Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(101-110)!

QUESTION 101
You have a server named Server1 that runs Windows Server 2012 R2. Windows Server 2012 R2 is installed on volume C. You need to ensure that Safe Mode with Command Prompt loads the next time Server1 restarts. Which tool should you use?

A.    The Restart-Server cmdlet
B.    The Bootcfg command
C.    The Restart-Computer cmdlet
D.    The Bcdedit command

Answer: D
Explanation:
A. Restart-Server is not a CMDLET
B. modifies the Boot.ini file
C. Restarts computer
D. Boot Configuration Data (BCD) files provide a store that is used to describe boot applications and boot application settings.
http://support.microsoft.com/kb/317521
http://technet.microsoft.com/en-us/library/hh849837.aspx
http://technet.microsoft.com/en-us/library/cc731662(v=ws.10).aspx
 clip_image001
You can see with msconfig tool that boot options have changed as follows:
NOTE: Alternate Shell may be used
 clip_image001[6]
After reboot you should remove the safeboot option using bcdedit:
– bcdedit /deletevalue safeboot

QUESTION 102
You have a server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. Shadows copies are enabled on all volumes. You need to delete a specific shadow copy. The solution must minimize server downtime. Which tool should you use?

A.    Vssadmin
B.    Diskpart
C.    Wbadmin
D.    Shadow

Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc788026(v=ws.10).aspx
 clip_image001[8]
QUESTION 103
Your network contains two Web servers named Server1 and Server2. Server1 and Server2 are nodes in a Network Load Balancing (NLB) cluster. You configure the nodes to use the port rule shown in the exhibit. (Click the Exhibit button.)
 clip_image001[10]
You need to configure the NLB cluster to meet the following requirements:
– HTTPS connections must be directed to Server1 if Server1 is available.
– HTTP connections must be load balanced between the two nodes.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

A.    From the host properties of Server1, set the Handling priority of the existing port rule to 2.
B.    From the host properties of Server1, set the Handling priority of the existing port rule to 1.
C.    From the host properties of Server2, set the Priority (Unique host ID) value to 1.
D.    Create a port rule for TCP port 80. Set the Filtering mode to Multiple host and set the Affinity to None.
E.    From the host properties of Server2, set the Handling priority of the existing port rule to 2.
F.    Create an additional port rule for TCP port 443. Set the Filtering mode to Multiple host and set the Affinity
to Single.

Answer: BDE
Explanation:
Handling priority: When Single host filtering mode is being used, this parameter specifies the local host’s priority for handling the networking traffic for the associated port rule. The host with the highest handling priority (lowest numerical value) for this rule among the current members of the cluster will handle all of the traffic for this rule. The allowed values range from 1, the highest priority, to the maximum number of hosts allowed (32). This value must be unique for all hosts in the cluster.
E (not C): Lower priority (2) for Server 2.
D: HTTP is port 80.
Multiple hosts. This parameter specifies that multiple hosts in the cluster handle network traffic for the associated port rule. This filtering mode provides scaled performance in addition to fault tolerance by distributing the network load among multiple hosts. You can specify that the load be equally distributed among the hosts or that each host handle a specified load weight. Reference:
Network Load Balancing parameters

QUESTION 104
Your network contains two Active Directory forests named contoso.com and litwareinc.com. A two- way forest trusts exists between the forest. Selective authentication is enabled on the trust. The contoso.com forest contains a server named Server1. You need to ensure that users in litwareinc.com can access resources on Server1. What should you do?

A.    Install Active Directory Rights Management Services on a domain controller in contoso.com.
B.    Modify the permission on the Server1 computer account.
C.    Install Active Directory Rights Management Services on a domain controller in litwareinc.com.
D.    Configure SID filtering on the trust.

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc772808(v=ws.10).aspx
 clip_image001[12]

QUESTION 105
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. You add two additional nodes to Cluster1. You have a folder named Folder1 on Server1 that contains application data. You plan to provide continuously available access to Folder1. You need to ensure that all of the nodes in Cluster1 can actively respond to the client requests for Folder1. What should you configure?

A.    Affinity-None
B.    Affinity-Single
C.    The cluster quorum settings
D.    The failover settings
E.    A file server for general use
F.    The Handling priority
G.    The host priority
H.    Live migration
I.    The possible owner
J.    The preferred owner
K.    Quick migration
L.    the Scale-Out File Server

Answer: L
Explanation:
http://technet.microsoft.com/en-us/library/hh831349.aspx
Scale-Out File Server for application data (Scale-Out File Server) This clustered file server is introduced in Windows Server 2012 R2 and lets you store server application data, such as Hyper-V virtual machine files, on file shares, and obtain a similar level of reliability, availability, manageability, and high performance that you would expect from a storage area network. All file shares are online on all nodes simultaneously. File shares associated with this type of clustered file server are called scale-out file shares. This is sometimes referred to as active-active.
 clip_image001[14]
QUESTION 106
Information and details provided in a question apply only to that question. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured as nodes in an NLB cluster named Cluster1. Cluster1 hosts a secure web application named WebApp1. WebApp1 saves user state information locally on each node. You need to ensure that when users connect to WebApp1, their session state is maintained. What should you configure?

A.    Affinity-None
B.    Affinity-Single
C.    The cluster quorum settings
D.    The failover settings
E.    A file server for general use
F.    The Handling priority
G.    The host priority
H.    Live migration
I.    The possible owner
J.    The preferred owner
K.    Quick migration
L.    the Scale-Out File Server

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/bb687542.aspx
 clip_image001[16]

QUESTION 107
Your network contains an Active Directory domain named contoso.com. A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS). After the proof of concept was complete, the Active Directory Rights Management Services server role was removed. You attempt to deploy AD RMS. During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service Connection Point (SCP) was found. You need to remove the existing AD RMS SCP. Which tool should you use?

A.    ADSI Edit
B.    Active Directory Users and Computers
C.    Active Directory Domains and Trusts
D.    Active Directory Sites and Services
E.    Services
F.    Authorization Manager
G.    TPM Management
H.    Certification Authority

Answer: AD

QUESTION 108
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. The functional level of the forest is Windows Server 2003. You have a domain outside the forest named adatum.com. You need to configure an access solution to meet the following requirements:
– Users in adatum.com must be able to access resources in contoso.com.
– Users in adatum.com must be prevented from accessing resources in fabrikam.com.
– Users in both contoso.com and fabrikam.com must be prevented from accessing resources in adatum.com.
What should you create?

A.    a one-way realm trust from contoso.com to adatum.com
B.    a one-way realm trust from adatum.com to contoso.com
C.    a one-way external trust from contoso.com to adatum.com
D.    a one-way external trust from adatum.com to contoso.com

Answer: C

QUESTION 109
Your network contains an Active Directory domain named contoso.com. All file servers in the domain run Windows Server 2012 R2. The computer accounts of the file servers are in an organizational unit (OU) named OU1. A Group Policy object (GPO) named GPO1 is linked to OU1. You plan to modify the NTFS permissions for many folders on the file servers by using central access policies. You need to identify any users who will be denied access to resources that they can cu
rrently access once the new permissions are implemented. In which order should you Perform the five actions?
 clip_image002
Answer:
 clip_image002[4]
Explanation:
I hate steps like this because you can create a rule first and then the policy, or you can create the policy and create the rule during the creation of the policy. Either way I’m going to go with creating the policy first, and then the rule.

QUESTION 110
You have a file server named Server1 that runs Windows Server 2012 R2. Data Deduplication is enabled on drive D of Server1. You need to exclude D:\Folder1 from Data Deduplication. What should you configure?

A.    Disk Management in Computer Management
B.    File and Storage Services in Server Manager
C.    the classification rules in File Server Resource Manager (FSRM)
D.    the properties of D:\Folder1

Answer: B
Explanation:
B. Data deduplication exclusion on a Volume are set from File & Storage Services, Server Manager or PowerShell
http://technet.microsoft.com/en-us/library/hh831434.aspx

clip_image001[18]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(91-100)!

QUESTION 91
Your network contains an Active Directory domain named contoso.com. The domain contains two Active Directory sites named Site1 and Site2. You need to configure the replication between the sites to occur by using change notification. Which attribute should you modify?
 clip_image001[90]
Answer:
 clip_image001[92]

QUESTION 92
Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 clip_image002[22]
DC1 hosts an Active Directory-integrated zone for contoso.com. You add the DNS Server server role to DC2. You discover that the contoso.com DNS zone fails to replicate to DC2. You verify that the domain, schema, and configuration naming contexts replicate from DC1 to DC2. You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication. Which tool should you use?

A.    Dnslint
B.    A DNS Manager
C.    Active Directory Users and Computers
D.    Dnscmd
Answer: A
Explanation:
Note: If you see question about AD Replication, First preference is AD sites and services, then
Repadmin and then DNSLINT.

QUESTION 93
Your network contains an Active Directory forest named adatum.com. The forest contains a single domain. The domain contains four servers. The servers are configured as shown in the following table.
 clip_image001[94]
You need to update the schema to support a domain controller that will run Windows Server 2012 R2. On which server should you run adprep.exe?

A.    Server1
B.    DC3
C.    DC2
D.    DC1

Answer: B
Explanation:
C. DC3 is the only server that could be assumed to be 64bit
http://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx#BKMK_WS2012
 clip_image001[96]
QUESTION 94
Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012 R2. You plan to implement a new Active Directory forest. The new forest will be used for testing and will be isolated from the production network. In the test network, you deploy a server named Server1 that runs Windows Server 2012 R2. You need to configure Server1 as a new domain controller in a new forest named contoso.test. The solution must meet the following.
 clip_image002[24]
 clip_image002[26]
Select two options below.

A.    There is no need to set the Forest Functional Level.
B.    Set Forest Functional Level to Windows 2003.
C.    Set Forest Functional Level to Windows 2008
D.    Set Forest Functional Level to Windows 2008 R2.
E.    Set Forest Functional Level to Windows 2012.
F.    There is no need to set the Domain Functional Level.
G.    Set Domain Functional Level to Windows 2003.
H.    Set Domain Functional Level to Windows 2008
I.    Set Domain Functional Level to Windows 2008 R2.
J.    Set Domain Functional Level to Windows 2012.

Answer: BG
Explanation:
When you deploy AD DS, set the domain and forest functional levels to the highest value that your environment can support. This way, you can use as many AD DS features as possible. For example, if you are sure that you will never add domain controllers that run Windows Server 2003 to the domain or forest, select the Windows Server 2008 functional level during the deployment process. However, if you might retain or add domain controllers that run Windows Server 2003, select the Windows Server 2003 functional level. When you deploy a new forest, you are prompted to set the forest functional level and then set the domain functional level. You cannot set the domain functional level to a value that is lower than the forest functional level. Reference: Understanding Active Directory Domain Services (AD DS) Functional Levels
REWORDED
Very smartly reworded that you need to configure server 1 as new DC in a new forest named contoso.test and “also do name resolution”. In the answer you will have to select Windows 2003 as domain and forest functional level and you should also check “Domain name system(DNS) server….
This is not in any dumps
* When you deploy AD DS, set the domain and forest functional levels to the highest value that your environment can support. This way, you can use as many AD DS features as possible. For example, if you are sure that you will never add domain controllers that run Windows Server 2003 to the domain or forest, select the Windows Server 2008 functional level during the deployment process. However, if you might retain or add domain controllers that run Windows Server 2003, select the Windows Server 2003 functional level. When you deploy a new forest, you are prompted to set the forest functional level and then set the domain functional level. You cannot set the domain functional level to a value that is lower than the forest functional level.
http://technet.microsoft.com/en-us/library/understanding-active-directory- functionallevels(v=ws.10).aspx

QUESTION 95
Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2. You have a Password Settings object (PSOs) named PSO1. You need to view the settings of PSO1. Which tool should you use?

