GreatExam guarantees your Microsoft 70-412 exam 100% success with our unique official 70-412 exam questions resources! GreatExam’s 70-412 braindumps are developed by experiences IT Certifications Professionals working in today’s prospering companies and data centers! GreatExam 70-412 exam dumps are checked by our experts team every day to ensure you have the latest updated exam dumps!
QUESTION 321
You need to ensure that clients will check at least every 30 minutes as to whether a certificate has been revoked. Which of the following should you configure to accomplish this goal?
A. Key recovery agent
B. CRL publication interval
C. Delta CRL publication interval
D. Certificate templates.
Answer: C
QUESTION 322
Which of the following revocation statuses can you change to alter the status of a certificate from revoked to valid?
A. Certificate Hold
B. CA Compromise
C. Key Compromise
D. Change Of Affiliation
Answer: A
QUESTION 323
Which of the following CA types would you deploy if you wanted to deploy a CA at the top of a hierarchy that could issue signing certificates to other CAs and which would be taken offline if not issuing, renewing, or revoking signing certificates?
A. Enterprise root
B. Enterprise subordinate
C. Standalone root
D. Standalone subordinate
Answer: C
QUESTION 324
Which of the following CA types must be deployed on domain-joined computers?
A. Enterprise root
B. Enterprise subordinate
C. Standalone root
D. Standalone subordinate
Answer: AB
QUESTION 325
Which permission should you assign on a CA to a group of users that you want to be able to respond to certificate requests but you do not want to provide them with the ability to change CA security settings?
A. Read
B. Issue And Manage Certificates
C. Manage CA
D. Request Certificates
Answer: B
QUESTION 326
Which permission should you assign on a CA to a group of users that you want to allow to alter the list of recovery agents?
A. Read
B. Issue And Manage Certificates
C. Manage CA
D. Request Certificates.
Answer: C
QUESTION 327
You are configuring AD FS. Which server should you deploy on your organization’s perimeter network?
A. Web appplication proxy
B. Relying-party server
C. Federation server
D. Claims-provider server
Answer: A
QUESTION 328
The Wingtip Toys forest hosts a web application that users in the Tailspin Toys forest need to access. You are the system administrator at Tailspin Toys. A single federation server is present in each forest and you are configuring a federated trust.
Which of the following statements are true about the deployment solution? (Choose all that apply.)
A. The AD FS server in the Wingtip Toys forest will function as the claims-provider server.
B. The AD FS server in the Wingtip Toys forest will function as the relying-party server.
C. You need to configure a relying-party trust on the AD FS server in the Tailspin Toys forest.
D. You need to configure a claims-provider trust on the AD FS server in the Tailspin Toys forest.
Answer: BC
Explanation:
Wingtip is the relying party and hosts the resource, and the Wingtip ADFS server is a Relying Party server.
The Wingtip server also needs a Claims-provider trust to trust the claims coming from Tailspin.
Tailspin is the Claims-provider, and hosts the users submitting the claims. The Tailspin ADFS server is a Claims-provider server.
The Tailspin server needs a Relying party trust to trust the relying server at wingtip.
QUESTION 329
Your network contains an active directory domain anmed contoso.com.
The domain contains the server named server1 that runs Sindows Server 2012 R2.
Server1 has the active directory rights management services server role installed.
The domain contains a domain local group named group1
You create a rights policy template named template1.
You need to ensure that all the members of group1 can use template1.
What should you do?
A. Convert the scope of group1 to universal and assign group1 the rights to template1
B. Convert the scope of group1 to global and configure the email address attribute of group1.
C. Configure the email address attribute of group1 and configure the email address attribute of all the users are members of group1.
D. Configure the email address of all the users who are members of group1 and assign group1 the rights to template1.
Answer: D
QUESTION 330
The Wingtip Toys forest hosts a web application that users in the Tailspin Toys forest need to access. You are the system administrator at Wingtip Toys. A single federation server is present in each forest and you are configuring a federated trust.
Which of the following statements are true about the deployment solution? (Choose all that apply.)
A. The AD FS server in the Tailspin Toys forest will function as the claims-provider server.
B. The AD FS server in the Tailspin Toys forest will function as the relying-party server.
C. Configure a relying-party trust on the Wingtip Toys AD FS server.
D. Configure a claims-provider trust on the Wingtip Toys AD FS server.
Answer: AD
Explanation:
Tailspin hosts the users, and is the claims provider, so the ADFS server is a claims-provider server. It needs a Relying party trust, to trust the relying server at wingtip.
Wingtip hosts the resource, so it is the relying party, so the ADFS server is a relying party server. It needs a claims-provider trust to trust the claims providing server at Tailspin.
QUESTION 331
Which of the following authentication types must you enable to support Workplace Join?
A. Forms
B. Windows
C. Certificate
D. Device
Answer: D
QUESTION 332
Which of the following is the minimum domain functional level required before you can promote a member server running Windows Server 2012 R2 so that it functions as a domain controller?
A. Windows Server 2003
B. Windows Server 2008
C. Windows Server 2008 R2
D. Windows Server 2012
Answer: A
QUESTION 333
You are considering adding a child domain to the dandenong.melbourne.victoria. australia.contoso.com domain tree. Which of the following represents the maximum length in characters, including periods, of an Active Directory domain name?
A. 64 characters
B. 128 characters
C. 256 characters
D. 512 characters
Answer: A
QUESTION 334
You are about to promote a server running the Windows Server 2012 R2 operating system to domain controller. The domain is currently running at the Windows Server 2008 domain functional level. Your account is a member of the Domain Admins group.
Which additional groups should your account be a member of to ensure that the environment is appropriately configured for this domain controller running Windows Server 2012 R2? (Choose two. Each answer forms part of a complete solution.)
A. Schema Admins
B. Enterprise Admins
C. Account Operators
D. Server Operators
Answer: AB
QUESTION 335
The root domain of the Adatum forest is Adatum.local. The contoso.com domain tree is part of the Adatum forest. Don has an account in the australia.contoso.com domain and is signing on to a computer that is a member of the computers.adatum.local domain.
No additional UPNs have been configured. Which UPN suffix will Don use to sign on to this computer?
A. @adatum.com
B. @adatum.local
C. @computers.adatum.local
D. @australia.contoso.com
Answer: B
QUESTION 336
You have configured a forest trust relationship between the Adatum forest and the Contoso forest. You want to ensure that users from the Contoso forest can authenticate only when needing to access resources in the Adatum forest using the [email protected] UPN rather than any other UPN that is available for them.
Which of the following should you use to accomplish this goal?
A. SID filtering
B. Name suffix routing
C. Shortcut trust
D. External trust
Answer: B
QUESTION 337
There are 42 domains in the tailspintoys.com forest. Users in the Melbourne.victoria. australia.tailspintoys.com find the process of authenticating to resources in the Copenhagen. denmark.europe.tailspintoys.com domain to be much too slow.
Which of the following steps can you take to speed up authentication between these domains?
A. Create a forest trust.
B. Create an external trust.
C. Create a shortcut trust.
D. Configure name suffix routing.
Answer: C
QUESTION 338
Your organization is deploying a second Active Directory forest because a substantial number of users need to access a resource that requires significant changes to the Active Directory schema, which are not compatible with your current forest’s schema.
You want users in your forest to be able to access any resource in any domain in the new forest.
Which of the following should you do to accomplish this goal?
A. Configure a forest trust.
B. Configure an external trust.
C. Create a shortcut trust.
D. Configure name suffix routing.
Answer: A
QUESTION 339
You want to configure a security relationship by which users in the Melbourne domain of the Adatum.com forest are able to access resources in the Sydney domain of the Contoso forest. Users do not require access to resources in any other domains in either forest.
Which of the following should you configure to accomplish this goal?
A. Configure a forest trust.
B. Configure an external trust.
C. Create a shortcut trust.
D. Configure name suffix routing.
Answer: B
QUESTION 340
At present, the subnet 192.168.15.0/24 is associated with the Brisbane site.
You want to instead associate this subnet with the Melbourne site.
Which of the following steps can you take to resolve this problem?
A. Use the Active Directory Sites And Services console to edit the properties of the 192.168.15.0/24 subnet.
B. Use the Active Directory Sites And Services console to edit the properties of the Melbourne site.
C. Use the Active Directory Sites And Services console to edit the properties of the Brisbane site.
D. Use the Active Directory Domains And Trusts console to edit the properties of the 192.168.15.0/24 subnet.
Answer: A
By utilizing GreatExam high quality Microsoft 70-412 exam dumps products, you can surely pass 70-412 certification exam 100%! GreatExam also offers 100% money back guarantee to individuals in case they fail to pass Microsoft 70-412 in one attempt.