Tag: 70-412 exam

100% Pass Microsoft 70-412 Exam By Exercising Flydumps Updated Microsoft 70-412

Flydumps guarantee your Microsoft 70-412 exam success with our Exam Resources .Microsoft 70-412 braindumps are the latest and developed by experience’s IT certification Professionals working in today’s prospering companies and data centers. All our Microsoft 70-412 brain dumps including Microsoft 70-412 exam questions which guarantee you can 100% success Microsoft 70-412 exam in your first try exam.

QUESTION 1
Your company recently deployed a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2.
You need to identify the time-to-live (TTL) value for domain referrals to the NETLOGON and SYSVOL shared folders.
Which tool should you use?
A. Ultrasound
B. Replmon
C. Dfsdiag
D. Frsutil
Correct Answer: C Explanation

Explanation/Reference:
Explanation:
What does DFSDiag do?
dfsdiag /testreferral:
Perform specific tests, depending on the type of referral being used.

* For Sysvol and Netlogon referrals perform the validation for Domain referrals and that it’s TTL has the
default value (900s).
Etc.
QUESTION 2
Your network contains two Active Directory forests named contoso.com and adatum.com. Contoso.com contains one domain. Adatum.com contains a child domain named child.adatum.- com.
Contoso.com has a one-way forest trust to adatum.com. Selective authentication is enabled on the forest trust.
Several user accounts are migrated from child.adatum.com to adatum.com. Users report that after the migration, they fail to access resources in contoso.com. The users suc- cessfully accessed the resources in contoso.com before the accounts were migrated.
You need to ensure that the migrated users can access the resources in contoso.com.
What should you do?
A. Replace the existing forest trust with an external trust.
B. Run netdom and specify the /quarantine attribute.
C. Disable SID filtering on the existing forest trust.
D. Disable selective authentication on the existing forest trust.
Correct Answer: C Explanation

Explanation/Reference:
Explanation: Security Considerations for Trusts Need to gain access to the resources in contoso.com
Disabling SID Filter Quarantining on External Trusts Although it reduces the security of your forest (and is therefore not recommended), you can dis- able SID filter quarantining for an external trust by using the Netdom.exe tool. You should con- sider disabling SID filter quarantining only in the following situations:
* Users have been migrated to the trusted domain with their SID histories preserved, and you want to grant
them access to resources in the trusting domain based on the SID history attribute.
Etc.

Incorrect: not B. Enables administrators to manage Active Directory domains and trust relationships from the command prompt, /quarantine Sets or clears the domain quarantine not D. Selective authentication over a forest trust restricts access to only those users in a trusted forest who have been explicitly given authentication permissions to computer objects (resource computers) that reside in the trusting forest
http://technet.microsoft.com/en-us/library/cc755321(v=ws.10).aspx

QUESTION 3
Your network contains an Active Directory forest named adatum.com. The forest contains a sin- gle domain. The domain contains four servers. The servers are configured as shown in the fol- lowing table.

You need to update the schema to support a domain controller that will run Windows Server 2012 R2. On which server should you run adprep.exe?
A. Server1
B. DC3
C. DC2

D. DC1 Correct Answer: B
Explanation Explanation/Reference:
Explanation:
Upgrade Domain Controllers to Windows Server 2012 R2 and Windows Server 2012

You can use adprep.exe on domain controllers that run 64-bit versions of Windows Server 2008 or
Windows Server 2008 R2 to upgrade to Windows Server 2012. You cannot upgrade domain controllers
that run Windows Server 2003 or 32-bit versions of Windows Server 2008. To re- place them, install
domain controllers that run a later version of Windows Server in the domain, and then remove the domain
controllers that Windows Server 2003.

