Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(331-337)!

QUESTION 331
Hotspot Question
Your network contains two Web servers named Server1 and Server2. Both servers run Windows Server 2012 R2.
Server1 and 5erver2 are nodes in a Network Load Balancing (NLB) cluster. The NLB cluster contains an application named App1 that is accessed by using the name appl.contoso.com.
The NLB cluster has the port rules configured as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[16]
To answer, complete each statement according to the information presented in the exhibit.
Each correct selection is worth one point.
 clip_image002[14]
Answer:
 clip_image002[16]

QUESTION 332
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
You install the IP Address Management (IPAM) Server feature on a server named Server1 and select Manual as the provisioning method.
The IPAM database is located on a server named SQL1.
You need to configure IPAM to use Group Policy Based provisioning.
What command should you run first?
To answer, select the appropriate options in the answer area.
 clip_image001[18]
Answer:
 clip_image001[20]

QUESTION 333
Your network contains an Active Directory domain named contoso.com. The domain contains an IP Address Management (IPAM) server that uses a Windows Internal Database.
You install a Microsoft SQL Server 2012 instance on a new server.
You need to migrate the IPAM database to the SQL Server instance.
Which cmdlet should you run?

A.    Disable-IpamCapability
B.    Set-IpamConfiguration
C.    Update-IpamServer
D.    Move-IpamDatabase

Answer: D

QUESTION 334
Your network contains an Active Directory domain named contoso.com. The domain contains a certification authority (CA).
You suspect that a certificate issued to a Web server is compromised.
You need to minimize the likelihood that users will trust the compromised certificate.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)

A.    Stop the Certificate Propagation service.
B.    Modify the validity period of the Web Server certificate template.
C.    Run certutil and specify the -revoke parameter.
D.    Run certutil and specify the -deny parameter.
E.    Publish the certificate revocation list (CRL).

Answer: CE
Explanation:
First revoke the certificate, then publish the CRL.

QUESTION 335
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
Server1 is an enterprise root certification authority (CA) for contoso.com.
You need to ensure that the members of a group named Group1 can request code signing
certificates. The certificates must be issued automatically to the members.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    From Certificate Templates, modify the certificate template.
B.    From Certification Authority, add a certificate template to be issued.
C.    From Certificate Authority, modify the CA properties.
D.    From Certificate Templates, duplicate a certificate template.
E.    From Certificate Authority, stop and start the Active Directory Certificate Services (AD CS) service.

Answer: AB
Explanation:
First modify the certificate template in Certificate Templates, then add it in Certification Authority.

QUESTION 336
Hotspot Question
Your network contains an Active Directory forest.
You implement Dynamic Access Control in the forest.
You have the claim types shown in the Claim Types exhibit. (Click the Exhibit button.)
 clip_image002[18]
The properties of a user named User1 are configured as shown in the User1 exhibit. (Click the Exhibit button.)
 clip_image001[22]
The output of Whoa mi /claims for a user named User2 is shown in the Whoa mi exhibit.
(Click the Exhibit button.)
 clip_image001[24]
Select Yes if the statement can be shown to be true based on the available information; otherwise select No. Each correct selection is worth one point.
 clip_image001[26]
Answer:
 clip_image001[28]

QUESTION 337
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
You are creating a central access rule named TestFinance that will be used to grant members of the Authenticated users group access to a folder stored on a Microsoft SharePoint Server 2013 server.
You need to ensure that the permissions are granted when the rule is published. What should you do?

A.    Set the Permissions to Use the following permissions as proposed permissions.
B.    Set the Permissions to Use following permissions as current permissions.
C.    Add a Resource condition to the current permissions entry for the Authenticated Users principal.
D.    Add a User condition to the current permissions entry for the Authenticated Users principal.

Answer: B

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-412 Dump: http://www.braindump2go.com/70-412.html


Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(321-330)!

QUESTION 321
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012.
Server1 is the enterprise root certification authority (CA) for contoso.com.
You need to enable CA role separation on Server1.
Which tool should you use?

A.    The Certutil command
B.    The Authorization Manager console
C.    The Certsrv command
D.    The Certificates snap-in

Answer: A

QUESTION 322
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server3. The network contains a standalone server named Server2.
All servers run Windows Server 2012 R2. The servers are configured as shown in the following table.
 clip_image001
Server3 hosts an application named Appl. App1 is accessible internally by using the URL https://appl.contoso.com. App1 only supports Integrated Windows authentication.
You need to ensure that all users from the Internet are pre-authenticated before they can access Appl.
What should you do?
To answer, drag the appropriate servers to the correct actions. Each server may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 clip_image001[4]
Answer:
 clip_image001[6]

QUESTION 323
You have five servers that run Windows Server 2012 R2. The servers have the Failover Clustering feature installed. You deploy a new cluster named Cluster1. Cluster1 is configured as shown in the following table.
 clip_image001[8]
Server1, Server2, and Server3 are configured as the preferred owners of the cluster roles.
Dynamic quorum management is disabled.
You plan to perform hardware maintenance on Server3.
You need to ensure that if the WAN link between Site1 and Site2 fails while you are performing maintenance on Server3, the cluster resource will remain available in Site1.
What should you do?

A.    Add a file share witness in Site1.
B.    Enable DrainOnShutdown on Cluster1.
C.    Remove the node vote for Server4 and Servers.
D.    Remove the node vote for Server3.

Answer: C

QUESTION 324
Hotspot Question
You have a server named Server1 that runs Windows Server 2012 R2.
Server1 has access to disks that connect to a RAID controller, iSCSI disks, and disks connected to a SCSI controller.
You plan to use a tiered storage space on Server1.
You need to identify which storage controller and volume type you must use for the tiered storage space.
Which storage components should you use?
To answer, select the appropriate options in the answer area.
 clip_image001[10]
Answer:
 clip_image001[12]

QUESTION 325
Drag and Drop Question
Your network contains an Active Directory domain named adatum.com. The domain contains three servers. The servers are configured as shown in the following table.
 clip_image001[14]
Server1 is configured as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[4]
Template1 contains custom cryptography settings that are required by the corporate security team.
On Server2, an administrator successfully installs a certificate based on Template1.
The administrator reports that Template1 is not listed in the Certificate Enrollment wizard on Server3, even after selecting the Show all templates check box.
You need to ensure that you can install a server authentication certificate on Server3. The certificate must comply with the cryptography requirements.
Which three actions should you perform in sequence?
To answer, move the appropriate three actions from the list of actions to the answer area and arrange them in the correct order.
 clip_image002[6]
Answer:
 clip_image002[8]

QUESTION 326
Your network contains an Active Directory domain named contoso.com.
You deploy a server named Server1 that runs Windows Server 2012 R2.
A local administrator installs the Active Directory Rights Management Services server role on Server1.
You need to ensure that AD RMS clients can discover the AD RMS cluster automatically.
What should you do?

A.    Run the Active Directory Rights Management Services console by using an account that is a member
of the Schema Admins group, and then configure the proxy settings.
B.    Run the Active Directory Rights Management Services console by using an account that is a member
of the Schema Admins group, and then register the Service Connection Point (SCP).
C.    Run the Active Directory Rights Management Services console by using an account that is a member
of the Enterprise Admins group, and then register the Service Connection Point (SCP).
D.    Run the Active Directory Rights Management Services console by using an account that is a member
of the Enterprise Admins group, and then configure the proxy settings.

Answer: C

QUESTION 327
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured to support key archival and recovery.
You create a new Active Directory group named Group1.
You need to ensure that the members of Group1 can request a Key Recovery Agent certificate. The solution must minimize the permissions assigned to Group1.
Which two permissions should you assign to Group1? (Each correct answer presents part of the solution. Choose two.)

A.    Read
B.    Auto enroll
C.    Write
D.    Enroll
E.    Full control

Answer: AD
Explanation:
* In Template, type a new template display name, and then modify any other optional properties as needed.
On the Security tab, click Add, type the name of the users you want to issue the key recovery agent certificates to, and then click OK. Under Group or user names, select the user names that you just added. Under Permissions, select the Read and Enroll check boxes, and then click OK.

QUESTION 328
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 and a member server named Server1. All servers run Windows Server 2012 R2.
You install the IP Address Management (IPAM) Server feature on Server1.
From the Provision IPAM wizard, you select the Group Policy Based provisioning method and enter a GPO name prefix of IPAM1.
You need to provision IPAM by using Group Policy.
What command should you run on Server1 to complete the process?
To answer, select the appropriate options in the answer area.
 clip_image002[10]
Answer:
 clip_image002[12]

QUESTION 329
You have a server named DNS1 that runs Windows Server 2012 R2.
You discover that the DNS resolution is slow when users try to access the company intranet home page by using the URL http://companyhome.
You need to provide single-label name resolution for CompanyHome that is not dependent on the suffix search order.
Which three cmdlets should you run? (Each correct answer presents part of the solution.
Choose three.)

A.    Add-DnsServerPrimaryZone
B.    Add-DnsServerResourceRecordCName
C.    Set-DnsServerDsSetting
D.    Set-DnsServerGlobalNameZone
E.    Set-DnsServerEDns
F.    Add-DnsServerDirectory Partition

Answer: ABD
Explanation:
*The Add-DnsServerPrimaryZone cmdlet adds a specified primary zone on a Domain Name System (DNS) server.
* The Add-DnsServerResourceRecordCName cmdlet adds a canonical name (CNAME) resource record to a specified Domain Name System (DNS) zone. A CNAME record allows you to use more than one resource record to refer to a single host *The Set-DnsServerGlobalNameZone cmdlet enables or disables single-label Domain Name System (DNS) queries.
It also changes configuration settings for a GlobalNames zone.
The GlobalNames zone supports short, easy-to-use names instead of fully qualified domain names (FQDNs) without using Windows Internet Name Service (WINS) technology. For instance, DNS can query SarahJonesDesktop instead of SarahJonesDesktop.contoso.com.

QUESTION 330
Your network contains three servers named HV1, HV2, and Server1 that run Windows Server 2012 R2. HV1 and HV2 have the Hyper-V server role installed. Server1 is a file server that contains 3 TB of free disk space.
HV1 hosts a virtual machine named VM1. The virtual machine configuration file for VM1 is stored in D:\VM and the virtual hard disk file is stored in E:\VHD.
You plan to replace drive E with a larger volume.
You need to ensure that VM1 remains available from HV1 while drive E is being replaced. You want to achieve this goal by using the minimum amount of administrative effort.
What should you do?

A.    Perform a live migration to HV2.
B.    Add HV1 and HV2 as nodes in a failover cluster. Perform a storage migration to HV2.
C.    Add HV1 and HV2 as nodes in a failover cluster. Perform a live migration to HV2.
D.    Perform a storage migration to Server1.

Answer: D

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-412 Dump: http://www.braindump2go.com/70-412.html


Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(311-320)!

QUESTION 311
You have five servers that run Windows Server 2012 R2. The servers have the Failover Clustering feature installed. You deploy a new cluster named Cluster1. Cluster1 is configured as shown in the following table.
 clip_image001[1]
Server1, Server2, and Server3 are configured as the preferred owners of the cluster roles.
Dynamic quorum management is disabled.
You plan to perform hardware maintenance on Server3.
You need to ensure that if the WAN link between Site1 and Site2 fails while you are performing maintenance on Servers, the cluster resource will remain available in Site1.
What should you do?

A.    Add a file share witness in Site1.
B.    Enable DrainOnShutdown on Cluster1.
C.    Remove the node vote for Server4 and Servers.
D.    Remove the node vote for Server3.

Answer: C

QUESTION 312
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. Server1 is configured to resolve single-label names for DNS clients.
You need to view the number of queries for single-label names that are resolved by Server1.
What command should you run?
To answer, select the appropriate options in the answer area.
 clip_image001[3]
Answer:
 clip_image001[5]

QUESTION 313
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 has the IP Address Management (IPAM) Server feature installed.
A technician performs maintenance on Server1.
After the maintenance is complete, you discover that you cannot connect to the IPAM server on Server1.
You open the Services console as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[7]
You need to ensure that you can connect to the IPAM server.
Which service should you start?

