Microsoft Windows Server 2012

Microsoft 070-412 PDF Exams, First-hand Microsoft 070-412 Exam Questions Latest Version PDF&VCE

Question No : 11 HOTSPOT – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured as nodes in an NLB cluster named Cluster1. Both servers connect to the same switch.
Cluster1 hosts a secure web Application named WebApp1. WebApp1 saves user state information in a central database.
You need to ensure that the connections to WebApp1 are distributed evenly between the nodes. The solution must minimize port flooding.
What should you configure? To answer, configure the appropriate affinity and the appropriate mode for Cluster1 in the answer area.

Answer: Question No : 12 – (Topic 1)
Your network contains two Web servers named Server1 and Server2. Both servers run Windows Server 2012 R2.
Server1 and Server2 are nodes in a Network Load Balancing (NLB) cluster. The NLB cluster contains an application named App1 that is accessed by using the URL http://app1.contoso.com.
You plan to perform maintenance on Server1.
You need to ensure that all new connections to App1 are directed to Server2. The solution must not disconnect the existing connections to Server1.
What should you run?
A. The Set-NlbCluster cmdlet
B. The Set-NlbClusterNode cmdlet
C. The Stop-NlbCluster cmdlet
D. The Stop-NlbClusterNode cmdlet

Answer: D
Explanation: The Stop-NlbClusterNode cmdlet stops a node in an NLB cluster. When you use the stop the nodes in the cluster, client connections that are already in progress are interrupted. To avoid interrupting active connections, consider using the -drain parameter, which allows the node to continue servicing active connections but disables all new traffic to that node.
-Drain <SwitchParameter>
Drains existing traffic before stopping the cluster node. If this parameter is omitted, existing
traffic will be dropped.
Question No : 13 – (Topic 1)
Your network contains two servers named HV1 and HV2. Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed.
HV1 hosts 25 virtual machines. The virtual machine configuration files and the virtual hard disks are stored in D:\VM.
You shut down all of the virtual machines on HV1.
You copy D:\VM to D:\VM on HV2.
You need to start all of the virtual machines on HV2. You want to achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. Run the Import-VMInitialReplication cmdlet.
B. From HV1, export all virtual machines to D:\VM. Copy D:\VM to D:\VM on HV2 and overwrite the existing files. On HV2, run the Import Virtual Machine wizard.
C. From HV1, export all virtual machines to D:\VM. Copy D:\VM to D:\VM on HV2 and overwrite the existing files. On HV2, run the New Virtual Machine wizard.
D. Run the Import-VM cmdlet.
Answer: D

Question No : 14 HOTSPOT – (Topic 1)
Your network contains two Hyper-V hosts that are configured as shown in the following table.

You create a virtual machine on Server1 named VM1.
You plan to export VM1 from Server1 and import VM1 to Server2.
You need to ensure that you can start the imported copy of VM1 from snapshots.
What should you configure on VM1?
To answer, select the appropriate node in the answer area.
Answer:
Question No : 15 DRAG DROP – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains four member servers named Server1, Server2, Servers, and Server4. All servers run Windows Server 2012 R2.
Server1 and Server2 are located in a site named Site1. Server3 and Server4 are located in a site named Site2. The servers are configured as nodes in a failover cluster named Cluster1.
Cluster1 is configured to use the Node Majority quorum configuration.
You need to ensure that Server1 is the only server in Site1 that can vote to maintain quorum.
What should you run from Windows PowerShell?
To answer, drag the appropriate commands to the correct location. Each command may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Answer:
Question No : 16 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a cluster disk resource.
A developer creates an application named App1. App1 is NOT a cluster-aware application. App1 runs as a service. App1 stores date on the cluster disk resource.
You need to ensure that App1 runs in Cluster1. The solution must minimize development effort.
Which cmdlet should you run?
A. Add-ClusterGenericServiceRole
B. Add-ClusterGenericApplicationRole
C. Add-ClusterScaleOutFileServerRole
D. Add-ClusterServerRole

Answer: B
Explanation: Configure high availability for an application that was not originally designed to run in a failover cluster. If you run an application as a Generic Application, the cluster software will start the application, then periodically query the operating system to see whether the application appears to be running. If so, it is presumed to be online, and will not be restarted or failed over.
Ref: http://technet.microsoft.com/en-us/library/ee460976.aspx

Question No : 17 HOTSPOT – (Topic 1)
Your network contains an Active Directory domain named contoso.com.
You have a failover cluster named Cluster1 that contains two nodes named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed.
You plan to create two virtual machines that will run an application named App1. App1 will store data on a virtual hard drive named App1data.vhdx. App1data.vhdx will be shared by both virtual machines.
The network contains the following shared folders:
An SMB file share named Share1 that is hosted on a Scale-Out File Server. An SMB file share named Share2 that is hosted on a standalone file server. An NFS share named Share3 that is hosted on a standalone file server.
You need to ensure that both virtual machines can use App1data.vhdx simultaneously.
What should you do?
To answer, select the appropriate configurations in the answer area.