Ref: http://technet.microsoft.com/en-us/library/hh994618.aspx#BKMK_UpgradePaths

QUESTION 4
Your network contains an Active Directory forest named contoso.com. The forest contains three domains. All domain controllers run Windows Server 2012 R2.
The forest has a two-way realm trust to a Kerberos realm named adatum.com.
You discover that users in adatum.com can only access resources in the root domain of contoso.- com.
You need to ensure that the adatum.com users can access the resources in all of the domains in the forest.
What should you do in the forest?
A. Delete the realm trust and create a forest trust.
B. Delete the realm trust and create three external trusts.
C. Modify the incoming realm trust.
D. Modify the outgoing realm trust.
Correct Answer: D Explanation

Explanation/Reference:
*
A one-way, outgoing realm trust allows resources in your Windows Server domain (the do- main that you are logged on to at the time that you run the New Trust Wizard) to be accessed by users in the Kerberos realm.

*
You can establish a realm trust between any non-Windows Kerberos version 5 (V5) realm and an Active Directory domain. This trust relationship allows cross-platform interoperability with security services that are based on other versions of the Kerberos V5 protocol, for example, UNIX and MIT implementations. Realm trusts can switch from nontransitive to transitive and back. Realm trusts can also be either one-way or two-way.
Reference: Create a One-Way, Outgoing, Realm Trust
QUESTION 5
Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. The domains contain three domain con- trollers.
The domain controllers are configured as shown in the following table.

You need to ensure that the KDC support for claims, compound authentication, and kerberos ar- moring setting is enforced in the child1.contoso.com domain.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Upgrade DC1 to Windows Server 2012 R2.
B. Upgrade DC11 to Windows Server 2012 R2.
C. Raise the domain functional level of childl.contoso.com.
D. Raise the domain functional level of contoso.com.
E. Raise the forest functional level of contoso.com.
Correct Answer: AE Explanation

Explanation/Reference:
Explanation:
The root domain in the forest must be at Windows Server 2012 level. First upgrade DC1 to this level (A),
then raise the contoso.com domain functional level to Windows Server 2012 (E).

* (A) To support resources that use claims-based access control, the principal’s domains will need to be running one of the following: / All Windows Server 2012 domain controllers / Sufficient Windows Server 2012 domain controllers to handle all the Windows 8 device au- thentication requests / Sufficient Windows Server 2012 domain controllers to handle all the Windows Server 2012 re- source protocol transition requests to support non-Windows 8 devices
Reference: What’s New in Kerberos Authentication http://technet.microsoft.com/en-us/library/hh831747.aspx.
QUESTION 6
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers.
The domain controllers are configured as shown in the following table.

You configure a user named User1 as a delegated administrator of DC10.
You need to ensure that User1 can log on to DC10 if the network link between the Main site and the Branch site fails.
What should you do?
A. Add User1 to the Domain Admins group.
B. On DC10, modify the User Rights Assignment in Local Policies.
C. Run repadmin and specify the /prp parameter.
D. On DC10, run ntdsutil and configure the settings in the Roles context.
Correct Answer: C Explanation

Explanation/Reference:
Explanation:
repadmin /prp will allow the password caching of the local administrator to the RODC. This command lists
and modifies the Password Replication Policy (PRP) for read-only domain controllers (RODCs).

QUESTION 7
Your company has offices in Montreal, New York, and Amsterdam. The network contains an Active Directory forest named contoso.com. An Active Directory site exists for each office. All of the sites connect to each other by using the DEFAULTIPSITELINK site link.
You need to ensure that only between 20:00 and 08:00, the domain controllers in the Montreal office replicate the Active Directory changes to the domain controllers in the Amsterdam office.
The solution must ensure that the domain controllers in the Montreal and the New York offices can replicate the Active Directory changes any time of day.
What should you do?
A. Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam from DE-FAULTIPSITE1INK. Modify the schedule of DEFAULTIPSITE1INK.
B. Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge. Modify the schedule of DEFAU LTIPSITE1INK.
C. Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam from DE-FAULTIPSITELINK. Modify the schedule of the new site link.
D. Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge. Modify the schedule of the new site link.
Correct Answer: C Explanation

Explanation/Reference:
Explanation:
Very Smartly reworded with same 3 offices. In the exam correct answer is “Create a new site link that
contains Newyork to Montreal. Remove Montreal from DEFAULTIPSITE1INK.Mod- ify the schedule of the
new site link”.