A.    Windows Process Activation Service
B.    windows Event Collector
C.    Windows Internal Database
D.    Windows Store Service (WSService)

Answer: C

QUESTION 314
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
You have a Dynamic Access Control policy named Policy1.
You create a new Central Access Rule named Rule1.
You need to add Rule1 to Policy1.
What command should you run?
To answer, select the appropriate options in the answer area.
 clip_image001[9]
Answer:
 clip_image001[11]

QUESTION 315
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 and a server named Server1. Both servers run Windows Server 2012 R2.
You configure the classification of a share on Server1 as shown in the Share1 Properties exhibit. (Click the Exhibit button.)
You configure the resource properties in Active Directory as shown in the Resource Properties exhibit. (Click the Exhibit button.)
 clip_image002[1]
You need to ensure that the Impact classification can be assigned to Share1 immediately.
Which cmdlet should you run on each server?
To answer, select the appropriate cmdlet for each server in the answer area.
 clip_image001[13]
Answer:
 clip_image001[15]

QUESTION 316
Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. The domains contain three domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[17]
You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring setting is enforced in both domains.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)

A.    Raise the domain functional level of contoso.com.
B.    Raise the domain functional level ofchildl.contoso.com.
C.    Raise the forest functional level of contoso.com.
D.    Upgrade DC11 to Windows Server 2012 R2.
E.    Upgrade DC1 to Windows Server 2012 R2.

Answer: AE
Explanation:
The root domain in the forest must be at Windows Server 2012 level. First upgrade DC1 to this level, then raise the contoso.com domain functional level to Windows Server 2012.

QUESTION 317
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed. Server1 has an IPv6 scope named Scope1.
You implement an additional DHCP server named Server2 that runs Windows Server 2012 R2.
You need to provide high availability for Scope1. The solution must minimize administrative effort.
What should you do?

A.    Install and configure Network Load Balancing (NLB) on Server1 and Server2.
B.    Create a scope on Server2.
C.    Configure DHCP failover on Server1.
D.    Install and configure Failover Clustering on Server1 and Server2.

Answer: B

QUESTION 318
Your company has two offices. The offices are located in Seattle and Montreal.
The network contains an Active Directory domain named contoso.com. The domain contains two DHCP servers named Server1 and Server2. Server1 is located in the Seattle office. Server2 is located in the Montreal office. All servers run Windows Server 2012 R2.
You need to create a DHCP scope for video conferencing in the Montreal office. The scope must be configured as shown in the following table.
 clip_image001[19]
Which Windows PowerShell cmdlet should you run?

A.    Add-DchpServerv4SuperScope
B.    Add-DchpServerv4MulticastScope
C.    Add-DHCPServerv4Policy
D.    Add-DchpServerv4Scope

Answer: B

QUESTION 319
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server3 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
DHCP is configured as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[21]
Scope1, Scope2, and Scope3 are configured to assign the IP addresses of two DNS servers to DHCP clients. The remaining scopes are NOT configured to assign IP addresses of DNS servers to DHCP clients.
You need to ensure that only Scope1, Scope3, and Scopes assign the IP addresses of the DNS servers to the DHCP clients. The solution must minimize administrative effort.
What should you do?

A.    Create a superscope and a filter.
B.    Create a superscope and scope-level policies.
C.    Configure the Server Options.
D.    Configure the Scope Options.

Answer: C

QUESTION 320
You have an Active Directory Rights Management Services (AD RMS) cluster.
You need to prevent users from encrypting new content. The solution must ensure that the users can continue to decrypt content that was encrypted already.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)

A.    From the Active Directory Rights Management Services console, enable decommissioning.
B.    From the Active Directory Rights Management Services console, create a user exclusion policy.
C.    Modify the NTFS permissions of %systemdrive%\inetpub\wwwroot\_wmcs\licensing.
D.    Modify the NTFS permissions of
%systemdrive%\inetpub\wwwroot\_wmcs\decommission.
E.    From the Active Directory Rights Management Services console, modify the rights policy templates.

Answer: BE

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-412 Dump: http://www.braindump2go.com/70-412.html


Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(301-310)!

QUESTION 301
Hotspot Question
You have a server named Server1 that runs Windows Server 2012 R2.
You are configuring a storage space on Server1.
You need to ensure that the storage space supports tiered storage.
Which settings should you configure?
To answer, select the appropriate options in the answer area.
 clip_image001
Answer:
 clip_image001[4]

QUESTION 302
Hotspot Question
You have a server that runs Windows Server 2012 R2 and has the iSCSI Target Server role service installed.
You run the New-IscsiVirtualDisk cmdlet as shown in the New-IscsiVirtualDisk exhibit.
(Click the Exhibit button.)
 clip_image002
To answer, complete each statement according to the information presented in the exhibits.
Each correct selection is worth one point.
 clip_image001[6]
Answer:
 clip_image001[8]

QUESTION 303
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as a standalone certification authority (CA).
You install a second server named Server2. You install the Online Responder role service on Server2.
You need to ensure that Server1 can issue an Online Certificate Status Protocol (OCSP) Response Signing certificate to Server2.
What should you run on Server1?

A.    The certreq.exe command and specify the -policy parameter
B.    The certutil.exe command and specify the -getkey parameter
C.    The certutil.exe command and specify the -setreg parameter
D.    The certreq.exe command and specify the -retrieve parameter

Answer: C

QUESTION 304
Drag and Drop Question
Your network contains two Active Directory forests named contoso.com and adatum.com. Each forest contains an Active Directory Rights Management Services (AD RMS) root cluster. All servers run Windows Server 2012 R2.
You need to ensure that the rights account certificates issued in adatum.com are accepted by the AD RMS root cluster in contoso.com.
What should you do in each forest?
To answer, drag the appropriate actions to the correct forests. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 clip_image002[4]
Answer:
 clip_image002[6]

QUESTION 305
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA).
All users in the domain are issued a smart card and are required to log on to their domain- joined client computer by using their smart card.
A user named User1 resigned and started to work for a competing company.
You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not prevent other users from logging on to the domain.
Which tool should you use?

A.    Active Directory Users and Computers
B.    Active Directory Sites and Services
C.    The Certificates snap-in
D.    Server Manager

Answer: A
Explanation:
Disabling or enabling a user account
To open Active Directory Users and Computers, click Start , click Control Panel , double-click Administrative Tools , and then double-click Active Directory Users and Computers .
To open Active Directory Users and Computers in Windows Server 2012, click Start , type dsa.msc .
In the console tree, click Users .
In the details pane, right-click the user.
Depending on the status of the account, do one of the following:
To disable the account, click Disable Account .
To enable the account, click Enable Account .

QUESTION 306
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs a Server Core installation of Windows Server 2012 R2.
You need to deploy a certification authority (CA) to Server1. The CA must support the auto- enrollment of certificates.
Which two cmdlets should you run? (Each correct answer presents part of the solution.
Choose two.)

A.    Add-CAAuthoritylnformationAccess
B.    Install-AdcsCertificationAuthority
C.    Add-WindowsFeature
D.    Install-AdcsOnlineResponder
E.    Install-AdcsWebEnrollment

Answer: BE
Explanation:
* The Install-AdcsCertificationAuthority cmdlet performs installation and configuration of the AD CS CA role service.
*The Install-AdcsWebEnrollment cmdlet performs initial installation and configuration of the Certification Authority Web Enrollment role service.

QUESTION 307
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Rights Management Services server role installed.
The domain contains a domain local group named Group1.
You create a rights policy template named Template1. You assign Group1 the rights to Template1.
You need to ensure that all the members of Group1 can use Template1.
What should you do?

A.    Configure the email address attribute of Group1.
B.    Convert the scope of Group1 to global.
C.    Convert the scope of Group1 to universal.
D.    Configure the email address attribute of all the users who are members of Group1.

Answer: D

QUESTION 308
You have a server named Server1 that runs Windows Server 2012 R2.
From Server Manager, you install the Active Directory Certificate Services server role on
Server1.
A domain administrator named Admin1 logs on to Server1.
When Admin1 runs the Certification Authority console, Admin1 receive the following error message.
 clip_image001[10]
You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error message does not appear.
What should you do?

A.    Run the Install-AdcsCertificationAuthority cmdlet.
B.    Install the Active Directory Certificate Services (AD CS) tools.
C.    Modify the PATH system variable.
D.    Add Admin1 to the Cert Publishers group.

Answer: B

QUESTION 309
Your network contains an Active Directory forest named contoso.com. The forest contains four domains. All servers run Windows Server 2012 R2.
Each domain has a user named User1.
You have a file server named Server1 that is used to synchronize user folders by using the
Work Folders role service.
Server1 has a work folder named Sync1.
You need to ensure that each user has a separate folder in Sync1.
What should you do?

A.    From Windows Explorer, modify the Sharing properties of Sync1.
B.    Run the Set-SyncServerSetting cmdlet.
C.    From File and Storage Services in Server Manager, modify the properties of Sync1.
D.    Run the Set-SyncShare cmdlet.

Answer: D

QUESTION 310
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The relevant servers in the domain are configured as shown in the following table.
 clip_image001[12]
You plan to create a shared folder on Server1 named Share1. Share1 must only be accessed by users who are using computers that are joined to the domain.
You need to identify which servers must be upgraded to support the requirements of Share1.
In the table below, identify which computers require an upgrade and which computers do not require an upgrade. Make only one selection in each row. Each correct selection is worth one point.
 clip_image001[14]
Answer:

clip_image001[16]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-412 Dump: http://www.braindump2go.com/70-412.html


Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(291-300)!

QUESTION 291
Hotspot Question
Your network contains two Web servers named Server1 and Server2. Both servers run Windows Server 2012 R2.
Server1 and 5erver2 are nodes in a Network Load Balancing (NLB) cluster. The NLB cluster contains an application named App1 that is accessed by using the URL http://app1.contoso.com.
You deploy a new server named Server3 that runs Windows Server 2012 R2. The contoso.com DNS zone contains the records shown in the following table.
 clip_image001[18]
You need to add Server3 to the NLB cluster.
What command should you run?
To answer, select the appropriate options in the answer area.
 clip_image002[33]
Answer:
 clip_image002[35]

QUESTION 292
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com. The domain contains four member servers named Server1, Server2, Server3, and Server4. All servers run Windows Server 2012 R2.
Server1 and Server3 are located in a site named Site1. Server2 and Server4 are located in a site named Site2. The servers are configured as nodes in a failover cluster named Cluster1.
Dynamic quorum management is disabled.
Cluster1 is configured to use the Node Majority quorum configuration.
You need to ensure that users in Site2 can access Cluster1 if the network connection between the two sites becomes unavailable.
What should you run from Windows PowerShell?
To answer, drag the appropriate commands to the correct location. Each command may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 clip_image002[37]
Answer:
 clip_image002[39]

QUESTION 293
Hotspot Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
The network has the physical sites and TCP/IP subnets configured as shown in the following table.
 clip_image001[20]
You have a web application named App1 that is hosted on six separate Web servers. DNS has the host names and IP addresses registered as shown in the following table.
 clip_image001[22]
You discover that when users connect to appl.contoso.com, they are connected frequently to a server that is not on their local subnet.
You need to ensure that when the users connect to appl.contoso.com, they connect to a server on their local subnet. The connections must be distributed across the servers that host appl.contoso.com on their subnet.
Which two settings should you configure?
To answer, select the appropriate two settings in the answer area.
 clip_image001[24]
Answer:
 clip_image001[26]

QUESTION 294
You have a server named Server1.
You install the IP Address Management (IPAM) Server feature on Server1.
You need to provide a user named User1 with the ability to set the access scope of all the DHCP servers that are managed by IPAM. The solution must use the principle of least privilege.
Which user role should you assign to User1?

