★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-412 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/70-412-dumps.html


Want to know Examcollection 70-412 Exam practice test features? Want to lear more about Microsoft Configuring Advanced Windows Server 2012 Services certification experience? Study High value Microsoft 70-412 answers to Up to the immediate present 70-412 questions at Examcollection. Gat a success with an absolute guarantee to pass Microsoft 70-412 (Configuring Advanced Windows Server 2012 Services) test on your first attempt.

2021 Oct 70 412 study guide:

Q41. Your network contains one Active Directory domain named contoso.com. The domain contains the domain controllers configured as shown in the following table. 

The functional level of the domain and the forest is Windows Server 2008. 

An administrator named Admin1 is a member of the Domain Admins group. 

You need to ensure that Admin1 can deploy a Windows Server 2012 R2 domain controller to contoso.com. 

What should you do? 

A. Raise the forest functional level. 

B. Run the Set-ADForestMode cmdlet. 

C. Raise the domain functional level. 

D. Run the adprep.exe command. 

Answer:

Explanation: Adprep.exe commands run automatically as needed as part of the AD DS installation process on servers that run Windows Server 2012 or later. The commands need to run in the following cases: 

* Before you add the first domain controller that runs a version of Windows Server that is later than the latest version that is running in your existing domain. 

* Before you upgrade an existing domain controller to a later version of Windows Server, if that domain controller will be the first domain controller in the domain or forest to run that version of Windows Server. 

Reference: Running Adprep.exe 

https://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx 


Q42. Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. The functional level of the forest is Windows Server 2003. 

You have a domain outside the forest named adatum.com. 

You need to configure an access solution to meet the following requirements: 

* Users in adatum.com must be able to access resources in contoso.com. 

* Users in adatum.com must be prevented from accessing resources in fabrikam.com. 

* Users in both contoso.com and fabrikam.com must be prevented from accessing resources in adatum.com. 

What should you create? 

A. a one-way realm trust from contoso.com to adatum.com 

B. a one-way realm trust from adatum.com to contoso.com 

C. a one-way external trust from contoso.com to adatum.com 

D. a one-way external trust from adatum.com to contoso.com 

Answer:

Explanation: 

The contoso domain must trust the adatum domain. 

Note: In a One-way: incoming trust, users in your (trusted) domain can be authenticated in 

the other (trusting) domain. Users in the other domain cannot be authenticated in your 

domain. 

Incorrect: 

Not A, not B. Use realm trusts to form a trust relationship between a non-Windows 

Kerberos realm and a Windows Server domain. 

Not D. The resources that are to be shared are in the contoso domain. 

Reference: Trust types 


Q43. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. 

Server1 and Server2 are nodes in a Hyper-V cluster named Cluster1. Cluster1 hosts 10 virtual machines. All of the virtual machines run Windows Server 2012 R2 and are members of the domain. 

You need to ensure that the first time a service named Service1 fails on a virtual machine, the virtual machine is moved to a different node. 

You configure Service1 to be monitored from Failover Cluster Manager. 

What should you configure on the virtual machine? 

A. From the Recovery settings of Service1, set the First failure recovery action to Take No Action. 

B. From the General settings, modify the Startup type. 

C. From the Recovery settings of Service1, set the First failure recovery action to Restart the Service. 

D. From the General settings, modify the Service status. 

Answer:

Explanation: 

When a monitored service fails the Recovery features of the service will take action. 

Example: 

Service Recovery 

In this case for the first failure the service will be restarted by the Service Control Manager inside the guest operating system, if the service fails for a second time the service will again be restarted via guest operating system. In case of a third failure the Service Control Manager will take no action and the Cluster service running on the Hyper-V host will take over recovery actions. 

Reference: How to configure VM Monitoring in Windows Server 2012 


Q44. Your network contains two Active Directory forests named contoso.com and adatum.com. Each forest contains one domain. Contoso.com has a two-way forest trust to adatum.com. Selective authentication is enabled on the forest trust. 

Contoso contains 10 servers that have the File Server role service installed. Users successfully access shared folders on the file servers by using permissions granted to the Authenticated Users group. 

You migrate the file servers to adatum.com. 

Contoso users report that after the migration, they are unable to access shared folders on the file servers. 

You need to ensure that the Contoso users can access the shared folders on the file servers. 

What should you do? 

A. Disable selective authentication on the existing forest trust. 

B. Disable SID filtering on the existing forest trust. 

C. Run netdom and specify the /quarantine attribute. 

D. Replace the existing forest trust with an external trust. 

Answer:

Explanation: 

Although it is not recommended, you can use this procedure to disable security identifier (SID) filter quarantining for an external trust with the Netdom.exe tool. You should consider disabling SID filter quarantining only in the following situations: 

* Users have been migrated to the trusted domain with their SID histories preserved, and you want to grant those users access to resources in the trusting domain (the former domain of the migrated users) based on the sIDHistory attribute. 

Etc. 

Reference: Disabling SID filter quarantining 

http://technet.microsoft.com/en-us/library/cc794713(v=ws.10).aspx 


Q45. You have a failover cluster named Cluster1 that contains four nodes. All of the nodes run Windows Server 2012 R2. 

You need to schedule the installation of Windows updates on the cluster nodes. 

Which tool should you use? 

A. the Add-CauClusterRole cmdlet 

B. the Wusa command 

C. the Wuauclt command 

D. the Invoke-CauScan cmdlet 

Answer:

Explanation: 

To enable self-updating mode, the CAU clustered role must also be added to the failover cluster. To do this by using the CAU UI, under Cluster Actions, use the Configure Self-Updating Options action. Alternatively, run the Add-CauClusterRole Windows PowerShell cmdlet. 

Note: The process for installing service packs and hotfixes on Windows Server 2012 differs from the process in earlier versions. In Windows Server 2012, you can use the Cluster-Aware Updating (CAU) feature. CAU automates the software-updating process on clustered servers while maintaining availability. 

Reference: Cluster-Aware Updating Overview 


Most up-to-date cbt nuggets 70-412 torrent:

Q46. HOTSPOT 

Your company has a main office and a branch office. An Active Directory site exists for each office. 

The network contains an Active Directory forest named contoso.com. The contoso.com domain contains three member servers named Server1, Server2, and Server3. All servers run Windows Server 2012 R2. 

In the main office, you configure Server1 as a file server that uses BranchCache. 

In the branch office, you configure Server2 and Server3 as BranchCache hosted cache servers. 

You are creating a Group Policy for the branch office site. 

Which two Group Policy settings should you configure? 

To answer, select the appropriate two settings in the answer area. 

Answer: 


Q47. Your network contains an Active Directory domain named contoso.com. The domain 

contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Rights Management Services server role installed. 

Your company works with a partner organization that does not have its own Active Directory Rights Management Services (AD RMS) implementation. 

You need to create a trust policy for the partner organization. 

The solution must meet the following requirements: 

. Grant users in the partner organization access to protected content. . Provide users in the partner organization with the ability to create protected content. 

Which type of trust policy should you create? 

A. A federated trust 

B. Windows Live ID 

C. A trusted publishing domain 

D. A trusted user domain 

Answer:

Explanation: 

In AD RMS rights can be assigned to users who have a federated trust with Active 

Directory Federation Services (AD FS). This enables an organization to share access to 

rights-protected content with another organization without having to establish a separate 

Active Directory trust or Active Directory Rights Management Services (AD RMS) 

infrastructure. 

Incorrect: 

Not C. Trusted publishing domains allow one AD RMS server to issue use licenses that 

correspond with a publishing license issued by another AD RMS server, but in this scenario 

the partner organization does not have any Active Directory. 

Not D. A trusted user domain, often referred as a TUD, is a trust between AD RMS 

clusters, but in this scenario the partner organization does not have any Active Directory. 

Reference: AD RMS and AD FS Considerations 

http://technet.microsoft.com/en-us/library/dd772651(v=WS.10).aspx 


Q48. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains two Active Directory sites named Site1 and Site2. 

You discover that when the account of a user in Site1 is locked out, the user can still log on to the servers in Site2 for up to 15 minutes by using Remote Desktop Services (RDS). 

You need to reduce the amount of time it takes to synchronize account lockout information across the domain. 

Which attribute should you modify? 

To answer, select the appropriate attribute in the answer area. 

Answer: 


Q49. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and configured. 

For all users, you are deploying smart cards for logon. You are using an enrollment agent to enroll the smart card certificates for the users. 

You need to configure the Contoso Smartcard Logon certificate template to support the use of the enrollment agent. 

Which setting should you modify? To answer, select the appropriate setting in the answer area. 

Answer: 


Q50. HOTSPOT 

Your network contains an Active Directory domain named adatum.com. All servers run Windows Server 2012 R2. All domain controllers have the DNS Server server role installed. 

You have a domain controller named DC1. 

On DC1, you create an Active Directory-integrated zone named adatum.com and you sign 

the zone by using DNSSEC. 

You deploy a new read-only domain controller (RODC) named RODC1. You need to ensure that the contoso.com zone replicates to RODC1. What should you configure on DC1? 

To answer, select the appropriate tab in the answer area. 

Answer: