2017 August Microsoft Official New Released 70-412 Q&As in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
Lead2pass 70-412 braindumps including the exam questions and the answer, completed by our senior IT lecturers and the Microsoft product experts, include the current newest 70-412 exam questions.
Following questions and answers are all new published by Microsoft Official Exam Center: https://www.lead2pass.com/70-412.html
QUESTION 1
Your network contains an Active Directory domain named adatum.com.
The domain contains two domain controllers that run Windows Server 2012 R2.
The domain controllers are configured as shown in the following table.
You log on to DC1 by using a user account that is a member of the Domain Admins group, and then you create a new user account named User1.
You need to prepopulate the password for User1 on DC2.
What should you do first?
A. Connect to DC2 from Active Directory Users and Computers.
B. Add DC2 to the Allowed RODC Password Replication Policy group.
C. Add the User1 account to the Allowed RODC Password Replication Policy group.
D. Run Active Directory Users and Computers as a member of the Enterprise Admins group.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc730883(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc753470(v=ws.10).aspx#BKMK_pre
QUESTION 2
Your company has offices in Montreal, New York, and Amsterdam.
The network contains an Active Directory forest named contoso.com.
An Active Directory site exists for each office.
All of the sites connect to each other by using the DEFAULTIPSITELINK site link.
You need to ensure that only between 20:00 and 08:00, the domain controllers in the Montreal office replicate the Active Directory changes to the domain controllers in the Amsterdam office. The solution must ensure that the domain controllers in the Montreal and the New York offices can replicate the Active Directory changes any time of day.
What should you do?
A. Create a new site link that contains Montreal and Amsterdam.
Remove Amsterdam from DEFAULTIPSITELINK.
Modify the schedule of DEFAULTIPSITELINK.
B. Create a new site link that contains Montreal and Amsterdam.
Create a new site link bridge.
Modify the schedule of DEFAU LTIPSITELINK.
C. Create a new site link that contains Montreal and Amsterdam.
Remove Amsterdam from DEFAULTIPSITELINK.
Modify the schedule of the new site link.
D. Create a new site link that contains Montreal and Amsterdam.
Create a new site link bridge.
Modify the schedule of the new site link.
Answer: C
Explanation:
Very Smartly reworded with same 3 offices.
In the exam correct answer is “Create a new site link that contains Newyork to Montreal.
Remove Montreal from DEFAULTIPSITELINK.Modify the schedule of the new site link”.
http://technet.microsoft.com/en-us/library/cc755994(v=ws.10).aspx
QUESTION 3
Your network contains two Active Directory forests named contoso.com and adatum.com.
A two- way forest trust exists between the forests.
The contoso.com forest contains an enterprise certification authority (CA) named Server1.
You implement cross-forest certificate enrollment between the contoso.com forest and the adatum.com forest. On Server1, you create a new certificate template named Template1.
You need to ensure that users in the adatum.com forest can request certificates that are based on Template1.
Which tool should you use?
A. DumpADO.ps1
B. Repadmin
C. Add-CATemplate
D. Certutil
E. PKISync.ps1
Answer: E
Explanation:
B. Repadmin.exe helps administrators diagnose Active Directory replication problems between
domain controllers running Microsoft Windows operating systems.
C. Adds a certificate template to the CA.
D.Use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.
E. PKISync.ps1 copies objects in the source forest to the target forest
http://technet.microsoft.com/en-us/library/ff955845(v=ws.10).aspx#BKMK_Consolidating
http://technet.microsoft.com/en-us/library/cc770963(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/hh848372.aspx
http://technet.microsoft.com/library/cc732443.aspx
http://technet.microsoft.com/en-us/library/ff961506(v=ws.10).aspx
QUESTION 4
You have a server named Server1 that runs Windows Server 2012 R2.
Server1 has the Windows Deployment Services server role installed.
You back up Server1 each day by using Windows Server Backup.
The disk array on Server1 fails.
You replace the disk array.
You need to restore Server1 as quickly as possible.
What should you do?
A. Start Server1 from the Windows Server 2012 R2 installation media.
B. Start Server1and press F8.
C. Start Server1 and press Shift+F8.
D. Start Server1 by using the PXE.
Answer: A
Explanation:
A. Recovery of the OS uses the Windows Setup Disc
http://technet.microsoft.com/en-us/library/cc753920.aspx
http://www.windowsnetworking.com/articles_tutorials/Restoring-Windows-Server-BareMetal.html
QUESTION 5
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Both servers have the Hyper-V server role installed. Server1 and Server2 are located in different offices. The offices connect to each other by using a high-latency WAN link.
Server2 hosts a virtual machine named VM1.
You need to ensure that you can start VM1 on Server1 if Server2 fails.
The solution must minimize hardware costs.
What should you do?
A. On Server1, install the Multipath I/O (MPIO) feature.
Modify the storage location of the VHDs for VM1.
B. From the Hyper-V Settings of Server2, modify the Replication Configuration settings.
Enable replication for VM1.
C. On Server2, install the Multipath I/O (MPIO) feature.
Modify the storage location of the VHDs for VM1.