A.    IPAM Administrator Role
B.    IPAM DHCP Administrator Role
C.    IPAM ASM Administrator Role
D.    DNS Record Administrator Role

Answer: C
Explanation:
IPAM ASM Administrators
IPAM ASM Administrators is a local security group on an IPAM server that is created when you install the IPAM feature. Members of this group have all the privileges of the IPAM Users security group, and can perform IP address space tasks in addition to IPAM common management tasks.
Note: When you install IPAM Server, the following local role-based IPAM security groups are created:
IPAM Users
IPAM MSM Administrators
IPAM ASM Administrators
IPAM IP Audit Administrators
IPAM Administrators
Incorrect:
not A: Too much privileges.
IPAM Administrators
IPAM Administrators is a local security group on an IPAM server that is created when you install the IPAM feature. Members of this group have privileges to view all IPAM data and perform all IPAM tasks.

QUESTION 295
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2.
You install the DHCP Server server role on Server1 and Server2. You install the IP Address Management (IPAM) Server feature on Server1.
You notice that you cannot discover Server1 or Server2 in IPAM.
You need to ensure that you can use IPAM to discover the DHCP infrastructure.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)

A.    On Server2, create an IPv4 scope.
B.    On Server1, run the Add-IpamServerInventory cmdlet.
C.    On Server2, run the Add-DhcpServerInDc cmdlet
D.    On both Server1 and Server2, run the Add-DhcpServerv4Policy cmdlet.
E.    On Server1, uninstall the DHCP Server server role.

Answer: BC
Explanation:
The Add-IpamServerInventory cmdlet adds a new infrastructure server to the IP Address Management (IPAM) server inventory. Use the fully qualified domain name (FQDN) of the server to add to the server inventory.
The Add-DhcpServerInDC cmdlet adds the computer running the DHCP server service to the list of authorized Dynamic Host Configuration Protocol (DHCP) server services in the Active Directory (AD). A DHCP server service running on a domain joined computer needs to be authorized in AD so that it can start leasing IP addresses on the network.

QUESTION 296
Your network contains two Active Directory forests named contoso.com and corp.contoso.com.
 clip_image002[41]
User1 is a member of the DnsAdmins domain local group in contoso.com.
User1 attempts to create a conditional forwarder to corp.contoso.com but receive an error message shown in the exhibit. (Click the Exhibit button.)
 clip_image001[28]
You need to configure bi-directional name resolution between the two forests.
What should you do first?

A.    Add User1 to the DnsUpdateProxy group.
B.    Configure the zone to be Active Directory-integrated.
C.    Enable the Advanced view from DNS Manager.
D.    Run the New Delegation Wizard.

Answer: A

QUESTION 297
Your network contains two Active Directory forests named contoso.com and adatum.com. Each forest contains one domain. Contoso.com has a two-way forest trust to adatum.com. Selective authentication is enabled on the forest trust.
Contoso contains 10 servers that have the File Server role service installed. Users successfully access shared folders on the file servers by using permissions granted to the Authenticated Users group.
You migrate the file servers to adatum.com.
Contoso users report that after the migration, they are unable to access shared folders on the file servers.
You need to ensure that the Contoso users can access the shared folders on the file servers.
What should you do?

A.    Disable selective authentication on the existing forest trust.
B.    Disable SID filtering on the existing forest trust.
C.    Run netdom and specify the /quarantine attribute.
D.    Replace the existing forest trust with an external trust.

Answer: A

QUESTION 298
You have a server named FS1 that runs Windows Server 2012 R2.
You install the File and Storage Services server role on FS1.
From Windows Explorer, you view the properties of a shared folder named Share1 and you discover that the Classification tab is missing.
You need to ensure that you can assign classifications to Share1 from Windows Explorer manually.
What should you do?

A.    From Folder Options, select Show hidden files, folders, and drives.
B.    From Folder Options, clear Use Sharing Wizard (Recommend).
C.    Install the File Server Resource Manager role service.
D.    Install the Enhanced Storage feature.

Answer: C

QUESTION 299
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 are configured as shown in the following table.
 clip_image001[30]
You need to ensure that when new targets are added to Server1, the targets are registered on Server2 automatically. What should you do on Server1?

A.    Configure the Discovery settings of the iSCSI initiator.
B.    Configure the security settings of the iSCSI target.
C.    Run the Set-Wmilnstance cmdlet.
D.    Run the Set-IscsiServerTarget cmdlet.

Answer: C

QUESTION 300
Hotspot Question
You have a file server named Server1 that runs Windows Server 2012 R2.
Server1 contains a file share that must be accessed by only a limited number of users.
You need to ensure that if an unauthorized user attempts to access the file share, a custom access-denied message appears, which contains a link to request access to the share. The message must not appear when the unauthorized user attempts to access other shares.
Which two nodes should you configure in File Server Resource Manager?
To answer, select the appropriate two nodes in the answer area.
 clip_image001[32]
Answer:
 clip_image001[34]

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-412 Dump: http://www.braindump2go.com/70-412.html


Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(281-290)!

QUESTION 281
Your network contains an Active Directory forest named contoso.com.
Users frequently access the website of an external partner company. The URL of the website is http://partners.adatum.com.
The partner company informs you that it will perform maintenance on its Web server and that the IP addresses of the Web server will change.
After the change is complete, the users on your internal network report that they fail to access the website. However, some users who work from home report that they can access the website.
You need to ensure that your DNS servers can resolve partners.adatum.com to the correct IP address immediately.
What should you do?

A.    Run dnscmd and specify the CacheLockingPercent parameter.
B.    Run Set-DnsServerGlobalQueryBlockList.
C.    Run ipconfig and specify the Renew parameter.
D.    Run Set-DnsServerCache.

Answer: A
Explanation:
* To configure cache locking using a command line Open an elevated command prompt.
Type the following command, and then press ENTER:
dnscmd /Config /CacheLockingPercent <percent>
Restart the DNS Server service.
* Parameter <percent>
Optional.Specifies the cache locking percent, from 0 to 100 in decimal format. If no value is entered, the cache locking percent is set to 0.

QUESTION 282
You have a server named Server1.
You install the IP Address Management (IPAM) Server feature on Server1.
You need to provide a user named User1 with the ability to set the access scope of all the DHCP servers that are managed by IPAM. The solution must use the principle of least privilege.
Which user role should you assign to User1?

A.    DNS Record Administrator Role
B.    IPAM DHCP Reservations Administrator Role
C.    IPAM Administrator Role
D.    IPAM DHCP Administrator Role

Answer: C
Explanation:
When you install IPAM Server, the following local role-based IPAM security groups are created:
IPAM Users
IPAM MSM Administrators
IPAM ASM Administrators
IPAM IP Audit Administrators
IPAM Administrators

QUESTION 283
You have a virtual machine named VM1 that runs on a host named Host1.
You configure VM1 to replicate to another host named Host2. Host2 is located in the same physical location as Host1.
You need to add an additional replica of VM1. The replica will be located in a different physical site.
What should you do?

A.    From VM1 on Host2, click Extend Replication.
B.    On Host1, configure the Hyper-V settings.
C.    From VM1 on Host1, click Extend Replication.
D.    On Host2, configure the Hyper-V settings.

Answer: A

QUESTION 284
Hotspot Question
You have a file server named Server1 that runs Windows Server 2012 R2.
You need to ensure that you can use the NFS Share – Advanced option from the New Share Wizard in Server Manager.
Which two role services should you install?
To answer, select the appropriate two role services in the answer area.
 clip_image002[17]
Answer:
 clip_image002[19]

QUESTION 285
Your network contains 20 iSCSI storage appliances that will provide storage for 50 Hyper-V hosts running Windows Server 2012 R2.
You need to configure the storage for the Hyper-V hosts. The solution must minimize administrative effort.
What should you do first?

A.    Install the iSCSI Target Server role service and configure iSCSI targets.
B.    Install the iSNS Server service feature and create a Discovery Domain.
C.    Start the Microsoft iSCSI Initiator Service and configure the iSCSI Initiator Properties.
D.    Install the Multipath I/O (MPIO) feature and configure the MPIO Properties.

Answer: C

QUESTION 286
Drag and Drop Question
You have a server that runs Windows Server 2012 R2.
You create a new work folder named Share1.
You need to configure Share1 to meet the following requirements:
Ensure that all synchronized copies of Share1 are encrypted. Ensure that clients synchronize to Share1 every 30 minutes. Ensure that Share1 inherits the NTFS permissions of the parent folder.
Which cmdlet should you use to achieve each requirement?
To answer, drag the appropriate cmdlets to the correct requirements. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 clip_image002[21]
Answer:
 clip_image002[23]

QUESTION 287
You create a new virtual disk in a storage pool by using the New Virtual Disk Wizard. You discover that the new virtual disk has a write-back cache of 1 GB.
You need to ensure that the virtual disk has a write-back cache of 5 GB.
What should you do?

A.    Detach the virtual disk, and then run the Resize-VirtualDisk cmdlet.
B.    Detach the virtual disk, and then run the Set-VirtualDisk cmdlet.
C.    Delete the virtual disk, and then run the New-StorageSubSystemVirtualDisk cmdlet.
D.    Delete the virtual disk, and then run the New-VirtualDisk cmdlet.

Answer: D

QUESTION 288
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
You plan to install the Active Directory Federation Services server role on Server1 to allow for Workplace Join.
You run nslookup enterprise registration and you receive the following results:
 clip_image001[16]
You need to create a certificate request for Server1 to support the Active Directory Federation Services (AD FS) installation.
How should you configure the certificate request?
To answer, drag the appropriate names to the correct locations. Each name may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 clip_image002[25]
Answer:
 clip_image002[27]

QUESTION 289
Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the Active Directory Federation Services server role installed. Server2 is a file server.
Your company introduces a Bring Your Own Device (BYOD) policy.
You need to ensure that users can use a personal device to access domain resources by using Single Sign-On (SSO) while they are connected to the internal network.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)

A.    Enable the Device Registration Service in Active Directory.
B.    Publish the Device Registration Service by using a Web Application Proxy.
C.    Configure Active Directory Federation Services (AD FS) for the Device Registration Service.
D.    Create and configure a sync share on Server2.
E.    Install the Work Folders role service on Server2.

Answer: AC

QUESTION 290
Drag and Drop Question
You have two failover clusters named Cluster1 and Cluster2. All of the nodes in both of the clusters run Windows Server 2012 R2.
Cluster1 hosts two virtual machines named VM1 and VM2.
You plan to configure VM1 and VM2 as nodes in a new failover cluster named Cluster3.
You need to configure the witness disk for Cluster3 to be hosted on Cluster2.
Which three actions should you perform in sequence?
To answer, move the appropriate three actions from the list of actions to the answer area and arrange them in the correct order.
 clip_image002[29]
Answer:
 clip_image002[31]

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-412 Dump: http://www.braindump2go.com/70-412.html


Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(271-280)!

QUESTION 271
Your network contains an Active Directory domain named adatum.com. You create a new Group Policy object (GPO) named GPO1.
You need to verify that GPO1 was replicated to all of the domain controllers.
Which tool should you use?

A.    Gpupdate
B.    Gpresult
C.    Group Policy Management
D.    Active Directory Sites and Services

Answer: C

QUESTION 272
Your network contains two Web servers named Server1 and Server2. Both servers run Windows Server 2012 R2.
Server1 and Server2 are nodes in a Network Load Balancing (NLB) cluster. The NLB cluster contains an application named App1 that is accessed by using the URL http://app1.contoso.com.
You plan to perform maintenance on Server1.
You need to ensure that all new connections to App1 are directed to Server2. The solution must not disconnect the existing connections to Server1.
What should you run?

A.    The Set-NlbCluster cmdlet
B.    The Set-NlbClusterNode cmdlet
C.    The Stop-NlbCluster cmdlet
D.    The Stop-NlbClusterNode cmdlet

Answer: D
Explanation:
The Stop-NlbClusterNode cmdlet stops a node in an NLB cluster. When you use the stop the nodes in the cluster, client connections that are already in progress are interrupted. To avoid interrupting active connections, consider using the -drain parameter, which allows the node to continue servicing active connections but disables all new traffic to that node.
-Drain <SwitchParameter>
Drains existing traffic before stopping the cluster node. If this parameter is omitted, existing traffic will be dropped.