A.    Get-ADDomainControllerPasswordReplicationPolicy
B.    Get-ADDefaultDomainPasswordPolicy
C.    Server Manager
D.    Get-ADFineGrainedPasswordPolicy

Answer: D
Explanation:
A. Gets the members of the allowed list or denied list of a read-only domain controller’s password replication policy
B. Gets the default password policy for an Active Directory domain.
C. PSO’s managed from AD AC or Powershell Only
D. Gets one or more Active Directory fine grained password policies.
http://technet.microsoft.com/en-us/library/ee617207.aspx
http://technet.microsoft.com/en-us/library/ee617244.aspx
http://technet.microsoft.com/en-us/library/ee617231.aspx

QUESTION 96
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the IP Address Management (IPAM) Server feature installed. You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1 and Server2. You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2. To which group on Server2 should you add Tech1? To answer, select the appropriate group in the answer area.
 clip_image001[98]
Answer:
 clip_image001[100]
Explanation:
http://www.microsoft.com/en-us/download/dlx/ThankYou.aspx?id=29012
 clip_image002[28]
Both WinRMRemoteWMIUsers_ and Remote Management Users have the exact same description. As such, I tested connecting with server manager remotely with a non-administrative account. I tried before adding to either group and got this error:
 clip_image001[102]
I then added to Remote Management Users and got this error:
 clip_image001[104]
Note that this is due to access to the event log only.
Next I removed from Remote Management Users and added to WinRMRemoteWMIUsers_ and got this error:
 clip_image001[106]
The error is exactly the same and the explanation is due to event log. In summary, Either one of these answers is correct, however since the document explicitly says use the “WinRMRemoteWMIUsers_” group, then that’s what we got to do.

QUESTION 97
You have a server named Server2 that runs Windows Server 2012 R2. You have storage provisioned on Server2 as shown in the exhibit. (Click the Exhibit button.) You need to configure the storage so that it appears in Windows Explorer as a drive letter on Server1. Which three actions should you perform in sequence? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
 clip_image002[30]
Answer:
 clip_image002[32]
QUESTION 98
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 Both servers have the IP Address Management (IPAM) Server feature installed. You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1 and Server2. You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2. To which group on Server2 should you add Tech1.

A.    IPAM MSM Administrators
B.    IPAM Administrators
C.    winRMRemoteWMIUsers_
D.    Remote Management Users

Answer: C
Explanation:
A. IPAM MSM Administrators can’t access remotely
B. IPAM Administrators can’t access remotely
C. If you are accessing the IPAM server remotely using Server Manager IPAM client RSAT, then you must be a member of the WinRMRemoteWMIUsers group on the IPAM server, in addition to being a member of the appropriate IPAM security group (or local Administrators group).
http://msdn.microsoft.com/en-us/library/windows/desktop/aa384295(v=vs.85).aspx http://www.microsoft.com/en-us/download/details.aspx?id=29012

QUESTION 99
Your network contains two Active Directory forests named contoso.com and adatum.com. Both forests contain multiple domains. All domain controllers run Windows Server 2012 R2. Contoso.com has a one-way forest trust to adatum.com. A domain named paris.eu.contoso.com hosts several legacy applications that use NTLM authentication. Users in a domain named london.europe.adatum.com report that it takes a long time to be authenticated when they attempt to access the legacy applications hosted in paris.eu.contoso.com. You need to reduce how long it takes for the london.europe.adatum.com users to be authenticated in paris.eu.contoso.com. What should you do?

A.    Create a shortcut trust.
B.    Create an external trust between the forest root domains.
C.    Disable SID filtering on the existing trust.
D.    Create an external trust.

Answer: A
Explanation:
A. Shortcut trusts are one-way or two-way, transitive trusts that can be used when administrators need to optimize the authentication process. Authentication requests must first travel a trust path between domain trees, and in a complex forest this can take time, which can be reduced with shortcut trusts.
B. Use external trusts to provide access to resources located on a Windows NT 4.0 domain or a domain located in a separate forest that is not joined by a forest trust.
C. Filters users or SIDs from one domain
D. Use external trusts to provide access to resources located on a Windows NT 4.0 domain or a domain located in a separate forest that is not joined by a forest trust
http://technet.microsoft.com/en-us/library/cc737939(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc775736(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc772633(v=ws.10).aspx
 clip_image001[108]
QUESTION 100
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. You are creating a central access rule named TestFinance that will be used to audit members of the Authenticated Users group for access failure to shared folders in the finance department. You need to ensure that access requests are unaffected when the rule is published.
What should you do?

A.    Add a User condition to the current permissions entry for the Authenticated Users principal.
B.    Set the Permissions to Use the following permissions as proposed permissions.
C.    Add a Resource condition to the current permissions entry for the Authenticated Users principal.
D.    Set the Permissions to Use following permissions as current permissions.

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/jj134043.aspx

clip_image001[110]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(81-90)!

QUESTION 81
Your network contains an Active Directory domain named contoso.com. A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS). After the proof of concept was complete, the Active Directory Rights Management Services server role was removed. You attempt to deploy AD RMS. During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service Connection Point (SCP) was found. You need to remove the existing AD RMS SCP. Which tool should you use?

A.    Authorization Manager
B.    TPM Management
C.    Active Directory Sites and Services
D.    Services

Answer: C

QUESTION 82
Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[60]
DC1 hosts an Active Directory-integrated zone for contoso.com. You add the DNS Server server role to DC2. You discover that the contoso.com DNS zone fails to replicate to DC2. You verify that the domain, schema, and configuration naming contexts replicate from DC1 to DC2. You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication. Which tool should you use?

A.    Ntdsutil
B.    Repadmin
C.    Dnslint
D.    Active Directory Domains and Trusts

Answer: B
Explanation:
If you see question about AD Replication, First preference is AD sites and services, then
Repadmin and then DNSLINT.

QUESTION 83
You have a server named Server1 that runs Windows Server 2012 R2. Windows Server 2012 R2 is installed on volume C. You need to ensure that Safe Mode with Networking loads the next time Server1 restarts. Which tool should you use?

A.    The Msconfig command
B.    The Restart-Server cmdlet
C.    The Restart-Computer cmdlet
D.    The Bootcfg command

Answer: A
Explanation:
A. Use system config to configure boot options
B. Not a valid cmdlet
C. Restarts (“reboots”) the operating system on local and remote computers. No boot options
D. modifies the Boot.ini file no option for safe mode/networking for win8/2012
http://technet.microsoft.com/en-us/library/hh849837.aspx
http://support.microsoft.com/kb/317521
http://technet.microsoft.com/en-us/library/cc725967.aspx
 clip_image001[62]

QUESTION 84
You have a file server named FS1 that runs Windows Server 8. Data Deduplication is enabled on FS1. You need to configure Data Deduplication to run at a normal priority from 20:00 to 06:00 daily. What should you configure?

A.    File and Storage Services in Server Manager
B.    The Data Deduplication process in Task Manager
C.    Disk Management in Computer Management
D.    The properties of drive C

Answer: A
Explanation:
A. In Windows Server 2012 R2, deduplication can be enabled locally or remotely by using Windows PowerShell or Server Manager.
http://technet.microsoft.com/en-us/library/hh831700.aspx
 clip_image001[64]

QUESTION 85
Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8 Enterprise. You have a remote site that only contains client computers. All of the client computer accounts are located in an organizational unit (CU) named Remote1. A Group Policy object (GPO) named GPO1 is linked to the Remote1 CU. You need to configure BranchCache for the remote site. Which two settings should you configure in GPO1? To answer, select the two appropriate settings in the answer area.
 clip_image001[66]
Answer:
 clip_image001[68]

QUESTION 86
Your company has a main office and a branch office. An Active Directory site exists for each office. The network contains an Active Directory forest named contoso.com. The contoso.com domain contains three member servers named Server1, Server2, and Server3. All servers run Windows Server 2012 R2. In the main office, you configure Server1 as a file server that uses BranchCache. In the branch office, you configure Server2 and Server3 as BranchCache hosted cache servers. You are creating a Group Policy for the branch office site. In the branch office, you need to configure the client computers that run Windows B to use Server2 and Server3 as BranchCache.
 clip_image001[70]
Answer:
 clip_image001[72]

QUESTION 87
Your network contains two Active Directory forests named contoso.com and fabrikam.com. A two- way forest trust exists between the forests. The contoso.com forest contains an enterprise certification authority (CA) named CAl. You implement cross-forest certificate enrollment between the contoso.com forest and the fabrikam.com forest. On CA1, you create a new certificate template named Template1. You need to ensure that users in the fabrikam.com forest can request certificates that are based on Template1. Which tool should you use?

A.    Sync-ADObject
B.    Pkiview.msc
C.    CertificateServices.ps1
D.    Certutil
E.    PKISync.ps1

Answer: E
Explanation:
A. Replicates a single object between any two domain controllers that have partitions in common. B. Monitoring and troubleshooting the health of all certification authorities (CAs) in a public key infrastructure (PKI) are essential administrative tasks facilitated by the Enterprise PKI snap-in.
D. use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.
E. PKISync.ps1 copies objects in the source forest to the target forest
http://technet.microsoft.com/en-us/library/hh852296.aspx
http://technet.microsoft.com/en-us/library/cc732261(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/ff955845(v=ws.10).aspx
 clip_image001[76]
 clip_image001[78]
QUESTION 88
Your network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA). The domain contains a server named Server1 that runs Windows Server 2012 R2. You install the Active Directory Federation Services server role on Server1. You plan to configure Server1 as an Active Directory Federation Services (AD FS) server. The Federation Service name will be set to adfs1.contoso.com. You need to identify which type of certificate template you must use to request a certificate for AD FS.
 clip_image001[80]
Answer:
 clip_image001[82]

QUESTION 89
Your network contains an Active Directory domain named contoso.com. A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS). After the proof of concept was complete, the Active Directory Rights Management Services server role was removed. You attempt to deploy AD RMS. During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service Connection Point (SCP) was found. You need to remove the existing AD RMS SCP.

A.    Certification Authority
B.    Authorization Manager
C.    ADSI Edit
D.    Active Directory Domains and Trusts

Answer: C
 clip_image001[84]

QUESTION 90
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as an enterprise certification authority (CA). You need to ensure that all of the users in the domain are issued a certificate that can be used for the following purposes:
– Email security
– Client authentication
– Encrypting File System (EFS)
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    From a Group Policy, configure the Certificate Services Client – Auto-Enrollment settings.
B.    From a Group Policy, configure the Certificate Services Client – Certificate Enrollment Policy settings.
C.    Modify the properties of the User certificate template, and then publish the template.
D.    Duplicate the User certificate template, and then publish the template.
E.    From a Group Policy, configure the Automatic Certificate Request Settings settings.

Answer: AD
Explanation:
The default user template supports all of the requirements EXCEPT auto enroll as shown below:
 clip_image001[86]
However a duplicated template from users has the ability to autoenroll:
 clip_image001[88]
The Automatic Certificate Request Settings GPO setting is only available to Computer, not user.
http://technet.microsoft.com/en-us/library/dd851772.aspx

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(71-80)!

QUESTION 71
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. You configure File Services and DHCP as clustered resources for Cluster1. Server1 is the active node for both clustered resources. You need to ensure that if two consecutive heartbeat messages are missed between Server1 and Server2, Server2 will begin responding to DHCP requests. The solution must ensure that Server1 remains the active node for the File Services clustered resource for up to five missed heartbeat messages. What should you configure?

A.    Affinity-None
B.    Affinity-Single
C.    The cluster quorum settings
D.    The failover settings
E.    A file server for general use
F.    The Handling priority
G.    The host priority
H.    Live migration
I.    The possible owner
J.    The preferred owner
K.    Quick migration
L.    the Scale-Out File Server

Answer: D
Explanation:
A. The number of heartbeats that can be missed before failover occurs is known as the heartbeat threshold
http://technet.microsoft.com/en-us/library/dn265972.aspx
http://technet.microsoft.com/en-us/library/dd197562(v=ws.10).aspx http://blogs.msdn.com/b/clustering/archive/2012/11/21/10370765.aspx

QUESTION 72
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows Server 2012 R2. You configure a new failover cluster named Cluster1. Server1 and Server2 are nodes in Cluster1. You need to configure the disk that will be used as a witness disk for Cluster1. How should you configure the witness disk?
To answer, drag the appropriate configurations to the correct location or locations. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 clip_image001[40]
Answer:
 clip_image002

QUESTION 73
Your network contains an Active Directory forest named contoso.com that contains a single domain. The forest contains three sites named Site1, Site2, and Site3. Domain controllers run either Windows Server 2008 R2 or Windows Server 2012 R2. Each site contains two domain controllers. Site1 and Site2 contain a global catalog server. You need to create a new site link between Site1 and Site2. The solution must ensure that the site link supports the replication of all the naming contexts. From which node should you create the site link?
To answer, select the appropriate node in the answer area.
 clip_image002[14]
Answer:
 clip_image002[16]

QUESTION 74
Your network contains an Active Directory domain named adatum.com. All servers run Windows Server 2012 R2. All domain controllers have the DNS Server server role installed. You have a domain controller named DC1. On DC1, you create an Active Directory-integrated zone named adatum.com and you sign the zone by using DNSSEC. You deploy a new read-only domain controller (RODC) named R0DC1. You need to ensure that the contoso.com zone replicates to R0DC1. What should you configure on DC1?
To answer, select the appropriate tab in the answer area.
 clip_image001[42]
Answer:
 clip_image001[44]

QUESTION 75
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has a single volume that is encrypted by using BitLocker Drive Encryption (BitLocker). BitLocker is configured to save encryption keys to a Trusted Platform Module (TPM). Server1 is configured to perform a daily system image backup. The motherboard on Server1 is upgraded. After the upgrade, Windows Server 2012 R2 on Server1 fails to start. You need to start the operating system on Server1 as soon as possible.
What should you do?
Start Server1 from the installation media. Run startrec.exe. Move the disk to a server that has a model of the old motherboard. Start the server from the installation media. Run bcdboot.exe. Move the disk to a server that has a model of the old motherboard. Start the server. Run tpm.msc. Start Server1 from the installation media. Perform a system image recovery.

A.    Start Server1 from the installation media. Run startrec.exe.
B.    Move the disk to a server that has a model of the old motherboard.
Start the server from the installation media.
Run bcdboot.exe.
C.    Move the disk to a server that has a model of the old motherboard.
Start the server. Run tpm.msc.
D.    Start Server1 from the installation media. Perform a system image recovery.

Answer: D
Explanation:
Encryption keys are lost. Nothing mentioned about password/keys recovery. My point is that the only way is to restore the server from a backup.
http://social.technet.microsoft.com/Forums/windows/en-US/6b34b4da-b1e2-4038- 8d6d192f973cadea/usingsystem-image-with-a-bitlocker-system-drive

QUESTION 76
You have a test server named Server1 that is configured to dual-boot between Windows Server 2008 R2 and Windows Server 2012 R2. You start Server1 and you discover that the boot entry for Windows Server 2008 R2 no longer appears on the boot menu. You start Windows Server 2012 R2 on Server1 and you discover the disk configurations shown in the following table.
 clip_image001[46]
You need to restore the Windows Server 2008 R2 boot entry on Server1. What should you do?

A.    Run bootrec.exe and specify the /scanos parameter.
B.    Run bcdedit.exe and specify the /create store parameter.
C.    Run bootcfg.exe and specify the /copy parameter.
D.    Run bootrec.exe and specify the /rebuildbcd parameter.

Answer: D

QUESTION 77
You have 3 server named LON-DC1 that runs Windows Server 2012 R2. An iSCSI virtual disk named VirtualiSCSIl.vhd exists on LON-DC1 as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[18]
You create a new iSCSI virtual disk named VirtualiSCSI2.vhd by using the existing itgt iSCSI target. VirtualiSCSIl.vhd is removed from LON-DC1. You need to assign VirtualiSCSI2.vhd a logical unit value of 0. What should you do?

A.    Modify the properties of the VirtualiSCSI2.vhd iSCSI virtual disk.
B.    Run the Add-IscsiVirtualDiskTargetMapping cmdlet and specify the -Lun parameter.
C.    Run the iscsicli command and specify the reportluns parameter.
D.    Run the iscsicpl command and specify the virtualdisklun parameter.

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/jj612800(v=wps.620).aspx
 clip_image001[48]
QUESTION 78
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains three Active Directory sites named SiteA, SiteB, and SiteC. The sites contain four domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[50]
An IP site link exits between each site. You discover that the users in SiteC are authenticated by the domain controllers in SiteA and SiteB. You need to ensure that the SiteC users are authenticated by the domain controllers in SiteB, unless all of the domain controllers in SiteB are unavailable. What should you do?

A.    Create a site link bridge.
B.    Create additional connection objects for DC3 and DC4.
C.    Create additional connection objects for DC1 and DC2.
D.    Increase the cost of the site link between SiteA and SiteC.

Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/dd277430.aspx#XSLTsection126121120120
 clip_image001[52]
QUESTION 79
You have a file server named Server1 that runs Windows Server 2012 R2. The folders on Server1 are configured as shown in the following table.
 clip_image001[56]
A new corporate policy states that backups must use Windows Azure Online Backup whenever possible. You need to identify which technology you must use to back up Server1. The solution must use Windows Azure Online Backup whenever possible. What should you identify? To answer, drag the appropriate backup type to the correct location or locations. Each backup type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 clip_image002[20]
Answer:
 clip_image002[6]

QUESTION 80
You have a server named File1 that runs Windows Server 2012 R2. File1 has the File Server role service installed. You plan to back up all shared folders by using Windows Azure Online Backup. You download and install the Windows Azure Online Backup Service Agent on File1. You need to ensure that you use Windows Server Backup to back up data to Windows Azure Online Backup. What should you do?

A.    From Computer Management, add the File1 computer account to the Backup Operators group.
B.    From the Services console, modify the Log On settings of the Windows Azure Online Backup Service Agent.
C.    From Windows Server Backup, run the Register Server Wizard.
D.    From a command prompt, run wbadmin.exe enable backup.

Answer: C
Explanation:
http://blogs.technet.com/b/windowsserver/archive/2012/03/28/microsoft-online- backupservice.aspx

clip_image001[58]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(61-70)!

QUESTION 61
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. The forest functional level is Windows 2000. The contoso.com domain contains domain controllers that run either Windows Server 2008 or Windows Server 2008 R2. The domain functional level is Windows Server 2008. The fabrikam.com domain contains domain controllers that run either Windows 2000 Server or Windows Server 2003. The domain functional level is Windows 2000 native. The contoso.com domain contains a member server named Server1 that runs Windows Server 2012 R2. You need to add Server1 as a new domain controller in the contoso.com domain. What should you do first?

A.    Raise the functional level of the contoso.com domain to Windows Server 2008 R2.
B.    Upgrade the domain controllers that run Windows Server 2008 to Windows Server 2008 R2.
C.    Raise the functional level of the fabrikam.com domain to Windows Server 2003.
D.    Decommission the domain controllers that run Windows 2000.
E.    Raise the forest functional level to Windows Server 2003.

Answer: D
Explanation:
D. Server 2003 is the minimum Domain Functional level for any domain in the forest Windows Server 2012 R2 requires a Windows Server 2003 forest functional level. That is, before you can add a domain controller that runs Windows Server 2012 R2 to an existing Active Directory forest, the forest functional level must be Windows Server 2003 or higher.
http://technet.microsoft.com/en-us/library/cc771294.aspx
 clip_image001[24]

QUESTION 62
Your network contains an Active Directory domain named adatum.com. The domain contains four servers. The servers are configured as shown in the following table.
 clip_image002[8]
You plan to deploy an enterprise certification authority (CA) on a server named Server5. Server5 will be used to issue certificates to domain-joined computers and workgroup computers. You need to identify which server you must use as the certificate revocation list (CRL) distribution point for Server5. Which server should you identify?

A.    Server 3
B.    Server 2
C.    Server 4
D.    Server 1

Answer: C
Explanation:
A. We cannot use AD DS because workgroup computers must access CRL distribution point
B. We cannot use File Share because workgroup computers must access CRL distribution point
C. Public facing web server can be used
D. AD DS, Web & File Share only
http://technet.microsoft.com/en-us/library/cc771079.aspx
 clip_image001[26]

QUESTION 63
You have a server named Server1 that has the Active Directory Certificate Services server role installed. Server1 uses a hardware security module (HSM) to protect the private key of Server1. You need to ensure that the Active Directory Certificate Services (AD CS) database, log files, and private key are backed up. You perform regular backups of the HSM module by using a backup utility provided by the HSM manufacturer. What else should you do?

A.    Run the certutil.exe command and specify the -backupkey parameter.
B.    Run the certutil.exe command and specify the -backupdb parameter.
C.    Run the certutil.exe command and specify the -backup parameter.
D.    Run the certutil.exe command and specify the -dump parameter.

Answer: B
Explanation:
A. Backup the Active Directory Certificate Services certificate and private key
B. Backup the Active Directory Certificate Services database
C. Backup Active Directory Certificate Services
D. Dump configuration information or files
http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupKey http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupDB http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backup http://technet.microsoft.com/library/cc732443.aspx#BKMK_dump
 clip_image001[28]

QUESTION 64
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Federation Services (AD FS) server role installed. Adatum.com is a partner organization. You are helping the administrator of adatum.com set up a federated trust between adatum.com and contoso.com. The administrator of adatum.com asks you to provide a file containing the federation metadata of contoso.com. You need to identify the location of the federation metadata file. Which node in the AD FS console should you select?
To answer, select the appropriate node in the answer area.
 clip_image002[10]
Answer:
 clip_image002[12]

QUESTION 65
Your network contains three Active Directory forests. Each forest contains an Active Directory Rights Management Services (AD RMS) root cluster. All of the users in all of the forests must be able to access protected content from any of the forests. You need to identify the minimum number of AD RMS trusts required. How many trusts should you identify?

A.    2
B.    3
C.    4
D.    6

Answer: D
Explanation:
3 Forests. Bi Direcrional test needed means each forest needs 2 other forests TUD file. 3 x 2 =6 http://technet.microsoft.com/en-us/library/ee221071(v=ws.10).aspx
 clip_image001[30]

QUESTION 66
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA). All users in the domain are issued a smart card and are required to log on to their domain-joined client computer by using their smart card. A user named User1 resigned and started to work for a competing company. You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not prevent other users from logging on to the domain. Which tool should you use?

