15 tips on How to 70-412 Test Like a Badass [136 to 150]


♥♥ 2017 NEW RECOMMEND ♥♥

Free VCE & PDF File for Microsoft 70-412 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-412 Exam Dumps (PDF & VCE):
Available on: http://www.certleader.com/70-412-dumps.html


70-412 Product Description:
Exam Number/Code: 70-412 vce
Exam name: Configuring Advanced Windows Server 2012 Services
n questions with full explanations
Certification: Microsoft Certification
Last updated on Global synchronizing

Instant Access to Free VCE Files: Microsoft 70-412 Configuring Advanced Windows Server 2012 Services

70-412 examcollection

Actual of 70-412 dumps materials and testing software for Microsoft certification for IT specialist, Real Success Guaranteed with Updated 70-412 pdf dumps vce Materials. 100% PASS Configuring Advanced Windows Server 2012 Services exam Today!

2016 Apr 70-412 Study Guide Questions:

Q136. HOTSPOT 

You have a file server named Server1 that runs Windows Server 2012 R2. 

You need to ensure that you can use the NFS Share - Advanced option from the New 

Share Wizard in Server Manager. 

Which two role services should you install? 

To answer, select the appropriate two role services in the answer area. 


Answer: 



Q137. Your network contains an Active Directory domain named contoso.com. 

A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS) on a server named Server1. 

After the proof of concept was complete, the Active Directory Rights Management Services server role was removed. 

You attempt to deploy AD RMS. 

During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service Connection Point (SCP) was found. 

You need to ensure that clients will only attempt to establish connections to the new AD RMS deployment. 

Which should you do? 

A. From DNS, remove the records for Server1. 

B. From DNS, increase the priority of the DNS records for the new deployment of AD RMS. 

C. From Active Directory, remove the computer object for Server1. 

D. From Active Directory, remove the SCP. 

Answer: D 

Explanation: The Active Directory Rights Management Services (AD RMS) Service Connection Point (SCP) is an object in Active Directory that holds the web address of the AD RMS certification cluster. AD RMS-enabled applications use the SCP to discover the AD RMS service; it is the first connection point for users to discover the AD RMS web services. 

Only one SCP can exist in your Active Directory forest. If you try to install AD RMS and an SCP already exists in your forest from a previous AD RMS installation that was not properly deprovisioned, the new SCP will not install properly. It must be removed before you can establish the new SCP. 

Reference: The AD RMS Service Connection Point 

http://social.technet.microsoft.com/wiki/contents/articles/710.the-ad-rms-service-connection-point.aspx 


Q138. Your network contains an Active directory forest named contoso.com. The forest contains two child domains named east.contoso.com and west.contoso.com. 

You install an Active Directory Rights Management Services (AD RMS) cluster in each child domain. 

You discover that all of the users in the contoso.com forest are directed to the AD RMS cluster in east.contoso.com. 

You need to ensure that the users in west.contoso.com are directed to the AD RMS cluster in west.contoso.com and that the users in east.contoso.com are directed to the AD RMS cluster in east.contoso.com. 

What should you do? 

A. Modify the Service Connection Point (SCP). 

B. Configure the Group Policy object (GPO) settings of the users in the west.contoso.com domain. 

C. Configure the Group Policy object (GPO) settings of the users in the east.contoso.com domain. 

D. Modify the properties of the AD RMS cluster in west.contoso.com. 

Answer: B 

Explanation: 

The west.contoso.com are the ones in trouble that need to be redirected to the west.contoso.com not the east.contoso.com. 

Note: It is recommended that you use GPO to deploy AD RMS client settings and that you only deploy settings as needed. 

Reference: AD RMS Best Practices Guide 


Q139. Your network contains an Active Directory domain named contoso.com. The domain 

contains a certification authority (CA). 

You suspect that a certificate issued to a Web server is compromised. 

You need to minimize the likelihood that users will trust the compromised certificate. 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. Stop the Certificate Propagation service. 

B. Modify the validity period of the Web Server certificate template. 

C. Run certutil and specify the -revoke parameter. 

D. Run certutil and specify the -deny parameter. 

E. Publish the certificate revocation list (CRL). 

Answer: C,E 

Explanation: First revoke the certificate, then publish the CRL. 


Q140. Your network contains an Active Directory domain named contoso.com. 

A previous administrator implemented a Proof of Concept installation of Active Directory 

Rights Management Services (AD RMS). 

After the proof of concept was complete, the Active Directory Rights Management Services 

server role was removed. 

You attempt to deploy AD RMS. 

During the configuration of AD RMS, you receive an error message indicating that an 

existing AD RMS Service Connection Point (SCP) was found. 

You need to remove the existing AD RMS SCP. 

Which tool should you use? 

A. Active Directory Users and Computers 

B. Authorization Manager 

C. Active Directory Domains and Trusts 

D. Active Directory Sites and Services 

E. Active Directory Rights Management Services 

Answer: E 

Explanation: 

ADRMS will registered the Service Connection Point (SCP) in Active Directory and you will need to unregister first before you remove the ADRMS server role. 

