♥♥ 2017 NEW RECOMMEND ♥♥
Free VCE & PDF File for Microsoft 70-412 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Refined of 70-412 exam answers materials and dump for Microsoft certification for customers, Real Success Guaranteed with Updated 70-412 pdf dumps vce Materials. 100% PASS Configuring Advanced Windows Server 2012 Services exam Today!
2016 Nov 70 412 study guide:
Q51. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. The system properties of Server1 are shown in the exhibit. (Click the Exhibit button.)
You need to configure Server1 as an enterprise subordinate certification authority (CA).
What should you do first?
A. Add RAM to the server.
B. Set the Startup Type of the Certificate Propagation service to Automatic.
C. Install the Certification Authority Web Enrollment role service.
D. Join Server1 to the contoso.com domain.
Enterprise CAs must be domain members. From the exhibit we see that it is only a
A new CA can be the root CA of a new PKI or subordinate to another in an existing PKI.
Enterprise subordinate certification authority.
An enterprise subordinate CA must get a CA certificate from an enterprise root CA but can
then issue certificates to all users and computers in the enterprise. These types of CAs are
often used for load balancing of an enterprise root CA.
Reference: Install a Subordinate Certification Authority
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 and a server named Server1. Both servers run Windows Server 2012 R2.
You configure the classification of a share on Server1 as shown in the Share1 Properties exhibit. (Click the Exhibit button.)
You configure the resource properties in Active Directory as shown in the Resource Properties exhibit. (Click the Exhibit button.)
You need to ensure that the Impact classification can be assigned to Share1 immediately.
Which cmdlet should you run on each server?
To answer, select the appropriate cmdlet for each server in the answer area.
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured as nodes in an NLB cluster named Cluster1. Both servers connect to the same switch.
Cluster1 hosts a secure web Application named WebApp1. WebApp1 saves user state information in a central database.
You need to ensure that the connections to WebApp1 are distributed evenly between the nodes. The solution must minimize port flooding.
What should you configure? To answer, configure the appropriate affinity and the appropriate mode for Cluster1 in the answer area.
Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012 R2.
You plan to implement a new Active Directory forest. The new forest will be used for testing and will be isolated from the production network.
In the test network, you deploy a server named Server1 that runs Windows Server 2012 R2.
You need to configure Server1 as a new domain controller in a new forest named contoso.test.
The solution must meet the following requirements:
. The functional level of the forest and of the domain must be the same as that of contoso.com. . Server1 must provide name resolution services for contoso.test.
What should you do?
To answer, configure the appropriate options in the answer area.
Q55. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA).
All users in the domain are issued a smart card and are required to log on to their domain-joined client computer by using their smart card.
A user named User1 resigned and started to work for a competing company.
You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not prevent other users from logging on to the domain.
Which tool should you use?
A. Active Directory Administrative Center
B. Certificate Templates
C. The Security Configuration Wizard
D. The Certificates snap-in
To disable or enable a user account using Active Directory Administrative Center
1. To open Active Directory Administrative Center, click Start , click Administrative Tools ,
and then click Active Directory Administrative Center .
To open Active Directory Users and Computers in Windows Server 2012, click Start , type
2. In the navigation pane, select the node that contains the user account whose status you
want to change.
3. In the management list, right-click the user whose status you want to change.
4. Depending on the status of the user account, do one of the following: . [email protected]
Reference: Disable or Enable a User Account
Q56. Your network contains an Active Directory domain named contoso.com. The domain
contains three servers named Server1, Server2, and Server3 that run Windows Server 2012 R2. All three servers have the Hyper-V server role installed and the Failover Clustering feature installed.
Server1 and Server2 are nodes in a failover cluster named Cluster1. Several highly available virtual machines run on Cluster1. Cluster1 has the Hyper-V Replica Broker role installed. The Hyper-V Replica Broker currently runs on Server1.
Server3 currently has no virtual machines.
You need to configure Cluster1 to be a replica server for Server3 and Server3 to be a replica server for Cluster1.
Which two tools should you use? (Each correct answer presents part of the solution. Choose two.)
