♥♥ 2017 NEW RECOMMEND ♥♥

Free VCE & PDF File for Microsoft 70-412 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-412 Exam Dumps (PDF & VCE):
Available on: http://www.exam.com/70-412-dumps.html

Proper study guides for Avant-garde Microsoft Configuring Advanced Windows Server 2012 Services certified begins with Microsoft 70 412 dumps preparation products which designed to deliver the Accurate examcollection 70 412 questions by making you pass the 70 412 exam test at your first time. Try the free microsoft 70 412 demo right now.

Q21. Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. All client computers run Windows 8. 

You need to configure a custom Access Denied message that will be displayed to users when they are denied access to folders or files on Server1. 

What should you configure? 

A. A classification property 

B. The File Server Resource Manager Options 

C. A file management task 

D. A file screen template 



Access-denied assistance can be configured by using the File Server Resource Manager console on the file server. 

Note: Access-denied assistance is a new feature in Windows Server 2012, which provides the following ways to troubleshoot issues that are related to access to files and folders: 

* Self-assistance. If a user can determine the issue and remediate the problem so that they can get the requested access, the impact to the business is low, and no special exceptions are needed in the central access policy. Access-denied assistance provides an access-denied message that file server administrators can customize with information specific to their organizations. For example, an administrator could set the message so that users can request access from a data owner without involving the file server administrator. 

Reference: Scenario: Access-Denied Assistance 


Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. All servers run Windows Server 2012 R2. 

You install the DHCP Server server role on both servers. 

On Server1, you have the DHCP scope configured as shown in the exhibit. (Click the Exhibit button.) 

You need to configure the scope to be load-balanced across Server1 and Server2. 

What Windows PowerShell cmdlet should you run on Server1? To answer, select the appropriate options in the answer area. 


Q23. Your network contains two servers that run Windows Server 2012 R2 named Server1 and Server2. Both servers have the File Server role service installed. 

On Server2, you create a share named Backups. 

From Windows Server Backup on Server1, you schedule a full backup to run every night. You set the backup destination to \\\\Server2 \\Backups. 

After several weeks, you discover that \\\\Server2\\Backups only contains the last backup that completed on Server1. 

You need to ensure that multiple backups of Server1 are maintained. 

What should you do? 

A. Modify the Volume Shadow Copy Service (VSS) settings. 

B. Modify the properties of the Windows Store Service (WSService) service. 

C. Change the backup destination. 

D. Configure the permission of the Backups share. 




The destination in the exhibit shows a network share is used. If a network share is being 

used only the latest copy will be saved. 

Reference: Where should I save my backup? 


Q24. Your network contains 20 iSCSI storage appliances that will provide storage for 50 Hyper-V hosts running Windows Server 2012 R2. 

You need to configure the storage for the Hyper-V hosts. The solution must minimize administrative effort. 

What should you do first? 

A. Install the iSCSI Target Server role service and configure iSCSI targets. 

B. Install the iSNS Server service feature and create a Discovery Domain. 

C. Start the Microsoft iSCSI Initiator Service and configure the iSCSI Initiator Properties. 

D. Install the Multipath I/O (MPIO) feature and configure the MPIO Properties. 



Windows Server 2012 includes an iSCSI Target role that, along with Failover Clustering, 

allows it to become a cost-effective and highly-available iSCSI Storage Array. We can connect from our Hyper-V host to the iSCSI target on the storage array with the following PowerShell command line: 

New-IscsiTargetPortal –TargetPortalAddress <IP_Address or FQDN of storage array> 

$target = Get-IscsiTarget 

Connect-IscsiTarget –NodeAddress $target.NodeAddress 


Not B. Discovery Domains in an iSCSI fabric, like zones in a Fibre Channel fabric, enable you to partition the storage resources in your storage area network (SAN). By creating and managing Discovery Domains, you can control the iSCSI targets that each iSCSI initiator can see and log on to. 

Reference: Configure iSCSI Target Server Role on Windows Server 2012 

Q25. Your network contains an Active Directory domain named adatum.com. The domain contains a server named CA1 that runs Windows Server 2012 R2. CA1 has the Active Directory Certificate Services server role installed and is configured to support key archival and recovery. 

You need to ensure that a user named User1 can decrypt private keys archived in the Active Directory Certificate Services (AD CS) database. The solution must prevent User1 from retrieving the private keys from the AD CS database. 

What should you do? 