QUESTION 273
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
You have a failover cluster named Cluster1 that contains two nodes named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed.
You plan to create two virtual machines that will run an application named App1. App1 will store data on a virtual hard drive named App1data.vhdx. App1data.vhdx will be shared by both virtual machines.
The network contains the following shared folders:
– An SMB file share named Share1 that is hosted on a Scale-Out File Server.
– An SMB file share named Share2 that is hosted on a standalone file server.
– An NFS share named Share3 that is hosted on a standalone file server.
You need to ensure that both virtual machines can use App1data.vhdx simultaneously.
What should you do?
To answer, select the appropriate configurations in the answer area.
 clip_image001[8]
 clip_image001[10]
Answer:
 clip_image002

QUESTION 274
Your network contains an Active directory forest named contoso.com. The forest contains two child domains named east.contoso.com and west.contoso.com.
You install an Active Directory Rights Management Services (AD RMS) cluster in each child domain.
You discover that all of the users in the contoso.com forest are directed to the AD RMS cluster in east.contoso.com.
You need to ensure that the users in west.contoso.com are directed to the AD RMS cluster in west.contoso.com and that the users in east.contoso.com are directed to the AD RMS cluster in east.contoso.com.
What should you do?

A.    Modify the Service Connection Point (SCP).
B.    Configure the Group Policy object (GPO) settings of the users in the west.contoso.com domain.
C.    Configure the Group Policy object (GPO) settings of the users in the east.contoso.com domain.
D.    Modify the properties of the AD RMS cluster in west.contoso.com.

Answer: C

QUESTION 275
You have a server named Server1 that runs Windows Server 2012 R2.
From Server Manager, you install the Active Directory Certificate Services server role on Server1.
A domain administrator named Admin1 logs on to Server1.
When Admin1 runs the Certification Authority console, Admin1 receive the following error message.
 clip_image001[12]
You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error message does not appear.
What should you do?

A.    Install the Active Directory Certificate Services (AD CS) tools.
B.    Run the regsvr32.exe command.
C.    Modify the PATH system variable.
D.    Configure the Active Directory Certificate Services server role from Server Manager.

Answer: D

QUESTION 276
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that has the Active Directory Federation Services server role installed. All servers run Windows Server 2012.d
You complete the Active Directory Federation Services Configuration Wizard on Server1.
You need to ensure that client devices on the internal network can use Workplace Join.
Which two actions should you perform on Server1? (Each correct answer presents part of the solution. Choose two.)

A.    Run Enable-AdfsDeviceRegistration -PrepareActiveDirectory.
B.    Edit the multi-factor authentication global authentication policy settings.
C.    Run Enable-AdfsDeviceRegistration.
D.    Run Set-AdfsProxyProperties HttpPort 80.
E.    Edit the primary authentication global authentication policy settings.

Answer: CE
Explanation:
* To enable Device Registration Service On your federation server, open a Windows PowerShell command window and type:
Enable-AdfsDeviceRegistration
Repeat this step on each federation farm node in your AD FS farm..
Enable seamless second factor authentication
Seamless second factor authentication is an enhancement in AD FS that provides an added level of access protection to corporate resources and applications from external devices that are trying to access them. When a personal device is Workplace Joined, it becomes a `known’ device and administrators can use this information to drive conditional access and gate access to resources.
To enable seamless second factor authentication, persistent single sign-on (SSO) and conditional access for Workplace Joined devices
In the AD FS Management console, navigate to Authentication Policies. Select Edit Global Primary Authentication. Select the check box next to Enable Device Authentication, and then click OK.

QUESTION 277
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com.
You need to ensure that third-party devices can use Workplace Join to access domain resources on the Internet.
Which four actions should you perform in sequence?
To answer, move the appropriate four actions from the list of actions to the answer area and arrange them in the correct order.
 clip_image002[5]
Answer:
 clip_image002[7]

QUESTION 278
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
You need to create an IPv6 scope on Server1. The scope must use an address space that is reserved for private networks. The addresses must be routable.
Which IPV6 scope prefix should you use?

A.    2001:123:4567:890A::
B.    FE80:123:4567::
C.    FF00:123:4567:890A::
D.    FD00:123:4567::

Answer: D

QUESTION 279
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. All servers run Windows Server 2012 R2.
You install the DHCP Server server role on both servers.
On Server1, you have the DHCP scope configured as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[14]
You need to configure the scope to be load-balanced across Server1 and Server2.
What Windows PowerShell cmdlet should you run on Server1?
To answer, select the appropriate options in the answer area.
 clip_image002[9]
Answer:
 clip_image002[11]

QUESTION 280
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains two DHCP servers named Server1 and Server2. Both servers have multiple IPv4 scopes.
Server1 and Server2 are used to assign IP addresses for the network IDs of 172.20.0.0/16 and 131.107.0.0/16.
You install the IP Address Management (IPAM) Server feature on a server named IPAM1 and configure IPAM1 to manage Server1 and Server2.
Some users from the 172.20.0.0 network report that they occasionally receive an IP address conflict error message.
You need to identify whether any scopes in the 172.20.0.0 network ID conflict with one another.
What Windows PowerShell cmdlet should you run?
To answer, select the appropriate options in the answer area.
 clip_image002[13]
Answer:
 clip_image002[15]

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-412 Dump: http://www.braindump2go.com/70-412.html


Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(261-270)!

QUESTION 261
Your network contains a Hyper-V host named Server1 that hosts 20 virtual machines. You need to view the amount of memory resources and processor resources each virtual machine uses currently.
Which tool should you use on Server1?

A.    Hyper-V Manager
B.    Windows System Resource Manager (WSRM)
C.    Task Manager
D.    Resource Monitor

Answer: A
Explanation:
You get it from the Hyper-V Manager
 clip_image002[1]

QUESTION 262
You have a server named Server1 that runs Windows Server 2012 R2. You create a Data Collector Set (DCS) named DCS1. You need to configure DCS1 to log data to D:\logs. What should you do?

A.    Right-click DCS1 and click Data Manager…
B.    Right-click DCS1 and click Save Template…
C.    Right-click DCS1 and click Properties.
D.    Right-click DCS1 and click Export list…

Answer: C
Explanation:
It is under the Directory tab from the DCS properties.
http://technet.microsoft.com/en-us/library/cc749267.aspx

QUESTION 263
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a server named Server1. You open Review Options in the Active Directory Domain Services Configuration Wizard, and then you click View script. You need to ensure that you can use the script to promote Server1 to a domain controller. Which file extension should you use to save the script?

A.    .xml
B.    .ps1
C.    .bat
D.    .cmd

Answer: B
Explanation:
The View Script button is used to view the corresponding PowerShell script The PowerShell script extension is .ps1, The Answer could logically be either a .cmd file or a .bat file.
According to http://www.fileinfo.com/:
PAL – Settings file created by Corel Painter or Palette of colors used by Dr. Halo bitmap images BAT – DOS batch file used to execute commands with the Windows Command Prompt (cmd.exe); contains aseries of line commands that typically might be entered at the DOS command prompt; most commonly used tostart programs and run maintenance utilities within Windows. XML – XML (Extensible Markup Language) data file that uses tags to define objects and object attributes;formatted much like an .HTML document, but uses custom tags to define objects and the data within eachobject; can be thought of as a text-based database. CMD – Batch file that contains a series of commands executed in order; introduced with Windows NT, but canbe run by DOS or Windows NT systems; similar to a .BAT file, but is run by CMD.EXE instead of COMMAND.COM.
 clip_image002[3]

QUESTION 264
Your network contains an Active Directory domain named adatum.com. You have a standard primary zone named adatum.com. You need to provide a user named User1 the ability to modify records in the zone. Other users must be prevented from modifying records in the zone. What should you do first?

A.    Run the Zone Signing Wizard for the zone.
B.    From the properties of the zone, change the zone type.
C.    Run the new Delegation Wizard for the zone.
D.    From the properties of the zone, modify the Start Of Authority (SOA) record.

Answer: C

QUESTION 265
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. One of the domain controllers is named DC1. The DNS zone for the contoso.com zone is Active Directory-integrated and has the default settings. A server named Server1 is a DNS server that runs a UNIX-based operating system. You plan to use Server1 as a secondary DNS server for the contoso.com zone. You need to ensure that Server1 can host a secondary copy of the contoso.com zone. What should you do?

A.    From Windows PowerShell, run the Set-DnsServerForwarder cmdlet and specify the contoso.com zone
as a target.
B.    From Windows PowerShell, run the Set-DnsServerSetting cmdlet and specify DC1 as a target.
C.    From Windows PowerShell, run the Set-DnsServerPrimaryZone cmdlet and specify the contoso.com zone
as a target.
D.    From DNS Manager, modify the Advanced settings of DC1.

Answer: C
Explanation:
C. The Set-DnsServerSecondaryZone cmdlet changes settings for an existing secondary zone on a Domain Name System (DNS) server.
http://technet.microsoft.com/en-us/library/jj649920(v=wps.620).aspx

QUESTION 266
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed. Server1 hosts 10 virtual machines. A virtual machine named VM1 runs Windows Server 2012 R2 and hosts a processor-intensive Application named App1. Users report that App1 responds more slowly than expected. You need to monitor the processor usage on VM1 to identify whether changes must be made to the hardware settings of VM1. Which performance object should you monitor on Server1?

A.    Hyper-V Hypervisor Logical Processor
B.    Processor
C.    Hyper-V Hypervisor Root Virtual Processor
D.    Process
E.    Hyper-V Hypervisor Virtual Processor

Answer: E

QUESTION 267
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that has the Active Directory Federation Services server role installed. All servers run Windows Server 2012 R2.
You complete the Active Directory Federation Services Configuration Wizard on Server1.
You need to ensure that client devices on the internal network can use Workplace Join.
Which two actions should you perform on Server1? (Each correct answer presents part of the solution. Choose two.)

A.    Run Enable AdfsDeviceRegistration -PrepareActiveDirectory.
B.    Edit the multi-factor authentication global authentication policy settings.
C.    Edit the primary authentication global authentication policy settings.
D.    Run Set-AdfsProxyPropertiesHttpPort 80.
E.    Run Enable-AdfsDeviceRegistration.

Answer: AB

QUESTION 268
Your network contains an Active Directory domain named contoso.com. All user accounts reside in an organizational unit (OU) named OU1. You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU1. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop of each user. You discover that when a user deletes Link1, the shortcut is removed permanently from the desktop. You need to ensure that if a user deletes Link1, the shortcut is added to the desktop again. What should you do?

A.    Modify the Link1 shortcut preference of GPO1.
B.    Enable loopback processing in GPO1.
C.    Enforce GPO1.
D.    Modify the Security Filtering settings of GPO1.

Answer: A

QUESTION 269
Your network contains an Active Directory forest named contoso.com. The forest contains two sites named Main and Branch. The Main site contains 400 desktop computers and the Branch site contains 150 desktop computers. All of the desktop computers run Windows 8. In Main, the network contains a member server named Server1 that runs Windows Server 2012. You install the Windows Server Update Services server role on Server1. You need to ensure that Windows updates obtained from Windows Server Update Services (WSUS) are the same for the computers in each site. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?

A.    From the Update Services console, create computer groups.
B.    From the Update Services console, configure the Computers options.
C.    From the Group Policy Management console, configure the Windows Update settings.
D.    From the Group Policy Management console, configure the Windows Anytime Upgrade settings.
E.    From the Update Services console, configure the Synchronization Schedule options.

Answer: C
Explanation:
Create one computer group for Main site and another group for Branch site. You can deploy Windows updates by computer group.