A. The Hyper-V Manager console connected to Server3
B. The Failover Cluster Manager console connected to Server3
C. The Hyper-V Manager console connected to Server1.
D. The Failover Cluster Manager console connected to Cluster1
E. The Hyper-V Manager console connected to Server2
A. To configure the Replica server [on a server that is not part of a cluster which in this case is Server3] In Hyper-V Manager, click Hyper-V Settings in the Actions pane. In the Hyper-V Settings dialog, click Replication Configuration.
In the Details pane, select Enable this computer as a Replica server. Etc.
D. To configure a Replica server that is part of a failover cluster.
1. In Server Manager, open Failover Cluster Manager.
2. In the left pane, connect to the cluster, and while the cluster name is highlighted, click Roles in the Navigate category of the Details pane.
3. Right-click the role and choose Replication Settings.
4. In the Details pane, select Enable this cluster as a Replica server. Etc.
Reference: Deploy Hyper-V Replica , Step 2: Enable Replication
Q57. Your network contains one Active Directory domain named contoso.com. The domain contains three users named User1, User2, and User3.
You need to ensure that the users can log on to the domain by using the user principal names (UPNs) shown in the following table.
What should you use?
A. the Set-ADDomain cmdlet
B. the Add-DNSServerSecondaryZone cmdlet
C. the Setspn command
D. the Set-ADUser cmdlet
Reference: Technet, Set-ADUser https://technet.microsoft.com/en-us/library/ee617215.aspx
Q58. DRAG DROP
You have a server named Server2 that runs Windows Server 2012 R2. You have storage provisioned on Server2 as shown in the exhibit. (Click the Exhibit button.)
You need to configure the storage so that it appears in Windows Explorer as a drive letter on Server1.
Which three actions should you perform in sequence? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Q59. You have a failover cluster named Cluster1 that contains four nodes. All of the nodes run Windows Server 2012 R2.
You need to force every node in Cluster1 to contact immediately the Windows Server Update Services (WSUS) server on your network for updates.
Which tool should you use?
A. The Add-CauClusterRole cmdlet
B. The Wuauclt command
C. The Wusa command
D. The Invoke-CauScan cmdlet
The Add-CauClusterRole cmdlet adds the Cluster-Aware Updating (CAU) clustered role
that provides the self-updating functionality to the specified cluster. When the CAU
clustered role has been added to a cluster, the failover cluster can update itself on the
schedule that is specified by the user, without requiring an external computer to coordinate
the cluster updating process.
Not B. The wuauclt utility allows you some control over the functioning of the Windows
Update Agent. It is updated as part of Windows Update.
The following are the command line for wuauclt.
Initiates an asynchronous background search for applicable updates. If Automatic Updates
is disabled, this option has no effect.
Sends all queued reporting events to the server asynchronously.
/? /h /help
Shows this help information.
The Invoke-CauScan cmdlet performs a scan of cluster nodes for applicable updates and
returns a list of the initial set of updates that would be applied to each node in a specified
Note: The Invoke-CauRun cmdlet performs a scan of cluster nodes for applicable updates
and installs those updates via an Updating Run on the specified cluster.
Q60. You deploy an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as the attribute store.
Some users report that they fail to authenticate to the AD FS infrastructure.
You discover that only users who run third-party web browsers experience issues.
You need to ensure that all of the users can authenticate to the AD FS infrastructure successfully.
Which Windows PowerShell command should you run?
A. Set-ADFSProperties -ProxyTrustTokenLifetime 1:00:00
B. Set-ADFSProperties -AddProxyAuthenticationRules None
C. Set-ADFSProperties -SSOLifetime 1:00:00
D. Set-ADFSProperties -ExtendedProtectionTokenCheck None
Explanation/Reference: Certain client browser software, such as Firefox, Chrome, and Safari, do not support the Extended Protection for Authentication capabilities that can be used across the Windows platform to protect against man-in-the-middle attacks. To prevent this type of attack from occurring over secure AD FS communications, AD FS 2.0 enforces (by default) that all communications use a channel binding token (CBT) to mitigate against this threat.
Note: Disable the extended Protection for authentication To disable the Extended Protection for Authentication feature in AD FS 2.0
. On a federation server, login using the Administrator account, open the Windows PowerShell command prompt, and then type the following command: Set-ADFSProperties –ExtendedProtectionTokenCheck None . Repeat this step on each federation server in the farm.
Reference: Configuring Advanced Options for AD FS 2.0