A. Assign User1 the Issue and Manage Certificates permission to CA1. 

B. Assign User1 the Read permission and the Write permission to all certificate templates. 

C. Provide User1 with access to a Key Recovery Agent certificate and a private key. 

D. Assign User1 the Manage CA permission to CA1. 



Understanding the Key Recovery Agent Role KRAs are Information Technology (IT) administrators who can decrypt users’ archived private keys. An organization can assign KRAs by issuing KRA certificates to designated administrators and configure them on the CA. The KRA role is not one of the default roles defined by the Common Criteria specifications but a virtual role that can provide separation between Certificate Managers and the KRAs. This allows the separation between the Certificate Manager, who can retrieve the encrypted key from the CA database but not decrypt it, and the KRA, who can decrypt private keys but not retrieve them from the CA database. 

Reference: Understanding User Key Recovery 

Q26. Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 has the IP Address Management (IPAM) Server feature installed. 

A technician performs maintenance on Server1. 

After the maintenance is complete, you discover that you cannot connect to the IPAM server on Server1. 

You open the Services console as shown in the exhibit. (Click the Exhibit button.) 

You need to ensure that you can connect to the IPAM server. 

Which service should you start? 

A. Windows Process Activation Service 

B. Windows Event Collector 

C. Windows Internal Database 

D. Windows Store Service (WSService) 



Explanation Windows Internal Database 

Windows Internal Database is a relational data store that can be used only by Windows 

roles and features. 

IPAM does not support external databases. Only a Windows Internal Database is 


IPAM stores 3 years of forensics data (IP address leases, host MAC addresses, user 

login/logoff information) for 100,000 users in a Windows Internal Database. There is no 

database purge policy provided, and the administrator must purge data manually as 



Not A. IPAM works even if the Windows Process Activation Service is not running. 

Not B. IPAM does not require the Windows Event Collector Service. It need to be running 

on the managed DC/DNS/DHCP computers. 

Not D. IPAM does not require the Windows Store Service. It provides infrastructure support 

for Windows Store.This service is started on demand and if disabled applications bought 

using Windows Store will not behave correctly. 

Reference: IPAM Deployment Planning 


You have a server named Server2 that runs Windows Server 2012 R2. You have storage provisioned on Server2 as shown in the exhibit. (Click the Exhibit button.) 

You need to configure the storage so that it appears in Windows Explorer as a drive letter on Server1. 

Which three actions should you perform in sequence? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order. 


Q28. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. 

The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA). 

All users in the domain are issued a smart card and are required to log on to their domain-joined client computer by using their smart card. 

A user named User1 resigned and started to work for a competing company. 

You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not prevent other users from logging on to the domain. 

Which tool should you use? 

A. Active Directory Administrative Center 

B. Certificate Templates 

C. The Security Configuration Wizard 

D. The Certificates snap-in 



To disable or enable a user account using Active Directory Administrative Center 

1. To open Active Directory Administrative Center, click Start , click Administrative Tools , 

and then click Active Directory Administrative Center . 

To open Active Directory Users and Computers in Windows Server 2012, click Start , type 

dsac.exe . 

2. In the navigation pane, select the node that contains the user account whose status you 

want to change. 

3. In the management list, right-click the user whose status you want to change. 

4. Depending on the status of the user account, do one of the following: . [email protected] 

Reference: Disable or Enable a User Account 

Q29. You have a DNS server named Server1 that runs Windows Server 2012 R2. Server1 has the zones shown in the following output. 

You need to delegate permissions to modify the records in the adatum.com zone to a group named Group1. 

What should you do first? 

A. Enable the distribution of the trust anchors for adatum.com. 

B. Unsign adatum.com. 

C. Store adatum.com in Active Directory. 

D. Update the server data file for adatum.com. 


Explanation: From the exhibit we see that the adatum.com zone is signed. 

A trust anchor (or trust “point”) is a public cryptographic key for a signed zone. Trust 

anchors must be configured on every non-authoritative DNS server that will attempt to 

validate DNS data. You cannot distribute trust anchors until after a zone is signed. 

Reference: Trust Anchors 



Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and configured. 

For all users, you are deploying smart cards for logon. You are using an enrollment agent to enroll the smart card certificates for the users. 

You need to configure the Contoso Smartcard Logon certificate template to support the use of the enrollment agent. 

Which setting should you modify? To answer, select the appropriate setting in the answer area.