A.    Active Directory Sites and Services
B.    Active Directory Administrative Center
C.    Server Manager
D.    Certificate Templates

Answer: B
Explanation:
B. Disable user1 from ADAC
http://technet.microsoft.com/en-us/library/dd861307.aspx

QUESTION 67
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. Server1 hosts 10 virtual machines that run Windows Server 2012 R2. You add a new server named Server2. Server2 has faster hard disk drives, more RAM, and a different processor manufacturer than Server1. You need to move all of the virtual machines from Server1 to Server2. The solution must minimize downtime. What should you do for each virtual machine?

A.    Perform a quick migration.
B.    Perform a storage migration.
C.    Export the virtual machines from Server1 and import the virtual machines to Server2.
D.    Perform a live migration.

Answer: C
Explanation:
C. Other options require same CPU family and cluster
http://technet.microsoft.com/en-us/library/hh848491.aspx
http://technet.microsoft.com/en-us/library/hh848495.aspx
http://technet.microsoft.com/en-us/library/jj628158.aspx
The different processor manufacturer is the key here. Storage, Live, and Quick all require same manufacturer.
 clip_image001[32]
 clip_image001[34]
QUESTION 68
You have a datacenter that contains six servers. Each server has the Hyper-V server role installed and runs Windows Server 2012 R2. The servers are configured as shown in the following table.
 clip_image001[36]
Host4 and Host5 are part of a cluster named Cluster1. Cluster1 hosts a virtual machine named VM1. You need to move VM1 to another Hyper-V host. The solution must minimize the downtime of VM1. To which server and by which method should you move VM1?

A.    To Host3 by using a storage migration
B.    To Host6 by using a storage migration
C.    To Host2 by using a live migration
D.    To Host1 by using a quick migration

Answer: A
Explanation:
A. Host3 is the only option to allow minimum downtime and has same processor manufacturers
B. Live Storage Migration requires same processor manufacturers
C. Live migration requires same same processor manufacturers
D. Quick migration has downtime
NOTE: Exam may have more options but same answer
http://technet.microsoft.com/en-us/library/dd446679(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh831656.aspx
http://technet.microsoft.com/en-us/library/jj628158.aspx

QUESTION 69
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 hosts an application named App1. You need to ensure that Server2 handles all of the client requests to the cluster for App1. The solution must ensure that if Server2 fails, Server1 becomes the active node for Appl. What should you configure?

A.    Affinity-None
B.    Affinity-Single
C.    The cluster quorum settings
D.    The failover settings
E.    A file server for general use
F.    The Handling priority
G.    The host priority
H.    Live migration
I.    The possible owner
J.    The preferred owner
K.    Quick migration
L.    the Scale-Out File Server

Answer: J
Explanation:
http://blogs.msdn.com/b/clustering/archive/2008/10/14/9000092.aspx
The preferred owner in a 2 server cluster will always be the active node unless it is down.

QUESTION 70
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. You add two additional nodes to Cluster1. You need to ensure that Cluster1 stops running if three nodes fail. What should you configure?

A.    Affinity-None
B.    Affinity-Single
C.    The cluster quorum settings
D.    The failover settings
E.    A file server for general use
F.    The Handling priority
G.    The host priority
H.    Live migration
I.    The possible owner
J.    The preferred owner
K.    Quick migration
L.    the Scale-Out File Server

Answer: C
Explanation:
C. The quorum configuration in a failover cluster determines the number of failures that the cluster can sustain.
http://technet.microsoft.com/en-us/library/cc731739.aspx

clip_image001[38]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(51-60)!

QUESTION 51
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed. You need to configure Server1 to resolve queries for single-label DNS names. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Run the Set-DNSServerGlobalNameZone cmdlet.
B.    Modify the DNS suffix search list setting.
C.    Modify the Primary DNS Suffix Devolution setting.
D.    Create a zone named “.”.
E.    Create a zone named GlobalNames.
F.    Run the Set-DNSServerRootHint cmdlet.

Answer: AE
Explanation:
http://technet.microsoft.com/en-us/library/cc731744.aspx
http://technet.microsoft.com/en-us/library/jj649907(v=wps.620).aspx
clip_image001[4] clip_image001
 

clip_image001[6]

QUESTION 52
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the IP Address Management (IPAM) Server feature installed. Server2 has the DHCP Server server role installed. A user named User1 is a member of the IPAM Users group on Server1. You need to ensure that User1 can use IPAM to modify the DHCP scopes on Server2. The solution must minimize the number of permissions assigned to User1. To which group should you add User1?

A.    DHCP Administrators on Server2
B.    IPAM ASM Administrators on Server1
C.    IPAMUG in Active Directory
D.    IPAM MSM Administrators on Server1

Answer: A
Explanation:
The user need rights to change DHCP not IPAM
C. Members of the DHCP Administrators group can view and modify any data at the DHCP server. http://technet.microsoft.com/en-us/library/jj878348.aspx
http://technet.microsoft.com/en-us/library/cc737716(v=ws.10).aspx

QUESTION 53
You have a server named DC2 that runs Windows Server 2012 R2. DC2 contains a DNS zone named adatum.com. The adatum.com zone is shown in the exhibit. (Click the Exhibit button.)
 clip_image002
You need to configure DNS clients to perform DNSSEC validation for the adatum.com DNS domain.
What should you configure?

A.    The Network Location settings
B.    A Name Resolution Policy
C.    The DNS Client settings
D.    The Network Connection settings

Answer: B
B. The Name Resolution Policy Table (NRPT) is a table that contains rules you can configure to specify DNS settings or special behavior for names or namespaces. The NRPT can be configured using Group Policy or by using the Windows Registry.
C. client component that resolves and caches Domain Name System (DNS) domain names. When the DNS Client service receives a request to resolve a DNS name that it does not contain in its cache, it queries an assigned DNS server for an IP address for the name
D. Network connections make it possible for computers to access resources on the network and the internet
http://technet.microsoft.com/en-us/library/hh831411.aspx#config_client1
 clip_image002[4]

QUESTION 54
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the DHCP Server server role installed. Server2 has the Hyper-V server role installed. Server2 has an IP address of 192.168.10.50. Server1 has a scope named Scope1 for the 192.168.10.0/24 network. You plan to deploy 20 virtual machines on Server2 that will be connected to the external network. The MAC addresses for the virtual machines will begin with 00-15-SD-83-03. You need to configure Server1 to offer the virtual machines IP addresses from 192.168.10.200 to 192.168.10.21g. Physical computers on the network must be offered IP addresses outside this range. You want to achieve this goal by using the minimum amount of administrative effort. What should you do from the DHCP console?

A.    Create reservations.
B.    Create a policy.
C.    Delete Scope1 and create two new scopes.
D.    Configure Allow filters and Deny filters.

Answer: B
Explanation:
A. With client reservations, it is possible to reserve a specific IP address for permanent use by a DHCP client. A new feature in Windows Server 2012 R2 called policy based assignment allows for even greater flexibility.
B. Policy based assignment allows the policy to be scoped to a MAC address and IP range
C.
D. A DHCP server offers its services to the DHCP clients based on the availability of MAC address filtering.
Once the Allow filter is set, all DHCP operations are based on the access controls (allow/deny).
http://blogs.technet.com/b/teamdhcp/archive/2012/08/22/granular-dhcp-serveradministration- using-dhcppolicies-in-windows-server-2012.aspx
http://technet.microsoft.com/en-us/library/hh831538.aspx
http://technet.microsoft.com/en-us/library/ee405265(v=ws.10).aspx

QUESTION 55
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the IP Address Management (IPAM) Server feature installed. You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1 and Server2. You need to ensure that Tech 1 can use Server Manager on Server1 to manage IPAM on Server2. To which group on Server2 should you add Tech1.

A.    Remote Management Users
B.    IPAM MSM Administrators
C.    IPAM Administrators
D.    WinRM Remote WM1 Users

Answer: D

QUESTION 56
Your network contains two Active Directory forests named contoso.com and adatum.com. All of the domain controllers in both of the forests run Windows Server 2012 R2. The adatum.com domain contains a file server named Servers. Adatum.com has a one-way forest trust to contoso.com. A contoso.com user name User10 attempts to access a shared folder on Servers and receives the error message shown in the exhibit. (Click the Exhibit button.)
 clip_image001[8]
You verify that the Authenticated Users group has Read permissions to the Data folder. You need to ensure that User10 can read the contents of the Data folder on Server5 in the adatum.com domain.
What should you do?

A.    Grant the Other Organization group Read permissions to the Data folder.
B.    Modify the list of logon workstations of the contoso\User10 user account.
C.    Enable the Netlogon Service (NP-In) firewall rule on Server5.
D.    Modify the permissions on the Server5 computer object in Active Directory.

Answer: D
Explanation:
To resolve the issue, I had to open up AD Users and Computers –> enable Advanced Features –> Select the Computer Object –> Properties –> Security –> Add the Group I want to allow access to the computer (in this case, DomainA\Domain users) and allow “Allowed to Authenticate”. Once I did that, everything worked:

QUESTION 57
Your network contains an Active Directory domain named contoso.com. The domain contains two Active Directory sites named Site1 and Site2. You discover that when the account of a user in Site1 is locked out, the user can still log on to the servers in Site2 for up to 15 minutes by using Remote Desktop Services (RDS). You need to reduce the amount of time it takes to synchronize account lockout information across the domain. Which attribute should you modify? To answer, select the appropriate attribute in the answer area.
 clip_image001[10]
Answer:
 clip_image001[12]

QUESTION 58
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. The functional level of the forest is Windows Server 2003. You have a domain outside the forest named adatum.com. You need to configure an access solution to meet the following requirements:
– Users in adatum.com must be able to access resources in contoso.com.
– Users in adatum.com must be prevented from accessing resources in fabrikam.com.
– Users in both contoso.com and fabrikam.com must be prevented from accessing resources in adatum.com.
What should you create?

A.    a one-way external trust from adatum.com to fabrikam.com
B.    a one-way realm trust from fabrikam.com to adatum.com
C.    a one-way realm trust from adatum.com to fabrikam.com
D.    a one-way external trust from fabrikam.com to adatum.com

Answer: A
Explanation:
A. A one-way trust is a unidirectional authentication path that is created between two domains. This means that in a one-way trust between Domain A and Domain B, users in Domain A can access resources in Domain B. However, users in Domain B cannot access resources in Domain A. This would allow adatum.com users access to contoso which is desired.
B. This would allow contoso.com users access to adatum which must be prevented and used for non windows realm to AD.
C. This would allow adatum.com users access to contoso which is desired but realm trust types are used for non windows realm to AD.
D. This would allow adatum users access to contoso which must be prevented and You need to make trust relationship where domain contoso.com trusts adatum.com.
NOTE: On exam the domain names were changed, so understand the question well
http://technet.microsoft.com/en-us/library/cc728024(v=ws.10).aspx
 clip_image001[14]

QUESTION 59
Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[16]
DC1 hosts an Active Directory-integrated zone for contoso.com. You add the DNS Server server role to DC2. You discover that the contoso.com DNS zone fails to replicate to DC2. You verify that the domain, schema, and configuration naming contexts replicate from DC1 to DC2. You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication. Which tool should you use?

A.    Active Directory Sites and Services
B.    Ntdsutil
C.    DNS Manager
D.    Active Directory Domains and Trusts

Answer: A
Explanation:
A. To control replication between two sites, you can use the Active Directory Sites and Services snap- in to configure settings on the site link object to which the sites are added. By configuring settings on a site link, you can control when replication occurs between two or more sites, and how often
B. Ntdsutil.exe is a command-line tool that provides management facilities for Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS). You can use the ntdsutil commands to perform database maintenance of AD DS, manage and control single master operations, and remove metadata left behind by domain controllers that were removed from the network without being properly uninstalled.
C. DNS Manager is the tool you’ll use to manage local and remote DNS Servers
D. Active Directory Domains and Trusts is the Microsoft Management Console (MMC) snap-in that you can use to administer domain trusts, domain and forest functional levels, and user principal name (UPN) suffixes.
http://technet.microsoft.com/en-us/library/cc731862.aspx
http://technet.microsoft.com/en-us/library/cc753343(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc722541.aspx
http://technet.microsoft.com/en-us/library/cc770299.aspx
Note: If you see question about AD Replication, First preference is AD sites and services, then
Repadmin and then DNSLINT.

QUESTION 60
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. The functional level of the forest is Windows Server 2003. The
contoso.com domain contains domain controllers that run either Windows Server 2008 or Windows Server 2008 R2. The functional level of the domain is Windows Server 2008. The fabrikam.com domain contains domain controllers that run either Windows Server 2003 or Windows Server 2008. The functional level of the domain is Windows Server 2003. The contoso.com domain contains a member server named Server1 that runs Windows Server 2012 R2. You install the Active Directory Domain Services server role on Server1. You need to add Server1 as a new domain controller in the contoso.com domain. What should you do?

A.    Run the Active Directory Domain Services Configuration Wizard.
B.    Run adprep.exe /domainprep, and then run dcpromo.exe.
C.    Raise the functional level of the forest, and then run dcprorno.exe.
D.    Modify the Computer Name/Domain Changes properties.

Answer: A
Explanation:
Windows Server 2012 R2 requires a Windows Server 2003 forest functional level. That is, before you can add a domain controller that runs Windows Server 2012 R2 to an existing Active Directory forest, the forest functional level must be Windows Server 2003 or higher.
http://blogs.technet.com/b/askpfeplat/archive/2012/09/03/introducing-the-first-windowsserver- 2012-domaincontroller.aspx
http://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx http://technet.microsoft.com/en-us/library/jj574134.aspx
 clip_image001[18]
 clip_image001[20]

clip_image002[6]

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(41-50)!

QUESTION 41
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as a standalone certification authority (CA). You install a second server named Server2. You install the Online Responder role service on Server2. You need to ensure that Server1 can issue an Online Certificate Status Protocol (OCSP) Response Signing certificate to Server2. What should you do?

A.    On Server1, run the certutil.exe command and specify the -setreg parameter.
B.    On Server2, run the certutil.exe command and specify the -policy parameter.
C.    On Server1, configure Security for the OCSP Response Signing certificate template.
D.    On Server2, configure Issuance Requirements for the OCSP Response Signing certificate template.

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc732526.aspx
 clip_image001[68]

QUESTION 42
Your network contains an Active Directory domain named adatum.com. The domain contains a server named CA1 that runs Windows Server 2012 R2. CA1 has the Active Directory Certificate Services server role installed and is configured to support key archival and recovery. You need to ensure that a user named User1 can decrypt private keys archived in the Active Directory Certificate Services (AD CS) database. The solution must prevent User1 from retrieving the private keys from the AD CS database. What should you do?

A.    Assign User1 the Issue and Manage Certificates permission to Server1.
B.    Assign User1 the Read permission and the Write permission to all certificate templates.
C.    Provide User1 with access to a Key Recovery Agent certificate and a private key.
D.    Assign User1 the Manage CA permission to Server1.

Answer: C

QUESTION 43
Your network contains an Active Directory domain named contoso.com. The domain contains two sites named Site1 and Site2 and two domain controllers named DC1 and DC2. Both domain controllers are located in Site1. You install an additional domain controller named DC3 in Site1 and you ship DC3 to Site2. A technician connects DC3 to Site2. You discover that users in Site2 are authenticated by all three domain controllers. You need to ensure that the users in Site2 are authenticated by DC1 or DC2 only if DC3 is unavailable. What should you do?

A.    From Network Connections, modify the IP address of DC3.
B.    In Active Directory Sites and Services, modify the Query Policy of DC3.
C.    From Active Directory Sites and Services, move DC3.
D.    In Active Directory Users and Computers, configure the insDS-PrimaryComputer attribute for the
users in Site2.

Answer: C
Explanation:
http://social.technet.microsoft.com/wiki/contents/articles/7573.active-directory-certificateservices- pki-keyarchival-and-anagement.aspx#Protecting_Key_Recovery_Agent_Keys
 clip_image001[70]
QUESTION 44
Your network contains two Active Directory forests named contoso.com and adatum.com. Contoso.com contains one domain. Adatum.com contains a child domain named child.adatum.com. Contoso.com has a one-way forest trust to adatum.com. Selective authentication is enabled on the forest trust. Several user accounts are migrated from child.adatum.com to adatum.com. Users report that after the migration, they fail to access resources in contoso.com. The users successfully accessed the resources in contoso.com before the accounts were migrated. You need to ensure that the migrated users can access the resources in contoso.com. What should you do?

A.    Replace the existing forest trust with an external trust.
B.    Run netdom and specify the /quarantine attribute.
C.    Disable SID filtering on the existing forest trust.
D.    Disable selective authentication on the existing forest trust.

Answer: C
Explanation:
B. Enables administrators to manage Active Directory domains and trust relationships from the command prompT, /quarantine Sets or clears the domain quarantine C. Need to gran access to the resources in contoso.com
D. Selective authentication over a forest trust restricts access to only those users in a trusted forest who have been explicitly given authentication permissions to computer objects (resource
computers) that reside in the trusting forest
http://technet.microsoft.com/en-us/library/cc755321(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc758152(v=ws.10).aspx
 clip_image001[72]

QUESTION 45
You have four servers that run Windows Server 2012 R2. The servers have the Failover Clustering feature installed. You deploy a new cluster named Cluster1. Cluster1 is configured as shown in the following table.
 clip_image001[74]
Site2 is a disaster recovery site. Server1, Server2, and Server3 are configured as the preferred owners of the cluster roles. Dynamic quorum management is disabled. You plan to perform hardware maintenance on Server3. You need to ensure that if the WAN link between Site1 and Site2 fails while you are performing maintenance on Server3, the cluster resource will remain available in Site1. What should you do?

A.    Enable dynamic quorum management.
B.    Remove the node vote for Server3.
C.    Add a file share witness in Site1.
D.    Remove the node vote for [C1] Server4 and Server5.

Answer: D
Explanation:
http://msdn.microsoft.com/en-us/library/hh270280.aspx#VotingandNonVotingNodes
 clip_image001[76]

QUESTION 46
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server2 that runs Windows Server 2012 R2. You are a member of the local Administrators group on Server2. You install an Active Directory Rights Management Services (AD RMS) root cluster on Server2. You need to ensure that the AD RMS cluster is discoverable automatically by the AD RMS client computers and the users in contoso.com. Which additional configuration settings should you configure?
To answer, select the appropriate tab in the answer area.
 clip_image001[78]
Answer:
 clip_image001[80]

QUESTION 47
You plan to deploy a failover cluster that will contain two nodes that run Windows Server 2012 R2. You need to configure a witness disk for the failover cluster. How should you configure the witness disk? To answer, drag the appropriate configurations to the correct location or locations. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 clip_image001[82]
Answer:
 clip_image002

QUESTION 48
You have a test server named Server1 that is configured to dual-boot between Windows Server 2008 R2 and Windows Server 2012 R2. You start Server1 and you discover that the boot entry for Windows Server 2008 R2 no longer appears on the boot menu. You start Windows Server 2012 R2 on Server1 and you discover the disk configurations shown in the following table.
 clip_image001[84]
You need to restore the Windows Server 2008 R2 boot entry on Server1. What should you do?

A.    Run bcdedit.exe and specify the /createstore parameter.
B.    Run bootrec.exe and specify the /scanos parameter.
C.    Run bcdboot.exe d:\windows.
D.    Run bootrec.exe and specify the /rebuildbcd parameter.

Answer: D
Explanation:
A. BCDEdit is a command-line tool for managing BCD stores. It can be used for a variety of purposes, including creating new stores, modifying existing stores, adding boot menu options, /Createstore Creates a new empty boot configuration data store. The created store is not a system store. B. Bootrec.exe tool to troubleshoot “Bootmgr Is Missing” issue. The /ScanOs option scans all disks for installations that are c mpatible with Windows Vista or Windows 7. Additionally, this option displays the entries that are currently not in the BCD store. Use this option when there are Windows Vista or Windows 7 installations that the Boot Manager menu does not list.
C.
D. Bootrec.exe tool to troubleshoot “Bootmgr Is Missing” issue. The /ScanOs option scans all disks for installations that are compatible with Windows Vista or Windows 7. Additionally, this option displays the entries that are currently not in the BCD store. Use this option when there are Windows Vista or Windows 7 installations that the Boot Manager menu does not list.
http://technet.microsoft.com/en-us/library/cc709667(v=ws.10).aspx http://support.microsoft.com/kb/927392/en-us
 clip_image001[86]
QUESTION 49
You have a DHCP server named Server1. Server1 has one network adapter. Server1 is located on a subnet named Subnet1. Server1 has scope named Scope1. Scope1 contains IP addresses for the 192.168.1.0/24 network. Your company is migrating the IP addresses on Subnet1 to use a network ID of 10.10.0.0/16. On Server11 you create a scope named Scope2. Scope2 contains IP addresses for the 10.10.0.0/16 network. You need to ensure that clients on Subnet1 can receive IP addresses from either scope. What should you create on Server1?

A.    A multicast scope
B.    A scope
C.    A superscope
D.    A split-scope

Answer: C
Explanation:
A. Multicasting is the sending of network traffic to a group of endpointsdestination hosts. Only those members in the group of endpoints hosts that are listening for the multicast traffic (the multicast group) process the multicast traffic
B. A scope is an administrative grouping of IP addresses for computers on a subnet that use the Dynamic Host Configuration Protocol (DHCP) service. The administrator first creates a scope for each physical subnet and then uses the scope to define the parameters used by clients. C. A superscope is an administrative feature of Dynamic Host Configuration Protocol (DHCP) servers running Windows Server 2008 that you can create and manage by using the DHCP Microsoft Management Console (MMC) snap-in. By using a superscope, you can group multiple scopes as a single administrative entity.
D.
http://technet.microsoft.com/en-us/library/dd759152.aspx http://technet.microsoft.com/en-us/library/dd759218.aspx http://technet.microsoft.com/en-us/library/dd759168.aspx
 

QUESTION clip_image001[88]50
Your network contains an Active Directory domain named adatum.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. On Dc1, you open DNS Manager as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[90]
You need to change the zone type of the contoso.com zone from an Active Directory-integrated zone to a standard primary zone. What should you do before you change the zone type?

A.    Unsign the zone.
B.    Modify the Zone Signing Key (ZSK).
C.    Modify the Key Signing Key (KSK).
D.    Change the Key Master.

Answer: A
Explanation:
A. Lock icon indicating that it is currently signed with DNSSEC, zone must be unsignes
B. An authentication key that corresponds to a private key used to sign a zone.
C. The KSK is an authentication key that corresponds to a private key used to sign one or more other signing keys for a given zone. Typically, the private key corresponding to a KSK will sign a ZSK, which in turn has a corresponding private key that will sign other zone data.
D.
http://technet.microsoft.com/en-us/library/hh831411.aspx
http://technet.microsoft.com/en-us/library/ee649132(v=ws.10).aspx

clip_image001[92]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(31-40)!

QUESTION 31
Your network contains three Active Directory forests. Each forest contains an Active Directory Rights Management Services (AD RMS) root cluster. All of the users in all of the forests must be able to access protected content from any of the forests. You need to identify the minimum number of AD RMS trusts required. How many trusts should you identify?

A.    2
B.    3
C.    4
D.    6

Answer: D

QUESTION 32
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA). All users in the domain are issued a smart card and are required to log on to their domain-joined client computer by using their smart card. A user named User1 resigned and started to work for a competing company. You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not prevent other users from logging on to the domain. Which tool should you use?

A.    Active Directory Sites and Services
B.    Active Directory Administrative Center
C.    Server Manager
D.    Certificate Templates

Answer: B

QUESTION 33
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 has the DHCP Server server role installed. DHCP is configured as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[54]
You discover that client computers cannot obtain IPv4 addresses from DC1. You need to ensure that the client computers can obtain IPv4 addresses from DC1. What should you do?

A.    Activate the scope.
B.    Authorize DC1.
C.    Disable the Allow filters.
D.    Disable the Deny filters.

Answer: C
Explanation:
There is no items in the deny List. So it means that client computers MAC addresses is not listed in the allow list. So we have to disable the “Allow Filters” http://technet.microsoft.com/en-us/library/ee956897(v=ws.10).aspx
 clip_image001[56]

QUESTION 34
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 and a domain controller named DC1. All servers run Windows Server 2012 R2. A Group Policy object (GPO) named GPO1 is linked to the domain. Server1 contains a folder named Folder1. Folder1 is shared as Share1. You need to ensure that authenticated users can request assistance when they are denied access to the resources on Server1. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Assign the Read Attributes NTFS permission on Folder1 to the Authenticated Users group.
B.    Install the File Server Resource Manager role service on Server1.
C.    Configure the Customize message for Access Denied errors policy setting of GPO1.
D.    Enable the Enable access-denied assistance on client for all file types policy setting for GPO1.
E.    Install the File Server Resource Manager role service on DC1.

Answer: BD
Explanation:
http://technet.microsoft.com/en-us/library/hh831402.aspx#BKMK_1

QUESTION 35
Your network contains an Active Directory domain named adatum.com. All domain controllers run Windows Server 2008 R2. The domain contains a file server named Server6 that runs Windows Server 2012 R2. Server6 contains a folder named Folder1. Folder1 is shared as Share1. The NTFS permissions on Folder1 are shown in the exhibit. (Click the Exhibit button.)
 clip_image002[26]
The domain contains two global groups named Group1 and Group2. You need to ensure that only users who are members of both Group1 and Group2 are denied access to Folder1. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Remove the Deny permission for Group1 from Folder1.
B.    Deny Group2 permission to Folder1.
C.    Install a domain controller that runs Windows Server 2012 R2.
D.    Create a conditional expression.
E.    Deny Group2 permission to Share1.
F.    Deny Group1 permission to Share1.

Answer: CD
Explanation:
* Conditional Expressions for Permission Entries Windows Server 2008 R2 and Windows 7 enhanced Windows security descriptors by introducing a conditional access permission entry. Windows Server 2012 R2 takes advantage of conditional access permission entries by inserting user claims, device claims, and resource properties, into conditional expressions. Windows Server 2012 R2 security evaluates these expressions and allows or denies access based on results of the evaluation. Securing access to resources through claims is known as claims-based access control. Claims-based access control works with traditional access control to provide an additional layer of authorization that is flexible to the varying needs of the enterprise environment.
http://social.technet.microsoft.com/wiki/contents/articles/14269.introducing-dynamicaccess- control-en-us.aspx

QUESTION 36
Your network contains an Active Directory forest. The forest contains a single domain named contoso.com. The forest contains two Active Directory sites named Main and Branch1. The sites connect to each other by using a site link named Main-Branch1. There are no other site links. Each site contains several domain controllers. All domain controllers run Windows Server 2012 R2. Your company plans to open a new branch site named Branch2. The new site will have a WAN link that connects to the Main site only. The site will contain two domain controllers that run Windows Server 2012 R2. You need to create a new site and a new site link for Branch2. The solution must ensure that the domain controllers in Branch2 only replicate to the domain controllers in Branch1 if all of the domain controllers in Main are unavailable. Which three actions should you perform? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
 clip_image002[28]
Answer:
 clip_image002[30]

QUESTION 37
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 has the DNS Server server role installed. The network contains client computers that run either Linux, Windows 7, or Windows 8. You have a standard primary zone named adatum.com as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[58]
You plan to configure Name Protection on all of the DHCP servers. You need to configure the adatum.com zone to support Name Protection. Which two configurations should you perform from DNS Manager? (Each correct answer presents part of the solution. Choose two.)

A.    Sign the zone.
B.    Store the zone in Active Directory.
C.    Modify the Security settings of the zone.
D.    Configure Dynamic updates.

Answer: BD
Explanation:
http://technet.microsoft.com/en-us/library/ee941152(v=ws.10).aspx
 clip_image001[60]

clip_image001[62]

QUESTION 38
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 have the Hyper-V server role installed. Server1 and Server2 are configured as Hyper-V replicas of each other. Server1 hosts a virtual machine named VM1. VM1 is replicated to Server2. You need to verify whether the replica of VM1 on Server2 is functional. The solution must ensure that VM1 remains accessible to clients. What should you do from Hyper-V Manager?

A.    On Server1, execute a Planned Failover.
B.    On Server1, execute a Test Failover.
C.    On Server2, execute a Planned Failover.
D.    On Server2, execute a Test Failover.

Answer: D
Explanation:
A. Server 1 is houses VM1 and it is replicated to Server2 – wrong server to failover and this is not a planned fail over case
B. Wrong server correct failover type
C. Wrong server, wrong failover type
D. Right server and failover type
http://blogs.technet.com/b/virtualization/archive/2012/07/31/types-of-failover-operations-inhyper- v-replica-partii-planned-failover.aspx
http://blogs.technet.com/b/virtualization/archive/2012/07/26/types-of-failover-operations-inhyper- v-replica.aspx

QUESTION 39
You have a failover cluster named Cluster1 that contains four nodes. All of the nodes run Windows Server 2012 R2. You need to force every node in Cluster1 to contact immediately the Windows Server Update Services (WSUS) server on your network for updates. Which tool should you use?

A.    The Add-CauClusterRole cmdlet
B.    The Wuauclt command
C.    The Wusa command
D.    The Invoke-CauScan cmdlet

Answer: D
Explanation:
A. Adds the Cluster-Aware Updating (CAU) clustered role that provides the self-updating functionality to the specified cluster.
B. the wuauclt utility allows you some control over the functioning of the Windows Update Agent C. The Wusa.exe file is in the %windir%\System32 folder. The Windows Update Standalone Installer uses the Windows Update Agent API to install update packages. Update packages have an .msu file name extension. The .msu file name extension is associated with the Windows Update Standalone Installer.
D. Performs a scan of cluster nodes for applicable updates and returns a list of the initial set of updates that would be applied to each node in a specified cluster. http://technet.microsoft.com/en-us/library/hh847235(v=wps.620).aspx http://technet.microsoft.com/en-us/library/cc720477(v=ws.10).aspx http://support.microsoft.com/kb/934307
http://technet.microsoft.com/en-us/library/hh847228(v=wps.620).aspx
 clip_image001[64]

QUESTION 40
Your network contains an Active Directory domain named contoso.com. The network contains a file server named Server1 that runs Windows Server 2012 R2. You are configuring a central access policy for temporary employees. You enable the Department resource property and assign the property a suggested value of Temp. You need to configure a target resource condition for the central access rule that is scoped to resources assigned to Temp only. Which condition should you use?

A.    (Temp.Resource Equals “Department”)
B.    (Resource.Temp Equals “Department”)
C.    (Resource.Department Equals “Temp”)
D.    (Department.Value Equals “Temp”)

Answer: C
Explanation:
http://technet.microsoft.com/fr-fr/library/hh846167.aspx

clip_image001[66]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(21-30)!

QUESTION 21
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows Server 2012 R2. Both servers have the Hyper-V server role installed. The network contains an enterprise certification authority (CA). All servers are enrolled automatically for a certificate-based on the Computer certificate template. On Server1, you have a virtual machine named VM1. VM1 is replicated to Server2. You need to encrypt the replication of VM1. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    On Server1, modify the settings of VM1.
B.    On Server2, modify the settings of VM1.
C.    On Server2, modify the Hyper-V Settings.
D.    On Server1, modify the Hyper-V Settings.
E.    On Server1, modify the settings of the virtual switch to which VM1 is connected.
F.    On Server2, modify the settings of the virtual switch to which VM1 is connected.

Answer: AC
Explanation:
Answer is A and C, not A and F. Virtual Switch has nothing to do with this scenario based many sites I’ve visited even TechNet. And added a couple examples with Enterprise CA as well.
C. – Is Server 2, modify settings of Hyper-V=>Replica Server. then all the Encryption Reqs. TCP-443/SSL.

QUESTION 22
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. You create a user account named User1 in the domain. You need to ensure that User1 can use Windows Server Backup to back up Server1. The solution must minimize the number of administrative rights assigned to User1. What should you do?

A.    Add User1 to the Backup Operators group.
B.    Add User1 to the Power Users group.
C.    Assign User1 the Backup files and directories user right and the Restore files and directories user right.
D.    Assign User1 the Backup files and directories user right.

Answer: D
Explanation:
Backup Operators have these permissions by default:
 clip_image001[40]
However the question explicitly says we need to minimize administrative rights. Since the requirement is for backing up the data only–no requirement to restore or shutdown–then assigning the “Back up files and directories user right” would be the correct answer.
 clip_image001[42]

QUESTION 23
You have a server named Server1 that runs Windows Server 2012 R2 and is used for testing. A developer at your company creates and installs an unsigned kernel-mode driver on Server1. The developer reports that Server1 will no longer start. You need to ensure that the developer can test the new driver. The solution must minimize the amount of data loss. Which Advanced Boot Option should you select?

A.    Disable Driver Signature Enforcement
B.    Disable automatic restart on system failure
C.    Last Know Good Configuration (advanced)
D.    Repair Your Computer

Answer: A
Explanation:
A. By default, 64-bit versions of Windows Vista and later versions of Windows will load a kernel- mode driver only if the kernel can verify the driver signature. However, this default behavior can be disabled to facilitate early driver development and non-automated testing. B. specifies that Windows automatically restarts your computer when a failure occurs C. Developer would not be able to test the driver as needed D. Removes or repairs critical windows files, Developer would not be able to test the driver as needed and some file loss
http://technet.microsoft.com/en-us/library/jj134246.aspx
http://msdn.microsoft.com/en-us/library/windows/hardware/ff547565(v=vs.85).aspx
 clip_image001[44]

QUESTION 24
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. You add two additional nodes to Cluster1. You need to ensure that Cluster1 stops running if three nodes fail. What should you configure?

A.    Affinity-None
B.    Affinity-Single
C.    The cluster quorum settings
D.    The failover settings
E.    A file server for general use
F.    The Handling priority
G.    The host priority
H.    Live migration
I.    The possible owner
J.    The preferred owner
K.    Quick migration
L.    The Scale-Out File Server

Answer: C

QUESTION 25
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. You add two additional nodes in Cluster1. You have a folder named Folder1 on Server1 that hosts application data. Folder1 is a folder target in a Distributed File System (DFS) namespace. You need to provide highly available access to Folder1. The solution must support DFS Replication to Folder1. What should you configure?

A.    Affinity-None
B.    Affinity-Single
C.    The cluster quorum settings
D.    The failover settings
E.    A file server for general use
F.    The Handling priority
G.    The host priority
H.    Live migration
I.    The possible owner
J.    The preferred owner
K.    Quick migration
L.    The Scale-Out File Server

Answer: E

QUESTION 26
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured as nodes in an NLB cluster named Cluster1. Port rules are configured for all clustered applications. You need to ensure that Server2 handles all client requests to the cluster that are NOT covered by a port rule. What should you configure?

A.    Affinity-None
B.    Affinity-Single
C.    The cluster quorum settings
D.    The failover settings
E.    A file server for general use
F.    The Handling priority
G.    The host priority
H.    Live migration
I.    The possible owner
J.    The preferred owner
K.    Quick migration
L.    The Scale-Out File Server

Answer: G
Explanation:
http://technet.microsoft.com/en-us/library/bb742455.aspx
 clip_image001[46]
QUESTION 27
Your network contains an Active Directory domain named contoso.com. A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS). After the proof of concept was complete, the Active Directory Rights Management Services server role was removed. You attempt to deploy AD RMS. During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service Connection Point (SCP) was found. You need to remove the existing AD RMS SCP. Which tool should you use?

A.    ADSI Edit
B.    Active Directory Users and Computers
C.    Active Directory Domains and Trusts
D.    Active Directory Sites and Services
E.    Services
F.    Authorization Manager
G.    TPM Management
H.    Certification Authority

Answer: AD
Explanation:
http://technet.microsoft.com/en-us/library/jj835767(v=ws.10).aspx
 clip_image001[48]

clip_image001[50]

clip_image001[52]

QUESTION 28
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. The functional level of the forest is Windows Server 2003. You have a domain outside the forest named adatum.com. You need to configure an access solution to meet the following requirements:
– Users in adatum.com must be able to access resources in contoso.com.
– Users in adatum.com must be prevented from accessing resources in fabrikam.com.
– Users in both contoso.com and fabrikam.com must be prevented from accessing resources in adatum.com.
What should you create?

A.    a one-way realm trust from contoso.com to adatum.com
B.    a one-way realm trust from adatum.com to contoso.com
C.    a one-way external trust from contoso.com to adatum.com
D.    a one-way external trust from adatum.com to contoso.com

Answer: C
Explanation:
domain names were changed, so understand the question well
You need to make trust relationship where domain contoso.com trusts adatum.com.
http://technet.microsoft.com/en-us/library/cc728024(v=ws.10).aspx
 clip_image002[24]

QUESTION 29
Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. DC1 hosts an Active Directory- integrated zone for contoso.com. You add the DNS Server server role to DC2. You discover that the contoso.com DNS zone fails to replicate to DC2. You verify that the domain, schema, and configuration naming contexts replicate from DC1 to DC2. You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication. Which tool should you use?

A.    Dnscmd
B.    Dnslint
C.    Repadmin
D.    Ntdsutil
E.    DNS Manager
F.    Active Directory Sites and Services
G.    Active Directory Domains and Trusts
H.    Active Directory Users and Computers

Answer: F
Explanation:
http://technet.microsoft.com/en-us/library/cc739941(v=ws.10).aspx
If you see question about AD Replication, First preference is AD sites and services, then Repadmin and then DNSLINT.

QUESTION 30
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA). All users in the domain are issued a smart card and are required to log on to their domain-joined client computer by using their smart card. A user named User1 resigned and started to work for a competing company. You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not prevent other users from logging on to the domain. Which tool should you use?

A.    Active Directory Administrative Center
B.    Active Directory Sites and Services
C.    Active Directory Users and Computers
D.    the Certification Authority console
E.    the Certificates snap-in
F.    Certificate Templates
G.    Server Manager
H.    the Security Configuration Wizard

Answer: AC
Explanation:
A. ADAC – Active Directory Administrative Center used to manage users/computers C. ADUC – Active Directory Users and Computers used to manage users/Computers.
http://technet.microsoft.com/en-us/library/dd560651(v=ws.10).aspx http://technet.microsoft.com/en-us/library/aa997340(v=exchg.65).aspx

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(11-20)!

QUESTION 11
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 and a member server named Server1. Server1 has the IP Address Management (IPAM) Server feature installed. On Dc1, you configure Windows Firewall to allow all of the necessary inbound ports for IPAM. On Server1, you open Server Manager as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[12]
You need to ensure that you can use IPAM on Server1 to manage DNS on DC1. What should you do?

A.    Modify the outbound firewall rules on Server1.
B.    Modify the inbound firewall rules on Server1.
C.    Add Server1 to the Remote Management Users group.
D.    Add Server1 to the Event Log Readers group.

Answer: D
Explanation:
Since no exhibit, the guess here is it’s not using the GPO to manage the Event Log Readers group– evidenced by the fact that the firewall was configured manually instead of with the GPO. If the GPO was being used then the IPAM server would be in the Event Log Readers group due to restricted group settings in the GPO as shown below:
 clip_image002[14]
In the above example, the IPAM server is as member of the VDI\IPAMUG group.
http://technet.microsoft.com/en-us/library/jj878313.aspx
 clip_image001[22]

QUESTION 12
Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the IP Address Management (IPAM) Server feature installed. You install the IPAM client on Server2. You open Server Manager on Server2 as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[16]
You need to manage IPAM from Server2. What should you do first?

A.    On Server1, add the Server2 computer account to the IPAM MSM Administrators group.
B.    On Server2, open Computer Management and connect to Server1.
C.    On Server2, add Server1 to Server Manager.
D.    On Server1, add the Server2 computer account to the IPAM ASM Administrators group.

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/hh831453.aspx
 clip_image002[18]
QUESTION 13
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named Dc1. DC1 has the DNS Server server role installed. The network has two sites named Site1 and Site2. Site1 uses 10.10.0.0/16 IP addresses and Site2 uses 10.11.0.0/16 IP addresses. All computers use DC1 as their DNS server. The domain contains four servers named Server1, Server2, Server3, and Server4. All of the servers run a service named Service1. DNS host records are configured as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[24]
You discover that computers from the 10.10.1.0/24 network always resolve Service1 to the [P address of Server1. You need to configure DNS on DC1 to distribute computers in Site1 between Server1 and Server2 when the computers attempt to resolve Service1. What should run on DC1?

A.    dnscmd /config /bindsecondaries 1
B.    dnscmd /config /localnetpriority 0
C.    dnscmd /config /localnetprioritynetmask 0x0000ffff
D.    dnscmd /config /roundrobin 0

Answer: C
Explanation:
A. Specifies use of fast transfer format used by legacy Berkeley Internet Name Domain (BIND) servers. 1 enables
B. Disables netmask ordering.
C. You can use the Dnscmd /Config /LocalNetPriorityNetMask 0x0000FFFF command to use class B ( or 16 bit) for netmask ordering for DNS round robin
D. Disables round robin rotation.
http://technet.microsoft.com/en-us/library/cc737355(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc738473(v=ws.10).aspx http://support.microsoft.com/kb/842197
http://technet.microsoft.com/en-us/library/cc779169(v=ws.10).aspx

QUESTION 14
Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Both servers have the DHCP Server server role installed. Server1 is located in the main office site. Server2 is located in the branch office site. Server1 provides IPv4 addresses to the client computers in the main office site. Server2 provides IPv4 addresses to the client computers in the branch office site. You need to ensure that if either Server1 or Server2 are offline, the client computers can still obtain IPv4 addresses.
The solution must meet the following requirements:
– The storage location of the DHCP databases must not be a single point of failure.
– Server1 must provide IPv4 addresses to the client computers in the branch office site only if Server2 is offline.
– Server2 must provide IPv4 addresses to the client computers in the main office site only if Server1 is offline.
Which configuration should you use?

A.    load sharing mode failover partners
B.    a failover cluster
C.    hot standby mode failover partners
D.    a Network Load Balancing (NLB) cluster

Answer: C
Explanation:
A. The load sharing mode of operation is best suited to deployments where both servers in a failover relationship are located at the same physical site.
B. Hot standby mode of operation is best suited to deployments where a central office or data center server acts as a standby backup server to a server at a remote site, which is local to the DHCP clients
C. Needs to be a DHCP Failover option
D. Needs to be a DHCP Failover option
http://technet.microsoft.com/en-us/library/hh831385.aspx http://blogs.technet.com/b/teamdhcp/archive/2012/09/03/dhcp-failover-hot-standbymode.aspx
 clip_image001[26]

QUESTION 15
You have a DHCP server named Server1. Server1 has an IP address 192.168.1.2 is located on a subnet that has a network ID of 192.168.1.0/24. On Server1, you create the scopes shown in the following table.
 clip_image001[28]
You need to ensure that Server1 can assign IP addresses from both scopes to the DHCP clients on the local subnet. What should you create on Server1?

A.    A scope
B.    A superscope
C.    A split-scope
D.    A multicast scope

Answer: B
Explanation:
A. A scope is an administrative grouping of IP addresses for computers on a subnet that use the Dynamic Host Configuration Protocol (DHCP) service. The administrator first creates a scope for each physical subnet and then uses the scope to define the parameters used by clients.
B. A superscope is an administrative feature of Dynamic Host Configuration Protocol (DHCP) servers running Windows Server 2008 that you can create and manage by using the DHCP Microsoft Management Console (MMC) snap-in. By using a superscope, you can group multiple scopes as a single administrative entity.
D. Multicasting is the sending of network traffic to a group of endpointsdestination hosts. Only those members in the group of endpoints hosts that are listening for the multicast traffic (the multicast group) process the multicast traffic http://technet.microsoft.com/en-us/library/dd759168.aspx http://technet.microsoft.com/en-us/library/dd759152.aspx
 clip_image001[30]

QUESTION 16
Your network contains servers that run Windows Server 2012 R2. The network contains a large number of iSCSI storage locations and iSCSI clients. You need to deploy a central repository that can discover and list iSCSI resources on the network automatically. Which feature should you deploy?

A.    the Windows Standards-Based Storage Management feature
B.    the iSCSI Target Server role service
C.    the iSCSI Target Storage Provider feature
D.    the iSNS Server service feature

Answer: D
Explanation:
A. Windows Server 2012 R2 enables storage management that is comprehensive and fully scriptable, and administrators can manage it remotely. A WMI-based interface provides a single mechanism through which to manage all storage, including non-Microsoft intelligent storage subsystems and virtualized local storage (known as Storage Spaces). Additionally, management applications can use a single Windows API to manage different storage types by using standards-based protocols such as Storage Management Initiative Specification (SMI-S).
B. Targets are created in order to manage the connections between an iSCSI device and the servers that need to access it. A target defines the portals (IP addresses) that can be used to connect to the iSCSI device, as well as the security settings (if any) that the iSCSI device requires in order to authenticate the servers that are requesting access to its resources. C. iSCSI Target Storage Provider enables applications on a server that is connected to an iSCSI target to perform volume shadow copies of data on iSCSI virtual disks. It also enables you to manage iSCSI virtual disks by using older applications that require a Virtual Disk Service (VDS) hardware provider, such as the Diskraid command.
D. The Internet Storage Name Service (iSNS) protocol is used for interaction between iSNS servers and iSNS clients. iSNS clients are computers, also known as initiators, that are attempting to discover storage devices, also known as targets, on an Ethernet network.
http://technet.microsoft.com/en-us/library/cc726015.aspx
http://technet.microsoft.com/en-us/library/cc772568.aspx
 clip_image001[32]
QUESTION 17
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2. All domain user accounts have the Division attribute automatically populated as part of the user provisioning process. The Support for Dynamic Access Control and Kerberos armoring policy is enabled for the domain. You need to control access to the file shares on Server1 based on the values in the Division attribute and the Division resource property. Which three actions should you perform in sequence?
 clip_image002[20]
Answer:
 clip_image001[34]
Explanation:
First create a claim type for the property, then create a reference resource property that points back to the claim. Finally set the classification value on the folder

QUESTION 18
Your network contains two Active Directory forests named contoso.com and fabrikam.com. The contoso.com forest contains two domains named corp.contoso.com and contoso.com. You establish a two-way forest trust between contoso.com and fabrikam.com. Users from the corp.contoso.com domain report that they cannot log on to client computers in the fabrikam.com domain by using their corp.contoso.com user account. When they try to log on, they receive following error message:
“The computer you are signing into is protected by an authentication firewall. The specified account is not allowed to authenticate to the computer.” Corp.contoso.com users can log on successfully to client computers in the contoso.com domain by using their corp.contoso.com user account credentials. You need to allow users from the corp.contoso.com domain to log on to the client computers in the fabrikam.com forest. What should you do?

A.    Configure Windows Firewall with Advanced Security.
B.    Enable SID history.
C.    Configure forest-wide authentication.
D.    Instruct the users to log on by using a user principal name (UPN).

Answer: C
Explanation:
C. The forest-wide authentication setting permits unrestricted access by any users in the trusted forest to all available shared resources in any of the domains in the trusting forest.
http://technet.microsoft.com/en-us/library/cc785875(v=ws.10).aspx
 clip_image001[36]

QUESTION 19
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Both servers have the Hyper-V server role installed. The servers have the hardware configurations shown in the following table.
 clip_image001[38]
Server1 hosts five virtual machines that run Windows Server 2012 R2. You need to move the virtual machines from Server1 to Server2. The solution must minimize downtime. What should you do for each virtual machine?

A.    Export the virtual machines from Server1 and import the virtual machines to Server2.
B.    Perform a live migration.
C.    Perform a quick migration.
D.    Perform a storage migration.

Answer: A
Explanation:
None of these migration options will work between different Processors ( AMD/Intel). The only option remaining is to export and re-import the VMs

QUESTION 20
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the Hyper-V server role installed. You plan to replicate virtual machines between Server1 and Server2. The replication will be encrypted by using Secure Sockets Layer (SSL). You need to request a certificate on Server1 to ensure that the virtual machine replication is encrypted. Which two intended purposes should the certificate for Server1 contain? (Each correct answer presents part of the solution. Choose two.)

A.    Client Authentication
B.    Kernel Mode Code Signing
C.    Server Authentication
D.    IP Security end system
E.    KDC Authentication

Answer: AC
Explanation:
http://blogs.technet.com/b/virtualization/archive/2012/03/13/hyper-v-replica-certificate- requirements.aspx

clip_image002[22]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(1-10)!

QUESTION 1
Your network contains an Active Directory domain named adatum.com. The domain contains two domain controllers that run Windows Server 2012 R2. The domain controllers are configured as shown in the following table.
 clip_image001
You log on to DC1 by using a user account that is a member of the Domain Admins group, and then you create a new user account named User1. You need to prepopulate the password for User1 on DC2. What should you do first?

A.    Connect to DC2 from Active Directory Users and Computers.
B.    Add DC2 to the Allowed RODC Password Replication Policy group.
C.    Add the User1 account to the Allowed RODC Password Replication Policy group.
D.    Run Active Directory Users and Computers as a member of the Enterprise Admins group.

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc730883(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc753470(v=ws.10).aspx#BKMK_pre
 clip_image001[4]
QUESTION 2
Your company has offices in Montreal, New York, and Amsterdam. The network contains an Active Directory forest named contoso.com. An Active Directory site exists for each office. All of the sites connect to each other by using the DEFAULTIPSITELINK site link. You need to ensure that only between 20:00 and 08:00, the domain controllers in the Montreal office replicate the Active Directory changes to the domain controllers in the Amsterdam office. The solution must ensure that the domain controllers in the Montreal and the New York offices can replicate the Active Directory changes any time of day. What should you do?

A.    Create a new site link that contains Montreal and Amsterdam.
Remove Amsterdam from DEFAULTIPSITELINK.
Modify the schedule of DEFAULTIPSITELINK.
B.    Create a new site link that contains Montreal and Amsterdam.
Create a new site link bridge.
Modify the schedule of DEFAU LTIPSITELINK.
C.    Create a new site link that contains Montreal and Amsterdam.
Remove Amsterdam from DEFAULTIPSITELINK.
Modify the schedule of the new site link.
D.    Create a new site link that contains Montreal and Amsterdam.
Create a new site link bridge.
Modify the schedule of the new site link.

Answer: C
Explanation:
Very Smartly reworded with same 3 offices. In the exam correct answer is “Create a new site link that contains Newyork to Montreal.
Remove Montreal from DEFAULTIPSITELINK.Modify the schedule of the new site link”.
http://technet.microsoft.com/en-us/library/cc755994(v=ws.10).aspx

QUESTION 3
Your network contains two Active Directory forests named contoso.com and adatum.com. A two- way forest trust exists between the forests. The contoso.com forest contains an enterprise certification authority (CA) named Server1. You implement cross-forest certificate enrollment between the contoso.com forest and the adatum.com forest. On Server1, you create a new certificate template named Template1. You need to ensure that users in the adatum.com forest can request certificates that are based on Template1. Which tool should you use?

A.    DumpADO.ps1
B.    Repadmin
C.    Add-CATemplate
D.    Certutil
E.    PKISync.ps1

Answer: E
Explanation:
B. Repadmin.exe helps administrators diagnose Active Directory replication problems between domain controllers running Microsoft Windows operating systems.
C. Adds a certificate template to the CA.
D. Use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.
E. PKISync.ps1 copies objects in the source forest to the target forest
http://technet.microsoft.com/en-us/library/ff955845(v=ws.10).aspx#BKMK_Consolidating http://technet.microsoft.com/en-us/library/cc770963(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh848372.aspx http://technet.microsoft.com/library/cc732443.aspx
http://technet.microsoft.com/en-us/library/ff961506(v=ws.10).aspx
 clip_image001[6]

QUESTION 4
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Deployment Services server role installed. You back up Server1 each day by using Windows Server Backup. The disk array on Server1 fails. You replace the disk array. You need to restore Server1 as quickly as possible. What should you do?

A.    Start Server1 from the Windows Server 2012 R2 installation media.
B.    Start Server1and press F8.
C.    Start Server1 and press Shift+F8.
D.    Start Server1 by using the PXE.

Answer: A
Explanation:
A. Recovery of the OS uses the Windows Setup Disc
http://technet.microsoft.com/en-us/library/cc753920.aspx http://www.windowsnetworking.com/articles_tutorials/Restoring-Windows-Server-BareMetal.html

QUESTION 5
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Both servers have the Hyper-V server role installed. Server1 and Server2 are located in different offices. The offices connect to each other by using a high-latency WAN link. Server2 hosts a virtual machine named VM1. You need to ensure that you can start VM1 on Server1 if Server2 fails. The solution must minimize hardware costs. What should you do?

A.    On Server1, install the Multipath I/O (MPIO) feature.
Modify the storage location of the VHDs for VM1.
B.    From the Hyper-V Settings of Server2, modify the Replication Configuration settings.
Enable replication for VM1.
C.    On Server2, install the Multipath I/O (MPIO) feature.
Modify the storage location of the VHDs for VM1.
D.    From the Hyper-V Settings of Server1, modify the Replication Configuration settings.
Enable replication for VM1.

Answer: D
Explanation:
You first have to enable replication on the Replica server–Server1–by going to the server and modifying the “Replication Configuration” settings under Hyper-V settings. You then go to VM1– which presides on Server2– and run the “Enable Replication” wizard on VM1.
 clip_image002
 clip_image002[4]

QUESTION 6
You have a server named Server1 that runs Windows Server 2012 R2. You modify the properties of a system driver and you restart Server1. You discover that Server1 continuously restarts without starting Windows Server 2012 R2. You need to start Windows Server 2012 R2 on Server1 in the least amount of time. The solution must minimize the amount of data loss. Which Advanced Boot Option should you select?

A.    Last Know Good Configuration (advanced)
B.    Repair Your Computer
C.    Disable automatic restart on system failure
D.    Disable Driver Signature Enforcement

Answer: A
Explanation:
http://windows.microsoft.com/en-ph/windows-vista/using-last-known-good-configuration
 clip_image001[8]

QUESTION 7
Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server1, Server2, and Server3 that run Windows Server 2012 R2. All three servers have the Hyper-V server role installed and the Failover Clustering feature installed. Server1 and Server2 are nodes in a failover cluster named Cluster1. Several highly available virtual machines run on Cluster1. Cluster1 has the Hyper-V Replica Broker role installed. The Hyper-V Replica Broker currently runs on Server1. Server3 currently has no virtual machines. You need to configure Cluster1 to be a replica server for Server3 and Server3 to be a replica server for Cluster1. Which two tools should you use? (Each correct answer presents part of the solution. Choose two.)

A.    The Hyper-V Manager console connected to Server3
B.    The Failover Cluster Manager console connected to Server3
C.    The Hyper-V Manager console connected to Server1.
D.    The Failover Cluster Manager console connected to Cluster1
E.    The Hyper-V Manager console connected to Server2

Answer: AD
Explanation:
http://technet.microsoft.com/en-us/library/jj134240.aspx
 clip_image002[6]
 clip_image001[10]

QUESTION 8
You have a file server named Server1 that runs Windows Server 2012 R2. The folders on Server1 are configured as shown in the following table.
 clip_image001[12]
A new corporate policy states that backups must use Microsoft Online Backup whenever possible. You need to identify which technology you must use to back up Server1. The solution must use Microsoft Online Backup whenever What should you identify? To answer, drag the appropriate backup type to the correct location or locations. Each backup type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 clip_image002[8]
Answer:
 clip_image001[14]
Explanation:
http://technet.microsoft.com/en-us/library/hh831761.aspx
 clip_image002[10]

QUESTION 9
You have a DNS server named Server1 that runs Windows Server 2012 R2. Server1 has a signed zone for contoso.com. You need to configure DNS clients to perform DNSSEC validation for the contoso.com DNS domain. What should you configure?

A.    The Network Connection settings
B.    A Name Resolution Policy
C.    The Network Location settings
D.    The DNS Client settings

Answer: B
Explanation:
B. In a DNSSEC deployment, validation of DNS queries by client computers is enabled through configuration of IPSEC & NRPT
http://technet.microsoft.com/en-us/library/ee649182(v=ws.10).aspx http://technet.microsoft.com/en-us/library/ee649136(v=ws.10).aspx
 clip_image001[16]
QUESTION 10
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. On Dc1, you open DNS Manager as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[18]
You need to change the replication scope of the contoso.com zone. What should you do before you change the replication scope?

A.    Modify the Zone Transfers settings.
B.    Add DC1 to the Name Servers list.
C.    Add your user account to the Security settings of the zone.
D.    Unsign the zone.

Answer: D
Explanation:
D. Lock icon signifies that the Zone has been signed. Changes to the zone are blocked when signed http://www.microsoft.com/en-us/download/dlx/ThankYou.aspx?id=29018

clip_image001[20]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

1 2 3