70-412 | Your network contains an Active Directory…

Question: 25

Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that has the Active Directory Federation Services server role in- stalled. All servers run Windows Server 2012.
You complete the Active Directory Federation Services Configuration Wizard on Server1.
You need to ensure that client devices on the internal network can use Workplace Join.
Which two actions should you perform on Server1? (Each correct answer presents part of the so- lution. Choose two.)

A. Run Enable-AdfsDeviceRegistration -PrepareActiveDirectory.
B. Edit the multi-factor authentication global authentication policy settings.
C. Run Enable-AdfsDeviceRegistration.
D. Run Set-AdfsProxyProperties HttpPort 80.
E. Edit the primary authentication global authentication policy settings.

Answer: C,E

70-412 | Your network contains two Active….

Question: 24

Your network contains two Active Directory forests named contoso.com and adatum.com. A two- way forest trust exists between the forests. The contoso.com forest contains an enterprise certification authority (CA) named Server1. You implement cross-forest certificate enrollment between the contoso.com forest and the adatum.com forest. On Server1, you create a new certificate template named Template1. You need to ensure that users in the adatum.com forest can request certificates that are based on Template1. Which tool should you use?

A. DumpADO.ps1
B. Repadmin
C. Add-CATemplate
D. Certutil
E. PKISync.ps1

Answer: E

The solution must ensure that the domain controllers in the Montreal and the New York offices can replicate the Active Directory changes any time of day. What should you do?

Question: 32

Your company has offices in Montreal, New York, and Amsterdam.
The network contains an Active Directory forest named contoso.com.
An Active Directory site exists for each office. All of the sites connect to each other by using the DEFAULTIPSITELINK site link.
You need to ensure that only between 20:00 and 08:00, the domain controllers in the Montreal office replicate the Active Directory changes to the domain controllers in the Amsterdam office.
The solution must ensure that the domain controllers in the Montreal and the New York offices can replicate the Active Directory changes any time of day.
What should you do?

A. Create a new site link that contains Montreal and Amsterdam.
Remove Amsterdam from DEFAULTIPSITELINK.
Modify the schedule of DEFAULTIPSITELINK.
B. Create a new site link that contains Montreal and Amsterdam.
Create a new site link bridge.
Modify the schedule of DEFAU LTIPSITELINK.
C. Create a new site link that contains Montreal and Amsterdam.
Remove Amsterdam from DEFAULTIPSITELINK.
Modify the schedule of the new site link.
D. Create a new site link that contains Montreal and Amsterdam.
Create a new site link bridge.
Modify the schedule of the new site link.

Answer: C

Section: Configure the Active Directory infrastructure (15-20%)
Explanation
Explanation/Reference:
Explanation:
Very Smartly reworded with same 3 offices. In the exam correct answer is “Create a new site link that contains Newyork to Montreal.
Remove Montreal from DEFAULTIPSITELINK.Modify the schedule of the new site link”.
http://technet.microsoft.com/en-us/library/cc755994(v=ws.10).aspx

70-412 | Your network contains an Active Directory forest named contoso.com.Users frequently access the website of an external partner company.

Question : 31

Your network contains an Active Directory forest named contoso.com.Users frequently access the website of an external partner company. The URL of the website is http://partners.adatum.com.The partner company informs you that it will perform maintenance on its Web server and that the IP addresses of the Web server will change.After the change is complete, the users on your internal network report that they fail to access the website.However, some users who work from home report that they can access the website.You need to ensure that your DNS servers can resolve partners.adatum.com to the correct IP address immediately.What should you do?

A. Run dnscmd and specify the CacheLockingPercent parameter.
B. Run Set-DnsServerGlobalQueryBlockList.
C. Run ipconfig and specify the Renew parameter.
D. Run Set-DnsServerCache.

Answer : D

70-412 | Your network contains two DNS servers named DN51 and DNS2 that run Windows Server 2012 R2.DNS1 has a primary zone named contoso.com.

Question : 30

Your network contains two DNS servers named DN51 and DNS2 that run Windows Server 2012 R2.DNS1 has a primary zone named contoso.com. DNS2 has a secondary copy of the contoso.com zone.You need to log the zone transfer packets sent between DNS1 and DNS2.What should you configure?

A. Monitoring from DNS Manager
B. Logging from Windows Firewall with Advanced Security
C. A Data Collector Set (DCS) from Performance Monitor
D. Debug logging from DNS Manager

Answer : D

70-412 Sample Question : 18

Question : 18

Your network contains two Active Directory forests named contoso.com and adatum.com. Contoso.com contains one domain. Adatum.com contains a child domain named child.adatum.com.Contoso.com has a one-way forest trust to adatum.com. Selective authentication is enabled on the forest trust.Several user accounts are migrated from child.adatum.com to adatum.com. Users report that after the migration, they fail to access resources in contoso.com. The users successfully accessed the resources in contoso.com before the accounts were migrated.You need to ensure that the migrated users can access the resources in contoso.com.What should you do?

A. Replace the existing forest trust with an external trust.
B. Run netdom and specify the /quarantine attribute.
C. Disable SID filtering on the existing forest trust.
D. Disable selective authentication on the existing forest trust.

Answer : C

70-412 Sample Question : 17

Question : 17

Your company recently deployed a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2.You need to identify the time-to-live (TTL) value for domain referrals to the NETLOGON and SYSVOL shared folders.Which tool should you use?

