★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 70-412 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/70-412-dumps.html
Cause all that matters here is passing the Microsoft 70-412 exam. Cause all that you need is a high score of 70-412 Configuring Advanced Windows Server 2012 Services exam. The only one thing you need to do is downloading Examcollection 70-412 exam study guides now. We will not let you down with our money-back guarantee.
2021 Mar 70-412 exam prep
Q11. Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the Active Directory Federation Services server role installed. Server2 is a file server.
Your company introduces a Bring Your Own Device (BYOD) policy.
You need to ensure that users can use a personal device to access domain resources by using Single Sign-On (SSO) while they are connected to the internal network.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Enable the Device Registration Service in Active Directory.
B. Publish the Device Registration Service by using a Web Application Proxy.
C. Configure Active Directory Federation Services (AD FS) for the Device Registration Service.
D. Create and configure a sync share on Server2.
E. Install the Work Folders role service on Server2.
Answer: A,C
Explanation:
* Workplace Join leverages a feature included in the Active Directory Federation Services (AD FS) Role in Windows Server 2012 R2, called Device Registration Service (DRS). DRS provisions a device object in Active Directory when a device is Workplace Joined. Once the device object is in Active Directory, attributes of that object can be retrieved and used to provide conditional access to resources and applications. The device identity is represented by a certificate which is set on the personal device by DRS when the device is Workplace Joined.
* In Windows Server 2012 R2, AD FS and Active Directory Domain Services have been extended to comprehend the most popular mobile devices and provide conditional access to enterprise resources based on user+device combinations and access policies. With these policies in place, you can control access based on users, devices, locations, and access times.
Reference: BYOD Basics: Enabling the use of Consumer Devices using Active Directory in Windows Server 2012 R2
Q12. Your network contains two Active Directory forests named contoso.com and adatum.com. Each forest contains one domain. Contoso.com has a two-way forest trust to adatum.com. Selective authentication is enabled on the forest trust.
Contoso contains 10 servers that have the File Server role service installed. Users successfully access shared folders on the file servers by using permissions granted to the Authenticated Users group.
You migrate the file servers to adatum.com.
Contoso users report that after the migration, they are unable to access shared folders on the file servers.
You need to ensure that the Contoso users can access the shared folders on the file servers.
What should you do?
A. Disable selective authentication on the existing forest trust.
B. Disable SID filtering on the existing forest trust.
C. Run netdom and specify the /quarantine attribute.
D. Replace the existing forest trust with an external trust.
Answer: B
Explanation:
Although it is not recommended, you can use this procedure to disable security identifier (SID) filter quarantining for an external trust with the Netdom.exe tool. You should consider disabling SID filter quarantining only in the following situations:
* Users have been migrated to the trusted domain with their SID histories preserved, and you want to grant those users access to resources in the trusting domain (the former domain of the migrated users) based on the sIDHistory attribute.
Etc.
Reference: Disabling SID filter quarantining
http://technet.microsoft.com/en-us/library/cc794713(v=ws.10).aspx
Q13. You have a server named Server1 that runs Windows Server 2012 R2. Server1 is located in the perimeter network and has the DNS Server server role installed.
Server1 has a zone named contoso.com.
You App1y a security template to Server1.
After you App1y the template, users report that they can no longer resolve names from contoso.com.
On Server1, you open DNS Manager as shown in the DNS exhibit. (Click the Exhibit button.)
On Server1, you open Windows Firewall with Advanced Security as shown in the Firewall exhibit. (Click the Exhibit button.)
You need to ensure that users can resolve contoso.com names.
What should you do?
A. From Windows Firewall with Advanced Security, disable the DNS (TCP, Incoming) rule and the DNS (UDP, Incoming) rule.
B. From DNS Manager, modify the Zone Transfers settings of the contoso.com zone.
C. From DNS Manager, unsign the contoso.com zone.
D. From DNS Manager, modify the Start of Authority (SOA) of the contoso.com zone.
E. From Windows Firewall with Advanced Security, modify the profiles of the DNS (TCP, Incoming) rule and the DNS (UDP, Incoming) rule.
Answer: E
Explanation:
To configure Windows Firewall on a managed DNS server . On the Server Manager menu, click Tools and then click Windows Firewall with Advanced Security. . Right-click Inbound Rules, and then click New Rule. The New Inbound Rule Wizard will launch. . In Rule Type, select Predefined, choose DNS Service from the list, and then click Next. . In Predefined Rules, under Rules, select the checkboxes next to the following
rules: . Click Next, choose Allow the connection, and then click Finish. . Right-click Inbound Rules, and then click New Rule. The New Inbound Rule
Wizard will launch. etc.
Reference: Manually Configure DNS Access Settings
Q14. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Federation Services (AD FS) server role installed.
Adatum.com is a partner organization.
