Braindump2go Free Cisco, Microsoft, CompTIA, VMware, Oracle Exam Questions ,PDF & VCE Dumps Download

Braindump2go Guarantee Microsoft 70-412 100% Success By Using Latest Microsoft 70-412 Practice Exams Questions (41-50)

MICROSOFT OFFICIAL: New Updated 70-412 Exam Questions from Braindump2go 70-412 PDF Dumps and 70-412 VCE Dumps! Welcome to Download the Newest Braindump2go 70-412 VCE&PDF Dumps: http://www.braindump2go.com/70-412.html (392 Q&As)

Get Prepared with fully updated Microsoft 70-412 Real Exam Questions and Accurate Answers for 70-412 Exam Dumps. Braindump2go IT experts review the 70-412 newly added qustions and suggest Correct Microsoft 70-412 Exam Questions Answers in Real Time. 100% Pass easily!

Exam Code: 70-412
Exam Name Configuring Advanced Windows Server 2012 Services
Certification Provider: Microsoft
Corresponding Certifications: MCSA: Windows Server 2012, MCSE: Desktop Infrastructure, MCSE: Private Cloud, MCSE: Server Infrastructure

Keywords:70-412 Dumps,70-412 Exam Questions,70-412 Book,70-412 E-Book,70-412 PDF,70-412 VCE,70-412 Configuring Advanced Windows Server 2012 R2 Services,70-412 Braindump,70-412 Study Guide,70-412 Practice Tests,70-412 Practice Exams

QUESTION 41
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as a standalone certification authority (CA).
You install a second server named Server2.
You install the Online Responder role service on Server2.
You need to ensure that Server1 can issue an Online Certificate Status Protocol (OCSP) Response Signing certificate to Server2.
What should you do?

A.    On Server1, run the certutil.exe command and specify the -setreg parameter.
B.    On Server2, run the certutil.exe command and specify the -policy parameter.
C.    On Server1, configure Security for the OCSP Response Signing certificate template.
D.    On Server2, configure Issuance Requirements for the OCSP Response Signing certificate template.

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc732526.aspx

QUESTION 42
Your network contains an Active Directory domain named adatum.com. The domain contains a server named CA1 that runs Windows Server 2012 R2. CA1 has the Active Directory Certificate Services server role installed and is configured to support key archival and recovery.
You need to ensure that a user named User1 can decrypt private keys archived in the Active Directory Certificate Services (AD CS) database.
The solution must prevent User1 from retrieving the private keys from the AD CS database.
What should you do?

A.    Assign User1 the Issue and Manage Certificates permission to Server1.
B.    Assign User1 the Read permission and the Write permission to all certificate templates.
C.    Provide User1 with access to a Key Recovery Agent certificate and a private key.
D.    Assign User1 the Manage CA permission to Server1.

Answer: C
Explanation:
http://social.technet.microsoft.com/wiki/contents/articles/7573.active-directory-certificate- services-pki-keyarchival-and-management.aspx#Protecting_Key_Recovery_Agent_Keys

QUESTION 43
Your network contains an Active Directory domain named contoso.com.
The domain contains two sites named Site1 and Site2 and two domain controllers named DC1 and DC2. Both domain controllers are located in Site1.
You install an additional domain controller named DC3 in Site1 and you ship DC3 to Site2.
A technician connects DC3 to Site2.
You discover that users in Site2 are authenticated by all three domain controllers.
You need to ensure that the users in Site2 are authenticated by DC1 or DC2 only if DC3 is unavailable.
What should you do?

A.    From Network Connections, modify the IP address of DC3.
B.    In Active Directory Sites and Services, modify the Query Policy of DC3.
C.    From Active Directory Sites and Services, move DC3.
D.    In Active Directory Users and Computers, configure the insDS-PrimaryComputer attribute for the
users in Site2.

