Ensurepass

 

QUESTION 311

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a file server named Server1. The domain contains a domain controller named DC1. Server1 contains three shared folders. The folders are configured as shown in the following table.

 

clip_image001

 

Folder2 has a conditional expression of User.Department= = MMarketing”.

 

You discover that a user named User1 cannot access \Server1folder2. User1 can access \Server1folderl and \Server1folder3.

 

You verify the group membership of User1 as shown in the Member of exhibit.

 

clip_image002

 

You verify the organization information of User1 as shown in the Organization exhibit.

 

clip_image003

 

You verify the general properties of User1 as shown in the General exhibit.

 

clip_image004

 

You need to ensure that User1 can access the contents of \Server1folder2. What should you do?

 

A.

From a Group Policy object (GPO), set the Support for Dynamic Access Control and Kerberos armoring setting to Always provide claims.

B.

Change the department attribute of User1.

C.

Grant the Full Control NTFS permissions on Folder2 to User1.

D.

Remove User1 from the Accounting global group.

 

Correct Answer: B

 

 

 

 

 

 

 

QUESTION 312

Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has Microsoft SQL Server 2012 installed. You install the Active Directory Federation Services server role on Server2. You need to configure Server2 as the first Active Directory Federation Services (AD FS) server in the domain. The solution must ensure that the AD FS database is stored in a SQL Server database on Server1. What should you do on Server2?

 

A.

From a command prompt, run fsutil.exe.

B.

From Windows PowerShell, run Install-ADFSFarm.

C.

From Server Manager, install the Federation Service Proxy.

D.

From Server Manager, install the AD FS Web Agents.

 

Correct Answer: B

 

 

QUESTION 313

Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2. DC1 and DC2 fail to replicate Active Directory information. You confirm that DC1 and DC2 have network connectivity. The NTDS Settings of DC2 are configured as shown in the NTDS Settings exhibit.

 

clip_image005

 

DNS is configured as shown in the DNS exhibit.

 

clip_image006

 

You need to ensure that DC1 and DC2 can replicate immediately. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

 

A.

From DC1, restart the Netlogon service.

B.

From DC2, run nltest.exe /sync.

C.

From DC1, run ipconfig /flushdns.

D.

From DO, run repadmin /syncall.

E.

From DC2, run ipconfig /registerdns.

F.

From DC2, restart the Netlogon service.

 

Correct Answer: DE

 

 

QUESTION 314

Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a file server role named FS1 and a generic service role named SVC1. Server1 is the preferred node for FS1. Server2 is the preferred node for SVC1. You plan to run a disk maintenance tool on the physical disk u
sed by FS1. You need to ensure that running the disk maintenance tool does not cause a failover to occur. What should you do before you run the tool?

 

A.

Run cluster.exe and specify the pause parameter.

B.

Run cluster.exe and specify the offline parameter.

C.

Run Suspend-ClusterResource.

D.

Run Suspend-ClusterNode.

 

Correct Answer: B

 

QUESTION 315

You are employed as a network administrator at consoto.com. Contoso.com has in an Active Directory domain named contoso.com. All Servers on the contoso.com network have Windows Server 2012 R2 installed. A contoso.com server, named Server1, hosts the Active Directory Certificate Services Server role and utilizes a hardware security module (HSM) to safeguard its private key. You have been instructed to backup the Active Directory Certificate Services (ADCS) database, log files, and private key regularly. You should not use a utility supplied by the hardware security module (HSM) creator. Which of the following actions should you take?

 

A.

You should consider scheduling an incremental backup.

B.

You Should consider making use of the certutil.exe command.

C.

You should consider schedulling a differential backup.

D.

You should consider schedulling a copy backup.

 

Correct Answer: B

 

 

QUESTION 316

You are employed as a senior network administrator at contoso.com. Contoso.com has an active directory domain named contoso.com. All servers on the contoso.com network have Windows Server 2012 R2 installed. You are currently running at training exercise for junior network administrators. You are discussing the DNSSEC NRPT rule properly. Which of the following describes the purpose of this rule property?

 

A.

It is used to indicate the namespace to which the policy Applies.

B.

It is used to indicate whether the DNS client should check for DNSSEC validation in the response.

C.

It is used to indicate DNSSEC must be used to protect DNS traffic for queries belonging to the namespace.

D.

It is used to indicate whether DNS connections over DNSSEC will use encryption.

 

Correct Answer: A

 

 

QUESTION 317

You are employed as a network administrator at contoso.com. Contoso.com has an active directory domain named contoso.com. All servers on the contoso.com network have Windows Server 2012 R2 installed. Contoso.com has a server named server1, which is configured as a file server. You have been instructed to enable a feature that discovers and eradicates duplication within data without compromising its reliability or accuracy. Which of the following actions should you take?

