GreatExam is one of the leading exam preparation material providers. Its updated 70-412 braindumps in PDF can ensure most candidates pass the exam without too much effort. If you are struggling for the 70-412 exam, it will be a wise choice that get help from GreatExam.
QUESTION 201
You have a server named Server1 that runs Windows Server 2012 R2. When you install a custom Application on Server1 and restart the server, you receive the following error message:
“The Boot Configuration Data file is missing some required information.
File: \Boot\BCD
Error code: 0x0000034.”
You start Server1 by using Windows PE.
You need to ensure that you can start Windows Server 2012 R2 on Server1.
Which tool should you use?
A. Bootsect
B. Bootim
C. Bootrec
D. Bootcfg
Answer: C
Explanation:
A. Bootsect.exe updates the master boot code for hard disk partitions to switch between
BOOTMGR and NTLDR. You can use this tool to restore the boot sector on your computer.
This tool replaces FixFAT and FixNTFS.
B.
C. Bootrec.exe tool to troubleshoot “Bootmgr Is Missing” issue. The /ScanOs option scans all disks for installations that are compatible with Windows Vista or Windows 7.
Additionally, this option displays the entries that are currently not in the BCD store. Use this option when there are Windows Vista or Windows 7 installations that the Boot Manager menu does not list.
D. The bootcfg command is a Microsoft Windows Server 2003 utility that modifies the Boot.ini file.
http://technet.microsoft.com/en-us/library/cc749177(v=ws.10).aspx
http://support.microsoft.com/kb/927392/en-us
http://answers.microsoft.com/en-us/windows/forum/windows_7-system/error-code-0x0000034-in-windows-7/4dcb8d38-a206-40ed-bced-55e4a4de9bf2
QUESTION 202
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2012 R2.
Server1 has the Active Directory Rights Management Services server role installed.
Your company works with a partner organization that does not have its own Active Directory Rights Management Services (AD RMS) implementation.
You need to create a trust policy for the partner organization.
The solution must meet the following requirements:
– Grant users in the partner organization access to protected content.
– Provide users in the partner organization with the ability to create protected content.
Which type of trust policy should you create?
A. a federated trust
B. Windows Live ID
C. a trusted publishing domain
D. a trusted user domain
Answer: A
Explanation:
In AD RMS rights can be assigned to users who have a federated trust with Active Directory Federation Services (AD FS). This enables an organization to share access to rights-protected content with another organization without having to establish a separate Active Directory trust or Active Directory Rights Management Services (AD RMS) infrastructure.
Incorrect:
Not
C. Trusted publishing domains allow one AD RMS server to issue use licenses that correspond with a publishing license issued by another AD RMS server, but in this scenario the partner organization does not have any Active Directory. Not
D. A trusted user domain, often referred as a TUD, is a trust between AD RMS clusters, but in this scenario the partner organization does not have any Active Directory.
http://technet.microsoft.com/en-us/library/dd772651(v=WS.10).aspx
QUESTION 203
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
All servers run Windows Server 2012 R2. The domain contains two domain controllers.
The domain controllers are configured as shown in the following table.
On DC1, you create an Active Directory-integrated zone named Zone1.
You verify that Zone1 replicates to DC2.
You use DNSSEC to sign Zone1.
You discover that the updates to Zone1 fail to replicate to DC2.
You need to ensure that Zone1 replicates to DC2.
What should you configure on DC1? To answer, select the appropriate tab in the answer area.
Answer:
QUESTION 204
Hotspot Question
Your network contains two Hyper-V hosts that are configured as shown in the following table.
You create a virtual machine on Server1 named VM1.
You plan to export VM1 from Server1 and import VM1 to Server2.
You need to ensure that you can start the imported copy of VM1 from snapshots.
What should you configure on VM1?
To answer, select the appropriate node in the answer area.
Answer:
Explanation:
* If the CPUs are from the same manufacturer but not from the same type, you may need to use Processor Compatibility.
*(incorrect) The network adapter is already disconnected.
QUESTION 205
Hotspot Question
Your network contains an Active Directory forest.
You implement Dynamic Access Control in the forest.
You have the claim types shown in the Claim Types exhibit. (Click the Exhibit button.)
The properties of a user named User1 are configured as shown in the User1 exhibit. (Click the Exhibit button.)
The output of Whoa mi /claims for a user named User2 is shown in the Whoa mi exhibit.
(Click the Exhibit button.)
Select Yes if the statement can be shown to be true based on the available information; otherwise select No. Each correct selection is worth one point.
Answer:
QUESTION 206
You have a server named Server1 that runs Windows Server 2012 R2.