Answer: C
Explanation:
http://social.technet.microsoft.com/wiki/contents/articles/7573.active-directory-certificateservices- pki-keyarchival-and-anagement.aspx#Protecting_Key_Recovery_Agent_Keys

QUESTION 44
Your network contains two Active Directory forests named contoso.com and adatum.com. Contoso.com contains one domain. Adatum.com contains a child domain named child.adatum.com. Contoso.com has a one-way forest trust to adatum.com.
Selective authentication is enabled on the forest trust.
Several user accounts are migrated from child.adatum.com to adatum.com.
Users report that after the migration, they fail to access resources in contoso.com.
The users successfully accessed the resources in contoso.com before the accounts were migrated.
You need to ensure that the migrated users can access the resources in contoso.com.
What should you do?

A.    Replace the existing forest trust with an external trust.
B.    Run netdom and specify the /quarantine attribute.
C.    Disable SID filtering on the existing forest trust.
D.    Disable selective authentication on the existing forest trust.

Answer: C
Explanation:
B. Enables administrators to manage Active Directory domains and trust relationships from the command prompT, /quarantine Sets or clears the domain quarantine
C. Need to gran access to the resources in contoso.com
D. Selective authentication over a forest trust restricts access to only those users in a trusted forest who have been explicitly given authentication permissions to computer objects (resource
computers) that reside in the trusting forest
http://technet.microsoft.com/en-us/library/cc755321(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc758152(v=ws.10).aspx

QUESTION 45
You have four servers that run Windows Server 2012 R2.
The servers have the Failover Clustering feature installed.
You deploy a new cluster named Cluster1.
Cluster1 is configured as shown in the following table.

Site2 is a disaster recovery site. Server1, Server2, and Server3 are configured as the preferred owners of the cluster roles. Dynamic quorum management is disabled.
You plan to perform hardware maintenance on Server3.
You need to ensure that if the WAN link between Site1 and Site2 fails while you are performing maintenance on Server3, the cluster resource will remain available in Site1.
What should you do?

A.    Enable dynamic quorum management.
B.    Remove the node vote for Server3.
C.    Add a file share witness in Site1.
D.    Remove the node vote for [C1] Server4 and Server5.

Answer: D
Explanation:
http://msdn.microsoft.com/en-us/library/hh270280.aspx#VotingandNonVotingNodes

QUESTION 46
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server2 that runs Windows Server 2012 R2.
You are a member of the local Administrators group on Server2.
You install an Active Directory Rights Management Services (AD RMS) root cluster on Server2.
You need to ensure that the AD RMS cluster is discoverable automatically by the AD RMS client computers and the users in contoso.com.
Which additional configuration settings should you configure? To answer, select the appropriate tab in the answer area.

Answer:

QUESTION 47
Your network contains an Active Directory domain named contoso.com.
The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 has the DNS Server server role installed.
The network contains client computers that run either Linux, Windows 7, or Windows 8.
You have a zone named adatum.com as shown in the exhibit. (Click the Exhibit button.)

You plan to configure Name Protection on all of the DHCP servers.
You need to configure the adatum.com zone to support Name Protection.
Which two configurations should you perform from DNS Manager? (Each correct answer presents part of the solution. Choose two.)

A.    Sign the zone.
B.    Store the zone in Active Directory.
C.    Modify the Security settings of the zone.
D.    Configure Dynamic updates.
E.     Add a DNS key record

Answer: BD

QUESTION 48
You have a test server named Server1 that is configured to dual-boot between Windows Server 2008 R2 and Windows Server 2012 R2.
You start Server1 and you discover that the boot entry for Windows Server 2008 R2 no longer appears on the boot menu.
You start Windows Server 2012 R2 on Server1 and you discover the disk configurations shown in the following table.

You need to restore the Windows Server 2008 R2 boot entry on Server1.
What should you do?

A.    Run bcdedit.exe and specify the /createstore parameter.
B.    Run bootrec.exe and specify the /scanos parameter.
C.    Run bcdboot.exe d:\windows.
D.    Run bootrec.exe and specify the /rebuildbcd parameter.