Answer:
Question No : 18 HOTSPOT – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and configured.
For all users, you are deploying smart cards for logon. You are using an enrollment agent to enroll the smart card certificates for the users.
You need to configure the Contoso Smartcard Logon certificate template to support the use of the enrollment agent.
Which setting should you modify? To answer, select the appropriate setting in the answer area.

Answer: Question No : 19 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. The system properties of Server1 are shown in the exhibit. (Click the Exhibit button.)

You need to configure Server1 as an enterprise subordinate certification authority (CA).
What should you do first?
A. Add RAM to the server.
B. Set the Startup Type of the Certificate Propagation service to Automatic.
C. Install the Certification Authority Web Enrollment role service.
D. Join Server1 to the contoso.com domain.

Answer: D
Explanation:
A new CA can be the root CA of a new PKI or subordinate to another in an existing PKI. Enterprise subordinate certification authority An enterprise subordinate CA must get a CA certificate from an enterprise root CA but can then issue certificates to all users and computers in the enterprise. These types of CAs are often used for load balancing of an enterprise root CA.
Enterprise CAs can be used to issue certificates to support such services as digital signatures, Secure Multipurpose Internet Mail Extensions (S/MIME) secure mail, Secure Sockets Layer (SSL) or Transport Layer Security (TLS) secured web access and smart card authentication. Enterprise CAsare used to provide certificate services to internal users who have user accounts in the domain.
Requiring Active Directory, an Enterprise subordinate CA obtains its certificate from an already existing CA.
These types of CAs are used to provide smart-card-enabled logons by Windows XP and other Windows Server 2003 machines.
After a root certification authority (CA) has been installed, many organizations will install one or more subordinate CAs to implement policy restrictions on the public key infrastructure (PKI) and to issue certificates to end clients. Using at least one subordinate CA can help protect the root CA from unnecessary exposure. If a subordinate CA will be used to issue certificates to users or computers with accounts in an Active Directory domain, installing the subordinate CA as an enterprise CA allows you to use the client’s existing account data in Active Directory Domain Services (AD DS) to issue and manage certificates and to publish certificates to AD DS. Membership in local Administrators, or equivalent, is the minimum required to complete this procedure. If this will be an enterprise CA, membership in Domain Admins, or equivalent, is the minimum required to complete this procedure.
Question No : 20 – (Topic 1)
Your network contains a perimeter network and an internal network. The internal network contains an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as the attribute store.
You plan to deploy a federation server proxy to a server named Server2 in the perimeter network.
You need to identify which value must be included in the certificate that is deployed to Server2.
What should you identify?
A. The FQDN of the AD FS server
B. The name of the Federation Service
C. The name of the Active Directory domain
D. The public IP address of Server2
Answer: A

Explanation:
A. It must contain the FQDN http://technet.microsoft.com/en-us/library/cc776786(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc782620(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc759635(v=ws.10).aspx

Question No : 21 – (Topic 1)
Your network contains an Active directory forest named contoso.com. The forest contains two child domains named east.contoso.com and west.contoso.com.
You install an Active Directory Rights Management Services (AD RMS) cluster in each child domain.
You discover that all of the users in the contoso.com forest are directed to the AD RMS cluster in east.contoso.com.
You need to ensure that the users in west.contoso.com are directed to the AD RMS cluster in west.contoso.com and that the users in east.contoso.com are directed to the AD RMS cluster in east.contoso.com.
What should you do?
A. Modify the Service Connection Point (SCP).
B. Configure the Group Policy object (GPO) settings of the users in the west.contoso.com domain.
C. Configure the Group Policy object (GPO) settings of the users in the east.contoso.com domain.
D. Modify the properties of the AD RMS cluster in west.contoso.com.

Answer: B
Explanation: The west.contoso.com are the ones in trouble that need to be redirected to the west.contoso.com not the east.contoso.com.

Question No : 22 – (Topic 1)
You have a server named Server1 that runs Windows Server 2012 R2.

From Server Manager, you install the Active Directory Certificate Services server role on
Server1.
A domain administrator named Admin1 logs on to Server1.
When Admin1 runs the Certification Authority console, Admin1 receive the following error

message.
You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error message does not appear.
What should you do?
A. Install the Active Directory Certificate Services (AD CS) tools.
B. Run the regsvr32.exe command.
C. Modify the PATH system variable.
D. Configure the Active Directory Certificate Services server role from Server Manager.

Answer: D
Explanation: The error message is related to missing role configuration.

Question No : 23 – (Topic 1)
Your network contains an Active Directory domain named contoso.com.
A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS). After the proof of concept was complete, the Active Directory Rights Management Services
server role was removed. You attempt to deploy AD RMS.
During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service Connection Point (SCP) was found.
You need to remove the existing AD RMS SCP.
Which tool should you use?
A. Active Directory Users and Computers
B. Authorization Manager
C. Active Directory Domains and Trusts
D. Active Directory Sites and Services

Answer: D
Question No : 24 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that has the Active Directory Federation Services server role installed. All servers run Windows Server 2012.d
You complete the Active Directory Federation Services Configuration Wizard on Server1.
You need to ensure that client devices on the internal network can use Workplace Join.
Which two actions should you perform on Server1? (Each correct answer presents part of the solution. Choose two.)
A. Run Enable-AdfsDeviceRegistration -PrepareActiveDirectory.
B. Edit the multi-factor authentication global authentication policy settings.
C. Run Enable-AdfsDeviceRegistration.
D. Run Set-AdfsProxyProperties HttpPort 80.
E. Edit the primary authentication global authentication policy settings.