You are helping the administrator of adatum.com set up a federated trust between adatum.com and contoso.com. The administrator of adatum.com asks you to provide a file containing the federation metadata of contoso.com.
You need to identify the location of the federation metadata file. Which node in the AD FS
console should you select?
To answer, select the appropriate node in the answer area.
Answer:
Q15. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 has access to four physical disks. The disks are configured as shown in the following table.
You need to ensure that all of the disks can be added to a Cluster Shared Volume (CSV).
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Format Disk2 to use NTFS.
B. Format Disk3 to use NTFS.
C. Enable BitLocker on Disk4.
D. Disable BitLocker on Disk1.
Answer: A,D
Explanation:
A. In Windows Server 2012 R2, a disk or storage space for a CSV volume must be a basic disk that is partitioned with NTFS or ReFS, but you cannot use a disk for a CSV that is formatted with FAT or FAT32.
D. CSV supports bitlocker, but you would have to enable it on all nodes in the cluster. Therefore we need to disable bitlocker on Disk1.
Incorrect:
Not B. ReFS would work fine. In Windows Server 2012 R2, a disk or storage space for a
CSV volume must be a basic disk that is partitioned with NTFS or ReFS.
Not C. Bitlocker must be enabled on all disks for it to work for a CSV.
Reference: Use Cluster Shared Volumes in a Failover Cluster
https://technet.microsoft.com/en-us/library/jj612868.aspx
Reference: How to Configure BitLocker Encrypted Clustered Disks in Windows Server
2012
http://blogs.msdn.com/b/clustering/archive/2012/07/20/10332169.aspx
Renew 70-412 download:
Q16. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 and a member server named Server1. Server1
has the IP Address Management (IPAM) Server feature installed.
On Dc1, you configure Windows Firewall to allow all of the necessary inbound ports for
IPAM.
On Server1, you open Server Manager as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can use IPAM on Server1 to manage DNS on DC1.
What should you do?
A. Modify the outbound firewall rules on Server1.
B. Modify the inbound firewall rules on Server1.
C. Add Server1 to the Remote Management Users group.
D. Add Server1 to the Event Log Readers group.
Answer: D
Explanation:
To access configuration data and server event logs, the IPAM server must be a member of the domain IPAM Users Group (IPAMUG). The IPAM server must also be a member of the Event Log Readers security group.
Note: The computer account of the IPAM server must be a member of the Event Log Readers security group.
Reference: Manually Configure DC and NPS Access Settings. http://technet.microsoft.com/en-us/library/jj878317.aspx http://technet.microsoft.com/en-us/library/jj878313.aspx
Q17. DRAG DROP
Your network contains an Active Directory domain named contoso.com.
You need to ensure that third-party devices can use Workplace Join to access domain resources on the Internet.
Which four actions should you perform in sequence?
To answer, move the appropriate four actions from the list of actions to the answer area
and arrange them in the correct order.
Answer:
Q18. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Hyper-V server role installed. The servers are configured as shown in the following table.
You add a third server named Server3 to the network. Server3 has Intel processors.
You need to move VM3 and VM6 to Server3. The solution must minimize downtime on the
virtual machines.
Which method should you use to move each virtual machine?
To answer, select the appropriate method for each virtual machine in the answer area.
Answer:
Q19. Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 are configured as shown in the following table.
You need to ensure that when new targets are added to Server1, the targets are registered on Server2 automatically.
What should you do on Server1?
A. Configure the Discovery settings of the iSCSI initiator.
B. Configure the security settings of the iSCSI target.
C. Run the Set-WmiInstance cmdlet.
D. Run the Set-IscsiServerTarget cmdlet.
Answer: C
Explanation:
Explanation/Reference:
Manage iSNS server registration
The iSNS server registration can be done using the following cmdlets, which manages the
WMI objects.
To add an iSNS server:
Set-WmiInstance -Namespace root\wmi -Class WT_iSNSServer –Arguments
@{ServerName="ISNSservername"}
Note: The Set-WmiInstance cmdlet creates or updates an instance of an existing WMI
class. The created or updated instance is written to the WMI repository.
Reference: iSCSI Target cmdlet reference
http://blogs.technet.com/b/filecab/archive/2012/06/08/iscsi-target-cmdlet-reference.aspx
Q20. You have a server named Server1.
You install the IP Address Management (IPAM) Server feature on Server1.
You need to provide a user named User1 with the ability to set the access scope of all the DHCP servers that are managed by IPAM. The solution must use the principle of least privilege.
Which user role should you assign to User1?
A. DNS Record Administrator Role
B. IPAM DHCP Reservations Administrator Role
C. IPAM Administrator Role
D. IPAM DHCP Administrator Role
Answer: D
Explanation:
The IPAM DHCP administrator role completely manages DHCP servers.
C:\Users\Chaudhry\Desktop\1.jpg
Reference: What's New in IPAM