Answer: D
Explanation:
A. BCDEdit is a command-line tool for managing BCD stores. It can be used for a variety of purposes, including creating new stores, modifying existing stores, adding boot menu options, /Createstore Creates a new empty boot configuration data store.
The created store is not a system store.
B. Bootrec.exe tool to troubleshoot “Bootmgr Is Missing” issue. The /ScanOs option scans all disks for installations that are c mpatible with Windows Vista or Windows 7.
Additionally, this option displays the entries that are currently not in the BCD store.
Use this option when there are Windows Vista or Windows 7 installations that the Boot Manager menu does not list.
D. Bootrec.exe tool to troubleshoot “Bootmgr Is Missing” issue. The /ScanOs option scans all disks for installations that are compatible with Windows Vista or Windows 7.
Additionally, this option displays the entries that are currently not in the BCD store.
Use this option when there are Windows Vista or Windows 7 installations that the Boot Manager menu does not list.
http://technet.microsoft.com/en-us/library/cc709667(v=ws.10).aspx
http://support.microsoft.com/kb/927392/en-us

 

QUESTION 49
You have a DHCP server named Server1. Server1 has one network adapter. Server1 is located on a subnet named Subnet1. Server1 has scope named Scope1. Scope1 contains IP addresses for the 192.168.1.0/24 network. Your company is migrating the IP addresses on Subnet1 to use a network ID of 10.10.0.0/16. On Server11 you create a scope named Scope2.
Scope2 contains IP addresses for the 10.10.0.0/16 network.
You need to ensure that clients on Subnet1 can receive IP addresses from either scope.
What should you create on Server1?

A.    A multicast scope
B.    A scope
C.    A superscope
D.    A split-scope

Answer: C
Explanation:
A. Multicasting is the sending of network traffic to a group of endpointsdestination hosts. Only those members in the group of endpoints hosts that are listening for the multicast traffic (the multicast group) process the multicast traffic
B. A scope is an administrative grouping of IP addresses for computers on a subnet that use the Dynamic Host Configuration Protocol (DHCP) service. The administrator first creates a scope for each physical subnet and then uses the scope to define the parameters used by clients.
C. A superscope is an administrative feature of Dynamic Host Configuration Protocol (DHCP) servers running Windows Server 2008 that you can create and manage by using the DHCP Microsoft Management Console (MMC) snap-in.
By using a superscope, you can group multiple scopes as a single administrative entity.
http://technet.microsoft.com/en-us/library/dd759152.aspx
http://technet.microsoft.com/en-us/library/dd759218.aspx
http://technet.microsoft.com/en-us/library/dd759168.aspx

QUESTION 50
Your network contains an Active Directory domain named adatum.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. On Dc1, you open DNS Manager as shown in the exhibit. (Click the Exhibit button.)

You need to change the zone type of the contoso.com zone from an Active Directory-integrated zone to a standard primary zone.
What should you do before you change the zone type?

A.    Unsign the zone.
B.    Modify the Zone Signing Key (ZSK).
C.    Modify the Key Signing Key (KSK).
D.    Change the Key Master.

Answer: A
Explanation:
A. Lock icon indicating that it is currently signed with DNSSEC, zone must be unsignes
B. An authentication key that corresponds to a private key used to sign a zone.
C. The KSK is an authentication key that corresponds to a private key used to sign one or more other signing keys for a given zone.
Typically, the private key corresponding to a KSK will sign a ZSK, which in turn has a corresponding private key that will sign other zone data.
http://technet.microsoft.com/en-us/library/hh831411.aspx
http://technet.microsoft.com/en-us/library/ee649132(v=ws.10).aspx


Braindump2go Offers PDF & VCE Dumps Download for New Released Microsoft 70-412 Exam! 100% Exam Success Guaranteed OR Full Money Back Instantly!

FREE DOWNLOAD: NEW UPDATED 70-412 PDF Dumps & 70-412 VCE Dumps from Braindump2go: http://www.braindump2go.com/70-412.html (392 Q&As)