♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for Microsoft 70-412 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-412 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/70-412-exam-dumps.html

Q1. Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the IP Address Management (IPAM) Server feature installed. 

You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1 and Server2. 

You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2. 

To which group on Server2 should you add Tech1? 

A. IPAM MSM Administrators 

B. IPAM Administrators 

C. winRMRemoteWMIUsers_ 

D. Remote Management Users 

Answer:

Explanation: 

If you are accessing the IPAM server remotely using Server Manager IPAM client RSAT, then you must be a member of the WinRMRemoteWMIUsers group on the IPAM server, in addition to being a member of the appropriate IPAM security group (or local Administrators group). 

Reference: IPAM Deployment Planning, IPAM specifications 


Q2. Your network contains one Active Directory domain named contoso.com. The domain contains the domain controllers configured as shown in the following table. 

The functional level of the domain and the forest is Windows Server 2008. 

An administrator named Admin1 is a member of the Domain Admins group. 

You need to ensure that Admin1 can deploy a Windows Server 2012 R2 domain controller to contoso.com. 

What should you do? 

A. Raise the forest functional level. 

B. Run the Set-ADForestMode cmdlet. 

C. Raise the domain functional level. 

D. Run the adprep.exe command. 

Answer:

Explanation: Adprep.exe commands run automatically as needed as part of the AD DS installation process on servers that run Windows Server 2012 or later. The commands need to run in the following cases: 

* Before you add the first domain controller that runs a version of Windows Server that is later than the latest version that is running in your existing domain. 

* Before you upgrade an existing domain controller to a later version of Windows Server, if that domain controller will be the first domain controller in the domain or forest to run that version of Windows Server. 

Reference: Running Adprep.exe 

https://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx 


Q3. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. 

The network has the physical sites and TCP/IP subnets configured as shown in the following table. 

You have a web application named App1 that is hosted on six separate Web servers. DNS has the host names and IP addresses registered as shown in the following table. 

You discover that when users connect to appl.contoso.com, they are connected frequently to a server that is not on their local subnet. 

You need to ensure that when the users connect to appl.contoso.com, they connect to a server on their local subnet. The connections must be distributed across the servers that host appl.contoso.com on their subnet. 

Which two settings should you configure? 

To answer, select the appropriate two settings in the answer area. 

Answer: 


Q4. Your network contains an Active Directory domain named adatum.com. The domain contains a server named CA1 that runs Windows Server 2012 R2. CA1 has the Active Directory Certificate Services server role installed and is configured to support key archival and recovery. 

You need to ensure that a user named User1 can decrypt private keys archived in the Active Directory Certificate Services (AD CS) database. The solution must prevent User1 from retrieving the private keys from the AD CS database. 

What should you do? 

A. Assign User1 the Issue and Manage Certificates permission to CA1. 

B. Assign User1 the Read permission and the Write permission to all certificate templates. 

C. Provide User1 with access to a Key Recovery Agent certificate and a private key. 

D. Assign User1 the Manage CA permission to CA1. 

Answer:

Explanation: 

Understanding the Key Recovery Agent Role KRAs are Information Technology (IT) administrators who can decrypt users’ archived private keys. An organization can assign KRAs by issuing KRA certificates to designated administrators and configure them on the CA. The KRA role is not one of the default roles defined by the Common Criteria specifications but a virtual role that can provide separation between Certificate Managers and the KRAs. This allows the separation between the Certificate Manager, who can retrieve the encrypted key from the CA database but not decrypt it, and the KRA, who can decrypt private keys but not retrieve them from the CA database. 

Reference: Understanding User Key Recovery 


Q5. You have a server named Server1 that runs Windows Server 2012 R2. 

When you install a custom Application on Server1 and restart the server, you receive the 

following error message: "The Boot Configuration Data file is missing some required information. File: BootBCD 

Error code: 0x0000034." 

You start Server1 by using Windows RE. 

You need to ensure that you can start Windows Server 2012 R2 on Server1. 

Which tool should you use? 

A. Bootsect 

B. Bootim 

C. Bootrec 

D. Bootcfg 

Answer:

Explanation: 

* Bootrec.exe tool to troubleshoot "Bootmgr Is Missing" issue. The /ScanOs option scans all disks for installations that are compatible with Windows Vista or Windows 7. Additionally, this option displays the entries that are currently not in the BCD store. Use this 

option when there are Windows Vista or Windows 7 installations that the Boot Manager menu does not list. 

* Error code 0x0000034 while booting. 

Resolution: 

1. Put the Windows Windows 7 installation disc in the disc drive, and then start the computer. 

2. Press any key when the message indicating "Press any key to boot from CD or DVD …". appears. 

3. Select a language, time, currency, and a keyboard or another input method. Then click Next. 

4. Click Repair your computer. 

5. Click the operating system that you want to repair, and then click Next. 

6. In the System Recovery Options dialog box, click Command Prompt. 

7. Type Bootrec /RebuildBcd, and then press ENTER. 

Incorrect: 

Not A. Bootsect.exe updates the master boot code for hard disk partitions to switch 

between BOOTMGR and NTLDR. You can use this tool to restore the boot sector on your 

computer. This tool replaces FixFAT and FixNTFS. 

Not D. The bootcfg command is a Microsoft Windows Server 2003 utility that modifies the 

Boot.ini file. 

