Tips to Pass 70-412 Exam (91 to 105)


♥♥ 2017 NEW RECOMMEND ♥♥

Free VCE & PDF File for Microsoft 70-412 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-412 Exam Dumps (PDF & VCE):
Available on: http://www.certleader.com/70-412-dumps.html


70-412 Product Description:
Exam Number/Code: 70-412 vce
Exam name: Configuring Advanced Windows Server 2012 Services
n questions with full explanations
Certification: Microsoft Certification
Last updated on Global synchronizing

Instant Access to Free VCE Files: Microsoft 70-412 Configuring Advanced Windows Server 2012 Services

70-412 examcollection

Validated of 70-412 exam topics materials and bootcamp for Microsoft certification for IT candidates, Real Success Guaranteed with Updated 70-412 pdf dumps vce Materials. 100% PASS Configuring Advanced Windows Server 2012 Services exam Today!

2016 Apr 70-412 Study Guide Questions:

Q91. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. 

Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 has access to four physical disks. The disks are configured as shown in the following table. 


You need to ensure that all of the disks can be added to a Cluster Shared Volume (CSV). 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. Format Disk2 to use NTFS. 

B. Format Disk3 to use NTFS. 

C. Enable BitLocker on Disk4. 

D. Disable BitLocker on Disk1. 

Answer: A,D 

Explanation: 

A. In Windows Server 2012 R2, a disk or storage space for a CSV volume must be a basic disk that is partitioned with NTFS or ReFS, but you cannot use a disk for a CSV that is formatted with FAT or FAT32. 

D. CSV supports bitlocker, but you would have to enable it on all nodes in the cluster. Therefore we need to disable bitlocker on Disk1. 

Incorrect: 

Not B. ReFS would work fine. In Windows Server 2012 R2, a disk or storage space for a 

CSV volume must be a basic disk that is partitioned with NTFS or ReFS. 

Not C. Bitlocker must be enabled on all disks for it to work for a CSV. 

Reference: Use Cluster Shared Volumes in a Failover Cluster 

https://technet.microsoft.com/en-us/library/jj612868.aspx 

Reference: How to Configure BitLocker Encrypted Clustered Disks in Windows Server 

2012 

http://blogs.msdn.com/b/clustering/archive/2012/07/20/10332169.aspx 


Q92. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed. 

An administrator installs the IP Address Management (IPAM) Server feature on a server named Server2. The administrator configures IPAM by using Group Policy based provisioning and starts server discovery. 

You plan to create Group Policies for IPAM provisioning. 

You need to identify which Group Policy object (GPO) name prefix must be used for IPAM Group Policies. 

What should you do on Server2? 

A. From Server Manager, review the IPAM overview. 

B. Run the ipamgc.exe tool. 

C. From Task Scheduler, review the IPAM tasks. 

D. Run the Get-IpamConfiguration cmdlet. 

Answer: D 

Explanation: 

Example: 


http://i.imgur.com/YcHLXhr.jpg 


Q93. You have an Active Directory Rights Management Services (AD RMS) cluster. 

You need to prevent users from encrypting new content. The solution must ensure that the users can continue to decrypt content that was encrypted already. 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. From the Active Directory Rights Management Services console, enable decommissioning. 

B. From the Active Directory Rights Management Services console, create a user exclusion policy. 

C. Modify the NTFS permissions of %systemdrive%\inetpub\wwwroot\_wmcs\licensing. 

D. Modify the NTFS permissions of %systemdrive%\inetpub\wwwroot\_wmcs\decommission. 

E. From the Active Directory Rights Management Services console, modify the rights policy templates. 

Answer: A,D 

Explanation: 

* Decommissioning refers to the entire process of removing the AD RMS cluster and its 

associated databases from an organization. This process allows you to save rights-

protected files as ordinary files before you remove AD RMS from your infrastructure so that 

you do not lose access to these files. 

Decommissioning an AD RMS cluster is achieved by doing the following: 

/ Enable the decommissioning service. (A) 

/ Modify permissions on the decommissioning pipeline. 

/ Configure the AD RMS-enabled application to use the decommissioning pipeline. 

* To modify the permissions on the decommissioning pipeline 

1. Log on to ADRMS-SRV as cpandl\administrator. 

2. Click Start, type %systemdrive%\inetpub\wwwroot\_wmcs in the Start Search box, and 

then press ENTER. 

3. Right-click the decommission folder, and then click Properties. 

4. Click the Security tab, click Edit, and then click Add. (D) 

Etc. 

Reference: Step 1: Decommission AD RMS Root Cluster 


Q94. Your network contains an Active Directory domain named adatum.com. The domain contains two sites named Site1 and Site2 and two domain controllers named DC1 and DC2. DC1 is located in Site1 and DC2 is located in Site2. 

You install an additional domain controller named DC3 in Site1 and you ship DC3 to Site2. 

A technician connects DC3 to Site2. 

You discover that users in Site2 are authenticated only by DC2. 

You need to ensure that the users in Site2 are authenticated by both DC2 and DC3. 