QUESTION 270
Hotspot Question
Your network contains three Active Directory forests. The forests are configured as shown in the following table.
 clip_image001
A two-way forest trust exists between contoso.com and divisionl.contoso.com. A two-way forest trust also exists between contoso.com and division2.contoso.com.
You plan to create a one-way forest trust from divisionl.contoso.com to division2.contoso.com.
You need to ensure that any cross-forest authentication requests are sent to the domain controllers in the appropriate forest after the trust is created.
How should you configure the existing forest trust settings?
In the table below, identify which configuration must be performed in each forest. Make only one selection in each column. Each correct selection is worth one point.
 clip_image001[4]
Answer:

clip_image001[6]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-412 Dump: http://www.braindump2go.com/70-412.html


Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(251-260)!

QUESTION 251
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. You create an Active Directory snapshot of DC1 each day. You need to view the contents of an Active Directory snapshot from two days ago. What should you do first?

A.    Stop the Active Directory Domain Services (AD DS) service.
B.    Run the ntdsutil.exe command.
C.    Run the dsamain.exe command.
D.    Start the Volume Shadow Copy Service (VSS).

Answer: B

QUESTION 252
You have a server named Server1 that runs Windows Server 2012 R2. You need to configure Server1 to create an entry in an event log when the processor usage exceeds 60 percent. Which type of data collector should you create?

A.    an event trace data collector
B.    a performance counter data collector
C.    a performance counter alert
D.    a configuration data collector

Answer: C

QUESTION 253
Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2, On Server1, you create a Data Collector Set (DCS) named Data1. You need to export Data1 to Server2. What should you do first?

A.    Right-click Data1 and click Data Manager…
B.    Right-click Data1 and click Save template…
C.    Right-click Data1 and click Properties.
D.    Right-click Data1 and click Export list…

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc766318.aspx

QUESTION 254
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1. You make a change to GPO1. You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort. Which tool should you use?

A.    The Set-AdComputercmdlet
B.    Group Policy Object Editor
C.    Active Directory Users and Computers
D.    Group Policy Management Console (GPMC)

Answer: D
Explanation:
In the previous versions of Windows, this was accomplished by having the user run GPUpdate.exe on their computer. Starting with Windows Server?2012 and Windows?8, you can now remotely refresh Group Policy settings for all computers in an OU from one central location through the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdate cmdlet to refresh Group Policy for a set of computers, not limited to the OU structure, for example, if the computers are located in the default computers container.
Note: Group Policy Management Console (GPMC) is a scriptable Microsoft Management Console (MMC) snap-in, providing a single administrative tool for managing Group Policy across the enterprise. GPMC is the standard tool for managing Group Policy.
Incorrect:
Not B: Secedit configures and analyzes system security by comparing your current configuration to at least one template.
Reference: Force a Remote Group Policy Refresh (GPUpdate)

QUESTION 255
Your network contains an Active Directory domain named contoso.com. Network Access Protection (NAP) is deployed to the domain. You need to create NAP event trace log files on a client computer.
What should you run?

A.    Logman
B.    Tracert
C.    Register-EngineEvent
D.    Register-ObjectEvent

Answer: A

QUESTION 256
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2. You create a group Managed Service Account named gService1. You need to configure a service named Service1 to run as the gService1 account. How should you configure Service1?

A.    From a command prompt, run sc.exe and specify the sdset parameter.
B.    From the Services console, configure the General settings.
C.    From Windows PowerShell, run Set-Service and specify the -StartupType parameter.
D.    From the Services console, configure the Log On settings.

Answer: A
Explanation:
http://windows.microsoft.com/en-us/windows-vista/using-systemconfiguration http://technet.microsoft.com/en-us/library/ee176963.aspx
http://technet.microsoft.com/en-us/library/cc990290(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc738230(v=ws.10).aspx

QUESTION 257
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has 2 dual-core processors and 16 GB of RAM.
You install the Hyper-V server role in Server1.
You plan to create two virtual machines on Server1. You need to ensure that both virtual machines can use up to 8 GB of memory. The solution must ensure that both virtual machines can be started simultaneously. What should you configure on each virtual machine?

A.    Dynamic Memory
B.    NUMA topology
C.    Memory weight
D.    Ressource Control

Answer: A

QUESTION 258
You perform a Server Core Installation of Windows Server 2012 R2 on a server named Server1. You need to add a graphical user interface (GUI) to Server1. Which tool should you use?

A.    the dism.exe command
B.    the ocsetup.exe command
C.    the setup.exe command
D.    the Install-Module cmdlet

Answer: A
Explanation:
The DISM command is called by the Add-WindowsFeature command. Here is the systax for DISM:
Dism /online /enable-feature /featurename:ServerCore-FullServer /featurename:ServerGui-Shell /featurename:Server-Gui-Mgmt
 clip_image002

QUESTION 259
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two organizational units (OUs) named OU1 and OU2 in the root of the domain. Two Group Policy objects (GPOs) named GPO1 and GPO2 are created. GPO1 is linked to OU1. GPO2 is linked to OU2. OU1 contains a client computer named Computer1. OU2 contains a user named User1. You need to ensure that the GPOs Applied to Computer1areApplied to User1 when User1 logs on. What should you configure?

A.    Item-level targeting
B.    Block Inheritance
C.    GPO links
D.    The Enforced setting

Answer: C

QUESTION 260
Your network contains an Active Directory domain named contoso.com. The domain contains client computers that run either Windows XP, Windows 7, or Windows 8. Network Policy Server (NPS) is deployed to the domain. You plan to create a system health validator (SHV). You need to identify which policy settings can be Applied to all of the computers. Which three policy settings should you identify? (Each correct answer presents part of the solution. Choose three.)

A.    A firewall is enabled for all network connections.
B.    An antispyware application is on.
C.    Automatic updating is enabled.
D.    Antivirus is up to date.
E.    Antispyware is up to date.

Answer: ACD
Explanation:
* System health agent (SHA) is a NAP component.
* System health agent (SHA)
A component that checks the state of the client computer to determine whether the settings monitored by the SHA are up-to-date and configured correctly. For example, the Windows Security Health Agent (WSHA) can monitor Windows Firewall, whether antivirus software is installed, enabled, and updated, whether antispyware software is installed, enabled, and updated, and whether Microsoft Update Services is enabled and the computer has the most recent security updates from Microsoft Update Services. There might also be SHAs (and corresponding system health validators) available from other companies that provide different functionality.

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-412 Dump: http://www.braindump2go.com/70-412.html


Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(241-250)!

QUESTION 241
Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 and Server2 are nodes in a failover cluster named Cluster1. The network contains two servers named Server3 and Server4 that run Windows Server 2012 R2. Server3 and Server4 are nodes in a failover cluster named Cluster2. You need to move all of the applications and the services from Cluster1 to Cluster2. What should you do first from Failover Cluster Manager?

A.    On a server in Cluster1, click Move Core Cluster Resources, and then click Select Node.
B.    On a server in Cluster2, configure Cluster-Aware Updating.
C.    On a server in Cluster1, configure Cluster-Aware Updating.
D.    On a server in Cluster2, click Migrate Roles.

Answer: A

QUESTION 242
Your network contains two servers named HV1 and HV2. Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed. HV1 hosts 25 virtual machines. The virtual machine configuration files and the virtual hard disks are stored in D:\VM. You shut down all of the virtual machines on HV1. You copy D:\VM to D:\VM on HV2. You need to start all of the virtual machines on HV2. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?

A.    Run the Import-VMInitialReplication cmdlet.
B.    From HV1, export all virtual machines to D:\VM.
Copy D:\VM to D:\VM on HV2 and overwrite the existing files.
On HV2, run the Import Virtual Machine wizard.
C.    From HV1, export all virtual machines to D:\VM.
Copy D:\VM to D:\VM on HV2 and overwrite the existing files.
On HV2, run the New Virtual Machine wizard.
D.    Run the Import-VM cmdlet.

Answer: D

QUESTION 243
Your company recently deployed a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2. You need to identify the time-to-live (TTL) value for domain referrals to the NETLOGON and SYSVOL shared folders. Which tool should you use?

A.    Ultrasound
B.    Replmon
C.    Dfsdiag
D.    Frsutil

Answer: C

QUESTION 244
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has Microsoft SQL Server 2012 installed. You install the Active Directory Federation Services server role on Server2. You need to configure Server2 as the first Active Directory Federation Services (AD FS) server in the domain. The solution must ensure that the AD FS database is stored in a SQL Server database on Server1. What should you do on Server2?

A.    From the AD FS console, run the AD FS Federation Server Configuration Wizard and select the Stand-alone
federation server option.
B.    From Server Manager, install the Federation Service Proxy.
C.    From Windows PowerShell, run Install-ADFSFarm.
D.    From Server Manager, install the AD FS Web Agents.

Answer: A
Explanation:
To create the first federation server in a federation server farm There are two ways to start the AD FS Federation Server Configuration Wizard. On the Welcome page, verify that Create a new Federation Service is selected, and then click Next. On the Select Stand-Alone or Farm Deployment page, click New federation server farm, and then click Next.
On the Specify the Federation Service Name page, verify that the SSL certificate that is showing is correct. If this is not the correct certificate, select the appropriate certificate from the SSL certificate list.
Etc.
Note:
After you install the Federation Service role service and configure the required certificates on a computer, you are ready to configure the computer to become a federation server. You can use the following procedure to set up the computer to become the first federation server in a new federation server farm using the AD FS Federation Server Configuration Wizard. The act of creating the first federation server in a farm also creates a new Federation Service and makes this computer the primary federation server. This means that this computer will be configured with a read/write copy of the AD FS configuration database. All other federation servers in this farm must replicate any changes that are made on the primary federation server to their read-only copies of the AD FS configuration database that they store locally. Reference: To create the first federation server in a federation server farm

QUESTION 245
Your network contains two servers that run Windows Server 2012 R2 named Server1 and Server2. Both servers have the File Server role service installed. On Server2, you create a share named Backups. From Windows Server Backup on Server1, you schedule a full backup to run every night. You set the backup destination to \\Server2 \Backups.
After several weeks, you discover that \\Server2\Backups only contains the last backup that completed on Server1. You need to ensure that multiple backups of Server1 are maintained. What should you do?

A.    Modify the Volume Shadow Copy Service (VSS) settings.
B.    Modify the properties of the Windows Store Service (WSService) service.
C.    Change the backup destination,
D.    Configure the permission of the Backups share.

Answer: C

QUESTION 246
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has an enterprise root certification authority (CA) for contoso.com. You deploy another member server named Server2 that runs Windows Server 2012 R2 and has the Web Server (IIS) server role installed. You need to designate a website on Server1 as the certificate revocation list (CRL) distribution point for the C A. The solution must ensure that CRLs are published automatically to Server2. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Create an http:// CRL distribution point (CDP) entry.
B.    Configure a CA exit module.
C.    Create a file:// CRL distribution point (CDP) entry
D.    Configure an enrollment agent.
E.    Configure a CA policy module.

Answer: AE
Explanation:
A: To specify CRL distribution points in issued certificates Open the Certification Authority snap-in.
In the console tree, click the name of the CA.
On the Action menu, click Properties , and then click the Extensions tab. Confirm that Select extension is set to CRL Distribution Point (CDP) .
Do one or more of the following. (The list of CRL distribution points is in the Specify locations from which users can obtain a certificate revocation list (CRL) box.) / To indicate that you want to use a URL as a CRL distribution point Click the CRL distribution point, select the Include in the CDP extension of issued certificates check box, and then click OK .
Click Yes to stop and restart Active Directory Certificate Services (AD CS).
E: You can specify CRL Distribution Points (CDPs) in CAPolicy.inf. Note that any CDP in CAPolicy.inf will take precedence for certificate verifiers over the CDP’s specified in the CA policy module.
Note:
CRLDistributionPoint
You can specify CRL Distribution Points (CDPs) for a root CA certificate in the CAPolicy.inf. This section does not configure the CDP for the CA itself. After the CA has been installed you can configure the CDP URLs that the CA will include in each certificate that it issues. The URLs specified in this section of the CAPolicy.inf file are included in the root CA certificate itself.
Example:
[CRLDistributionPoint]
URL=http://pki.wingtiptoys.com/cdp/WingtipToysRootCA.crl

QUESTION 247
Your network contains an Active Directory domain named adatum.com. You create a new Group Policy object (GPO) named GPO1. You need to verify that GPO1 was replicated to all of the domain controllers. Which tool should you use?