Reference: How Active Directory Replication Topology Works http://technet.microsoft.com/en-us/library/
cc755994(v=ws.10).aspx

QUESTION 8
Your network contains two Web servers named Server1 and Server2. Both servers run Windows Server
2012 R2.

Server1 and Server2 are nodes in a Network Load Balancing (NLB) cluster. The NLB cluster contains an
application named App1 that is accessed by using the URL http://app1.contoso.com.
You plan to perform maintenance on Server1.

You need to ensure that all new connections to App1 are directed to Server2. The solution must not
disconnect the existing connections to Server1.
What should you run?

A. The Set-NlbCluster cmdlet
B. The Set-NlbClusterNode cmdlet
C. The Stop-NlbCluster cmdlet
D. The Stop-NlbClusterNode cmdlet
Correct Answer: D Explanation

Explanation/Reference:
The Stop-NlbClusterNode cmdlet stops a node in an NLB cluster. When you use the stop the nodes in the
cluster, client connections that are already in progress are interrupted. To avoid in- terrupting active
connections, consider using the -drain parameter, which allows the node to con- tinue servicing active
connections but disables all new traffic to that node.

-Drain <SwitchParameter>
Drains existing traffic before stopping the cluster node. If this parameter is omitted, existing traf- fic will be
dropped.

QUESTION 9
Your network contains two servers named HV1 and HV2. Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed.
HV1 hosts 25 virtual machines. The virtual machine configuration files and the virtual hard disks are stored in D:\VM.
You shut down all of the virtual machines on HV1.
You copy D:\VM to D:\VM on HV2.
You need to start all of the virtual machines on HV2. You want to achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. Run the Import-VMInitialReplication cmdlet.
B. From HV1, export all virtual machines to D:\VM. Copy D:\VM to D:\VM on HV2 and over- write the existing files. On HV2, run the Import Virtual Machine wizard.
C. From HV1, export all virtual machines to D:\VM. Copy D:\VM to D:\VM on HV2 and over- write the existing files. On HV2, run the New Virtual Machine wizard.
D. Run the Import-VM cmdlet.
Correct Answer: D Explanation

Explanation/Reference:
Explanation:
Import-VM
Imports a virtual machine from a file.
Example
Imports the virtual machine from its configuration file. The virtual machine is registered in- place, so its files
are not copied.

Windows PowerShell
PS C:\> Import-VM Path ‘D:\Test\VirtualMachines\5AE40946-3A98-428E-8C83-081A3C6B- D18C.XML’

Reference: Import-VM

QUESTION 10
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a cluster disk resource.
A developer creates an application named App1. App1 is NOT a cluster-aware application. App1 runs as a service. App1 stores date on the cluster disk resource.
You need to ensure that App1 runs in Cluster1. The solution must minimize development effort.
Which cmdlet should you run?
A. Add-ClusterGenericServiceRole
B. Add-ClusterGenericApplicationRole
C. Add-ClusterScaleOutFileServerRole
D. Add-ClusterServerRole
Correct Answer: B Explanation

Explanation/Reference:
Add-ClusterGenericApplicationRole Configure high availability for an application that was not originally designed to run in a failover cluster. If you run an application as a Generic Application, the cluster software will start the application, then
periodically query the operating system to see whether the application appears to be run- ning. If so, it is
presumed to be online, and will not be restarted or failed over.

EXAMPLE 1 -Command Prompt: C:\PS>

Add-ClusterGenericApplicationRole -CommandLine NewApplication.exe

Name OwnerNode State

cluster1GenApp node2 Online Description
This command configures NewApplication.exe as a generic clustered application. A default name will be used for client access and this application requires no storage.
Ref: Add-ClusterGenericApplicationRole http://technet.microsoft.com/en-us/library/ee460976.aspx
QUESTION 11
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. The system properties of Server1 are shown in the exhibit. (Click the Exhibit button.)