D. From the Hyper-V Settings of Server1, modify the Replication Configuration settings.
Enable replication for VM1.
Answer: D
Explanation:
You first have to enable replication on the Replica server–Server1–by going to the server and modifying the “Replication Configuration” settings under Hyper-V settings.
You then go to VM1– which presides on Server2– and run the “Enable Replication” wizard on VM1.
QUESTION 6
Your network contains an Active Directory domain named contoso.com.
You deploy a server named Server1 that runs Windows Server 2012 R2.
A local administrator installs the Active Directory Rights Management Services server role on
Server1.
You need to ensure that AD RMS clients can discover the AD RMS cluster automatically.
What should you do?
A. Run the Active Directory Rights Management Services console by using an account that is a member
of the Schema Admins group, and then configure the proxy settings.
B. Run the Active Directory Rights Management Services console by using an account that is a member
of the Schema Admins group, and then register the Service Connection Point (SCP).
C. Run the Active Directory Rights Management Services console by using an account that is a member
of the Enterprise Admins group, and then register the Service Connection Point (SCP).
D. Run the Active Directory Rights Management Services console by using an account that is a member
of the Enterprise Admins group, and then configure the proxy settings.
Answer: C
Explanation:
* The Active Directory Rights Management Services (AD RMS) Service Connection Point (SCP) is an object in Active Directory that holds the web address of the AD RMS certification cluster. AD RMS-enabled applications use the SCP to discover the AD RMS service; it is the first connection point for users to discover the AD RMS web services.
* To register the SCP you must be a member of the local AD RMS Enterprise Administrators group and the Active Directory Domain Services (AD DS) Enterprise Admins group, or you must have been given the appropriate authority.
QUESTION 7
Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server1, Server2, and Server3 that run Windows Server 2012 R2. All three servers have the Hyper-V server role installed and the Failover Clustering feature installed. Server1 and Server2 are nodes in a failover cluster named Cluster1.
Several highly available virtual machines run on Cluster1.
Cluster1 has the Hyper-V Replica Broker role installed.
The Hyper-V Replica Broker currently runs on Server1.
Server3 currently has no virtual machines.
You need to configure Cluster1 to be a replica server for Server3 and Server3 to be a replica server for Cluster1.
Which two tools should you use? (Each correct answer presents part of the solution. Choose two.)
A. The Hyper-V Manager console connected to Server3
B. The Failover Cluster Manager console connected to Server3
C. The Hyper-V Manager console connected to Server1.
D. The Failover Cluster Manager console connected to Cluster1
E. The Hyper-V Manager console connected to Server2
Answer: AD
Explanation:
http://technet.microsoft.com/en-us/library/jj134240.aspx
QUESTION 8
You have a file server named Server1 that runs Windows Server 2012 R2.
The folders on Server1 are configured as shown in the following table.
A new corporate policy states that backups must use Microsoft Online Backup whenever possible.
You need to identify which technology you must use to back up Server1.
The solution must use Microsoft Online Backup whenever.
What should you identify? To answer, drag the appropriate backup type to the correct location or locations. Each backup type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Explanation:
http://technet.microsoft.com/en-us/library/hh831761.aspx
QUESTION 9
You have a DNS server named Server1 that runs Windows Server 2012 R2.
Server1 has a signed zone for contoso.com.
You need to configure DNS clients to perform DNSSEC validation for the contoso.com DNS domain.
What should you configure?
A. The Network Connection settings
B. A Name Resolution Policy
C. The Network Location settings
D. The DNS Client settings
Answer: B
Explanation:
B. In a DNSSEC deployment, validation of DNS queries by client computers is enabled through
configuration of IPSEC & NRPT
http://technet.microsoft.com/en-us/library/ee649182(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/ee649136(v=ws.10).aspx
QUESTION 10
Your network contains an Active Directory domain named contoso.com.
The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.
On DC1, you open DNS Manager as shown in the exhibit. (Click the Exhibit button.)
You need to change the replication scope of the contoso.com zone.
What should you do before you change the replication scope?
A. Modify the Zone Transfers settings.
B. Add DC1 to the Name Servers list.
C. Add your user account to the Security settings of the zone.
D. Unsign the zone.
Answer: D
Explanation:
Lock icon signifies that the Zone has been signed. Changes to the zone are blocked when signed
http://www.microsoft.com/en-us/download/dlx/ThankYou.aspx?id=29018
QUESTION 11
Your network contains an Active Directory domain named contoso.com.
The domain contains a domain controller named DC1 and a member server named Server1.
Server1 has the IP Address Management (IPAM) Server feature installed.
On Dc1, you configure Windows Firewall to allow all of the necessary inbound ports for IPAM.
On Server1, you open Server Manager as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can use IPAM on Server1 to manage DNS on DC1.
What should you do?
A. Modify the outbound firewall rules on Server1.
B. Modify the inbound firewall rules on Server1.
C. Add Server1 to the Remote Management Users group.
D. Add Server1 to the Event Log Readers group.
Answer: D
Explanation:
Since no exhibit, the guess here is it’s not using the GPO to manage the Event Log Readers group– evidenced by the fact that the firewall was configured manually instead of with the GPO.