 

A.

You should consider having the Data Deduplication feature enabled.

B.

You should consider having the Storage Spaces feature enabled.

C.

You should consider having the Storage Management feature enabled.

D.

You should consider having the folder redirection feature enabled.

 

Correct Answer: A

 

 

 

 

 

 

 

QUESTION 318

You are employed as a network administrator at contoso.com. contoso.com has a single Active Directory domain named contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed. Contoso.com has two servers, named server1 and server2 which are configured in a two-node fail over cluster. You are currently configuration the quorum settings for the cluster. You want to make use of a quorum mode that allows each node to vote if it is available and in communication. Which of the following is the mode you should use?

 

A.

Node Majority

B.

Node and Disk Majority

C.

Node and File Share Majority

D.

No Majority: Disk Only

 

Correct Answer: A

 

 

QUESTION 319

You are employed as a network administrator at contoso.com. C
ontoso.com has a single Active Directory domain named contoso.com. All servers on the contoso.com network have Windows Server 2012 R2 installed. You are preparing to install a third-party Application on a contoso.com server, named SERVER1. You find that the Application is unable to install completely due to its driver not being digitally signed. You want to make sure that the Application can be installed successfully. Which of the following actions should you take?

 

A.

You should consider downloading a signed driver.

B.

You should consider having SERVER1 is restored to an earlier date.

C.

You should consider making use of the Disable Driver Signature Enforcement option from the Advanced Boot Option.

D.

You should consider restarting SERVER1 in safe Mode.

 

Correct Answer: C

 

 

QUESTION 320

You are employed as a senior network administrator at contoso.com.Contoso.com has a single Active Directory Domain named contoso.com. All servers on the contoso.com network have Windows Server 2
012 R2 installed. You are running a training exercise for junior network administrator. You are currently discussing the Dnslint.exe tool. Which of the following should this tool be used for? (Choose all that Apply)

 

A.

To help diagnose common DNS name resolution issues.

B.

For developing scripts for configuring a DNS server.

C.

To administer the DNS server Service.

D.

To look for specific DNS record set and sure that they are consistent across multiple DNS servers.

E.

To verify that DNS records used specifially for Active Directory replication are correct.

F.

To Create and delete zones and resource records.

 

Correct Answer: ACE

 

 

 

 

 

QUESTION 321

You work as an administrator at contoso.com. Contoso.com network consists of a single domain named contoso.com. All servers on the contoso.com network have Windows Server 2012 R2 installed. Contoso.com has a server, named SERVER1, which has the AD DS, DHCP and DNS server roles installed. Contoso.com also has a server named SERVER2, which has the DHCP and Remote Access Server Role installed. You have configured SERVER3, which has the File and Storage Services Server role installed to automatically acquire an IP address. You then create a filter on SERVER1. Which of the following is a reason for this configuration?

 

A.

To make sure that SERVER1 issues Server3 an IP address.

B.

To make sure that SERVER1 does not issue SERVER3 an IP address.

C.

To make sure that SERVER3 acquires a constant IP address from SERVER2 only.

D.

To make sure that SERVER3 is configured with a static IP address.

 

Correct Answer: B

 

 

QUESTION 322

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA). All users in the domain are issued a smart card and are required to log on to their domain-joined client computer by using their smart card. A user named User1 resigned and started to work for a competing company. You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not prevent other users from logging on to the domain. Which tool should you use?

 

A.

Active Directory Administrative Center

B.

Active Directory Sites and Services

C.

Active Directory Users and Computers

D.

the Certification Authority console

E.

the Certificates snap-in

F.

Certificate Templates

G.

Server Manager

H.

the Security Configuration Wizard

 

Correct Answer: ACD

 

 

QUESTION 323

You have a server named Server1. You install the IP Address Management (IPAM) Serverfeature on Server1. You need to provide a user named User1 with the ability to set the access scope of all the DHCP servers that are managed by IPAM. The solution must use the principle of least privilege. Which user role should you assign to User1?

 

A.

IP Address Record Administrator Role

B.

IPAM Administrator Role

C.

IPAM MSM Administrator Role

D.

IPAM DHCP Scope Administrator Role

 

Correct Answer: C

Explanation:

Correct answer is C. IPAM MSM administrator because B. IPAM administrator will give many unnecessary permissions, although C. IPAM MSM administrator will give many unnecessary permissions such as manages DNS servers but it is lower permissions than manages all settings and objects in IPAM.

Another correct and more suitable answer is “IPAM DHCP administrator”

 

 

Free VCE & PDF File for Microsoft 70-412 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…

Comments are closed.