70-412 Exam - Configuring Advanced Windows Server 2012 Services

  1. Home
  2. Microsoft
  3. 70-412 Dumps

certleader.com

Q1. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains two DHCP servers named Server1 and Server2. Both servers have multiple IPv4 scopes. 

Server1 and Server2 are used to assign IP addresses for the network IDs of 172.20.0.0/16 and 131.107.0.0/16. 

You install the IP Address Management (IPAM) Server feature on a server named IPAM1 and configure IPAM1 to manage Server1 and Server2. 

Some users from the 172.20.0.0 network report that they occasionally receive an IP address conflict error message. 

You need to identify whether any scopes in the 172.20.0.0 network ID conflict with one another. 

What Windows PowerShell cmdlet should you run? 

To answer, select the appropriate options in the answer area. 

Answer:  

Q2. Your network contains an Active Directory domain named contoso.com. The domain contains an IP Address Management (IPAM) server that uses a Windows Internal Database. 

You install a Microsoft SQL Server 2012 instance on a new server. 

You need to migrate the IPAM database to the SQL Server instance. 

Which cmdlet should you run? 

A. Disable-IpamCapability 

B. Set-IpamConfiguration 

C. Update-IpamServer 

D. Move-IpamDatabase 

Answer:

Explanation: 

The Move-IpamDatabase cmdlet migrates the IP Address Management (IPAM) database to a Microsoft SQL Server database. You can migrate from Windows Internal Database (WID) or from a SQL Server database. The cmdlet creates a new IPAM schema and copies all data from the existing IPAM database. After the cmdlet completes copying data, it changes IPAM configuration settings to refer to the new database as the IPAM database. 

Reference: Move-IpamDatabase 

Q3. You have a server named Server1 that runs Windows Server 2012 R2. 

From Server Manager, you install the Active Directory Certificate Services server role on Server1. 

A domain administrator named Admin1 logs on to Server1. 

When Admin1 runs the Certification Authority console, Admin1 receive the following error message. 

You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error message does not appear. 

What should you do? 

A. Install the Active Directory Certificate Services (AD CS) tools. 

B. Run the regsvr32.exe command. 

C. Modify the PATH system variable. 

D. Configure the Active Directory Certificate Services server role from Server Manager. 

Answer:

Explanation: 

The error message is related to missing role configuration. 

* Cannot Manage Active Directory Certificate Services Resolution: configure the two Certification Authority and Certification Authority Web Enrollment Roles: 

image 

Reference: Cannot manage Active Directory Certificate Services in Server 2012 Error 0x800070002 

Q4. Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. 

You create a user account named User1 in the domain. 

You need to ensure that User1 can use Windows Server Backup to back up Server1. The solution must minimize the number of administrative rights assigned to User1. 

What should you do? 

A. Add User1 to the Backup Operators group. 

B. Add User1 to the Power Users group. 

C. Assign User1 the Backup files and directories user right and the Restore files and directories user right. 

D. Assign User1 the Backup files and directories user right. 

Answer:

Explanation: 

Backup Operators have these permissions by default: 

However the question explicitly says we need to minimize administrative rights. Since the requirement is for backing up the data only--no requirement to restore or shutdown--then assigning the "Back up files and directories user right" would be the correct answer. 

Reference: Default local groups 

http://technet.microsoft.com/en-us/library/cc787956(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc756898(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc771990.aspx 

Q5. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured to support key archival and recovery. 

You create a new Active Directory group named Group1. 

You need to ensure that the members of Group1 can request a Key Recovery Agent certificate. 

The solution must minimize the permissions assigned to Group1. 

Which two permissions should you assign to Group1? (Each correct answer presents part of the solution. Choose two.) 

A. Read 

B. Auto enroll 

C. Write 

D. Enroll 

E. Full control 

Answer: A,D 

Explanation: 

See step 6 below. To configure the Key Recovery Agent certificate template Open the Certificate Templates snap-in. In the console tree, right-click the Key Recovery Agent certificate template. Click Duplicate Template. In Template, type a new template display name, and then modify any other optional properties as needed. On the Security tab, click Add, type the name of the users you want to issue the key recovery agent certificates to, and then click OK. Under Group or user names, select the user names that you just added. Under Permissions, select the Read and Enroll check boxes, and then click OK. 

Reference: Identify a Key Recovery Agent 

Q6. HOTSPOT 

Your network contains an Active Directory domain named adatum.com. All servers run Windows Server 2012 R2. All domain controllers have the DNS Server server role installed. 

You have a domain controller named DC1. 

On DC1, you create an Active Directory-integrated zone named adatum.com and you sign 

the zone by using DNSSEC. 

You deploy a new read-only domain controller (RODC) named RODC1. You need to ensure that the contoso.com zone replicates to RODC1. What should you configure on DC1? 