You need to configure Server1 as an enterprise subordinate certification authority (CA). What should you do first?
A. Add RAM to the server.
B. Set the Startup Type of the Certificate Propagation service to Automatic.
C. Install the Certification Authority Web Enrollment role service.
D. Join Server1 to the contoso.com domain.
Correct Answer: D Explanation

Explanation/Reference:
Explanation: Enterprise CAs must be domain members. From the exhibit we see that it is only a
Workgroup member.

Note:
A new CA can be the root CA of a new PKI or subordinate to another in an existing PKI.
Enterprise subordinate certification authority
An enterprise subordinate CA must get a CA certificate from an enterprise root CA but can then issue
certificates to all users and computers in the enterprise. These types of CAs are often used for load
balancing of an enterprise root CA.

Enterprise CAs can be used to issue certificates to support such services as digital signatures, Se- cure
Multipurpose Internet Mail Extensions (S/MIME) secure mail, Secure Sockets Layer (SSL) or Transport
Layer Security (TLS) secured web access and smart card authentication. Enterprise CAsare used to
provide certificate services to internal users who have user accounts in the do- main.

Requiring Active Directory, an Enterprise subordinate CA obtains its certificate from an already existing
CA.

These types of CAs are used to provide smart-card-enabled logons by Windows XP and other Windows
Server 2003 machines.

After a root certification authority (CA) has been installed, many organizations will install one or more
subordinate CAs to implement policy restrictions on the public key infrastructure (PKI) and to issue
certificates to end clients. Using at least one subordinate CA can help protect the root CA from
unnecessary exposure. If a subordinate CA will be used to issue certificates to users or computers with
accounts in an Active Directory domain, installing the subordinate CA as an enterprise CA allows you to
use the client’s existing account data in Active Directory Do- main Services (AD DS) to issue and manage
certificates and to publish certificates to AD DS. Membership in local Administrators, or equivalent, is the
minimum required to complete this procedure. If this will be an enterprise CA, membership in Domain
Admins, or equivalent, is the minimum required to complete this procedure.
QUESTION 12
Your network contains a perimeter network and an internal network. The internal network con- tains an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as the attribute store.
You plan to deploy a federation server proxy to a server named Server2 in the perimeter net- work.
You need to identify which value must be included in the certificate that is deployed to Server2.
What should you identify?
A. The FQDN of the AD FS server
B. The name of the Federation Service
C. The name of the Active Directory domain
D. The public IP address of Server2
Correct Answer: A Explanation

Explanation/Reference:
Explanation:
To add a host (A) record to corporate DNS for a federation server On a DNS server for the corporate
network, open the DNS snap-in.

1.
In the console tree, right-click the applicable forward lookup zone, and then click New Host (A).

2.
In Name, type only the computer name of the federation server or federation server cluster (for example, type fs for the fully qualified domain name (FQDN) fs.adatum.com).

3.
In IP address, type the IP address for the federation server or federation server cluster (for ex- ample, 192.168.1.4).

4.
Click Add Host. Reference: Add a host (A) record to corporate DNS for a federation server http://technet.microsoft.com/en-us/library/cc776786(v=ws.10).aspx
QUESTION 13
Your network contains an Active directory forest named contoso.com. The forest contains two child domains named east.contoso.com and west.contoso.com.
You install an Active Directory Rights Management Services (AD RMS) cluster in each child domain.
You discover that all of the users in the contoso.com forest are directed to the AD RMS cluster in east.contoso.com.
You need to ensure that the users in west.contoso.com are directed to the AD RMS cluster in west.contoso.com and that the users in east.contoso.com are directed to the AD RMS cluster in east.contoso.com.
What should you do?
A. Modify the Service Connection Point (SCP).
B. Configure the Group Policy object (GPO) settings of the users in the west.contoso.com do- main.
C. Configure the Group Policy object (GPO) settings of the users in the east.contoso.com do- main.
D. Modify the properties of the AD RMS cluster in west.contoso.com. Correct Answer: B

