★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 70-412 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/70-412-dumps.html
The Microsoft 70-412 practice questions and answers contain the comprehensive and comprehensive knowledge points. The Microsoft 70-412 exam dumps are summarized and compiled simply by Pass4sures professional team. What you need to do is just sit at home and download our Microsoft Microsoft check engine. Examine the whole Microsoft 70-412 practice materials meticulously and diligently. These people must be an excellent help for that Microsoft 70-412 exam preparation. Start earlier and get certified earlier and less difficult.
2021 Oct cbt nuggets 70-412 download:
Q131. You have an Active Directory Rights Management Services (AD RMS) cluster.
You need to prevent users from encrypting new content. The solution must ensure that the users can continue to decrypt content that was encrypted already.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. From the Active Directory Rights Management Services console, enable decommissioning.
B. From the Active Directory Rights Management Services console, create a user exclusion policy.
C. Modify the NTFS permissions of %systemdrive%\inetpub\wwwroot\_wmcs\licensing.
D. Modify the NTFS permissions of %systemdrive%\inetpub\wwwroot\_wmcs\decommission.
E. From the Active Directory Rights Management Services console, modify the rights policy templates.
Answer: A,D
Explanation:
* Decommissioning refers to the entire process of removing the AD RMS cluster and its
associated databases from an organization. This process allows you to save rights-
protected files as ordinary files before you remove AD RMS from your infrastructure so that
you do not lose access to these files.
Decommissioning an AD RMS cluster is achieved by doing the following:
/ Enable the decommissioning service. (A)
/ Modify permissions on the decommissioning pipeline.
/ Configure the AD RMS-enabled application to use the decommissioning pipeline.
* To modify the permissions on the decommissioning pipeline
1. Log on to ADRMS-SRV as cpandl\administrator.
2. Click Start, type %systemdrive%\inetpub\wwwroot\_wmcs in the Start Search box, and
then press ENTER.
3. Right-click the decommission folder, and then click Properties.
4. Click the Security tab, click Edit, and then click Add. (D)
Etc.
Reference: Step 1: Decommission AD RMS Root Cluster
Q132. Your network contains an Active Directory domain named contoso.com. The domain
contains two member servers named Server1 and Server2.
You install the DHCP Server server role on Server1 and Server2. You install the IP
Address Management (IPAM) Server feature on Server1.
You notice that you cannot discover Server1 or Server2 in IPAM.
You need to ensure that you can use IPAM to discover the DHCP infrastructure.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. On Server2, create an IPv4 scope.
B. On Server1, run the Add-IpamServerInventory cmdlet.
C. On Server2, run the Add-DhcpServerInDc cmdlet
D. On both Server1 and Server2, run the Add-DhcpServerv4Policy cmdlet.
E. On Server1, uninstall the DHCP Server server role.
Answer: B,C
Explanation:
B. The Add-IpamServerInventory cmdlet adds a new infrastructure server to the IP Address Management (IPAM) server inventory. Use the fully qualified domain name (FQDN) of the server to add to the server inventory.
C. The Add-DhcpServerInDC cmdlet adds the computer running the DHCP server service to the list of authorized Dynamic Host Configuration Protocol (DHCP) server services in the Active Directory (AD). A DHCP server service running on a domain joined computer needs to be authorized in AD so that it can start leasing IP addresses on the network.
Reference: Add-IpamServerInventory; Add-DhcpServerInDC
Q133. DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server3. The network contains a standalone server named Server2.
All servers run Windows Server 2012 R2. The servers are configured as shown in the following table.
Server3 hosts an application named App1. App1 is accessible internally by using the URL https://app1.contoso.com. App1 only supports Integrated Windows authentication.
You need to ensure that all users from the Internet are pre-authenticated before they can access App1.
What should you do?
To answer, drag the appropriate servers to the correct actions. Each server may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q134. Your network contains one Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. All domain computers have certificates that are issued by a certification authority (CA) named Contoso CA.
A user named User1 performs daily backups of the data on Server1 to a backup vault named Vault1. A user named User2 performs daily backups of the data on Server2 to a vault named Vault2.
You have the administrative credentials for Server2.
You need to restore the data from that last backup of Server1 to Server2.
Which two pieces of information do you require to complete the task? Each correct answer presents part of the solution.
A. the Microsoft Azure subscription credentials
B. the Vault2 credentials
C. the User1 credentials
D. the Vault1 credentials
E. the Server1 certificate
F. the Server2 certificate
G. the Server1 passphrase
H. the Server2 passphrase
Answer: D,G
Explanation: We need the Vault1 credentials to be able to access the data in Vault1. We need the passphrase of Server1 to access the backup that was made on Server1.
Reference: Microsoft Azure - Cloud Backup and Recovery
http://blogs.technet.com/b/rmurphy/archive/2014/12/02/microsoft-azure-backup.aspx
Q135. You have a server named LON-DC1 that runs Windows Server 2012 R2. An iSCSI virtual disk named VirtualiSCSI1.vhd exists on LON-DC1 as shown in the exhibit. (Click the Exhibit button.)
You create a new iSCSI virtual disk named VirtualiSCSI2.vhd by using the existing itgt iSCSI target.
VirtualiSCSIl.vhd is removed from LON-DC1.
You need to assign VirtualiSCSI2.vhd a logical unit value of 0.
What should you do?
A. Modify the properties of the itgt ISCSI target.
B. Modify the properties of the VirtualiSCSI2.vhd iSCSI virtual disk.
C. Run the Set-VirtualDisk cmdlet and specify the -Uniqueld parameter.
D. Run the iscsicli command and specify the reportluns parameter.
Answer: B
Explanation:
The virtual disk has the option to change the lun ID, no other option available in the answers appear to allow this change.
Note: Logical unit numbers (LUNs) created on an iSCSI disk storage subsystem are not directly assigned to a server. For iSCSI, LUNs are assigned to logical entities called targets.
Up to date windows server 2012 exam 70 412:
Q136. DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2.
All domain user accounts have the Division attribute automatically populated as part of the user provisioning process. The Support for Dynamic Access Control and Kerberos armoring policy is enabled for the domain.
You need to control access to the file shares on Server1 based on the values in the Division attribute and the Division resource property.
Which three actions should you perform in sequence?
Answer:
Q137. Your network contains an Active Directory domain named contoso.com. The domain
contains a certification authority (CA).
You suspect that a certificate issued to a Web server is compromised.
You need to minimize the likelihood that users will trust the compromised certificate.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Stop the Certificate Propagation service.
B. Modify the validity period of the Web Server certificate template.
C. Run certutil and specify the -revoke parameter.
D. Run certutil and specify the -deny parameter.
E. Publish the certificate revocation list (CRL).
Answer: C,E
Explanation: First revoke the certificate, then publish the CRL.
Q138. Your network contains one Active Directory forest named contoso.com. The forest contains two child domains and six domain controllers. The domain controllers are configured as shown in the following table.
For the contoso.com domain, a company policy states that administrators must be able to retrieve a list of all the users who have not logged on to the network in the last seven days from any domain controller.
You need to ensure that the users’ last logon information from the last seven days is replicated to all of the domain controllers.
What should you use?
A. Set-ADSite
B. Set-ADReplicationSite
C. Set-ADDomain
D. Set-ADReplicationSiteLink
E. Set-ADGroup
F. Set-ADForest
G. Netdom
Answer: C
Reference: Technet, Set-ADDomain
https://technet.microsoft.com/en-us/library/ee617212.aspx
Q139. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. Server1 is a BranchCache hosted cache server that is located in a branch office.
The network contains client computers that run either Windows 7 or Windows 8.
For the branch office, all of the user accounts and the client computer accounts are located in an organizational unit (OU) named Branch1. A Group Policy object (GPO) named GPO1 is linked to Branch 1. GPO1 contains the BranchCache settings.
You discover that users in the branch office who have client computers that run Windows 7 do not access cached content from Server1. Users in the branch office who have Windows 8 computers access cached content from Server1.
You need to configure the Windows 7 computers to use BranchCache on Server1. Which setting should you configure in GPO1?
To answer, select the appropriate setting in the answer area.
Answer:
Q140. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server3 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
DHCP is configured as shown in the exhibit. (Click the Exhibit button.)
Scope1, Scope2, and Scope3 are configured to assign the IP addresses of two DNS servers to DHCP clients. The remaining scopes are NOT configured to assign IP addresses of DNS servers to DHCP clients.
You need to ensure that only Scope1, Scope3, and Scopes assign the IP addresses of the DNS servers to the DHCP clients. The solution must minimize administrative effort.
What should you do?
A. Create a superscope and a filter.
B. Create a superscope and scope-level policies.
C. Configure the Server Options.
D. Configure the Scope Options.
Answer: D
Explanation:
Scope options are applied to any clients that obtain a lease within that particular scope.
Active scope option types always apply to all computers obtaining a lease in a given scope
unless they are overridden by class or reserved client settings for the option type.
Incorrect:
Not A, not B. A superscope allows a DHCP server to provide leases from more than one
scope to clients on a single physical network. It is not applicable here.
Not C. If we configure the Server Options and set the DNS Servers then all DHCP clients
would be assigned a DNS server.
Reference: Managing DHCP Options
https://technet.microsoft.com/en-us/library/cc958929.aspx