If the GPO was being used then the IPAM server would be in the Event Log Readers group due to restricted group settings in the GPO as shown below:
In the above example, the IPAM server is as member of the VDI\IPAMUG group.
http://technet.microsoft.com/en-us/library/jj878313.aspx
QUESTION 12
Your network contains an Active Directory domain named contoso.com.
The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2.
Server1 has the IP Address Management (IPAM) Server feature installed.
You install the IPAM client on Server2.
You open Server Manager on Server2 as shown in the exhibit. (Click the Exhibit button.)
You need to manage IPAM from Server2.
What should you do first?
A. On Server1, add the Server2 computer account to the IPAM MSM Administrators group.
B. On Server2, open Computer Management and connect to Server1.
C. On Server2, add Server1 to Server Manager.
D. On Server1, add the Server2 computer account to the IPAM ASM Administrators group.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/hh831453.aspx
QUESTION 13
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named Dc1. DC1 has the DNS Server server role installed.
The network has two sites named Site1 and Site2. Site1 uses 10.10.0.0/16 IP addresses and Site2 uses 10.11.0.0/16 IP addresses. All computers use DC1 as their DNS server.
The domain contains four servers named Server1, Server2, Server3, and Server4.
All of the servers run a service named Service1.
DNS host records are configured as shown in the exhibit. (Click the Exhibit button.)
You discover that computers from the 10.10.1.0/24 network always resolve Service1 to the [P address of Server1.
You need to configure DNS on DC1 to distribute computers in Site1 between Server1 and Server2 when the computers attempt to resolve Service1.
What should run on DC1?
A. dnscmd /config /bindsecondaries 1
B. dnscmd /config /localnetpriority 0
C. dnscmd /config /localnetprioritynetmask 0x0000ffff
D. dnscmd /config /roundrobin 0
Answer: C
Explanation:
A. Specifies use of fast transfer format used by legacy Berkeley Internet Name Domain (BIND) servers. 1 enables
B. Disables netmask ordering.
C. You can use the Dnscmd /Config /LocalNetPriorityNetMask 0x0000FFFF command to use class B ( or 16 bit) for netmask ordering for DNS round robin
D. Disables round robin rotation.
http://technet.microsoft.com/en-us/library/cc737355(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc738473(v=ws.10).aspx
http://support.microsoft.com/kb/842197
http://technet.microsoft.com/en-us/library/cc779169(v=ws.10).aspx
QUESTION 14
Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2.
Both servers have the DHCP Server server role installed.
Server1 is located in the main office site. Server2 is located in the branch office site.
Server1 provides IPv4 addresses to the client computers in the main office site.
Server2 provides IPv4 addresses to the client computers in the branch office site.
You need to ensure that if either Server1 or Server2 are offline, the client computers can still obtain IPv4 addresses.
The solution must meet the following requirements:
– The storage location of the DHCP databases must not be a single point of failure.
– Server1 must provide IPv4 addresses to the client computers in the branch office site only if Server2 is offline.
– Server2 must provide IPv4 addresses to the client computers in the main office site only if Server1 is offline.
Which configuration should you use?
A. load sharing mode failover partners
B. a failover cluster
C. hot standby mode failover partners
D. a Network Load Balancing (NLB) cluster
Answer: C
Explanation:
A. The load sharing mode of operation is best suited to deployments where both servers in a failover relationship are located at the same physical site.
B. Hot standby mode of operation is best suited to deployments where a central office or data center server acts as a standby backup server to a server at a remote site, which is local to the DHCP clients
C. Needs to be a DHCP Failover option
D. Needs to be a DHCP Failover option
http://technet.microsoft.com/en-us/library/hh831385.aspx
http://blogs.technet.com/b/teamdhcp/archive/2012/09/03/dhcp-failover-hot-standbymode.aspx
QUESTION 15
You have a DHCP server named Server1. Server1 has an IP address 192.168.1.2 is located on a subnet that has a network ID of 192.168.1.0/24.
On Server1, you create the scopes shown in the following table.
You need to ensure that Server1 can assign IP addresses from both scopes to the DHCP clients on the local subnet.
What should you create on Server1?
A. A scope
B. A superscope
C. A split-scope
D. A multicast scope
Answer: B
Explanation:
A. A scope is an administrative grouping of IP addresses for computers on a subnet that use the Dynamic Host Configuration Protocol (DHCP) service. The administrator first creates a scope for each physical subnet and then uses the scope to define the parameters used by clients.
B. A superscope is an administrative feature of Dynamic Host Configuration Protocol (DHCP) servers running Windows Server 2008 that you can create and manage by using the DHCP Microsoft Management Console (MMC) snap-in.
By using a superscope, you can group multiple scopes as a single administrative entity.
D. Multicasting is the sending of network traffic to a group of endpointsdestination hosts. Only those members in the group of endpoints hosts that are listening for the multicast traffic (the multicast group) process the multicast traffic
http://technet.microsoft.com/en-us/library/dd759168.aspx
http://technet.microsoft.com/en-us/library/dd759152.aspx
QUESTION 16
Your network contains servers that run Windows Server 2012 R2.