If your ADRMS server is still alive, you can easily manually remove the SCP by below: 


http://www.rickygao.com/wp-content/uploads/2013/08/080513_1308_Howtomanual1.png 


http://www.rickygao.com/wp-content/uploads/2013/08/080513_1308_Howtomanual2.png Reference: How to manually remove or reinstall ADRMS 


70-412 exam prep

Abreast of the times 70-412 study guide:

Q141. Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 are configured as shown in the following table. 


You need to ensure that when new targets are added to Server1, the targets are registered on Server2 automatically. 

What should you do on Server1? 

A. Configure the Discovery settings of the iSCSI initiator. 

B. Configure the security settings of the iSCSI target. 

C. Run the Set-WmiInstance cmdlet. 

D. Run the Set-IscsiServerTarget cmdlet. 

Answer: C 

Explanation: 

Explanation/Reference: 

Manage iSNS server registration 

The iSNS server registration can be done using the following cmdlets, which manages the 

WMI objects. 

To add an iSNS server: 

Set-WmiInstance -Namespace root\wmi -Class WT_iSNSServer –Arguments 

@{ServerName="ISNSservername"} 

Note: The Set-WmiInstance cmdlet creates or updates an instance of an existing WMI 

class. The created or updated instance is written to the WMI repository. 

Reference: iSCSI Target cmdlet reference 

http://blogs.technet.com/b/filecab/archive/2012/06/08/iscsi-target-cmdlet-reference.aspx 


Q142. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain 

contains a server named Server2 that runs Windows Server 2012 R2. You are a member of the local Administrators group on Server2. You install an Active Directory Rights 

Management Services (AD RMS) root cluster on Server2. 

You need to ensure that the AD RMS cluster is discoverable automatically by the AD RMS 

client computers and the users in contoso.com. 

Which additional configuration settings should you configure? To answer, select the appropriate tab in the answer area. 


Answer: 



Q143. Your network contains one Active Directory domain. The domain contains two Hyper-V 

hosts named Host1 and Host2 that run Windows Server 2012 R2. 

Host1 contains a virtual machine named VM1. 

You plan to move VM1 to Host2. 

You need to generate a report that lists any configuration issues on Host2 that will prevent 

VM1 from being moved successfully. 

Which cmdlet should you use? 

A. Move-VM 

B. Test-VHD 

C. Debug-VM 

D. Compare-VM 

Answer: C 

Reference: Technet, Compare-VM https://technet.microsoft.com/en-us/library/hh848612(v=wps.630).aspx 


Q144. Your network contains an Active Directory forest. The forest contains one domain named contoso.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table. 


DC1 has all of the operations master roles installed. 

You transfer all of the operations master roles to DC2, and then you uninstall Active Directory from DC1. 

You need to ensure that you can use Password Settings objects (PSOs) in the domain. 

What should you do? 

A. Change the domain functional level. 

B. Upgrade DC2. 

C. Run the dcgpofix.exe command. 

D. Transfer the schema master role. 

Answer: A 

Explanation: 

The domain functional level must be Windows Server 2008 to use PSO's 

Requirements and special considerations for fine-grained password and account lockout policies: 

* Domain functional level: The domain functional level must be set to Windows Server 2008 

or higher. 

Etc. 

Incorrect: 

Not B. DC2 is also Windows Server 2008. 

Not C. Recreates the default Group Policy Objects (GPOs) for a domain 

Not D. Schema isn't up to right level 

Reference: AD DS: Fine-Grained Password Policies 

http://technet.microsoft.com/en-us/library/cc770394(v=ws.10).aspx 


Q145. Your network contains an Active Directory forest. The forest contains one domain named adatum.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table. 


DC2 has all of the domain-wide operations master roles. DC3 has all of the forest-wide operation master roles. 

You need to ensure that you can use Password Settings objects (PSOs) in the domain. 

What should you do first? 

A. Uninstall Active Directory from DC1. 

B. Change the domain functional level. 

C. Transfer the domain-wide operations master roles. 

D. Transfer the forest-wide operations master roles. 

Answer: A 

Explanation: 

In Windows Server 2008 and later, you can use fine-grained password policies to specify multiple password policies and apply different password restrictions and account lockout policies to different sets of users within a single domain. 

Note: In Microsoft Windows 2000 and Windows Server 2003 Active Directory domains, you could apply only one password and account lockout policy, which is specified in the domain's Default Domain Policy, to all users in the domain. As a result, if you wanted different password and account lockout settings for different sets of users, you had to either create a password filter or deploy multiple domains. Both options were costly for different reasons. 

Reference: AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide 


70-412 test questions

Verified 70-412 training materials:

Q146. Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the Hyper-V server role installed. 

You plan to replicate virtual machines between Server1 and Server2. The replication will be encrypted by using Secure Sockets Layer (SSL). 