Explanation Explanation/Reference:
The west.contoso.com are the ones in trouble that need to be redirected to the west.contoso.com not the east.contoso.com.
Note: It is recommended that you use GPO to deploy AD RMS client settings and that you only deploy settings as needed. Reference: AD RMS Best Practices Guide
QUESTION 14
You have a server named Server1 that runs Windows Server 2012 R2.
From Server Manager, you install the Active Directory Certificate Services server role on Server1.
A domain administrator named Admin1 logs on to Server1.
When Admin1 runs the Certification Authority console, Admin1 receive the following error message.
You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error message does not appear.
What should you do?
A. Install the Active Directory Certificate Services (AD CS) tools.
B. Run the regsvr32.exe command.
C. Modify the PATH system variable.
D. Configure the Active Directory Certificate Services server role from Server Manager. Correct Answer: D

Explanation Explanation/Reference:
The error message is related to missing role configuration.
* Cannot Manage Active Directory Certificate Services
Resolution: configure the two Certification Authority and Certification Authority Web Enroll- ment Roles:
Reference: Cannot manage Active Directory Certificate Services in Server 2012 Error 0x800070002
QUESTION 15
Your network contains an Active Directory domain named contoso.com.
A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS).
After the proof of concept was complete, the Active Directory Rights Management Services server role was removed.
You attempt to deploy AD RMS.
During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS
Service Connection Point (SCP) was found.

You need to remove the existing AD RMS SCP. Which tool should you use?
A. Active Directory Users and Computers
B. Authorization Manager
C. Active Directory Domains and Trusts
D. Active Directory Sites and Services
E: Active Directory Rights Management Services
Correct Answer: D Explanation

Explanation/Reference:
ADRMS will registered the Service Connection Point (SCP) in Active Directory and you will need to unregister first before you remove the ADRMS server role If your ADRMS server is still alive, you can easily manually remove the SCP by below: Reference: How to manually remove or reinstall ADRMS
QUESTION 16
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that has the Active Directory Federation Services server role in- stalled. All servers run Windows Server 2012.d
You complete the Active Directory Federation Services Configuration Wizard on Server1.
You need to ensure that client devices on the internal network can use Workplace Join.
Which two actions should you perform on Server1? (Each correct answer presents part of the so- lution. Choose two.)
A. Run Enable-AdfsDeviceRegistration -PrepareActiveDirectory.
B. Edit the multi-factor authentication global authentication policy settings.
C. Run Enable-AdfsDeviceRegistration.
D. Run Set-AdfsProxyProperties HttpPort 80.
E. Edit the primary authentication global authentication policy settings.
Correct Answer: CE Explanation

Explanation/Reference:
C: To enable Device Registration Service On your federation server, open a Windows PowerShell command window and type: Enable-AdfsDeviceRegistration
Repeat this step on each federation farm node in your AD FS farm..
E: Enable seamless second factor authentication Seamless second factor authentication is an enhancement in AD FS that provides an added level of access protection to corporate resources and applications from external devices that are trying to access them. When a personal device is Workplace Joined, it becomes a `known’ device and administrators can use this information to drive conditional access and gate access to resources. To enable seamless second factor authentication, persistent single sign-on (SSO) and conditional access for Workplace Joined devices In the AD FS Management console, navigate to Authentication Policies. Select Edit Global Pri- mary Authentication. Select the check box next to Enable Device Authentication, and then click OK.
QUESTION 17
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Cer- tificate Services server role installed and is configured as an enterprise certification authority (CA).
You need to ensure that all of the users in the domain are issued a certificate that can be used for the following purposes:
Email security

Client authentication

Encrypting File System (EFS)
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. From a Group Policy, configure the Certificate Services Client Auto-Enrollment settings.
B. From a Group Policy, configure the Certificate Services Client Certificate Enrollment Pol- icy settings.
C. Modify the properties of the User certificate template, and then publish the template.
D. Duplicate the User certificate template, and then publish the template.
E. From a Group Policy, configure the Automatic Certificate Request Settings settings.
Correct Answer: AD Explanation