You install the File and Storage Services server role on Server1.
From Windows Explorer, you view the properties of a folder named Folder1 and you discover that the Classification tab is missing.
You need to ensure that you can assign classifications to Folder1 from Windows Explorer manually.
What should you do?
A. From Folder Options, clear Hide protected operating system files (Recommended).
B. Install the File Server Resource Manager role service.
C. From Folder Options, select the Always show menus.
D. Install the Share and Storage Management Tools.
Answer: B
Explanation:
Classification Management is a feature of FSRM
http://technet.microsoft.com/en-us/library/dd759252.aspx
http://technet.microsoft.com/en-us/library/dd758759(v=WS.10).aspx
QUESTION 207
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains three Active Directory sites named SiteA, SiteB, and SiteC.
The sites contain four domain controllers.
The domain controllers are configured as shown in the following table.
An IP site link exits between each site.
You discover that the users in SiteC are authenticated by the domain controllers in SiteA and SiteB. You need to ensure that the SiteC users are authenticated by the domain controllers in SiteB, unless all of the domain controllers in SiteB are unavailable.
What should you do?
A. Create an SMTP site link between SiteB and SiteC.
B. Create additional connection objects for DC3 and DC4.
C. Decrease the cost of the site link between SiteB and SiteC.
D. Create additional connection objects for DC1 and DC2.
Answer: C
Explanation:
By decreasing the site link cost between SiteB and SiteC the SiteC users would be authenticated by SiteB rather than by SiteA.
QUESTION 208
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
The relevant servers in the domain are configured as shown in the following table.
You plan to create a shared folder on Server1 named Share1.
Share1 must only be accessed by users who are using computers that are joined to the domain.
You need to identify which servers must be upgraded to support the requirements of Share1.
In the table below, identify which computers require an upgrade and which computers do not require an upgrade. Make only one selection in each row. Each correct selection is worth one point.
Answer:
Explanation:
You need at least 1 DC running Windows Server 2012 or later.
The file server you want to apply this to must be running Windows Server 2012 or later.
You already have a DC at Windows Server 2012 so no need to upgrade any of the DC’s, you just need to upgrade the file server.
https://channel9.msdn.com/posts/Dynamic-Access-Control-Demo-and-Interview
QUESTION 209
Your network contains an Active Directory domain named contoso.com.
The domain contains two member servers named Server1 and Server2.
All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.
Cluster1 has access to four physical disks.
The disks are configured as shown in the following table.
You need to ensure that all of the disks can be added to a Cluster Shared Volume (CSV).
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Enable BitLocker on Disk4.
B. Format Disk3 to use NTFS.
C. Format Disk2 to use NTFS.
D. Disable BitLocker on Disk1.
Answer: CD
Explanation:
C. In Windows Server 2012 R2, a disk or storage space for a CSV volume must be a basic disk that is partitioned with NTFS or ReFS, but you cannot use a disk for a CSV that is formatted with FAT or FAT32.
D. CSV supports bitlocker, but you would have to enable it on all nodes in the cluster.
Therefore we need to disable bitlocker on Disk1.
Incorrect:
Not B. ReFS would work fine. In Windows Server 2012 R2, a disk or storage space for a CSV volume must be a basic disk that is partitioned with NTFS or ReFS.
Not A. Bitlocker must be enabled on all disks for it to work for a CSV.
Reference: Use Cluster Shared Volumes in a Failover Cluster
https://technet.microsoft.com/en-us/library/jj612868.aspx
Reference: How to Configure BitLocker Encrypted Clustered Disks in Windows Server 2012
http://blogs.msdn.com/b/clustering/archive/2012/07/20/10332169.aspx
QUESTION 210
Your network contains an Active Directory forest named contoso.com.
The contoso.com domain only contains domain controllers that run Windows Server 2012 R2.
The forest contains a child domain named child.contoso.com.
The child.contoso.com domain only contains domain controllers that run Windows Server 2008 R2. The child.contoso.com domain contains a member server named Server1 that runs Windows
Server 2012 R2.
You have access to four administrative user accounts in the forest.
The administrative user accounts are configured as shown in the following table.
You need to ensure that you can add a domain controller that runs Windows Server 2012 R2 to the child.contoso.com domain.
Which account should you use to run adprep.exe?
A. Admin1
B. Admin2
C. Admin3
D. Admin4
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx
QUESTION 211
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Node1 and Node2. Node1 and Node2 run Windows Server 2012 R2. Node1 and Node2 are configured as a two-node failover cluster named Cluster2. The computer accounts for all of the servers reside in an organizational unit (OU) named Servers. A user named User1 is a member of the local Administrators group on Node1 and Node2. User1 creates a new clustered File Server role named File1 by using the File Server for general use option.