You need to request a certificate on Server1 to ensure that the virtual machine replication is encrypted. 

Which two intended purposes should the certificate for Server1 contain? (Each correct answer presents part of the solution. Choose two.) 

A. Client Authentication 

B. Kernel Mode Code Signing 

C. Server Authentication 

D. IP Security end system 

E. KDC Authentication 

Answer: A,C 

Explanation: 

You need to use certificate-based authentication if you want transmitted data to be encrypted. 

Replica Server Certificate Requirements 

To enable a server to receive replication traffic, the certificate in the replica server must meet the following conditions 

* Enhanced Key Usage must support both Client and Server authentication 

Etc. 

Reference: Hyper-V Replica - Prerequisites for certificate based deployments 

http://blogs.technet.com/b/virtualization/archive/2012/03/13/hyper-v-replica-certificate-requirements.aspx 


Q147. HOTSPOT 

Your company has a primary data center and a disaster recovery data center. 

The network contains an Active Directory domain named contoso.com. The domain 

contains a server named that runs Windows Server 2012 R2. Server1 is located in the 

primary data center. 

Server1 has an enterprise root certification authority (CA) for contoso.com. 

You deploy another server named Server2 to the disaster recovery data center. 

You plan to configure Server2 as a secondary certificate revocation list (CRL) distribution point. 

You need to configure Server2 as a CRL distribution point (CDP). 

Which tab should you use to configure the required CDP entry? To answer, select the appropriate tab in the answer area. 


Answer: 



Q148. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 and a member server named Server1. Server1 

has the IP Address Management (IPAM) Server feature installed. 

On Dc1, you configure Windows Firewall to allow all of the necessary inbound ports for 

IPAM. 

On Server1, you open Server Manager as shown in the exhibit. (Click the Exhibit button.) 


You need to ensure that you can use IPAM on Server1 to manage DNS on DC1. 

What should you do? 

A. Modify the outbound firewall rules on Server1. 

B. Modify the inbound firewall rules on Server1. 

C. Add Server1 to the Remote Management Users group. 

D. Add Server1 to the Event Log Readers group. 

Answer: D 

Explanation: 

To access configuration data and server event logs, the IPAM server must be a member of the domain IPAM Users Group (IPAMUG). The IPAM server must also be a member of the Event Log Readers security group. 

Note: The computer account of the IPAM server must be a member of the Event Log Readers security group. 

Reference: Manually Configure DC and NPS Access Settings. http://technet.microsoft.com/en-us/library/jj878317.aspx http://technet.microsoft.com/en-us/library/jj878313.aspx


Q149. DRAG DROP 

Your network contains an Active Directory forest. The forest contains a single domain named contoso.com. 

The forest contains two Active Directory sites named Main and Branch1. The sites connect to each other by using a site link named Main-Branch1. There are no other site links. 

Each site contains several domain controllers. All domain controllers run Windows Server 2012 R2. Your company plans to open a new branch site named Branch2. The new site will have a WAN link that connects to the Main site only. The site will contain two domain controllers that run Windows Server 2012 R2. 

You need to create a new site and a new site link for Branch2. The solution must ensure that the domain controllers in Branch2 only replicate to the domain controllers in Branch1 if all of the domain controllers in Main are unavailable. 

Which three actions should you perform? 

To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order. 


Answer: 



Q150. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. 

Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. 

You add two additional nodes to Cluster1. 

You have a folder named Folder1 on Server1 that contains Application data. 

You plan to provide continuously available access to Folder1. 

You need to ensure that all of the nodes in Cluster1 can actively respond to the client requests for Folder1. 

What should you configure? 

A. Affinity-None 

B. Affinity-Single 

C. The cluster quorum settings 

D. The failover settings 

E. A file server for general use 

F. The Handling priority 

G. The host priority 

H. Live migration 

I. The possible owner 

J. The preferred owner 

K. Quick migration 

L. The Scale-Out File Server 

Answer: L 

Explanation: 

Scale-Out File Server is a feature that is designed to provide scale-out file shares that are continuously available for file-based server application storage. Scale-out file shares provides the ability to share the same folder from multiple nodes of the same cluster. 

Note: You can deploy and configure a clustered file server by using either of the following methods: 

* Scale-Out File Server for Application data (Scale-Out File Server) 

* File Server for general use 

Scale-Out File Server for Application data (Scale-Out File Server) This clustered file server is introduced in Windows Server 2012 R2 and lets you store server Application data, such as Hyper-V virtual machine files, on file shares, and obtain a similar level of reliability, availability, manageability, and high performance that you would expect from a storage area network. All file shares are online on all nodes simultaneously. File shares associated with this type of clustered file server are called scale-out file shares. This is sometimes referred to as active-active. 

Reference: Scale-Out File Server for Application Data Overview 

http://technet.microsoft.com/en-us/library/hh831349.aspx 



see more Configuring Advanced Windows Server 2012 Services