Explanation/Reference:
Explanation:
The default user template supports all of the requirements EXCEPT auto enroll as shown below:
However a duplicated template from users has the ability to autoenroll: The Automatic Certificate Request Settings GPO setting is only available to Computer, not user.
Reference: Manage Certificate Enrollment Policy by Using Group Policy http://technet.microsoft.com/en-us/library/dd851772.aspx
QUESTION 18
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server3 that runs Windows Server 2012 R2 and has the DHCP Server server role installed. DHCP is configured as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that only Scope1, Scope3, and Scope5 assign the same DNS servers to DHCP clients. The solution must minimize administrative effort.
What should you do?
A. Create a superscope and scope-level policies.
B. Configure the Scope Options.
C. Create a superscope and a filter.
D. Configure the Server Options.
Correct Answer: B Explanation

Explanation/Reference:
Explanation:
Any DHCP scope options can be configured for assignment to DHCP clients, such as DNS server.

Reference: Configuring a DHCP Scope
http://technet.microsoft.com/en-us/library/dd759218.aspx

QUESTION 19
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DNS Server server role in- stalled. Server1 has a zone named contoso.com. The zone is configured as shown in the exhibit. (Click the Exhibit button.)

You need to assign a user named User1 permission to add and delete records from the contoso.- com zone only.
What should you do first?
A. Enable the Advanced view from DNS Manager.
B. Add User1 to the DnsUpdateProxy group.
C. Run the New Delegation Wizard.
D. Configure the zone to be Active Directory-integrated.
Correct Answer: D Explanation

Explanation/Reference:
Secure dynamic updates are only supported or configurable for resource records in zones that are stored in Active Directory Domain Services (AD DS).
Note: To modify security for a resource record
1.
Open DNS Manager.

2.
In the console tree, click the applicable zone.

3.
In the details pane, click the record that you want to view.

4.
On the Action menu, click Properties.

5.
On the Security tab, modify the list of member users or groups that are allowed to securely up- date the applicable record and reset their permissions as needed.
Reference: Modify Security for a Resource Record
QUESTION 20
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
An administrator installs the IP Address Management (IPAM) Server feature on a server named Server2.
The administrator configures IPAM by using Group Policy based provisioning and starts server discovery.
You plan to create Group Policies for IPAM provisioning.
You need to identify which Group Policy object (GPO) name prefix must be used for IPAM Group Policies.
What should you do on Server2?

A. From Server Manager, review the IPAM overview.
B. Run the ipamgc.exe tool.
C. From Task Scheduler, review the IPAM tasks.
D. Run the Get-IpamConfiguration cmdlet. Correct Answer: D

Explanation Explanation/Reference:
Example:

QUESTION 21
Your network contains an Active Directory domain named contoso.com. The domain contains a server
named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.

You need to create an IPv6 scope on Server1. The scope must use an address space that is re- served for
private networks. The addresses must be routable.
Which IPV6 scope prefix should you use?

A. 2001:123:4567:890A::
B. FE80:123:4567::
C. FF00:123:4567:890A::
D. FD00:123:4567::
Correct Answer: D Explanation

Explanation/Reference:
Explanation:
*
A unique local address (ULA) is an IPv6 address in the block fc00::/7, defined in RFC 4193. It is the
approximate IPv6 counterpart of the IPv4 private address. The address block fc00::/7 is divided into two /8
groups:
/ The block fc00::/8 has not been defined yet.
/ The block fd00::/8 is defined for /48 prefixes, formed by setting the 40 least-significant bits of the prefix to
a randomly generated bit string.
*
Prefixes in the fd00::/8 range have similar properties as those of the IPv4 private address ranges:

/ They are not allocated by an address registry and may be used in networks by anyone without outside
involvement.
/ They are not guaranteed to be globally unique.
/ Reverse Domain Name System (DNS) entries (under ip6.arpa) for fd00::/8 ULAs cannot be delegated in
the global DNS.

Reference: RFC 4193

PDF format– Printable version, print Microsoft 70-412 exam dumps out and study anywhere. Software format– Simulation version, test yourself like Microsoft 70-412 exam real test.Credit Guarantee– Passtcert never sell the useless Microsoft 70-412 exam dumps out. You will receive our Microsoft 70-412 exam dumps in time and get CCIE Certified easily.

Valid Microsoft 70-412 Exam Practice Flydumps To Pass Exam Easily Free Download

70-412dumps

Question No : 1 – (Topic 1)
Your company recently deployed a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2.
You need to identify the time-to-live (TTL) value for domain referrals to the NETLOGON and SYSVOL shared folders.
Which tool should you use?
A. Ultrasound
B. Replmon
C. Dfsdiag
D. Frsutil

Answer: C
Explanation: Explanation/Reference: http://blogs.technet.com/b/josebda/archive/2009/07/15/five-ways-to-check-your-dfs-namespaces-dfs-nconfiguration-with-the-dfsdiag-exe-tool.aspx

C:\Users\Chaudhry\Desktop\1.jpg
Question No : 2 HOTSPOT – (Topic 1)
Your network contains an Active Directory forest named contoso.com that contains a single
domain. The forest contains three sites named Site1, Site2, and Site3.
Domain controllers run either Windows Server 2008 R2 or Windows Server 2012 R2.

Each site contains two domain controllers. Site1 and Site2 contain a global catalog server.
You need to create a new site link between Site1 and Site2. The solution must ensure that
the site link supports the replication of all the naming contexts.

From which node should you create the site link?
To answer, select the appropriate node in the answer area.
Answer: Question No : 3 – (Topic 1)
Your network contains two Active Directory forests named contoso.com and adatum.com.
Contoso.com contains one domain. Adatum.com contains a child domain named
child.adatum.com.

Contoso.com has a one-way forest trust to adatum.com. Selective authentication is
enabled on the forest trust.

Several user accounts are migrated from child.adatum.com to adatum.com.
Users report that after the migration, they fail to access resources in contoso.com. The
users successfully accessed the resources in contoso.com before the accounts were
migrated.

You need to ensure that the migrated users can access the resources in contoso.com.

What should you do?

A. Replace the existing forest trust with an external trust.
B. Run netdom and specify the /quarantine attribute.
C. Disable SID filtering on the existing forest trust.
D. Disable selective authentication on the existing forest trust.
Answer: C

Explanation:
A.
B. Enables administrators to manage Active Directory domains and trust relationships from the command prompt, /quarantine Sets or clears the domain quarantine
C. Need to gain access to the resources in contoso.com
D. Selective authentication over a forest trust restricts access to only those users in a trusted forest who have been explicitly given authentication permissions to computer objects (resource computers) that reside in the trusting forest
http://technet.microsoft.com/en-us/library/cc755321(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc758152(v=ws.10).aspx
Question No : 4 HOTSPOT – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012 R2.
You plan to implement a new Active Directory forest. The new forest will be used for testing and will be isolated from the production network.
In the test network, you deploy a server named Server1 that runs Windows Server 2012 R2.
You need to configure Server1 as a new domain controller in a new forest named contoso.test.
The solution must meet the following requirements: . The functional level of the forest and of the domain must be the same as that of contoso.com.
. Server1 must provide name resolution services for contoso.test. What should you do? To answer, configure the appropriate options in the answer area.
Answer:
Question No : 5 – (Topic 1)
Your network contains an Active Directory forest named adatum.com. The forest contains a single domain. The domain contains four servers. The servers are configured as shown in the following table.

You need to update the schema to support a domain controller that will run Windows Server 2012 R2.
On which server should you run adprep.exe?
A. Server1
B. DC3
C. DC2
D. DC1
Answer: B

Explanation:
You can use adprep.exe on domain controllers that run 64-bit versions of Windows Server 2008 or Windows Server 2008 R2 to upgrade to Windows Server 2012. You cannot upgrade domain controllers that run Windows Server 2003 or 32-bit versions of Windows Server 2008. To replace them, install domain controllers that run a later version of Windows Server in the domain, and then remove the domain controllers that Windows Server 2003.
Ref: http://technet.microsoft.com/en-us/library/hh994618.aspx#BKMK_UpgradePaths http://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx
Question No : 6 HOTSPOT – (Topic 1)
Your network contains three Active Directory forests. The forests are configured as shown in the following table.