The network contains a large number of iSCSI storage locations and iSCSI clients.
You need to deploy a central repository that can discover and list iSCSI resources on the network automatically.
Which feature should you deploy?
A. the Windows Standards-Based Storage Management feature
B. the iSCSI Target Server role service
C. the iSCSI Target Storage Provider feature
D. the iSNS Server service feature
Answer: D
Explanation:
A. Windows Server 2012 R2 enables storage management that is comprehensive and fully scriptable, and administrators can manage it remotely. A WMI-based interface provides a single mechanism through which to manage all storage, including non-Microsoft intelligent storage subsystems and virtualized local storage (known as Storage Spaces). Additionally, management applications can use a single Windows API to manage different storage types by using standards-based protocols such as Storage Management Initiative Specification (SMI-S).
B. Targets are created in order to manage the connections between an iSCSI device and the servers that need to access it. A target defines the portals (IP addresses) that can be used to connect to the iSCSI device, as well as the security settings (if any) that the iSCSI device requires in order to authenticate the servers that are requesting access to its resources.
C. iSCSI Target Storage Provider enables applications on a server that is connected to an iSCSI target to perform volume shadow copies of data on iSCSI virtual disks. It also enables you to manage iSCSI virtual disks by using older applications that require a Virtual Disk Service (VDS) hardware provider, such as the Diskraid command.
D. The Internet Storage Name Service (iSNS) protocol is used for interaction between iSNS servers and iSNS clients. iSNS clients are computers, also known as initiators, that are attempting to discover storage devices, also known as targets, on an Ethernet network.
http://technet.microsoft.com/en-us/library/cc726015.aspx
http://technet.microsoft.com/en-us/library/cc772568.aspx
QUESTION 17
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2. All domain user accounts have the Division attribute automatically populated as part of the user provisioning process.
The Support for Dynamic Access Control and Kerberos armoring policy is enabled for the domain.
You need to control access to the file shares on Server1 based on the values in the Division attribute and the Division resource property.
Which three actions should you perform in sequence?
Answer:
Explanation:
First create a claim type for the property, then create a reference resource property that points back to the claim. Finally set the classification value on the folder
QUESTION 18
Your network contains two Active Directory forests named contoso.com and fabrikam.com.
The contoso.com forest contains two domains named corp.contoso.com and contoso.com.
You establish a two-way forest trust between contoso.com and fabrikam.com. Users from the corp.contoso.com domain report that they cannot log on to client computers in the fabrikam.com domain by using their corp.contoso.com user account.
When they try to log on, they receive following error message:
“The computer you are signing into is protected by an authentication firewall. The specified account is not allowed to authenticate to the computer.”
Corp.contoso.com users can log on successfully to client computers in the contoso.com domain by using their corp.contoso.com user account credentials.
You need to allow users from the corp.contoso.com domain to log on to the client computers in the fabrikam.com forest.
What should you do?
A. Configure Windows Firewall with Advanced Security.
B. Enable SID history.
C. Configure forest-wide authentication.
D. Instruct the users to log on by using a user principal name (UPN).
Answer: C
Explanation:
The forest-wide authentication setting permits unrestricted access by any users in the trusted forest to all available shared resources in any of the domains in the trusting forest.
http://technet.microsoft.com/en-us/library/cc785875(v=ws.10).aspx
QUESTION 19
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Both servers have the Hyper-V server role installed.
The servers have the hardware configurations shown in the following table.
Server1 hosts five virtual machines that run Windows Server 2012 R2.
You need to move the virtual machines from Server1 to Server2.
The solution must minimize downtime.
What should you do for each virtual machine?
A. Export the virtual machines from Server1 and import the virtual machines to Server2.
B. Perform a live migration.
C. Perform a quick migration.
D. Perform a storage migration.
Answer: A
Explanation:
None of these migration options will work between different Processors ( AMD/Intel).
The only option remaining is to export and re-import the VMs
QUESTION 20
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the Hyper-V server role installed.
You plan to replicate virtual machines between Server1 and Server2.
The replication will be encrypted by using Secure Sockets Layer (SSL).
You need to request a certificate on Server1 to ensure that the virtual machine replication is encrypted.
Which two intended purposes should the certificate for Server1 contain? (Each correct answer presents part of the solution. Choose two.)
A. Client Authentication
B. Kernel Mode Code Signing
C. Server Authentication
D. IP Security end system
E. KDC Authentication
Answer: AC
Explanation:
http://blogs.technet.com/b/virtualization/archive/2012/03/13/hyper-v-replica-certificate-requirements.aspx
If you use Lead2pass braindump as your 70-412 exam prepare material, we guarantee your success in the first attempt. Lead2pass 70-412 dump provides you everything you will need to take your 70-412 Exam.
70-412 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDa2trSWtTV0Rkbm8
2017 Microsoft 70-412 exam dumps (All 391 Q&As) from Lead2pass:
https://www.lead2pass.com/70-412.html [100% Exam Pass Guaranteed]
2017 August Microsoft Official New Released 70-412 Q&As in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
Lead2pass 70-412 braindumps including the exam questions and the answer, completed by our senior IT lecturers and the Microsoft product experts, include the current newest 70-412 exam questions.
Following questions and answers are all new published by Microsoft Official Exam Center: https://www.lead2pass.com/70-412.html
QUESTION 1
Your network contains an Active Directory domain named adatum.com.
The domain contains two domain controllers that run Windows Server 2012 R2.
The domain controllers are configured as shown in the following table.
You log on to DC1 by using a user account that is a member of the Domain Admins group, and then you create a new user account named User1.
You need to prepopulate the password for User1 on DC2.
What should you do first?
A. Connect to DC2 from Active Directory Users and Computers.
B. Add DC2 to the Allowed RODC Password Replication Policy group.
C. Add the User1 account to the Allowed RODC Password Replication Policy group.
D. Run Active Directory Users and Computers as a member of the Enterprise Admins group.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc730883(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc753470(v=ws.10).aspx#BKMK_pre
QUESTION 2
Your company has offices in Montreal, New York, and Amsterdam.
The network contains an Active Directory forest named contoso.com.
An Active Directory site exists for each office.
All of the sites connect to each other by using the DEFAULTIPSITELINK site link.
You need to ensure that only between 20:00 and 08:00, the domain controllers in the Montreal office replicate the Active Directory changes to the domain controllers in the Amsterdam office. The solution must ensure that the domain controllers in the Montreal and the New York offices can replicate the Active Directory changes any time of day.
What should you do?
A. Create a new site link that contains Montreal and Amsterdam.
Remove Amsterdam from DEFAULTIPSITELINK.
Modify the schedule of DEFAULTIPSITELINK.
B. Create a new site link that contains Montreal and Amsterdam.
Create a new site link bridge.
Modify the schedule of DEFAU LTIPSITELINK.
C. Create a new site link that contains Montreal and Amsterdam.
Remove Amsterdam from DEFAULTIPSITELINK.
Modify the schedule of the new site link.
D. Create a new site link that contains Montreal and Amsterdam.
Create a new site link bridge.
Modify the schedule of the new site link.
Answer: C
Explanation:
Very Smartly reworded with same 3 offices.
In the exam correct answer is “Create a new site link that contains Newyork to Montreal.
Remove Montreal from DEFAULTIPSITELINK.Modify the schedule of the new site link”.
http://technet.microsoft.com/en-us/library/cc755994(v=ws.10).aspx
QUESTION 3
Your network contains two Active Directory forests named contoso.com and adatum.com.
A two- way forest trust exists between the forests.
The contoso.com forest contains an enterprise certification authority (CA) named Server1.
You implement cross-forest certificate enrollment between the contoso.com forest and the adatum.com forest. On Server1, you create a new certificate template named Template1.
You need to ensure that users in the adatum.com forest can request certificates that are based on Template1.
Which tool should you use?
A. DumpADO.ps1
B. Repadmin
C. Add-CATemplate
D. Certutil
E. PKISync.ps1
Answer: E
Explanation:
B. Repadmin.exe helps administrators diagnose Active Directory replication problems between
domain controllers running Microsoft Windows operating systems.
C. Adds a certificate template to the CA.
D.Use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.
E. PKISync.ps1 copies objects in the source forest to the target forest
http://technet.microsoft.com/en-us/library/ff955845(v=ws.10).aspx#BKMK_Consolidating
http://technet.microsoft.com/en-us/library/cc770963(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/hh848372.aspx
http://technet.microsoft.com/library/cc732443.aspx
http://technet.microsoft.com/en-us/library/ff961506(v=ws.10).aspx
QUESTION 4
You have a server named Server1 that runs Windows Server 2012 R2.
Server1 has the Windows Deployment Services server role installed.
You back up Server1 each day by using Windows Server Backup.
The disk array on Server1 fails.
You replace the disk array.
You need to restore Server1 as quickly as possible.
What should you do?
A. Start Server1 from the Windows Server 2012 R2 installation media.
B. Start Server1and press F8.
C. Start Server1 and press Shift+F8.
D. Start Server1 by using the PXE.
Answer: A
Explanation:
A. Recovery of the OS uses the Windows Setup Disc
http://technet.microsoft.com/en-us/library/cc753920.aspx
http://www.windowsnetworking.com/articles_tutorials/Restoring-Windows-Server-BareMetal.html
QUESTION 5
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Both servers have the Hyper-V server role installed. Server1 and Server2 are located in different offices. The offices connect to each other by using a high-latency WAN link.
Server2 hosts a virtual machine named VM1.
You need to ensure that you can start VM1 on Server1 if Server2 fails.
The solution must minimize hardware costs.
What should you do?
A. On Server1, install the Multipath I/O (MPIO) feature.
Modify the storage location of the VHDs for VM1.
B. From the Hyper-V Settings of Server2, modify the Replication Configuration settings.
Enable replication for VM1.
C. On Server2, install the Multipath I/O (MPIO) feature.
Modify the storage location of the VHDs for VM1.