To answer, select the appropriate tab in the answer area. 

Answer:  

Q7. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows Server 2012 R2. Both servers have the Hyper-V server role installed. 

The network contains an enterprise certification authority (CA). All servers are enrolled automatically for a certificate-based on the Computer certificate template. 

On Server1, you have a virtual machine named VM1. VM1 is replicated to Server2. 

You need to encrypt the replication of VM1. 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. On Server1, modify the Hyper-V Settings. 

B. On Server2, modify the settings of VM1. 

C. On Server2, modify the Hyper-V Settings. 

D. On Server1, modify the settings of VM1. 

E. On Server1, modify the settings of the virtual switch to which VM1 is connected. 

F. On Server2, modify the settings of the virtual switch to which VM1 is connected. 

Answer: B,C 

Explanation: 

B. Each virtual machine that is to be replicated must be enabled for replication (on the replica server – Server2). 

C. To configure the Replica server (here Server2) In Hyper-V Manager, click Hyper-V Settings in the Actions pane. In the Hyper-V Settings dialog, click Replication Configuration. In the Details pane, select Enable this computer as a Replica server. In the Authentication and ports section, select the authentication method. For either authentication method, specify the port to be used (the default ports are 80 for Kerberos over HTTP and 443 for certificate-based authentication over HTTPS). If you are using certificate-based authentication, click Select Certificate and provide the request certificate information. 

Etc 

Reference: Deploy Hyper-V Replica Step 2: Enable Replication 

Q8. You have a server named LON-DC1 that runs Windows Server 2012 R2. An iSCSI virtual disk named VirtualiSCSI1.vhd exists on LON-DC1 as shown in the exhibit. (Click the Exhibit button.) 

You create a new iSCSI virtual disk named VirtualiSCSI2.vhd by using the existing itgt iSCSI target. 

VirtualiSCSIl.vhd is removed from LON-DC1. 

You need to assign VirtualiSCSI2.vhd a logical unit value of 0. 

What should you do? 

A. Modify the properties of the itgt ISCSI target. 

B. Modify the properties of the VirtualiSCSI2.vhd iSCSI virtual disk. 

C. Run the Set-VirtualDisk cmdlet and specify the -Uniqueld parameter. 

D. Run the iscsicli command and specify the reportluns parameter. 

Answer:

Explanation: 

The virtual disk has the option to change the lun ID, no other option available in the answers appear to allow this change. 

Note: Logical unit numbers (LUNs) created on an iSCSI disk storage subsystem are not directly assigned to a server. For iSCSI, LUNs are assigned to logical entities called targets. 

Q9. Your network contains one Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. All domain computers have certificates that are issued by a certification authority (CA) named Contoso CA. 

A user named User1 performs daily backups of the data on Server1 to a backup vault named Vault1. A user named User2 performs daily backups of the data on Server2 to a vault named Vault2. 

You have the administrative credentials for Server2. 

You need to restore the data from that last backup of Server1 to Server2. 

Which two pieces of information do you require to complete the task? Each correct answer presents part of the solution. 

A. the Microsoft Azure subscription credentials 

B. the Vault2 credentials 

C. the User1 credentials 

D. the Vault1 credentials 

E. the Server1 certificate 

F. the Server2 certificate 

G. the Server1 passphrase 

H. the Server2 passphrase 

Answer: D,G 

Explanation: We need the Vault1 credentials to be able to access the data in Vault1. We need the passphrase of Server1 to access the backup that was made on Server1. 

Reference: Microsoft Azure - Cloud Backup and Recovery 

http://blogs.technet.com/b/rmurphy/archive/2014/12/02/microsoft-azure-backup.aspx 

Q10. Your network contains an Active directory forest named contoso.com. The forest contains two child domains named east.contoso.com and west.contoso.com. 

You install an Active Directory Rights Management Services (AD RMS) cluster in each child domain. 

You discover that all of the users in the contoso.com forest are directed to the AD RMS cluster in east.contoso.com. 

You need to ensure that the users in west.contoso.com are directed to the AD RMS cluster in west.contoso.com and that the users in east.contoso.com are directed to the AD RMS cluster in east.contoso.com. 

What should you do? 

A. Modify the Service Connection Point (SCP). 

B. Configure the Group Policy object (GPO) settings of the users in the west.contoso.com domain. 

C. Configure the Group Policy object (GPO) settings of the users in the east.contoso.com domain. 

D. Modify the properties of the AD RMS cluster in west.contoso.com. 

Answer:

Explanation: 

The west.contoso.com are the ones in trouble that need to be redirected to the west.contoso.com not the east.contoso.com. 

Note: It is recommended that you use GPO to deploy AD RMS client settings and that you only deploy settings as needed. 

Reference: AD RMS Best Practices Guide 

© All pages Copyright to by dumpslabs.com. All rights reserved. thedumpscentre.com