What should you do? 

A. In Active Directory Users and Computers, configure the msDS-PrimaryComputer attribute for DC3. 

B. In Active Directory Users and Computers, configure the msDS-Site-Affinity attribute for DC3. 

C. From Active Directory Sites and Services, move DC3. 

D. From Active Directory Sites and Services, modify the site link between Site1 and Site2. 

Answer: C 

Explanation: 

DC3 needs to be moved to Site2 in AD DS 

Reference: Move a domain controller between sites 

http://technet.microsoft.com/en-us/library/cc759326(v=ws.10).aspx 


Q95. Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as a standalone certification authority (CA). 

You install a second server named Server2. You install the Online Responder role service on Server2. 

You need to ensure that Server1 can issue an Online Certificate Status Protocol (OCSP) Response Signing certificate to Server2. 

What should you run on Server1? 

A. The certreq.exe command and specify the -policy parameter 

B. The certutil.exe command and specify the -getkey parameter 

C. The certutil.exe command and specify the -setreg parameter 

D. The certreq.exe command and specify the -retrieve parameter 

Answer: C 

Explanation: To prepare a computer running Windows Server to issue OCSP Response Signing certificates 

On the server hosting the CA, open a command prompt, and type: certutil -v -setreg policy\EnableRequestExtensionList +1.3.6.1.5.5.7.48.1.5 Stop and restart the CA. You can do this at a command prompt by running the following commands: net stop certsvc 

net start certsvc 

Reference: Configure a CA to Support OCSP Responders 

https://technet.microsoft.com/en-us/library/cc732526.aspx 


70-412  exam topics

Update 70-412 actual exam:

Q96. You have 30 servers that run Windows Server 2012 R2. 

All of the servers are backed up daily by using Windows Azure Online Backup. 

You need to perform an immediate backup of all the servers to Windows Azure Online 

Backup. 

Which Windows PowerShell cmdlets should you run on each server? 

A. Get-OBPolicy | StartOBBackup 

B. Start-OBRegistration | StartOBBackup 

C. Get-WBPolicy | Start-WBBackup 

D. Get-WBBackupTarget | Start-WBBackup 

Answer: A 

Explanation: 

This example starts a backup job using a policy. 

Windows PowerShell 

PS C:\> Get-OBPolicy | Start-OBBackup 

Incorrect: 

Not B. Registers the current computer to Windows Azure Backup. 

Not C. Not using Azure 

Not D. Not using Azure 

Reference: Start-OBBackup 

http://technet.microsoft.com/en-us/library/hh770406(v=wps.620).aspx 


Q97. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. 

The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA). 

All users in the domain are issued a smart card and are required to log on to their domain-joined client computer by using their smart card. 

A user named User1 resigned and started to work for a competing company. 

You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not prevent other users from logging on to the domain. 

Which tool should you use? 

A. Active Directory Users and Computers 

B. Server Manager 

C. The Certificates snap-in 

D. Active Directory Administrative Center 

Answer: D 

Explanation: 

To disable or enable a user account using Active Directory Administrative Center 

1. To open Active Directory Administrative Center, click Start , click Administrative Tools , 

and then click Active Directory Administrative Center . 

To open Active Directory Users and Computers in Windows Server 2012, click Start , type 

dsac.exe. 

2. In the navigation pane, select the node that contains the user account whose status you 

want to change. 

3. In the management list, right-click the user whose status you want to change. 

4. Depending on the status of the user account, do one of the following: . uk.co.certification.simulator.questionpool.PList@ef38f20 

Reference: Disable or Enable a User Account 


Q98. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed. 

You attempt to delete a classification property and you receive the error message as shown in the exhibit. (Click the Exhibit button.) 


You need to delete the isConfidential classification property. 

What should you do? 

A. Delete the classification rule that is assigned the isConfidential classification property. 

B. Disable the classification rule that is assigned the isConfidential classification property. 

C. Set files that have an isConfidential classification property value of Yes to No. 

D. Clear the isConfidential classification property value of all files. 

Answer: A 

Explanation: 

You would have to delete the classification rule in order to delete the classification property. 


Q99. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012 R2. 

You plan to implement a new Active Directory forest. The new forest will be used for testing and will be isolated from the production network. 

In the test network, you deploy a server named Server1 that runs Windows Server 2012 R2. 

You need to configure Server1 as a new domain controller in a new forest named contoso.test. 

The solution must meet the following requirements: 

. The functional level of the forest and of the domain must be the same as that of contoso.com. . Server1 must provide name resolution services for contoso.test. 

What should you do? 

To answer, configure the appropriate options in the answer area. 



Answer: 



Q100. HOTSPOT 

You have a server named Server1 that runs Windows Server 2012 R2. 

You are configuring a storage space on Server1. 

You need to ensure that the storage space supports tiered storage. 

Which settings should you configure? 

To answer, select the appropriate options in the answer area. 



Answer: 



certleader.com

Guaranteed 70-412 :

Q101. Your network contains an Active Directory domain named contoso.com. The domain contains a file server named File1 that runs a Server Core Installation of Windows Server 2012 R2. 