A two-way forest trust exists between contoso.com and divisionl.contoso.com. A two-way forest trust also exists between contoso.com and division2.contoso.com.
You plan to create a one-way forest trust from divisionl.contoso.com to division2.contoso.com.
You need to ensure that any cross-forest authentication requests are sent to the domain controllers in the appropriate forest after the trust is created.
How should you configure the existing forest trust settings?
In the table below, identify which configuration must be performed in each forest. Make only one selection in each column. Each correct selection is worth one point.

Answer:
Question No : 7 – (Topic 1)
Your network contains an Active Directory forest named contoso.com. The forest contains three domains. All domain controllers run Windows Server 2012 R2.
The forest has a two-way realm trust to a Kerberos realm named adatum.com.
You discover that users in adatum.com can only access resources in the root domain of contoso.com.
You need to ensure that the adatum.com users can access the resources in all of the domains in the forest.
What should you do in the forest?
A. Delete the realm trust and create a forest trust.
B. Delete the realm trust and create three external trusts.
C. Modify the incoming realm trust.
D. Modify the outgoing realm trust.

Answer: D
Question No : 8 – (Topic 1)
Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. The domains contain three domain controllers.
The domain controllers are configured as shown in the following table.

You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring setting is enforced in the child1.contoso.com domain.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Upgrade DC1 to Windows Server 2012 R2.
B. Upgrade DC11 to Windows Server 2012 R2.
C. Raise the domain functional level ofchildl.contoso.com.
D. Raise the domain functional level of contoso.com.
E. Raise the forest functional level of contoso.com.
Answer: B,C

Explanation:
If you want to create access control based on claims and compound authentication, you need to deploy Dynamic Access Control. This requires that you upgrade to Kerberos clients and use the KDC, which support these new authorization types. With Windows Server 2012 R2, you do not have to wait until all the domain controllers and the domain functional level are upgraded to take advantage of new access control options http://technet.microsoft.com/en-us/library/hh831747.aspx.

Question No : 9 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers.
The domain controllers are configured as shown in the following table.

You configure a user named User1 as a delegated administrator of DC10.

You need to ensure that User1 can log on to DC10 if the network link between the Main
site and the Branch site fails.
What should you do?

A. Add User1 to the Domain Admins group.
B. On DC10, modify the User Rights Assignment in Local Policies.
C. Run repadmin and specify the /prp parameter.
D. On DC10, run ntdsutil and configure the settings in the Roles context.
Answer: C

Explanation:
repadmin /prp will allow the password caching of the local administrator to the RODC.

Question No : 10 – (Topic 1)
Your company has offices in Montreal, New York, and Amsterdam.
The network contains an Active Directory forest named contoso.com. An Active Directory site exists for each office. All of the sites connect to each other by using the DEFAULTIPSITE1INK site link.
You need to ensure that only between 20:00 and 08:00, the domain controllers in the Montreal office replicate the Active Directory changes to the domain controllers in the Amsterdam office.
The solution must ensure that the domain controllers in the Montreal and the New York offices can replicate the Active Directory changes any time of day.
What should you do?
A. Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam from DEFAULTIPSITE1INK. Modify the schedule of DEFAULTIPSITE1INK.
B. Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge. Modify the schedule of DEFAU LTIPSITE1INK.
C. Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam from DEFAULTIPSITE1INK. Modify the schedule of the new site link.
D. Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge. Modify the schedule of the new site link.
Answer: C

Explanation:
Very Smartly reworded with same 3 offices. In the exam correct answer is “Create a new site link that contains Newyork to Montreal. Remove Montreal from
DEFAULTIPSITE1INK.Modify the schedule of the new site link”. http://technet.microsoft.com/en-us/library/cc755994(v=ws.10).aspx

70-412 dumps

Read More:  http://www.exampass.net/pass-latest-updated-210-065-exam-answers.html

Free Cisco 352-001 PDF Download