A report is generated during the creation of File1 as shown in the exhibit. (Click the Exhibit button.)
File1 fails to start.
You need to ensure that you can start File1.
What should you do?
A. Log on to the domain by using the built-in Administrator for the domain, and then recreate the clustered
File Server role by using the File Server for general use option.
B. Recreate the clustered File Server role by using the File Server for scale-out Application data option.
C. Assign the computer account permissions of Cluster2 to the Servers OU.
D. Assign the user account permissions of User1 to the Servers OU.
E. Increase the value of the ms-DS-MachineAccountQuota attribute of the domain.
Answer: D
Explanation:
When creating a role, an AD object is created in the server OU.
QUESTION 212
Your network contains two servers named Server1 and Server 2. Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed. Server1 hosts a virtual machine named VM1. The virtual machine configuration files and the virtual hard disks for VM1 are stored in D: \VM1.
You shut down VM1 on Server1.
You copy D:\VM1 to D:\VM1 on Server2.
You need to start VM1 on Server2.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. Run the Import-VMIntialReplication cmdlet.
B. Create a new virtual machine on Server2 and attach the VHD from VM1 to the new virtual machine.
C. From Hyper-V Manager, run the Import Virtual Machine wizard.
D. Run the Import-IscsiVirtualDisk cmdlet.
Answer: C
Explanation:
Starting in Windows Server 2012, you no longer need to export a virtual machine to be able to import it. You can simply copy a virtual machine and its associated files to the new host, and then use the Import Virtual Machine wizard to specify the location of the files. This registers the virtual machine with Hyper-V and makes it available for use.
In addition to the wizard, the Hyper-V module for Windows PowerShell includes cmdlets for importing virtual machines. For more information, see Import-VM
QUESTION 213
Your network contains an Active Directory forest.
The forest contains one domain named adatum.com. The domain contains three domain controllers.
The domain controllers are configured as shown in the following table.
DC2 has all of the domain-wide operations master roles.
DC3 has all of the forest-wide operation master roles.
You need to ensure that you can use Password Settings objects (PSOs) in the domain.
What should you do first?
A. Uninstall Active Directory from DC1.
B. Change the domain functional level.
C. Transfer the domain-wide operations master roles.
D. Transfer the forest-wide operations master roles.
Answer: A
Explanation:
In Windows Server 2008 and later, you can use fine-grained password policies to specify multiple password policies and apply different password restrictions and account lockout policies to different sets of users within a single domain.
Note: In Microsoft Windows 2000 and Windows Server 2003 Active Directory domains, you could apply only one password and account lockout policy, which is specified in the domain’s Default Domain Policy, to all users in the domain. As a result, if you wanted different password and account lockout settings for different sets of users, you had to either create a password filter or deploy multiple domains. Both options were costly for different reasons.
QUESTION 214
Your network contains an Active Directory forest named contoso.com.
The forest contains three domains. All domain controllers run Windows Server 2012 R2. The forest has a two-way realm trust to a Kerberos realm named adatum.com.
You discover that users in adatum.com can only access resources in the root domain of
contoso.com.
You need to ensure that the adatum.com users can access the resources in all of the domains in
the forest.
What should you do in the forest?
A. Delete the realm trust and create a forest trust.
B. Delete the realm trust and create three external trusts.
C. Modify the incoming realm trust.
D. Modify the outgoing realm trust.
Answer: D
Explanation:
* A one-way, outgoing realm trust allows resources in your Windows Server domain (the domain that you are logged on to at the time that you run the New Trust Wizard) to be accessed by users in the Kerberos realm.
* You can establish a realm trust between any non-Windows Kerberos version 5 (V5) realm and an Active Directory domain. This trust relationship allows cross-platform interoperability with security services that are based on other versions of the Kerberos V5 protocol, for example, UNIX and MIT implementations. Realm trusts can switch from nontransitive to transitive and back. Realm trusts can also be either one-way or two-way.
QUESTION 215
Your network contains an Active Directory domain named contoso.com.
The domain contains a certification authority (CA).
You suspect that a certificate issued to a Web server is compromised.
You need to minimize the likelihood that users will trust the compromised certificate.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A. Stop the Certificate Propagation service.
B. Modify the validity period of the Web Server certificate template.
C. Run certutil and specify the -revoke parameter.
D. Run certutil and specify the -deny parameter.
E. Publish the certificate revocation list (CRL).
Answer: CE
Explanation:
First revoke the certificate, then publish the CRL.
QUESTION 216
Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2.
DC1 and DC2 fail to replicate Active Directory information.
You confirm that DC1 and DC2 have network connectivity.
The NTDS Settings of DC2 are configured as shown in the NTDS Settings exhibit. (Click tie Exhibit button.)
DNS is configured as shown in the DNS exhibit. (Click the Exhibit button.)
You need to ensure that DC1 and DC2 can replicate immediately.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. From DC1, restart the Netlogon service.
B. From DC2, run nltest.exe /sync.
C. From DC1, run ipconfig /flushdns.
D. From DC1, run repadmin /syncall.
E. From DC2, run ipconfig /registerdns.
F. From DC2, restart the Netlogon service.
Answer: DE
Explanation:
The DC2 name/alias is not available in DNS.
First we register the DC2 name from DC with the ipconfig /registerdns.
(E) Then we synchronizes a specified domain controller DC1 (DC2 would also work) with all of its replication partners with repadmin /syncall. (D)
QUESTION 217
You have a server named Server1 that runs Windows Server 2012 R2.
You start Server1 by using Windows PE.
You need to repair the Boot Configuration Data (BCD) store on Server1.
Which tool should you use?
A. Bootim
B. Bootsect
C. Bootrec
D. Bootcfg
Answer: C
Explanation:
How To Rebuild the BCD in Windows
1. Start Advanced Startup Options if you’re using Windows 8.
2. Open Command Prompt from Advanced Startup Options or System Recovery Options menu.
3. At the prompt, type the bootrec command as shown below and then press Enter:
bootrec /rebuildbcd.
The bootrec command will search for Windows installations not included in the Boot Configuration Data and then ask you if you’d like to add one or more to it.
Incorrect:
Not B. Bootsect.exe updates the master boot code for hard disk partitions to switch between BOOTMGR and NTLDR. You can use this tool to restore the boot sector on your computer. This tool replaces FixFAT and FixNTFS.
Not D. The bootcfg command is a Microsoft Windows Server 2003 utility that modifies the Boot.ini file.
http://pcsupport.about.com/od/fixtheproblem/ht/rebuild-bcd-store-windows.htm
QUESTION 218
You have a server named Server1 that runs Windows Server 2012 R2.
A Microsoft Azure Backup of Server1 is created automatically every day.
You need to view the items that are included in the backup.
Which cmdlet should you run?
A. Get-OBPolicyState
B. Get-OBJob
C. Get-OBPolicy
D. Get-WBSummary
Answer: C
Explanation:
https://technet.microsoft.com/en-us/library/hh770406(v=wps.630).aspx
QUESTION 219
Hotspot Question
Your network contains three Application servers that run Windows Server 2012 R2.
The Application servers have the Network Load Balancing (NLB) feature installed.
You create an NLB cluster that contains the three servers.
You plan to deploy an Application named App1 to the nodes in the cluster.
App1 uses TCP port 8080 and TCP port 8081.
Clients will connect to App1 by using HTTP and HTTPS.
When clients connect to App1 by using HTTPS, session state information will be retained locally by the cluster node that responds to the client request.
You need to configure a port rule for App1.
Which port rule should you use? To answer, select the appropriate rule in the answer area.
Answer:
Explanation:
* Filtering Mode: Multiple hosts
The Multiple hosts parameter specifies that multiple hosts in the cluster will handle network traffic for the associated port rule. This filtering mode provides scaled performance and fault tolerance by distributing the network load among multiple hosts. You can specify that the load be equally distributed among the hosts or that each host will handle a specified load weight.
* Affinity
Select Affinity Single or Network to ensure that all network traffic from a particular client is directed to the same host.
App1 uses session state information that will be retained locally by the Cluster Node that responds to client request, therefore Affinity rule should be set to Single.
QUESTION 220
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2.
The servers have the Hyper- V server role installed.
A certification authority (CA) is available on the network.
A virtual machine named vml.contoso.com is replicated from Server1 to Server2.
A virtual machine named vm2.contoso.com is replicated from Server2 to Server1.
You need to configure Hyper-V to encrypt the replication of the virtual machines.
Which common name should you use for the certificates on each server? To answer, configure the appropriate common name for the certificate on each server in the answer area.
Answer:
There is no doubt that GreatExam is the top IT certificate exam material provider. All the braindumps are the latest and tested by senior Microsoft lecturers and experts. Get the 70-412 exam braindumps in GreatExam, and there would be no suspense to pass the exam.