File1 has a volume named D that contains home folders. File1 creates a shadow copy of volume D twice a day. 

You discover that volume D is almost full. 

You add a new volume named H to File1. 

You need to ensure that the shadow copies of volume D are stored on volume H. 

Which command should you run? 

A. The Set-Volume cmdlet with the -driveletter parameter 

B. The vssadmin.exe create shadow command 

C. The Set-Volume cmdlet with the -path parameter 

D. The vssadmin.exe add shadowstorage command 

Answer: D 

Explanation: 

Add ShadowStorage 

Adds a shadow copy storage association for a specified volume. 

Incorrect: 

Not A. Sets or changes the file system label of an existing volume. -DriveLetter Specifies a 

letter used to identify a drive or volume in the system. 

Not B. Create Shadow 

Creates a new shadow copy of a specified volume. 

Not C. Sets or changes the file system label of an existing volume -Path Contains valid 

path information. 

Reference: Vssadmin; Set-Volume 

http://technet.microsoft.com/en-us/library/cc754968(v=ws.10).aspx 

http://technet.microsoft.com/en-us/library/hh848673(v=wps.620).aspx 


Q102. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains two Active Directory sites named Site1 and Site2. 

You discover that when the account of a user in Site1 is locked out, the user can still log on to the servers in Site2 for up to 15 minutes by using Remote Desktop Services (RDS). 

You need to reduce the amount of time it takes to synchronize account lockout information across the domain. 

Which attribute should you modify? 

To answer, select the appropriate attribute in the answer area. 


Answer: 



Q103. Your network contains two Active Directory forests named contoso.com and adatum.com. 

Contoso.com contains one domain. Adatum.com contains a child domain named child.adatum.com. 

Contoso.com has a one-way forest trust to adatum.com. Selective authentication is enabled on the forest trust. 

Several user accounts are migrated from child.adatum.com to adatum.com. 

Users report that after the migration, they fail to access resources in contoso.com. The users successfully accessed the resources in contoso.com before the accounts were migrated. 

You need to ensure that the migrated users can access the resources in contoso.com. 

What should you do? 

A. Replace the existing forest trust with an external trust. 

B. Run netdom and specify the /quarantine attribute. 

C. Disable SID filtering on the existing forest trust. 

D. Disable selective authentication on the existing forest trust. 

Answer: C 

Explanation: 

Security Considerations for Trusts Need to gain access to the resources in contoso.com 

Disabling SID Filter Quarantining on External Trusts Although it reduces the security of your forest (and is therefore not recommended), you can disable SID filter quarantining for an external trust by using the Netdom.exe tool. You should consider disabling SID filter quarantining only in the following situations: 

* Users have been migrated to the trusted domain with their SID histories preserved, and 

you want to grant them access to resources in the trusting domain based on the SID history 

attribute. 

Etc. 

Incorrect: 

Not B. Enables administrators to manage Active Directory domains and trust relationships 

from the command prompt, /quarantine Sets or clears the domain quarantine. 

Not D. Selective authentication over a forest trust restricts access to only those users in a 

trusted forest who have been explicitly given authentication permissions to computer 

objects (resource computers) that reside in the trusting forest. 

Reference: Security Considerations for Trusts 

http://technet.microsoft.com/en-us/library/cc755321(v=ws.10).aspx 


Q104. Your network contains a perimeter network and an internal network. The internal network contains an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as the attribute store. 

You plan to deploy a federation server proxy to a server named Server2 in the perimeter network. 

You need to identify which value must be included in the certificate that is deployed to Server2. 

What should you identify? 

A. The FQDN of the AD FS server 

B. The name of the Federation Service 

C. The name of the Active Directory domain 

D. The public IP address of Server2 

Answer: A 

Explanation: 

To add a host (A) record to corporate DNS for a federation server On a DNS server for the corporate network, open the DNS snap-in. 

1. In the console tree, right-click the applicable forward lookup zone, and then click New Host (A). 

2. In Name, type only the computer name of the federation server or federation server cluster (for example, type fs for the fully qualified domain name (FQDN) fs.adatum.com). 

3. In IP address, type the IP address for the federation server or federation server cluster (for example, 192.168.1.4). 

4. Click Add Host. 

Reference: Add a host (A) record to corporate DNS for a federation server 

http://technet.microsoft.com/en-us/library/cc776786(v=ws.10).aspx 


Q105. DRAG DROP 

Your network contains an Active Directory domain named contoso.com. All file servers in the domain run Windows Server 2012 R2. 

The computer accounts of the file servers are in an organizational unit (OU) named OU1. A Group Policy object (GPO) named GPO1 is linked to OU1. 

You plan to modify the NTFS permissions for many folders on the file servers by using central access policies. 

You need to identify any users who will be denied access to resources that they can currently access once the new permissions are implemented. 

In which order should you Perform the five actions? 


Answer: 




see more Configuring Advanced Windows Server 2012 Services