A.    Gpupdate
B.    Gpresult
C.    Group Policy Management
D.    Active Directory Sites and Services

Answer: C

QUESTION 248
Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2. You install Windows Server 2012 R2 on a new computer named DC3. You need to manually configure DC3 as a domain controller. Which tool should you use?

A.    winrm.exe
B.    Server Manager
C.    dcpromo.exe
D.    Active Directory Domains and Trusts

Answer: B
Explanation:
When you try to DCpromo a Server 2012, you get this message:
 clip_image001[1]

QUESTION 249
Your network contain an active directory domain named Contoso.com. The domain contains two servers named server1 and server2 that run Windows Server 2012 R2. You create a security template named template1 by using the security template snap-in. You need to apply template1 to server2. Which tool should you use?

A.    Security Configuration and Analysis
B.    Server Manager
C.    Security Template
D.    Computer management

Answer: A

QUESTION 250
Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2012 R2. You need to create a custom Active Directory Application partition. Which tool should you use?

A.    Netdom
B.    Ntdsutil
C.    Dsmod
D.    Dsamain

Answer: B
Explanation:
* To create or delete an application directory partition Open Command Prompt.
Type:ntdsutil
At the ntdsutil command prompt, type:domain management
At the domain management command prompt, type:connection At the server connections command prompt, type:connect to server ServerName At the server connections command prompt, type:quit
At the domain management command prompt, do one of the following:
* partition management
Manages directory partitions for Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS).
This is a subcommand of Ntdsutil and Dsmgmt. Ntdsutil and Dsmgmt are command-line tools that are built into Windows Server 2008 and Windows Server 2008 R2.
/ partition management create nc %s1 %s2
Creates the application directory partition with distinguished name %s1, on the Active Directory domain controller or AD LDS instance with full DNS name %s2. If you specify “NULL” for %s2, this command uses the currently connected Active Directory domain controller. Use this command only with AD DS. For AD LDS, use create nc %s1 %s2 %s3.
Note:
* An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the replication of a particular application directory partition hosts a replica of that partition.

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-412 Dump: http://www.braindump2go.com/70-412.html


Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(231-240)!

QUESTION 231
You have a server named Server1 that runs Windows Server 2012 R2. You download and install the Windows Azure Online Backup Service Agent on Server1. You need to ensure that you can configure an online backup from Windows Server Backup. What should you do first?

A.    From Windows Server Backup, run the Register Server Wizard.
B.    From Computer Management, add the Server1 computer account to the Backup Operators group.
C.    From a command prompt, run wbadmin.exe enable backup.
D.    From the Services console, modify the Log On settings of the Windows Azure Online Backup Service Agent.

Answer: A
Explanation:
A. Enables you to back up and restore your operating system, volumes, files, folders, and applications from a command prompt.
B. To register a server for use with Windows Azure Backup you must run the register server wizard
http://technet.microsoft.com/en-us/library/hh831677.aspx

QUESTION 232
Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. The domains contain three domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001
You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring setting is enforced in the child1.contoso.com domain. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Upgrade DC1 to Windows Server 2012 R2.
B.    Upgrade DC11 to Windows Server 2012 R2.
C.    Raise the domain functional level ofchildl.contoso.com.
D.    Raise the domain functional level of contoso.com.
E.    Raise the forest functional level of contoso.com.

Answer: BD
Explanation:
If you want to create access control based on claims and compound authentication, you need to deploy Dynamic Access Control. This requires that you upgrade to Kerberos clients and use the KDC, which support these new authorization types. With Windows Server 2012 R2, you do not have to wait until all the domain controllers and the domain functional level are upgraded to take advantage of new access control options
http://technet.microsoft.com/en-us/library/hh831747.aspx.

QUESTION 233
Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[4]
DC1 hosts an Active Directory-integrated zone for contoso.com. You add the DNS Server server role to DC2. You discover that the contoso.com DNS zone fails to replicate to DC2. You verify that the domain, schema, and configuration naming contexts replicate from DC1 to DC2. You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication. Which tool should you use?

A.    Active Directory Domains and Trusts
B.    Active Directory Users and Computers
C.    Repadmin
D.    Ntdsutil

Answer: C
Explanation:
Repadmin.exe is a command line tool that is designed to assist administrators in diagnosing, monitoring, and troubleshooting Active Directory replication problems.
Reference: Repadmin Introduction and Technology Overview
Note: If you see question about AD Replication, First preference is AD sites and services, then
Repadmin and then DNSLINT.

QUESTION 234
Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[6]
DC1 hosts an Active Directory-integrated zone for contoso.com. You add the DNS Server server role to DC2. You discover that the contoso.com DNS zone fails to replicate to DC2. You verify that the domain, schema, and configuration naming contexts replicate from DC1 to DC2. You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication. Which tool should you use?

A.    Active Directory Users and Computers
B.    Ntdsutil
C.    DNS Manager
D.    Active Directory Domains and Trusts

Answer: C
Explanation:
The primary tool that you use to manage DNS servers is DNS Manager, the DNS snap-in in Microsoft Management Console (MMC), which appears as DNS in Administrative Tools on the Start menu. You can use DNS Manager along with other snapins in MMC, further integrating DNS administration into your total network management. It is also available in Server Manager on computers with the DNS Server role installed. You can use DNS Manager to perform the following basic administrative server tasks:
* Performing initial configuration of a new DNS server.
* Connecting to and managing a local DNS server on the same computer or remote DNS servers on other computers.
* Adding and removing forward and reverse lookup zones, as necessary.
* Adding, removing, and updating resource records in zones.
* Modifying how zones are stored and replicated between servers.
* Modifying how servers process queries and handle dynamic updates.
Modifying security for specific zones or resource records.
In addition, you can also use DNS Manager to perform the following tasks:
* Perform maintenance on the server. You can start, stop, pause, or resume the server or manually update server data files.
* Monitor the contents of the server cache and, as necessary, clear it.
* Tune advanced server options.
Configure and perform aging and scavenging of stale resource records that are stored by the server.
Reference: DNS Tools

QUESTION 235
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[8]
The Branch site contains a perimeter network. For security reasons, client computers in the perimeter network can communicate with client computers in the Branch site only. You plan to deploy a new RODC to the perimeter network in the Branch site. You need to ensure that the new RODC will be able to replicate from DC10. What should you do first on DC10?

A.    Run dcpromo and specify the /createdcaccount parameter.
B.    Run the Active Directory Domain Services Configuration Wizard.
C.    Run the Add-ADDSReadOnlyDomainControllerAccount cmdlet.
D.    Enable the Bridge all site links setting.

Answer: C
Explanation:
Creates a read-only domain controller (RODC) account that can be used to install an RODC in Active Directory.
Note:
* Notes
Once you have added the RODC account, you can add an RODC to a server computer by using the Install-ADDSDomainController cmdlet with the -ReadOnlyReplica switch parameter.
* Example
Adds a new read-only domain controller (RODC) account to the corp.contoso.com domain using the North America site as the source site for the replication source domain controller.
C:\PS>Add-ADDSReadOnlyDomainControllerAccount -DomainControllerAccountName RODC1 -DomainName corp.contoso.com -SiteName NorthAmerica
Reference: Add-ADDSReadOnlyDomainControllerAccount

QUESTION 236
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA). All users in the domain are issued a smart card and are required to log on to their domainjoined client computer by using their smart card. A user named User1 resigned and started to work for a competing company. You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not prevent other users from logging on to the domain. Which tool should you use?

A.    The Security Configuration Wizard
B.    The Certification Authority console
C.    Active Directory Administrative Center
D.    Certificate Templates

Answer: B
Explanation:
You can use the Certification Authority console to configure CAs. This includes the following tasks:
(B) Scheduling certificate revocation list publication.
Installing the CA certificate when necessary.
Configuring exit module settings.
Configuring policy module settings.
Modifying security permissions and delegate control of CAs. Enabling optional Netscape-compatible Web-based revocation checking.
Reference: Configure Certification Authorities

QUESTION 237
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed. You need to store the contents of all the DNS queries received by Server1. What should you configure?

A.    Logging from Windows Firewall with Advanced Security
B.    Debug logging from DNS Manager
C.    A Data Collector Set (DCS) from Performance Monitor
D.    Monitoring from DNS Manager

Answer: D
Explanation:
The following DNS debug logging options are available:
* Direction of packets
Send Packets sent by the DNS server are logged in the DNS server log file. Receive Packets received by the DNS server are logged in the log file.
* Content of packets
(D) Standard queries Specifies that packets containing standard queries (per RFC 1034) are logged in the DNS server log file.
Updates Specifies that packets containing dynamic updates (per RFC 2136) are logged in the DNS server log file.
Notifies Specifies that packets containing notifications (per RFC 1996) are logged in the DNS server log file.
Etc.
Reference: Using server debug logging options

QUESTION 238
You have a server named LON-DC1 that runs Windows Server 2012 R2. An iSCSI virtual disk named VirtuahSCSIl.vhd exists on LON-DC1 as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[10]
You create a new iSCSI virtual disk named VirtualiSCSI2.vhd by using the existing itgt iSCSI target. VirtuahSCSI1.vhd is removed from LON-DC1. You need to assign VirtualiSCSI2.vhd a logical unit value of 0. What should you do?

A.    Run the Set-IscsiVirtualDisk cmdlet and specify the -DevicePath parameter.
B.    Run the iscsicpl command and specify the virtualdisklun parameter.
C.    Modify the properties of the itgt ISCSI target.
D.    Run the Set-VirtualDisk cmdlet and specify the -Uniqueld parameter.

Answer: D
Explanation:
Set-VirtualDisk
Modifies the attributes of an existing virtual disk.
Applies To: Windows Server 2012 R2
-UniqueId<String>
Specifies an ID used to uniquely identify a Disk object in the system. The ID persists through restarts. Note: Logical unit numbers (LUNs) created on an iSCSI disk storage subsystem are not directly assigned to a server. For iSCSI, LUNs are assigned to logical entities called targets.
Incorrect:
Not A: Set-IscsiVirtualDisk
Modifies the settings for the specified iSCSI virtual disk.
-Path<String> (alias: DevicePath)
Specifies the path of the virtual hard disk (VHD) file that is associated with the iSCSI virtual disk. Filter the iSCSI Virtual Disk object using this parameter.
Not B: iscsicpl.exe could is the Microsoft iSCSI Initiator Configuration Tool.
Microsoft Internet iSCSI Initiator enables you to connect a host computer that is running Windows 7 or Windows Server 2008 R2 to an external iSCSI-based storage array through an Ethernet network adapter.

QUESTION 239
You have a Hyper-V host named Server1 that runs Windows Server 2012 R2. Server1 contains a virtual machine named VM1 that runs Windows Server 2012 R2. You fail to start VM1 and you suspect that the boot files on VM1 are corrupt. On Server1, you attach the virtual hard disk (VHD) of VM1 and you assign the VHD a drive letter of F. You need to repair the corrupt boot files on VM1. What should you run?

A.    bootrec.exe /rebuildbcd
B.    bootrec.exe /scanos
C.    bcdboot.exe f:\windows /s c:
D.    bcdboot.exe c:\windows /s f:

Answer: D

QUESTION 240
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DNS Server server role installed. Server1 has a zone named contoso.com. The zone is configured as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[12]
You need to assign a user named User1 permission to add and delete records from the contoso.com zone only. What should you do first?

A.    Enable the Advanced view from DNS Manager.
B.    Add User1 to the DnsUpdateProxy group.
C.    Run the New Delegation Wizard.
D.    Configure the zone to be Active Directory-integrated.

Answer: D

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-412 Dump: http://www.braindump2go.com/70-412.html


Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(211-220)!

QUESTION 211
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Node1 and Node2. Node1 and Node2 run Windows Server 2012 R2. Node1 and Node2 are configured as a two-node failover cluster named Cluster2. The computer accounts for all of the servers reside in an organizational unit (OU) named Servers. A user named User1 is a member of the local Administrators group on Node1 and Node2. User1 creates a new clustered File Server role named File1 by using the File Server for general use option. A report is generated during the creation of File1 as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[18]
File1 fails to start.
You need to ensure that you can start File1. What should you do?

A.    Log on to the domain by using the built-in Administrator for the domain, and then recreate the clustered
File Server role by using the File Server for general use option.
B.    Recreate the clustered File Server role by using the File Server for scale-out Application data option.
C.    Assign the computer account permissions of Cluster2 to the Servers OU.
D.    Assign the user account permissions of User1 to the Servers OU.
E.    Increase the value of the ms-DS-MachineAccountQuota attribute of the domain.

Answer: B

QUESTION 212
Your network contains two servers named Server1 and Server 2. Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed. Server1 hosts a virtual machine named VM1. The virtual machine configuration files and the virtual hard disks for VM1 are stored in D: \VM1.
You shut down VM1 on Server1.
You copy D:\VM1 to D:\VM1 on Server2.
You need to start VM1 on Server2. You want to achieve this goal by using the minimum amount of administrative effort.
What should you do?

A.    Run the Import-VMIntialReplication cmdlet.
B.    Create a new virtual machine on Server2 and attach the VHD from VM1 to the new virtual machine.
C.    From Hyper-V Manager, run the Import Virtual Machine wizard.
D.    Run the Import-IscsiVirtualDisk cmdlet.

Answer: C

QUESTION 213
Your network contains an Active Directory forest. The forest contains one domain named adatum.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[20]
DC2 has all of the domain-wide operations master roles. DC3 has all of the forest-wide operation master roles. You need to ensure that you can use Password Settings objects (PSOs) in the domain.
What should you do first?

A.    Uninstall Active Directory from DC1.
B.    Change the domain functional level.
C.    Transfer the domain-wide operations master roles.
D.    Transfer the forest-wide operations master roles.

Answer: A

QUESTION 214
Your network contains an Active Directory forest named contoso.com. The forest contains three domains. All domain controllers run Windows Server 2012 R2. The forest has a two-way realm trust to a Kerberos realm named adatum.com. You discover that users in adatum.com can only access resources in the root domain of contoso.com. You need to ensure that the adatum.com users can access the resources in all of the domains in the forest.
What should you do in the forest?

A.    Delete the realm trust and create a forest trust.
B.    Delete the realm trust and create three external trusts.
C.    Modify the incoming realm trust.
D.    Modify the outgoing realm trust.

Answer: D

QUESTION 215
Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2. DC1 and DC2 fail to replicate Active Directory information. You confirm that DC1 and DC2 have network connectivity. The NTDS Settings of DC2 are configured as shown in the NTDS Settings exhibit. (Click tie Exhibit button.)

 clip_image001[22]
DNS is configured as shown in the DNS exhibit. (Click the Exhibit button.)
 clip_image002[6]
You need to ensure that DC1 and DC2 can replicate immediately. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    From DC1, restart the Netlogon service.
B.    From DC2, run nltest.exe /sync.
C.    From DC1, run ipconfig /flushdns.
D.    From DO, run repadmin /syncall.
E.    From DC2, run ipconfig /registerdns.
F.    From DC2, restart the Netlogon service.

Answer: DE
Explanation:
The DC2 name/alias is not available in DNS.
First we register the DC2 name from DC with the ipcpnfig /registerdns. (E) Then we synchronizes a specified domain controller DC1 (DC2 would also work) with all of its replication partners with repadmin /syncall. (D)

QUESTION 216
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a Clustered Shared Volume (CSV). A developer creates an Application named App1. App1 is NOT a cluster-aware Application. App1 stores data in the file system. You need to ensure that App1 runs in Cluster1. The solution must minimize development effort.
Which cmdlet should you run?

A.    Add-ClusterGenericServiceRole
B.    Add-ClusterServerRole
C.    Add-ClusterGenericApplicationRole
D.    Add-ClusterScaleOutFileServerRole

Answer: C
Explanation:
* Add-ClusterGenericApplicationRole
Configure high availability for an application that was not originally designed to run in a failover cluster.
* If you run an application as a Generic Application, the cluster software will start the application, then periodically query the operating system to see whether the application appears to be running. If so, it is presumed to be online, and will not be restarted or failed over.

QUESTION 217
You have a server named Server1 that runs Windows Server 2012 R2.
You start Server1 by using Windows PE.
You need to repair the Boot Configuration Data (BCD) store on Server1.
Which tool should you use?

A.    Bootim
B.    Bootsect
C.    Bootrec
D.    Bootcfg

Answer: C

QUESTION 218
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a Clustered Shared Volume (CSV). A developer creates an application named Appl. App1 is NOT a cluster-aware application. App1 stores data in the file system. You need to ensure that App1 runs in Cluster1. The solution must minimize development effort. Which cmdlet should you run?

A.    Add-ClusterServerRole
B.    Add-ClusterGenericServiceRole
C.    Add ClusterScaleOutFileServerRole
D.    Add ClusterGenericApplicationRole

Answer: D
Explanation:
* Add-ClusterGenericApplicationRole Configure high availability for an application that was not orig
inally designed to run in a failover cluster.
* If you run an application as a Generic Application, the cluster software will start the application, then periodically query the operating system to see whether the application appears to be running. If so, it is presumed to be online, and will not be restarted or failed over.

QUESTION 219
Hotspot Question
Your network contains three Application servers that run Windows Server 2012 R2. The Application servers have the Network Load Balancing (NLB) feature installed. You create an NLB cluster that contains the three servers. You plan to deploy an Application named App1 to the nodes in the cluster. App1 uses TCP port 8080 and TCP port 8081.
Clients will connect to App1 by using HTTP and HTTPS. When clients connect to App1 by using HTTPS, session state information will be retained locally by the cluster node that responds to the client request.
You need to configure a port rule for App1. Which port rule should you use? To answer, select the appropriate rule in the answer area.
 clip_image002[8]
Answer:
 clip_image002[10]

QUESTION 220
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. The servers have the Hyper- V server role installed.
A certification authority (CA) is available on the network. A virtual machine named vml.contoso.com is replicated from Server1 to Server2. A virtual machine named vm2.contoso.com is replicated from Server2 to Server1. You need to configure Hyper-V to encrypt the replication of the virtual machines. Which common name should you use for the certificates on each server? To answer, configure the appropriate common name for the certificate on each server in the answer area.
 clip_image001[24]

 clip_image001[26]
Answer:

clip_image001[28]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-412 Dump: http://www.braindump2go.com/70-412.html


Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(201-210)!

QUESTION 201
You have a server named Server1 that runs Windows Server 2012 R2. When you install a custom Application on Server1 and restart the server, you receive the following error message: “The Boot Configuration Data file is missing some required information.

File: \Boot\BCD
Error code: 0x0000034.”
You start Server1 by using Windows PE. You need to ensure that you can start Windows Server 2012 R2 on Server1.
Which tool should you use?

A.    Bootsect
B.    Bootim
C.    Bootrec
D.    Bootcfg

Answer: C
Explanation:
http://answers.microsoft.com/en-us/windows/forum/windows_7-system/error-code-0x0000034-in-windows-7/4dcb8d38-a206-40ed-bced-55e4a4de9bf2

QUESTION 202
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Rights Management Services server role installed. Your company works with a partner organization that does not have its own Active Directory Rights Management Services (AD RMS) implementation. You need to create a trust policy for the partner organization. The solution must meet the following requirements:
Grant users in the partner organization access to protected content. Provide users in the partner organization with the ability to create protected content. Which type of trust policy should you create?

A.    a federated trust
B.    Windows Live ID
C.    a trusted publishing domain
D.    a trusted user domain

Answer: A

QUESTION 203
Hotspot Question
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001
On DC1, you create an Active Directory-integrated zone named Zone1. You verify that Zone1 replicates to DC2.
You use DNSSEC to sign Zone1.
You discover that the updates to Zone1 fail to replicate to DC2.
You need to ensure that Zone1 replicates to DC2.
What should you configure on DC1?
To answer, select the appropriate tab in the answer area.
 clip_image001[4]
Answer:

clip_image001[6]

QUESTION 204
Hotspot Question
Your network contains two Hyper-V hosts that are configured as shown in the following table.
 clip_image001[8]
You create a virtual machine on Server1 named VM1.
You plan to export VM1 from Server1 and import VM1 to Server2. You need to ensure that you can start the imported copy of VM1 from snapshots.
What should you configure on VM1?
To answer, select the appropriate node in the answer area.
 clip_image002
Answer:

 clip_image002[4]
Note:
* If the CPUs are from the same manufacturer but not from the same type, you may need to use Processor Compatibility.
*(incorrect) The network adapter is already disconnected.

QUESTION 205
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[10]
You configure a user named User1 as a delegated administrator of DC10. You need to ensure that User1 can log on to DC10 if the network link between the Main site and the Branch site fails.
What should you do?

A.    On DC10, run ntdsutil and configure the settings in the Roles context.
B.    On DC10, run ntdsutil and configure the settings in the Local Roles context.
C.    Modify the properties of the DCIO computer account.
D.    Run repadmin and specify /replsingleobject parameter.

Answer: B
Explanation:
Modify the following policy:
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights
Assignment\Allow log on locally
Note:
* User Rights Assignment policies determines which users or groups have logon rights or privileges on the computer.
* Delegated administrator accounts gain local administrative permissions to the RODC. These users can operate with privileges equivalent to the local computer’s Administrators group. They are not members of the Domain Admins or the domain built-in Administrators groups. This option is useful for delegating branch office administration without giving out domain administrative permissions. Configuring delegation of administration is not required.

QUESTION 206
You have a server named Server1 that runs Windows Server 2012 R2. You install the File and Storage Services server role on Server1.
From Windows Explorer, you view the properties of a folder named Folder1 and you discover that the Classification tab is missing. You need to ensure that you can assign classifications to Folder1 from Windows Explorer manually.
What should you do?

A.    From Folder Options, clear Hide protected operating system files (Recommended).
B.    Install the File Server Resource Manager role service.
C.    From Folder Options, select the Always show menus.
D.    Install the Share and Storage Management Tools.

Answer: B
Explanation:
B. Classification Management is a feature of FSRM
http://technet.microsoft.com/en-us/library/dd759252.aspx
http://technet.microsoft.com/en-us/library/dd758759(v=WS.10).aspx

QUESTION 207
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains three Active Directory sites named SiteA, SiteB, and SiteC. The sites contain four domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[12]
An IP site link exits between each site.
You discover that the users in SiteC are authenticated by the domain controllers in SiteA and SiteB. You need to ensure that the SiteC users are authenticated by the domain controllers in SiteB, unless all of the domain controllers in SiteB are unavailable.
What should you do?

A.    Create an SMTP site link between SiteB and SiteC.
B.    Create additional connection objects for DC3 and DC4.
C.    Decrease the cost of the site link between SiteB and SiteC.
D.    Create additional connection objects for DC1 and DC2.

Answer: C
Explanation:
By decreasing the site link cost between SiteB and SiteC the SiteC users would be authenticated by SiteB rather than by SiteA.

QUESTION 208
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 have the Hyper-V server role installed. Server1 and Server2 are configured as Hyper-V replicas of each other. Server2 hosts a virtual machine named VM5. VM5 is replicated to Server1. You need to verify whether the replica of VM5 on Server1 is functional. The solution must ensure that VM5 remains accessible to clients.
What should you do from Hyper-V Manager?

A.    On a server in Cluster2, click Migrate Roles.
B.    On a server in Cluster2, configure Cluster-Aware Updating.
C.    On a server in Cluster1, click Move Core Cluster Resources, and then click Select Node.
D.    On a server in Cluster1, configure Cluster-Aware Updating.

Answer: B
Explanation:
Note:
* Cluster-Aware Updating (CAU) is an automated feature that allows you to update clustered servers with little or no loss in availability during the update process. During an Updating Run, CAU transparently performs the following tasks:
Puts each node of the cluster into node maintenance mode Moves the clustered roles off the node
Installs the updates and any dependent updates
Performs a restart if necessary
Brings the node out of maintenance mode
Restores the clustered roles on the node
Moves to update the next node
For many clustered roles (formerly called clustered applications and services) in the cluster, the automatic update process triggers a planned failover, and it can cause a transient service interruption for connected clients. However, in the case of continuously available workloads in Windows Server 2012 R2, such as Hyper-V with live migration or file server with SMB Transparent Failover, CAU can coordinate cluster updates with no impact to the service availability.

QUESTION 209
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a
failover cluster named Cluster1. Cluster1 has access to four physical disks. The disks are configured as shown in the following table.
 clip_image001[14]
You need to ensure that all of the disks can be added to a Cluster Shared Volume (CSV). Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Enable BitLocker on Disk4.
B.    Format Disk3 to use NTFS.
C.    Format Disk2 to use NTFS.
D.    Disable BitLocker on Disk1.

Answer: BC
Explanation:
You cannot use a disk for a CSV that is formatted with FAT, FAT32, or Resilient File System (ReFS).

QUESTION 210
Your network contains an Active Directory forest named contoso.com. The contoso.com domain only contains domain controllers that run Windows Server 2012 R2. The forest contains a child domain named child.contoso.com. The child.contoso.com domain only contains domain controllers that run Windows Server 2008 R2. The child.contoso.com domain contains a member server named Server1 that runs Windows Server 2012 R2. You have access to four administrative user accounts in the forest. The administrative user accounts are configured as shown in the following table.
 clip_image001[16]
You need to ensure that you can add a domain controller that runs Windows Server 2012 R2 to the child.contoso.com domain. Which account should you use to run adprep.exe?

A.    Admin1
B.    Admin2
C.    Admin3
D.    Admin4

Answer: C

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-412 Dump: http://www.braindump2go.com/70-412.html


Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(191-200)!

QUESTION 191
Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. The domains contain three domain controllers.
The domain controllers are configured as shown in the following table.
 clip_image001[52]
You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring setting is enforced in the child1.contoso.com domain.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Upgrade DC1 to Windows Server 2012 R2.
B.    Upgrade DC11 to Windows Server 2012 R2.
C.    Raise the domain functional level ofchildl.contoso.com,
D.    Raise the domain functional level of contoso.com.
E.    Raise the forest functional level of contoso.com.

Answer: BD

QUESTION 192
You have a server named Server1 that runs Windows Server 2012 R2. The storage on Server1 is configured as shown in the following table.
 clip_image001[54]
You plan to implement Data Deduplication on Server1. You need to identify on which drives you can enable Data Deduplication. Which three drives should you identify? (Each correct answer presents part of the solution. Choose three.)

A.    C
B.    D
C.    E
D.    F
E.    G

Answer: BDE
Explanation:
Volumes that are candidates for deduplication must conform to the following requirements:
* (not A) Must not be a system or boot volume. Deduplication is not supported on operating system volumes.
* Can be partitioned as a master boot record (MBR) or a GUID Partition Table (GPT), and must be formatted using the NTFS file system.
* Can reside on shared storage, such as storage that uses a Fibre Channel or an SAS array, or when an iSCSI SAN and Windows Failover Clustering is fully supported.
* Do not rely on Cluster Shared Volumes (CSVs). You can access data if a deduplicationenabled volume is converted to a CSV, but you cannot continue to process files for deduplication.
* (not C) Do not rely on the Microsoft Resilient File System (ReFS).
* Must be exposed to the operating system as non-removable drives. Remotely-mapped drives are not supported.
http://technet.microsoft.com/en-us/library/hh831700.aspx

QUESTION 193
You have 20 servers that run Windows Server 2012 R2.
You need to create a Windows PowerShell script that registers each server in Windows Azure Online Backup and sets an encryption passphrase. Which two PowerShell cmdlets should you run in the script? (Each correct answer presents part of the solution. Choose two.)

A.    New-OBPolicy
B.    New-OBRetentionPolicy
C.    Add-OBFileSpec
D.    Start-OBRegistration
E.    Set OBMachineSetting

Answer: DE
Explanation:
D: Start-OBRegistration
Registers the current computer with Windows Azure Online Backup using the credentials (username and password) created during enrollment.
E: The Set-OBMachineSetting cmdlet sets a OBMachineSetting object for the server that includes proxy server settings for accessing the internet, network bandwidth throttling settings, and the encryption passphrase that is required to decrypt the files during recovery to another server.
Incorrect:
Not C: The Add-OBFileSpec cmdlet adds the OBFileSpec object, which specifies the items to include or exclude from a backup, to the backup policy (OBPolicy object). The OBFileSpec object can include or exclude multiple files, folders, or volumes. T http://technet.microsoft.com/en-us/library/hh770416(v=wps.620).aspx
http://technet.microsoft.com/en-us/library/hh770425(v=wps.620).aspx http://technet.microsoft.com/en-us/library/hh770424.aspx
http://technet.microsoft.com/en-us/library/hh770398.aspx
http://technet.microsoft.com/en-us/library/hh770409.aspx

QUESTION 194
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
You need to ensure that a WIM file that is located on a network share is used as the installation source when installing server roles and features on Server1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Run the dism.exe command and specify the /remove-package parameter.
B.    Run the Remove-WindowsFeature cmdlet.
C.    Enable and configure the Specify settings for optional component installation and component repair
policy setting by using a Group Policy object (GPO).
D.    Enable the Enforce upgrade component rules policy setting by using a Group Policy object (GPO).
E.    Run the Remove-WindowsPackage cmdlet.

Answer: AC
Explanation:
A: To remove packages from an offline image by using DISM Example:
At a command prompt, specify the package identity to remove it from the image. You can remove multiple packages on one command line.
DISM /Image:C:\test\offline /Remove-Package
/PackageName:Microsoft.Windows.Calc.Demo~6595b6144ccf1df~x86~en~1.0.0.0 /PackageName:Microsoft-Windows-MediaPlayerPackage~31bf3856ad364e35~x86~~6.1.6801.0
C:
* You can use Group Policy to specify a Windows image repair source to use within your network. The repair source can be used to restore Windows features or to repair a corrupted Windows image.
* Set Group Policy
You can use Group Policy to specify when to use Windows Update, or a network location as a repair source for features on demand and automatic corruption repair. To configure Group Policy for Feature on Demand
Open the group policy editor. For example, on a computer that is running Windows?8, click Search, click Settings, type Edit Group Policy, and then select the Edit Group Policy setting.
Click Computer Configuration, click Administrative Templates, click System, and then double-click the Specify settings for optional component uninstallation and component repair setting. Select the settings that you want to use for Features on Demand.
Note:
* The Windows Imaging Format (WIM) is a file-based disk image format. It was developed by Microsoft to help deploy Windows Vista and subsequent versions of Windows operating system family, as well as Windows Fundamentals for Legacy PCs.

QUESTION 195
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. The functional level of the forest is Windows Server 2003. You have a domain outside the forest named litwareinc.com. You need to configure an access solution to meet the following requirements:
– Users in litwareinc.com must be able to access resources on a server named Server1 in contoso.com.
– Users in the contoso.com forest must be prevented from accessing any resources in litwareinc.com.
– Users in litwareinc.com must be prevented from accessing any other resources in the contoso.com forest.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

A.    Configure SID filtering on the trust.
B.    Configure forest-wide authentication on the trust.
C.    Create a one-way forest trust.
D.    Create a one-way external trust
E.    Modify the permission on the Server1 object.
F.    Configure selective authentication on the trust.

Answer: DEF
Explanation:
D (not C): litwareinc.com is outside the forest so we need an external trust (not a forest trust).
E: Must grant the required permissions on Server1.
F(not B): For external trust we must either select Domain-Wide or Selective Authentication (forst- wide authentication is not an option)
BCE
Note:
* You can create an external trust to form a one-way or two-way, nontransitive trust with domains that are outside your forest. External trusts are sometimes necessary when users need access to resources in a Windows NT 4.0 domain or in a domain that is located in a separate forest that is not joined by a forest trust.
/ To select the scope of authentication for users that are authenticating through a forest trust, click the forest trust that you want to administer, and then click Properties . On the Authentication tab, click either Forest-wide authentication or Selective authentication .
/ To select the scope of authentication for users that are authenticating through an external trust, click the external trust that you want to administer, and then click Properties . On the Authentication tab, click either Domain-wide authentication or Selective authentication .
* The forest-wide authentication setting permits unrestricted access by any users in the trusted forest to all available shared resources in any of the domains in the trusting forest.
* Forest-wide authentication is generally recommended for users within the same organization. Reference: Select the Scope of Authentication for Users
http://technet.microsoft.com/en-us/library/cc776245(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc755844(v=ws.10).aspx

QUESTION 196
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. All client computers run Windows 8. You need to configure a custom Access Denied message that will be displayed to users when they are denied access to folders or files on Server1.
What should you configure?

A.    A classification property
B.    The File Server Resource Manager Options
C.    A file management task
D.    A file screen template

Answer: B

QUESTION 197
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains three Active Directory sites named SiteA, SiteB, and SiteC. The sites contain four domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[56]
You discover that the users in SiteC are authenticated by the domain controllers in SiteA and SiteB. You need to ensure that the SiteC users are authenticated by the domain controllers in SiteB, unless all of the domain controllers in SiteB are unavailable. What should you do?

A.    Create additional connection objects for DC3 and DC4.
B.    Decrease the cost of the site link between SiteB and SiteC.
C.    Create a site link bridge.
D.    Disable site link bridging.

Answer: B
Explanation:
By decreasing the cost between SiteB and SiteC, the SiteC users will be authenticated by SiteB domain controllers.
Note:
* A site link bridge connects two or more site links and enables transitivity between site links. Each site link in a bridge must have a site in common with another site link in the bridge.
* By default, all site links are transitive.

QUESTION 198
Your network contains an Active Directory domain named contoso.com. The domain contains a. DC2 has the DHCP Server server role installed. DHCP is configured as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[64]
You discover that client computers cannot obtain IPv4 addresses from DC2. You need to ensure that the client computers can obtain IPv4 addresses from DC2. What should you do?

A.    Disable the Deny filters.
B.    Enable the Allow filters.
C.    Authorize DC2.
D.    Restart the DHCP Server service

Answer: C

QUESTION 199
Your network contains an Active Directory forest named adatum.com. All servers run Windows Server 2012 R2. The domain contains four servers. The servers are configured as shown in the following table.
 clip_image001[58]
You need to deploy IP Address Management (IPAM) to manage DNS and DHCP. On which server should you install IPAM?

A.    Server1
B.    Server2
C.    Server3
D.    Server4

Answer: D
Explanation:
D. IPAM cannot be installed on Domain Controllers. All other servers have the DC role http://technet.microsoft.com/en-us/library/hh831353.aspx
 clip_image001[60]

QUESTION 200
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA). All users in the domain are issued a smart card and are required to log on to their domain-joined client computer by using their smart card. A user named User1 resigned and started to work for a competing company. You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not prevent other users from logging on to the domain. Which tool should you use?

A.    Active Directory Users and Computers
B.    Server Manager
C.    The Certificates snap-in
D.    The Certification Authority console

Answer: D
Explanation:
You can use the Certification Authority console to configure CAs. This includes the following tasks:
(D) Scheduling certificate revocation list publication. Installing the CA certificate when necessary. Configuring exit module settings.
Configuring policy module settings.
Modifying security permissions and delegate control of CAs. Enabling optional Netscape-compatible Web-based revocation checking.
Reference: Configure Certification Authorities

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-412 Dump: http://www.braindump2go.com/70-412.html


Pages: 1 2 3