Reference: Bootsect Command-Line Options 

http://technet.microsoft.com/en-us/library/cc749177(v=ws.10).aspx 

http://support.microsoft.com/kb/927392/en-us 

http://answers.microsoft.com/en-us/windows/forum/windows_7-system/error-code-0x0000034-in-windows-7/4dcb8d38-a206-40ed-bced-55e4a4de9bf2 


Q6. You have a file server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. 

Server1 has a volume named D that contains user data. Server1 has a volume named E that is empty. 

Server1 is configured to create a shadow copy of volume D every hour. You need to configure the shadow copies of volume D to be stored on volume E. 

What should you run? 

A. The Set-Volume cmdlet with the -driveletter parameter 

B. The Set-Volume cmdlet with the -path parameter 

C. The vssadmin.exe add shadowstorage command 

D. The vssadmin.exe create shadow command 

Answer:

Explanation: 

Add ShadowStorage 

Adds a shadow copy storage association for a specified volume. 

Incorrect: 

Not A. Sets or changes the file system label of an existing volume. -DriveLetter Specifies a 

letter used to identify a drive or volume in the system. 

Not B. Create Shadow 

Creates a new shadow copy of a specified volume. 

Not C. Sets or changes the file system label of an existing volume -Path Contains valid 

path information. 

Reference: Vssadmin; Set-Volume 

http://technet.microsoft.com/en-us/library/cc754968(v=ws.10).aspx 

http://technet.microsoft.com/en-us/library/hh848673(v=wps.620).aspx 


Q7. Your network contains an Active Directory domain named contoso.com. 

You deploy a server named Server1 that runs Windows Server 2012 R2. 

A local administrator installs the Active Directory Rights Management Services server role 

on Server1. 

You need to ensure that AD RMS clients can discover the AD RMS cluster automatically. 

What should you do? 

A. Run the Active Directory Rights Management Services console by using an account that is a member of the Schema Admins group, and then configure the proxy settings. 

B. Run the Active Directory Rights Management Services console by using an account that is a member of the Schema Admins group, and then register the Service Connection Point (SCP). 

C. Run the Active Directory Rights Management Services console by using an account that is a member of the Enterprise Admins group, and then register the Service Connection Point (SCP). 

D. Run the Active Directory Rights Management Services console by using an account that is a member of the Enterprise Admins group, and then configure the proxy settings. 

Answer:

Explanation: 

* The Active Directory Rights Management Services (AD RMS) Service Connection Point (SCP) is an object in Active Directory that holds the web address of the AD RMS certification cluster. AD RMS-enabled applications use the SCP to discover the AD RMS service; it is the first connection point for users to discover the AD RMS web services. 

* To register the SCP you must be a member of the local AD RMS Enterprise Administrators group and the Active Directory Domain Services (AD DS) Enterprise Admins group, or you must have been given the appropriate authority. 

Reference: The AD RMS Service Connection Point 


Q8. Your network contains two Active Directory forests named contoso.com and litwareinc.com. A two-way forest trusts exists between the forest. Selective authentication is enabled on 

the trust. 

The contoso.com forest contains a server named Server1. 

You need to ensure that users in litwareinc.com can access resources on Server1. 

What should you do? 

A. Install Active Directory Rights Management Services on a domain controller in contoso.com. 

B. Modify the permission on the Server1 computer account. 

C. Install Active Directory Rights Management Services on a domain controller in litwareinc.com. 

D. Configure SID filtering on the trust. 

Answer:

Explanation: 

Selective authentication between forests If you decide to set selective authentication on an incoming forest trust, you need to manually assign permissions on each computer in the domain as well as the resources to which you want users in the second forest to have access. To do this, set a control access right Allowed to authenticate on the computer object that hosts the resource in Active Directory Users and Computers in the second forest. Then, allow user or group access to the particular resources you want to share. 

Reference: Accessing resources across forests 


Q9. You have a server named Server1 that runs Windows Server 2012 R2. 

You have a subscription to Windows Azure. 

You need to register the Microsoft Azure Backup Agent on Server1. 

What should you do first? 

A. Install the Microsoft System Center 2012 Data Protection Manager (DPM) agent. 

B. Create a backup vault. 

C. Create Site Recovery vault. 

D. Configure a passphrase for the Azure Backup Agent. 

Answer:

Explanation: To back up files and data from your Windows Server to Azure, you must create a backup vault in the geographic region where you want to store the data. The main steps include: 

* the creation of the vault you will use to store backups 

* downloading a vault credential 

* the installation of a backup agent 

Reference: Configure Azure Backup to quickly and easily back up Windows Server 

https://azure.microsoft.com/sv-se/documentation/articles/backup-configure-vault/ 


Q10. Your network contains two Web servers named Server1 and Server2. Both servers run Windows Server 2012 R2. 

Server1 and Seiver2 are nodes in a Network Load Balancing (NLB) cluster. The NIB cluster contains an application named App1 that is accessed by using the URL http://app1.contoso.com. 

You plan to perform maintenance on Server1. 

You need to ensure that all new connections to App1 are directed to Server2. The solution must not disconnect the existing connections to Server1. 

What should you run? 

A. The Stop-NlbCluster cmdlet 

B. The nlb.exe stop command 

C. The Suspend-NlbCluster cmdlet 

D. The nlb.exe suspend command 

Answer:

Explanation: 

The Stop-NlbClusterNode cmdlet stops a node in an NLB cluster. When you use the stop the nodes in the cluster, client connections that are already in progress are interrupted. To avoid interrupting active connections, consider using the -drain parameter, which allows the node to continue servicing active connections but disables all new traffic to that node.