D. From the Hyper-V Settings of Server1, modify the Replication Configuration settings.
Enable replication for VM1.
Answer: D
Explanation:
You first have to enable replication on the Replica server–Server1–by going to the server and modifying the “Replication Configuration” settings under Hyper-V settings.
You then go to VM1– which presides on Server2– and run the “Enable Replication” wizard on VM1.
QUESTION 6
Your network contains an Active Directory domain named contoso.com.
You deploy a server named Server1 that runs Windows Server 2012 R2.
A local administrator installs the Active Directory Rights Management Services server role on
Server1.
You need to ensure that AD RMS clients can discover the AD RMS cluster automatically.
What should you do?
A. Run the Active Directory Rights Management Services console by using an account that is a member
of the Schema Admins group, and then configure the proxy settings.
B. Run the Active Directory Rights Management Services console by using an account that is a member
of the Schema Admins group, and then register the Service Connection Point (SCP).
C. Run the Active Directory Rights Management Services console by using an account that is a member
of the Enterprise Admins group, and then register the Service Connection Point (SCP).
D. Run the Active Directory Rights Management Services console by using an account that is a member
of the Enterprise Admins group, and then configure the proxy settings.
Answer: C
Explanation:
* The Active Directory Rights Management Services (AD RMS) Service Connection Point (SCP) is an object in Active Directory that holds the web address of the AD RMS certification cluster. AD RMS-enabled applications use the SCP to discover the AD RMS service; it is the first connection point for users to discover the AD RMS web services.
* To register the SCP you must be a member of the local AD RMS Enterprise Administrators group and the Active Directory Domain Services (AD DS) Enterprise Admins group, or you must have been given the appropriate authority.
QUESTION 7
Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server1, Server2, and Server3 that run Windows Server 2012 R2. All three servers have the Hyper-V server role installed and the Failover Clustering feature installed. Server1 and Server2 are nodes in a failover cluster named Cluster1.
Several highly available virtual machines run on Cluster1.
Cluster1 has the Hyper-V Replica Broker role installed.
The Hyper-V Replica Broker currently runs on Server1.
Server3 currently has no virtual machines.
You need to configure Cluster1 to be a replica server for Server3 and Server3 to be a replica server for Cluster1.
Which two tools should you use? (Each correct answer presents part of the solution. Choose two.)
A. The Hyper-V Manager console connected to Server3
B. The Failover Cluster Manager console connected to Server3
C. The Hyper-V Manager console connected to Server1.
D. The Failover Cluster Manager console connected to Cluster1
E. The Hyper-V Manager console connected to Server2
Answer: AD
Explanation:
http://technet.microsoft.com/en-us/library/jj134240.aspx
QUESTION 8
You have a file server named Server1 that runs Windows Server 2012 R2.
The folders on Server1 are configured as shown in the following table.
A new corporate policy states that backups must use Microsoft Online Backup whenever possible.
You need to identify which technology you must use to back up Server1.
The solution must use Microsoft Online Backup whenever.
What should you identify? To answer, drag the appropriate backup type to the correct location or locations. Each backup type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Explanation:
http://technet.microsoft.com/en-us/library/hh831761.aspx
QUESTION 9
You have a DNS server named Server1 that runs Windows Server 2012 R2.
Server1 has a signed zone for contoso.com.
You need to configure DNS clients to perform DNSSEC validation for the contoso.com DNS domain.
What should you configure?
A. The Network Connection settings
B. A Name Resolution Policy
C. The Network Location settings
D. The DNS Client settings
Answer: B
Explanation:
B. In a DNSSEC deployment, validation of DNS queries by client computers is enabled through
configuration of IPSEC & NRPT
http://technet.microsoft.com/en-us/library/ee649182(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/ee649136(v=ws.10).aspx
QUESTION 10
Your network contains an Active Directory domain named contoso.com.
The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.
On DC1, you open DNS Manager as shown in the exhibit. (Click the Exhibit button.)
You need to change the replication scope of the contoso.com zone.
What should you do before you change the replication scope?
A. Modify the Zone Transfers settings.
B. Add DC1 to the Name Servers list.
C. Add your user account to the Security settings of the zone.
D. Unsign the zone.
Answer: D
Explanation:
Lock icon signifies that the Zone has been signed. Changes to the zone are blocked when signed
http://www.microsoft.com/en-us/download/dlx/ThankYou.aspx?id=29018
QUESTION 11
Your network contains an Active Directory domain named contoso.com.
The domain contains a domain controller named DC1 and a member server named Server1.
Server1 has the IP Address Management (IPAM) Server feature installed.
On Dc1, you configure Windows Firewall to allow all of the necessary inbound ports for IPAM.
On Server1, you open Server Manager as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can use IPAM on Server1 to manage DNS on DC1.
What should you do?
A. Modify the outbound firewall rules on Server1.
B. Modify the inbound firewall rules on Server1.
C. Add Server1 to the Remote Management Users group.
D. Add Server1 to the Event Log Readers group.
Answer: D
Explanation:
Since no exhibit, the guess here is it’s not using the GPO to manage the Event Log Readers group– evidenced by the fact that the firewall was configured manually instead of with the GPO.