Answer: C,E
Explanation: * To enable Device Registration Service On your federation server, open a Windows PowerShell command window and type: Enable-AdfsDeviceRegistration Repeat this step on each federation farm node in your AD FS farm.. Enable seamless second factor authentication Seamless second factor authentication is an enhancement in AD FS that provides an added level of access protection to corporate resources and applications from external devices that are trying to access them. When a personal device is Workplace Joined, it becomes a ‘known’ device and administrators can use this information to drive conditional access and gate access to resources. To enable seamless second factor authentication, persistent single sign-on (SSO) and conditional access for Workplace Joined devices In the AD FS Management console, navigate to Authentication Policies. Select Edit Global Primary Authentication. Select the check box next to Enable Device Authentication, and then click OK.

Question No : 25 DRAG DROP – (Topic 1)
Your network contains an Active Directory domain named contoso.com.
You need to ensure that third-party devices can use Workplace Join to access domain resources on the Internet.
Which four actions should you perform in sequence?
To answer, move the appropriate four actions from the list of actions to the answer area
and arrange them in the correct order.
Answer:
Question No : 26 HOTSPOT – (Topic 1)
Your company has a primary data center and a disaster recovery data center.
The network contains an Active Directory domain named contoso.com. The domain contains a server named that runs Windows Server 2012 R2. Server1 is located in the primary data center.
Server1 has an enterprise root certification authority (CA) for contoso.com.
You deploy another server named Server2 to the disaster recovery data center.
You plan to configure Server2 as a secondary certificate revocation list (CRL) distribution point.
You need to configure Server2 as a CRL distribution point (CDP).
Which tab should you use to configure the required CDP entry? To answer, select the appropriate tab in the answer area.

Answer:
Question No : 27 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as an enterprise certification authority (CA).
You need to ensure that all of the users in the domain are issued a certificate that can be used for the following purposes:

Email security
Client authentication
Encrypting File System (EFS)

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. From a Group Policy, configure the Certificate Services Client – Auto-Enrollment settings.
B. From a Group Policy, configure the Certificate Services Client – Certificate Enrollment Policy settings.
C. Modify the properties of the User certificate template, and then publish the template.
D. Duplicate the User certificate template, and then publish the template.
E. From a Group Policy, configure the Automatic Certificate Request Settings settings.

Answer: A,D
Explanation:
The default user template supports all of the requirements EXCEPT auto enroll as shown below:

However a duplicated template from users has the ability to autoenroll:

The Automatic Certificate Request Settings GPO setting is only available to Computer, not user.
http://technet.microsoft.com/en-us/library/dd851772.aspx
Question No : 28 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server3 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
DHCP is configured as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that only Scope1, Scope3, and Scope5 assign the same DNS servers to DHCP clients. The solution must minimize administrative effort.
What should you do?
A. Create a superscope and scope-level policies.
B. Configure the Scope Options.
C. Create a superscope and a filter.
D. Configure the Server Options.
Answer: B

Explanation:
B. Any DHCP scope options configured for assignment to DHCP clients http://technet.microsoft.com/en-us/library/dd759218.aspx http://technet.microsoft.com/en-us/library/cc757682(v=WS.10).aspx
Question No : 29 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DNS Server server role installed.
Server1 has a zone named contoso.com. The zone is configured as shown in the exhibit. (Click the Exhibit button.)

You need to assign a user named User1 permission to add and delete records from the contoso.com zone only.
What should you do first?
A. Enable the Advanced view from DNS Manager.
B. Add User1 to the DnsUpdateProxy group.
C. Run the New Delegation Wizard.
D. Configure the zone to be Active Directory-integrated.

Answer: D
Question No : 30 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
An administrator installs the IP Address Management (IPAM) Server feature on a server named Server2. The administrator configures IPAM by using Group Policy based provisioning and starts server discovery.
You plan to create Group Policies for IPAM provisioning.
You need to identify which Group Policy object (GPO) name prefix must be used for IPAM Group Policies.
What should you do on Server2?
A. From Server Manager, review the IPAM overview.
B. Run the ipamgc.exe tool.
C. From Task Scheduler, review the IPAM tasks.
D. Run the Get-IpamConfiguration cmdlet.

Answer: D

Flydumps.com never believes in second chances and hence bring you the best Microsoft 070-412 exam preparation materials which will make you pass in the first attempt. Flydumps.com experts have complied the fail proof Microsoft 070-412 exam content to help you pass your Microsoft 070-412 certification exam in the first attempt and score the top possible grades too.