroot\_wmcs in the Start Search box, and
then press ENTER.
3. Right-click the decommission folder, and then click Properties.
4. Click the Security tab, click Edit, and then click Add. (D)
Etc.
Reference: Step 1: Decommission AD RMS Root Cluster
Q32. HOTSPOT
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
On DC1, you create an Active Directory-integrated zone named Zone1. You verify that
Zone1 replicates to DC2.
You use DNSSEC to sign Zone1.
You discover that the updates to Zone1 fail to replicate to DC2.
You need to ensure that Zone1 replicates to DC2.
What should you configure on DC1?
To answer, select the appropriate tab in the answer area.
Answer:
Q33. You have 20 servers that run Windows Server 2012 R2.
You need to create a Windows PowerShell script that registers each server in Windows Azure Backup and sets an encryption passphrase.
Which two PowerShell cmdlets should you run in the script? (Each correct answer presents part of the solution. Choose two.)
A. New-OBPolicy
B. New-OBRetentionPolicy
C. Add-OBFileSpec
D. Start-OBRegistration
E. Set OBMachineSetting
Answer: D,E
Explanation:
D. Start-OBRegistration Registers the current computer with Windows Azure Online Backup using the credentials (username and password) created during enrollment.
E. The Set-OBMachineSetting cmdlet sets a OBMachineSetting object for the server that includes proxy server settings for accessing the internet, network bandwidth throttling settings, and the encryption passphrase that is required to decrypt the files during recovery to another server.
Incorrect:
Not C. TheAdd-OBFileSpeccmdlet adds theOBFileSpecobject, which specifies the items to
include or exclude from a backup, to the backup policy (OBPolicyobject).
TheOBFileSpecobject can include or exclude multiple files, folders, or volumes. T Reference: Start-OBRegistration; Set OBMachineSetting http://technet.microsoft.com/en-us/library/hh770398.aspx http://technet.microsoft.com/en-us/library/hh770409.aspx
Q34. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.
You add two additional nodes in Cluster1.
You have a folder named Folder1 on Server1 that hosts Application data. Folder1 is a folder target in a Distributed File System (DFS) namespace.
You need to provide highly available access to Folder1. The solution must support DFS Replication to Folder1.
What should you configure?
A. Affinity-None
B. Affinity-Single
C. The cluster quorum settings
D. The failover settings
E. A file server for general use
F. The Handling priority
G. The host priority
H. Live migration
I. The possible owner
J. The preferred owner
K. Quick migration
L. The Scale-Out File Server
Answer: E
Explanation:
File Server for general use
Note: You can deploy and configure a clustered file server by using either of the following methods:
* File Server for general use. This is the continuation of the clustered file server that has been supported in Windows Server since the introduction of Failover Clustering. This type of clustered file server, and therefore all the shares associated with the clustered file server, is online on one node at a time. This is sometimes referred to as active-passive or dual-active. File shares associated with this type of clustered file server are called clustered file shares. This is the recommended file server type when deploying information worker scenarios.
* Scale-Out File Server for application data This clustered file server feature was introduced in Windows Server 2012, and it lets you store server application data, such as Hyper-V virtual machine files, on file shares, and obtain a similar level of reliability, availability, manageability, and high performance that you would expect from a storage area network. All file shares are simultaneously online on all nodes. File shares associated with this type of clustered file server are called scale-out file shares. This is sometimes referred to as active-active. This is the recommended file server type when deploying either Hyper-V over Server Message Block (SMB) or Microsoft SQL Server over SMB.
Reference: Scale-Out File Server for Application Data Overview
Q35. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012.
Server1 and Server2 have the Hyper-V server role and the Failover Clustering feature installed.
Server1 and Server2 are members of a cluster named Cluster1. Cluster1 hosts 10 virtual machines.
When you try to migrate a running virtual machine from one server to another, you receive the following error message: "There was an error checking for virtual machine compatibility on the target node."
You need to ensure that the virtual machines can be migrated from one node to another.
From which node should you perform the configuration?
To answer, select the appropriate node in the answer area.
Answer:
Avant-garde 70-412 practice exam:
Q36. DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains four member servers named Server1, Server2, Server3, and Server4. Server1 and Server2 run Windows Server 2008 R2.
Server1 and Server2 have the Hyper-V server role and the Failover Clustering feature installed. Failover
Clustering is configured to provide highly available virtual machines by using a cluster
named Cluster1.
Cluster1 hosts 10 virtual machines.
Server3 and Server4 run Windows Server 2012 R2.
You install the Hyper-V server role and the Failover Clustering feature on Server3 and Server4. You create a cluster named Cluster2.
You need to migrate cluster resources from Cluster1 to Cluster2. The solution must minimize downtime on the virtual machines.
Which five actions should you perform?
To answer, move the appropriate five actions from the list of actions to the answer area
and arrange them in the correct order.
Answer:
Q37. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured to support key archival and recovery.
You create a new Active Directory group named Group1.
You need to ensure that the members of Group1 can request a Key Recovery Agent certificate.
The solution must minimize the permissions assigned to Group1.
Which two permissions should you assign to Group1? (Each correct answer presents part of the solution. Choose two.)
A. Read
B. Auto enroll
C. Write
D. Enroll
E. Full control
Answer: A,D
Explanation:
See step 6 below. To configure the Key Recovery Agent certificate template Open the Certificate Templates snap-in. In the console tree, right-click the Key Recovery Agent certificate template. Click Duplicate Template. In Template, type a new template display name, and then modify any other optional properties as needed. On the Security tab, click Add, type the name of the users you want to issue the key recovery agent certificates to, and then click OK. Under Group or user names, select the user names that you just added. Under Permissions, select the Read and Enroll check boxes, and then click OK.
Reference: Identify a Key Recovery Agent
Q38. Your network contains an Active directory forest named contoso.com. The forest contains two child domains named east.contoso.com and west.contoso.com.
You install an Active Directory Rights Management Services (AD RMS) cluster in each child domain.
You discover that all of the users in the contoso.com forest are directed to the AD RMS cluster in east.contoso.com.
You need to ensure that the users in west.contoso.com are directed to the AD RMS cluster in west.contoso.com and that the users in east.contoso.com are directed to the AD RMS cluster in east.contoso.com.
What should you do?
A. Modify the Service Connection Point (SCP).
B. Configure the Group Policy object (GPO) settings of the users in the west.contoso.com domain.
C. Configure the Group Policy object (GPO) settings of the users in the east.contoso.com domain.
D. Modify the properties of the AD RMS cluster in west.contoso.com.
Answer: B
Explanation:
The west.contoso.com are the ones in trouble that need to be redirected to the west.contoso.com not the east.contoso.com.
Note: It is recommended that you use GPO to deploy AD RMS client settings and that you only deploy settings as needed.
Reference: AD RMS Best Practices Guide
Q39. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs a Server Core installation of Windows Server 2012 R2.
You need to deploy a certification authority (CA) to Server1. The CA must support the auto-enrollment of certificates.
Which two cmdlets should you run? (Each correct answer presents part of the solution.
Choose two.)
A. Add-CAAuthoritylnformationAccess
B. Install-AdcsCertificationAuthority
C. Add-WindowsFeature
D. Install-AdcsOnlineResponder
E. Install-AdcsWebEnrollment
Answer: B,E
Explanation:
Explanation
B. The Install-AdcsCertificationAuthority cmdlet performs installation and configuration of
the AD CS CA role service. It can be used to install a root CA.
Example:
Install-AdcsCertificationAuthority –CAType StandaloneRootCA –CACommonName
"ContosoRootCA" –KeyLength 2048 –HashAlgorithm SHA1 –CryptoProviderName
"RSA#Microsoft Software Key Storage Provider"
E: The Install-AdcsWebEnrollment cmdlet performs initial installation and configuration of
the Certification Authority Web Enrollment role service.
Note: Prior to the availability of Certificate Enrollment Web Services, AD CS required that client computers configured for certificate auto-enrollment be connected directly to the corporate network. Certificate Enrollment Web Services allows organizations to enable AD CS using a perimeter network. This allows users and computers outside the corporate network to enroll for certificates.
Certificate Enrollment web service
Reference: Deploying AD CS Using Windows PowerShell
Q40. DRAG DROP
Your network contains an Active Directory domain named contoso.com. All file servers in the domain run Windows Server 2012 R2.
The computer accounts of the file servers are in an organizational unit (OU) named OU1. A Group Policy object (GPO) named GPO1 is linked to OU1.
You plan to modify the NTFS permissions for many folders on the file servers by using central access policies.
You need to identify any users who will be denied access to resources that they can currently access once the new permissions are implemented.
In which order should you Perform the five actions?
Answer: