★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
70-412 Product Description:
Exam Number/Code: 70-412 vce
Exam name: Configuring Advanced Windows Server 2012 Services
n questions with full explanations
Certification: Microsoft Certification
Last updated on Global synchronizing
Verified of 70-412 exam engine materials and testing engine for Microsoft certification for IT engineers, Real Success Guaranteed with Updated 70-412 pdf dumps vce Materials. 100% PASS Configuring Advanced Windows Server 2012 Services exam Today!
2021 Apr 70-412 Study Guide Questions:
Q31. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed. Server1 has an IPv6 scope named Scope1.
You implement an additional DHCP server named Server2 that runs Windows Server 2012 R2.
You need to provide high availability for Scope1. The solution must minimize administrative effort.
What should you do?
A. Install and configure Network Load Balancing (NLB) on Server1 and Server2.
B. Create a scope on Server2.
C. Configure DHCP failover on Server1.
D. Install and configure Failover Clustering on Server1 and Server2.
Overview: Configure DHCP failover using the DHCP console To configure DHCP failover using the DHCP console, right-click a DHCP scope or right-click IPv4 and then click Configure Failover.
The Configure Failover wizard guides you through configuring DHCP failover on the
Note: The DHCP server failover feature, available in Windows Server 2012 and later,
provides the ability to have two DHCP servers provide IP addresses and option
configuration to the same subnet or scope, providing for continuous availability of DHCP
service to clients.
Not A. NLB is not related to DHCP scope availability.
Not B. DHCP failover requirements include:
DHCP Scopes requirement:
At least one IPv4 DHCP scope must be configured on the primary DHCP server.
The same DHCP scope ID, or an overlapping scope, must not be configured on the failover
Not D. Failover clustering is possibly, but would not minimize administration.
Reference: Deploy DHCP Failover
Q32. Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the Hyper-V server role installed.
You plan to replicate virtual machines between Server1 and Server2. The replication will be encrypted by using Secure Sockets Layer (SSL).
You need to request a certificate on Server1 to ensure that the virtual machine replication is encrypted.
Which two intended purposes should the certificate for Server1 contain? (Each correct answer presents part of the solution. Choose two.)
A. Client Authentication
B. Kernel Mode Code Signing
C. Server Authentication
D. IP Security end system
E. KDC Authentication
You need to use certificate-based authentication if you want transmitted data to be encrypted.
Replica Server Certificate Requirements
To enable a server to receive replication traffic, the certificate in the replica server must meet the following conditions
* Enhanced Key Usage must support both Client and Server authentication
Reference: Hyper-V Replica - Prerequisites for certificate based deployments
Q33. You have a server named LON-DC1 that runs Windows Server 2012 R2. An iSCSI virtual disk named VirtualiSCSI1.vhd exists on LON-DC1 as shown in the exhibit. (Click the Exhibit button.)
You create a new iSCSI virtual disk named VirtualiSCSI2.vhd by using the existing itgt
VirtualiSCSIl.vhd is removed from LON-DC1.
You need to assign VirtualiSCSI2.vhd a logical unit value of 0.
What should you do?
A. Run the Set-VirtualDisk cmdlet and specify the -Uniqueld parameter.
B. Run the Add-IscsiVirtualDiskTargetMapping cmdlet and specify the –Lun parameter.
C. Run the iscsicli command and specify the reportluns parameter.
D. Run the Set-IscsiVirtualDisk cmdlet and specify the –DevicePath parameter.
Explanation: The Add-IscsiVirtualDiskTargetMapping cmdlet assigns a virtual disk to an
iSCSI target. Once a virtual disk has been assigned to a target, and after the iSCSi initiator
connects to that target, the iSCSI initiator can access the virtual disk. All of the virtual disks
assigned to the same iSCSI target will be accessible by the connected iSCSI initiator.
Parameter include: -Lun<Int32>
Specifies the logical unit number (LUN) associated with the virtual disk. By default, the
lowest available LUN number will be assigned.
Q34. Your company has offices in Montreal, New York, and Amsterdam.
The network contains an Active Directory forest named contoso.com. An Active Directory site exists for each office. All of the sites connect to each other by using the DEFAULTIPSITELINK site link.
You need to ensure that only between 20:00 and 08:00, the domain controllers in the Montreal office replicate the Active Directory changes to the domain controllers in the Amsterdam office.
The solution must ensure that the domain controllers in the Montreal and the New York offices can replicate the Active Directory changes any time of day.
What should you do?
A. Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam from DEFAULTIPSITE1INK. Modify the schedule of DEFAULTIPSITELINK.
B. Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge. Modify the schedule of DEFAULTIPSITELINK.
C. Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam from DEFAULTIPSITELINK. Modify the schedule of the new site link.
D. Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge. Modify the schedule of the new site link.
We create a new site link between Montreal and Amsterdam and schedule it only between
20:00 and 08:00. To ensure that traffic between Montreal and Amsterdam only occurs at this time we also remove Amsterdam from the DEFAULTIPSITELINK.
Reference: How Active Directory Replication Topology Works
Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server2 that runs Windows Server 2012 R2. You are a member of the local Administrators group on Server2. You install an Active Directory Rights
Management Services (AD RMS) root cluster on Server2.
You need to ensure that the AD RMS cluster is discoverable automatically by the AD RMS
client computers and the users in contoso.com.
Which additional configuration settings should you configure? To answer, select the appropriate tab in the answer area.
Latest 70-412 sample question:
Q36. Your network contains two Web servers named Server1 and Server2. Both servers run Windows Server 2012 R2.
Server1 and Seiver2 are nodes in a Network Load Balancing (NLB) cluster. The NIB cluster contains an application named App1 that is accessed by using the URL http://app1.contoso.com.
You plan to perform maintenance on Server1.
You need to ensure that all new connections to App1 are directed to Server2. The solution must not disconnect the existing connections to Server1.
What should you run?
A. The Stop-NlbCluster cmdlet
B. The nlb.exe stop command
C. The Suspend-NlbCluster cmdlet
D. The nlb.exe suspend command
The Stop-NlbClusterNode cmdlet stops a node in an NLB cluster. When you use the stop the nodes in the cluster, client connections that are already in progress are interrupted. To avoid interrupting active connections, consider using the -drain parameter, which allows the node to continue servicing active connections but disables all new traffic to that node.
Your network contains an Active Directory domain named adatum.com. All servers run Windows Server 2012 R2. All domain controllers have the DNS Server server role installed.
You have a domain controller named DC1.
On DC1, you create an Active Directory-integrated zone named adatum.com and you sign
the zone by using DNSSEC.
You deploy a new read-only domain controller (RODC) named RODC1. You need to ensure that the contoso.com zone replicates to RODC1. What should you configure on DC1?
To answer, select the appropriate tab in the answer area.
Q38. Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2.
You create a user account named User1 in the domain.
You need to ensure that User1 can use Windows Server Backup to back up Server1. The solution must minimize the number of administrative rights assigned to User1.
What should you do?
A. Add User1 to the Backup Operators group.
B. Add User1 to the Power Users group.
C. Assign User1 the Backup files and directories user right and the Restore files and directories user right.
D. Assign User1 the Backup files and directories user right.
Backup Operators have these permissions by default:
However the question explicitly says we need to minimize administrative rights. Since the requirement is for backing up the data only--no requirement to restore or shutdown--then assigning the "Back up files and directories user right" would be the correct answer.
Reference: Default local groups
http://technet.microsoft.com/en-us/library/cc787956(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc756898(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc771990.aspx
Q39. Your company has a main office and a branch office.
The main office contains a file server named Server1. Server1 has the BranchCache for
Network Files role service installed. The branch office contains a server named Server2.
Server2 is configured as a BranchCache hosted cache server.
You need to preload the data from the file shares on Server1 to the cache on Server2.
What should you run first?
B. Add- BCDataCacheExtension
See step 2 below.
To prehash content and preload the content on hosted cache servers . Log on to the file or Web server that contains the data that you wish to preload, and identify the folders and files that you wish to load on one or more remote hosted cache servers. . Run Windows PowerShell as an Administrator. For each folder and file, run either the Publish-BCFileContent command or the Publish-BCWebContent command, depending on the type of content server, to trigger hash generation and to add data to a data package. . After all the data has been added to the data package, export it by using the Export-BCCachePackage command to produce a data package file. . Move the data package file to the remote hosted cache servers by using your choice of file transfer technology. FTP, SMB, HTTP, DVD and portable hard disks are all viable transports. . Import the data package file on the remote hosted cache servers by using the Import-BCCachePackage command.
Reference: Prehashing and Preloading Content on Hosted Cache Servers (Optional)
Q40. Your network contains an Active Directory domain named contoso.com. The domain contains two sites named Site1 and Site2 and two domain controllers named DC1 and DC2. Both domain controllers are located in Site1.
You install an additional domain controller named DC3 in Site1 and you ship DC3 to Site2.
A technician connects DC3 to Site2.
You discover that users in Site2 are authenticated by all three domain controllers.
You need to ensure that the users in Site2 are authenticated by DC1 or DC2 only if DC3 is unavailable.
What should you do?
A. From Network Connections, modify the IP address of DC3.
B. In Active Directory Sites and Services, modify the Query Policy of DC3.
C. From Active Directory Sites and Services, move DC3.
D. In Active Directory Users and Computers, configure the insDS-PrimaryComputer attribute for the users in Site2.
DC3 needs to be moved to Site2 in AD DS
Not A. Modifying IP will not affect authentication
Not B. A query policy prevents specific Lightweight Directory Access Protocol (LDAP)
operations from adversely impacting the performance of the domain controller and also
makes the domain controller more resilient to denial-of-service attacks.
Reference: Move a domain controller between sites
Vivid 70-412 braindump:
Q41. You have a DNS server named Server1 that runs Windows Server 2012 R2. Server1 has the zones shown in the following output.
You need to delegate permissions to modify the records in the adatum.com zone to a group named Group1.
What should you do first?
A. Enable the distribution of the trust anchors for adatum.com.
B. Unsign adatum.com.
C. Store adatum.com in Active Directory.
D. Update the server data file for adatum.com.
Explanation: From the exhibit we see that the adatum.com zone is signed.
A trust anchor (or trust “point”) is a public cryptographic key for a signed zone. Trust
anchors must be configured on every non-authoritative DNS server that will attempt to
validate DNS data. You cannot distribute trust anchors until after a zone is signed.
Reference: Trust Anchors
Q42. You have a Hyper-V host named Server1 that runs Windows Server 2012 R2. Server1 contains a virtual machine named VM1 that runs Windows Server 2012 R2.
You fail to start VM1 and you suspect that the boot files on VM1 are corrupt.
On Server1, you attach the virtual hard disk (VHD) of VM1 and you assign the VHD a drive
letter of F.
You need to repair the corrupt boot files on VM1. What should you run?
A. bootrec.exe /rebuildbcd
B. bootrec.exe /scanos
C. bcdboot.exe f:windows /s c:
D. bcdboot.exe c:windows /s f:
Enables you to quickly set up a system partition, or to repair the boot environment located on the system partition. The system partition is set up by copying a simple set of Boot Configuration Data (BCD) files to an existing empty partition.
Reference: BCDboot Command-Line Options
Q43. You have a server named Server1 that runs Windows Server 2012 R2.
You start Server1 by using Windows RE.
You need to repair the Boot Configuration Data (BCD) store on Server1.
Which tool should you use?
Q44. Your network contains one Active Directory domain named contoso.com. The domain contains the domain controllers configured as shown in the following table.
The functional level of the domain and the forest is Windows Server 2008.
An administrator named Admin1 is a member of the Domain Admins group.
You need to ensure that Admin1 can deploy a Windows Server 2012 R2 domain controller to contoso.com.
What should you do?
A. Raise the forest functional level.
B. Run the Set-ADForestMode cmdlet.
C. Raise the domain functional level.
D. Run the adprep.exe command.
Explanation: Adprep.exe commands run automatically as needed as part of the AD DS installation process on servers that run Windows Server 2012 or later. The commands need to run in the following cases:
* Before you add the first domain controller that runs a version of Windows Server that is later than the latest version that is running in your existing domain.
* Before you upgrade an existing domain controller to a later version of Windows Server, if that domain controller will be the first domain controller in the domain or forest to run that version of Windows Server.
Reference: Running Adprep.exe
Q45. You have a server named Server1 that runs Windows Server 2012 R2. Server1 is located in the perimeter network and has the DNS Server server role installed.
Server1 has a zone named contoso.com.
You App1y a security template to Server1.
After you App1y the template, users report that they can no longer resolve names from contoso.com.
On Server1, you open DNS Manager as shown in the DNS exhibit. (Click the Exhibit button.)
On Server1, you open Windows Firewall with Advanced Security as shown in the Firewall exhibit. (Click the Exhibit button.)
You need to ensure that users can resolve contoso.com names.
What should you do?
A. From Windows Firewall with Advanced Security, disable the DNS (TCP, Incoming) rule and the DNS (UDP, Incoming) rule.
B. From DNS Manager, modify the Zone Transfers settings of the contoso.com zone.
C. From DNS Manager, unsign the contoso.com zone.
D. From DNS Manager, modify the Start of Authority (SOA) of the contoso.com zone.
E. From Windows Firewall with Advanced Security, modify the profiles of the DNS (TCP, Incoming) rule and the DNS (UDP, Incoming) rule.
To configure Windows Firewall on a managed DNS server . On the Server Manager menu, click Tools and then click Windows Firewall with Advanced Security. . Right-click Inbound Rules, and then click New Rule. The New Inbound Rule Wizard will launch. . In Rule Type, select Predefined, choose DNS Service from the list, and then click Next. . In Predefined Rules, under Rules, select the checkboxes next to the following
rules: . Click Next, choose Allow the connection, and then click Finish. . Right-click Inbound Rules, and then click New Rule. The New Inbound Rule
Wizard will launch. etc.
Reference: Manually Configure DNS Access Settings
see more 70-412 dumps