If the GPO was being used then the IPAM server would be in the Event Log Readers group due to restricted group settings in the GPO as shown below:
In the above example, the IPAM server is as member of the VDI\IPAMUG group.
http://technet.microsoft.com/en-us/library/jj878313.aspx
QUESTION 12
Your network contains an Active Directory domain named contoso.com.
The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2.
Server1 has the IP Address Management (IPAM) Server feature installed.
You install the IPAM client on Server2.
You open Server Manager on Server2 as shown in the exhibit. (Click the Exhibit button.)
You need to manage IPAM from Server2.
What should you do first?
A. On Server1, add the Server2 computer account to the IPAM MSM Administrators group.
B. On Server2, open Computer Management and connect to Server1.
C. On Server2, add Server1 to Server Manager.
D. On Server1, add the Server2 computer account to the IPAM ASM Administrators group.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/hh831453.aspx
QUESTION 13
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named Dc1. DC1 has the DNS Server server role installed.
The network has two sites named Site1 and Site2. Site1 uses 10.10.0.0/16 IP addresses and Site2 uses 10.11.0.0/16 IP addresses. All computers use DC1 as their DNS server.
The domain contains four servers named Server1, Server2, Server3, and Server4.
All of the servers run a service named Service1.
DNS host records are configured as shown in the exhibit. (Click the Exhibit button.)
You discover that computers from the 10.10.1.0/24 network always resolve Service1 to the [P address of Server1.
You need to configure DNS on DC1 to distribute computers in Site1 between Server1 and Server2 when the computers attempt to resolve Service1.
What should run on DC1?
A. dnscmd /config /bindsecondaries 1
B. dnscmd /config /localnetpriority 0
C. dnscmd /config /localnetprioritynetmask 0x0000ffff
D. dnscmd /config /roundrobin 0
Answer: C
Explanation:
A. Specifies use of fast transfer format used by legacy Berkeley Internet Name Domain (BIND) servers. 1 enables
B. Disables netmask ordering.
C. You can use the Dnscmd /Config /LocalNetPriorityNetMask 0x0000FFFF command to use class B ( or 16 bit) for netmask ordering for DNS round robin
D. Disables round robin rotation.
http://technet.microsoft.com/en-us/library/cc737355(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc738473(v=ws.10).aspx
http://support.microsoft.com/kb/842197
http://technet.microsoft.com/en-us/library/cc779169(v=ws.10).aspx
QUESTION 14
Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2.
Both servers have the DHCP Server server role installed.
Server1 is located in the main office site. Server2 is located in the branch office site.
Server1 provides IPv4 addresses to the client computers in the main office site.
Server2 provides IPv4 addresses to the client computers in the branch office site.
You need to ensure that if either Server1 or Server2 are offline, the client computers can still obtain IPv4 addresses.
The solution must meet the following requirements:
– The storage location of the DHCP databases must not be a single point of failure.
– Server1 must provide IPv4 addresses to the client computers in the branch office site only if Server2 is offline.
– Server2 must provide IPv4 addresses to the client computers in the main office site only if Server1 is offline.
Which configuration should you use?
A. load sharing mode failover partners
B. a failover cluster
C. hot standby mode failover partners
D. a Network Load Balancing (NLB) cluster
Answer: C
Explanation:
A. The load sharing mode of operation is best suited to deployments where both servers in a failover relationship are located at the same physical site.
B. Hot standby mode of operation is best suited to deployments where a central office or data center server acts as a standby backup server to a server at a remote site, which is local to the DHCP clients
C. Needs to be a DHCP Failover option
D. Needs to be a DHCP Failover option
http://technet.microsoft.com/en-us/library/hh831385.aspx
http://blogs.technet.com/b/teamdhcp/archive/2012/09/03/dhcp-failover-hot-standbymode.aspx
QUESTION 15
You have a DHCP server named Server1. Server1 has an IP address 192.168.1.2 is located on a subnet that has a network ID of 192.168.1.0/24.
On Server1, you create the scopes shown in the following table.
You need to ensure that Server1 can assign IP addresses from both scopes to the DHCP clients on the local subnet.
What should you create on Server1?
A. A scope
B. A superscope
C. A split-scope
D. A multicast scope
Answer: B
Explanation:
A. A scope is an administrative grouping of IP addresses for computers on a subnet that use the Dynamic Host Configuration Protocol (DHCP) service. The administrator first creates a scope for each physical subnet and then uses the scope to define the parameters used by clients.
B. A superscope is an administrative feature of Dynamic Host Configuration Protocol (DHCP) servers running Windows Server 2008 that you can create and manage by using the DHCP Microsoft Management Console (MMC) snap-in.
By using a superscope, you can group multiple scopes as a single administrative entity.
D. Multicasting is the sending of network traffic to a group of endpointsdestination hosts. Only those members in the group of endpoints hosts that are listening for the multicast traffic (the multicast group) process the multicast traffic
http://technet.microsoft.com/en-us/library/dd759168.aspx
http://technet.microsoft.com/en-us/library/dd759152.aspx
QUESTION 16
Your network contains servers that run Windows Server 2012 R2.
The network contains a large number of iSCSI storage locations and iSCSI clients.
You need to deploy a central repository that can discover and list iSCSI resources on the network automatically.
Which feature should you deploy?
A. the Windows Standards-Based Storage Management feature
B. the iSCSI Target Server role service
C. the iSCSI Target Storage Provider feature
D. the iSNS Server service feature
Answer: D
Explanation:
A. Windows Server 2012 R2 enables storage management that is comprehensive and fully scriptable, and administrators can manage it remotely. A WMI-based interface provides a single mechanism through which to manage all storage, including non-Microsoft intelligent storage subsystems and virtualized local storage (known as Storage Spaces). Additionally, management applications can use a single Windows API to manage different storage types by using standards-based protocols such as Storage Management Initiative Specification (SMI-S).
B. Targets are created in order to manage the connections between an iSCSI device and the servers that need to access it. A target defines the portals (IP addresses) that can be used to connect to the iSCSI device, as well as the security settings (if any) that the iSCSI device requires in order to authenticate the servers that are requesting access to its resources.
C. iSCSI Target Storage Provider enables applications on a server that is connected to an iSCSI target to perform volume shadow copies of data on iSCSI virtual disks. It also enables you to manage iSCSI virtual disks by using older applications that require a Virtual Disk Service (VDS) hardware provider, such as the Diskraid command.
D. The Internet Storage Name Service (iSNS) protocol is used for interaction between iSNS servers and iSNS clients. iSNS clients are computers, also known as initiators, that are attempting to discover storage devices, also known as targets, on an Ethernet network.
http://technet.microsoft.com/en-us/library/cc726015.aspx
http://technet.microsoft.com/en-us/library/cc772568.aspx
QUESTION 17
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2. All domain user accounts have the Division attribute automatically populated as part of the user provisioning process.
The Support for Dynamic Access Control and Kerberos armoring policy is enabled for the domain.
You need to control access to the file shares on Server1 based on the values in the Division attribute and the Division resource property.
Which three actions should you perform in sequence?
Answer:
Explanation:
First create a claim type for the property, then create a reference resource property that points back to the claim. Finally set the classification value on the folder
QUESTION 18
Your network contains two Active Directory forests named contoso.com and fabrikam.com.
The contoso.com forest contains two domains named corp.contoso.com and contoso.com.
You establish a two-way forest trust between contoso.com and fabrikam.com. Users from the corp.contoso.com domain report that they cannot log on to client computers in the fabrikam.com domain by using their corp.contoso.com user account.
When they try to log on, they receive following error message:
“The computer you are signing into is protected by an authentication firewall. The specified account is not allowed to authenticate to the computer.”
Corp.contoso.com users can log on successfully to client computers in the contoso.com domain by using their corp.contoso.com user account credentials.
You need to allow users from the corp.contoso.com domain to log on to the client computers in the fabrikam.com forest.
What should you do?
A. Configure Windows Firewall with Advanced Security.
B. Enable SID history.
C. Configure forest-wide authentication.
D. Instruct the users to log on by using a user principal name (UPN).
Answer: C
Explanation:
The forest-wide authentication setting permits unrestricted access by any users in the trusted forest to all available shared resources in any of the domains in the trusting forest.
http://technet.microsoft.com/en-us/library/cc785875(v=ws.10).aspx
QUESTION 19
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Both servers have the Hyper-V server role installed.
The servers have the hardware configurations shown in the following table.
Server1 hosts five virtual machines that run Windows Server 2012 R2.
You need to move the virtual machines from Server1 to Server2.
The solution must minimize downtime.
What should you do for each virtual machine?
A. Export the virtual machines from Server1 and import the virtual machines to Server2.
B. Perform a live migration.
C. Perform a quick migration.
D. Perform a storage migration.
Answer: A
Explanation:
None of these migration options will work between different Processors ( AMD/Intel).
The only option remaining is to export and re-import the VMs
QUESTION 20
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the Hyper-V server role installed.
You plan to replicate virtual machines between Server1 and Server2.
The replication will be encrypted by using Secure Sockets Layer (SSL).
You need to request a certificate on Server1 to ensure that the virtual machine replication is encrypted.
Which two intended purposes should the certificate for Server1 contain? (Each correct answer presents part of the solution. Choose two.)
A. Client Authentication
B. Kernel Mode Code Signing
C. Server Authentication
D. IP Security end system
E. KDC Authentication
Answer: AC
Explanation:
http://blogs.technet.com/b/virtualization/archive/2012/03/13/hyper-v-replica-certificate-requirements.aspx
If you use Lead2pass braindump as your 70-412 exam prepare material, we guarantee your success in the first attempt. Lead2pass 70-412 dump provides you everything you will need to take your 70-412 Exam.
70-412 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDa2trSWtTV0Rkbm8
2017 Microsoft 70-412 exam dumps (All 391 Q&As) from Lead2pass:
https://www.lead2pass.com/70-412.html [100% Exam Pass Guaranteed]