A. Ultrasound
B. Replmon
C. Dfsdiag
D. Frsutil

Answer : C

70-412 Sample Question : 16

Question : 16

Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as a standalone certification authority (CA). You install a second server named Server2. You install the Online Responder role service on Server2. You need to ensure that Server1 can issue an Online Certificate Status Protocol (OCSP) Response Signing certificate to Server2. What should you do?

A. On Server1, run the certutil.exe command and specify the -setreg parameter.
B. On Server2, run the certutil.exe command and specify the -policy parameter.
C. On Server1, configure Security for the OCSP Response Signing certificate template.
D. On Server2, configure Issuance Requirements for the OCSP Response Signing certificate template.

Answer : C

70-412 Sample Question : 15

 Question : 15

You have a DHCP server named Server1. Server1 has one network adapter. Server1 is located on a subnet named Subnet1. Server1 has scope named Scope1. Scope1 contains IP addresses for the 192.168.1.0/24 network. Your company is migrating the IP addresses on Subnet1 to use a network ID of 10.10.0.0/16. On Server11 you create a scope named Scope2. Scope2 contains IP addresses for the 10.10.0.0/16 network. You need to ensure that clients on Subnet1 can receive IP addresses from either scope. What should you create on Server1?

A. A multicast scope
B. A scope
C. A superscope
D. A split-scope

Answer : C

70-412 Sample Question : 14

Question : 14

Your network contains two Active Directory forests named contoso.com and adatum.com. Contoso.com contains one domain. Adatum.com contains a child domain named child.adatum.com. Contoso.com has a one-way forest trust to adatum.com. Selective authentication is enabled on the forest trust. Several user accounts are migrated from child.adatum.com to adatum.com. Users report that after the migration, they fail to access resources in contoso.com. The users successfully accessed the resources in contoso.com before the accounts were migrated. You need to ensure that the migrated users can access the resources in contoso.com. What should you do?

A. Replace the existing forest trust with an external trust.
B. Run netdom and specify the /quarantine attribute.
C. Disable SID filtering on the existing forest trust.
D. Disable selective authentication on the existing forest trust.

Answer: C

70-412 Sample Question : 13

Question : 13

Your network contains an Active Directory domain named contoso.com. The domain contains two sites named Site1 and Site2 and two domain controllers named DC1 and DC2. Both domain controllers are located in Site1. You install an additional domain controller named DC3 in Site1 and you ship DC3 to Site2. A technician connects DC3 to Site2. You discover that users in Site2 are authenticated by all three domain controllers. You need to ensure that the users in Site2 are authenticated by DC1 or DC2 only if DC3 is unavailable. What should you do?

A. From Network Connections, modify the IP address of DC3.
B. In Active Directory Sites and Services, modify the Query Policy of DC3.
C. From Active Directory Sites and Services, move DC3.
D. In Active Directory Users and Computers, configure the insDS-PrimaryComputer attribute for the users in Site2.

Answer: C

70-412 Sample Question : 12

Question : 12

Your network contains an Active Directory domain named adatum.com. The domain contains a server named CA1 that runs Windows Server 2012 R2. CA1 has the Active Directory Certificate Services server role installed and is configured to support key archival and recovery. You need to ensure that a user named User1 can decrypt private keys archived in the Active Directory Certificate Services (AD CS) database. The solution must prevent User1 from retrieving the private keys from the AD CS database. What should you do?

A. Assign User1 the Issue and Manage Certificates permission to Server1.
B. Assign User1 the Read permission and the Write permission to all certificate templates.
C. Provide User1 with access to a Key Recovery Agent certificate and a private key.
D. Assign User1 the Manage CA permission to Server1.

Answer: C

70-412 Sample Question : 11

Question : 11

Your network contains a server named Server1 that runs Windows Server 2012 R2.Server1 has the Active Directory Certificate Services server role installed and is configured as a standalone certification authority (CA).You install a second server named Server2.You install the Online Responder role service on Server2.You need to ensure that Server1 can issue an Online Certificate Status Protocol (OCSP) Response Signing certificate to Server2.What should you do?

A. On Server1,run the certutil.exe command and specify the-setreg parameter.
B. On Server2,run the certutil.exe command and specify the-policy parameter.
C. On Server1,configure Security for the OCSP Response Signing certificate template.
D. On Server2,configure Issuance Requirements for the OCSP Response Signing certificate template.

Answer: C

70-412 Sample Question : 10

Question : 10

You are employed as a senior network administrator at ABC.com. ABC.com has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2012 installed.You are running a training exercise for junior network administrators. You are currently discussing the use of a Scale-Out File Server in cluster environment.Which of the following should be installed prior to configuring a Scale-Out File Server? (Choose two.)

A. You should consider installing the File Server role service.

B. You should consider configuring the Quorum settings.

C. You should consider installing the Failover Clustering.

D. You should consider installing the Active Directory Certificate Services server role.

Answer: A,C

70-412 Sample Question : 9

Question : 9

You are employed as a network administrator at ABC.com. ABC.com has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2012 installed.ABC.com has a server, named ABC-SR07, which is configured as a DHCP server. You have created a superscope on ABC-SR07.Which of the following describes a reason for creating a superscope? (Choose all that apply.)

A. To support DHCP clients on a single physical network segment where multiple logical IP networks are used.

B. To allow for the sending of network traffic to a group of endpointsdestination hosts.

C. To support remote DHCP clients located on the far side of DHCP and BOOTP relay agents.

D. To provide fault tolerance.

Answer: A,C

Search Words: 70-412 Dumps real exam questions answers practice test braindumps, free Q&A online dumps download and free 70-412 Dumps discount coupon code available.

Leave a Comment.

13 − one =