It is more faster and easier to pass the Microsoft 70-412 exam by using Actual Microsoft Configuring Advanced Windows Server 2012 Services questuins and answers. Immediate access to the Updated 70-412 Exam and find the same core area 70-412 questions with professionally verified answers, then PASS your exam with a high score now.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Microsoft 70-412 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 70-412 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/70-412-exam-dumps.html
2021 Apr 70-412 real exam
Q111. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA).
All users in the domain are issued a smart card and are required to log on to their domain-joined client computer by using their smart card.
A user named User1 resigned and started to work for a competing company.
You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not prevent other users from logging on to the domain.
Which tool should you use?
A. Active Directory Users and Computers
B. Server Manager
C. The Certificates snap-in
D. Active Directory Administrative Center
Answer: D
Explanation:
To disable or enable a user account using Active Directory Administrative Center
1. To open Active Directory Administrative Center, click Start , click Administrative Tools ,
and then click Active Directory Administrative Center .
To open Active Directory Users and Computers in Windows Server 2012, click Start , type
dsac.exe.
2. In the navigation pane, select the node that contains the user account whose status you
want to change.
3. In the management list, right-click the user whose status you want to change.
4. Depending on the status of the user account, do one of the following: . uk.co.certification.simulator.questionpool.PList@ef38f20
Reference: Disable or Enable a User Account
Q112. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
You need to create an IPv6 scope on Server1. The scope must use an address space that is reserved for private networks. The addresses must be routable.
Which IPV6 scope prefix should you use?
A. 2001:123:4567:890A::
B. FE80:123:4567::
C. FF00:123:4567:890A::
D. FD00:123:4567::
Answer: D Explanation:
Explanation/Reference:
* A unique local address (ULA) is an IPv6 address in the block fc00::/7, defined in RFC
4193. It is the approximate IPv6 counterpart of the IPv4 private address.
The address block fc00::/7 is divided into two /8 groups:
/ The block fc00::/8 has not been defined yet.
/ The block fd00::/8 is defined for /48 prefixes, formed by setting the 40 least-significant bits
of the prefix to a randomly generated bit string.
* Prefixes in the fd00::/8 range have similar properties as those of the IPv4 private address
ranges:
/ They are not allocated by an address registry and may be used in networks by anyone
without outside involvement.
/ They are not guaranteed to be globally unique.
/ Reverse Domain Name System (DNS) entries (under ip6.arpa) for fd00::/8 ULAs cannot
be delegated in the global DNS.
Reference: RFC 4193
Q113. Your network contains one Active Directory forest named contoso.com. The forest contains two child domains and six domain controllers. The domain controllers are configured as shown in the following table.
For the contoso.com domain, a company policy states that administrators must be able to retrieve a list of all the users who have not logged on to the network in the last seven days from any domain controller.
You need to ensure that the users’ last logon information from the last seven days is replicated to all of the domain controllers.
What should you use?
A. Set-ADSite
B. Set-ADReplicationSite
C. Set-ADDomain
D. Set-ADReplicationSiteLink
E. Set-ADGroup
F. Set-ADForest
G. Netdom
Answer: C
Reference: Technet, Set-ADDomain
https://technet.microsoft.com/en-us/library/ee617212.aspx
Q114. Your network contains three servers named HV1, HV2, and Server1 that run Windows Server 2012 R2. HV1 and HV2 have the Hyper-V server role installed. Server1 is a file server that contains 3 TB of free disk space.
HV1 hosts a virtual machine named VM1. The virtual machine configuration file for VM1 is stored in D:VM and the virtual hard disk file is stored in E:VHD.
You plan to replace drive E with a larger volume.
You need to ensure that VM1 remains available from HV1 while drive E is being replaced. You want to achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. Perform a live migration to HV2.
B. Add HV1 and HV2 as nodes in a failover cluster. Perform a storage migration to HV2.
C. Add HV1 and HV2 as nodes in a failover cluster. Perform a live migration to HV2.
D. Perform a storage migration to Server1.
Answer: D
Explanation:
One of the great new features coming in Windows Server 2012 is Storage Migration for Hyper-V. Storage Migration allows an administrator to relocate the source files that make up a virtual machine to another location without any downtime.
Storage Migration creates a copy of the file or files at the new location. Once that is finished, Server 2012 does a final replication of changes and then the virtual machine uses the files in the new location.
Reference: Windows Server 2012 Hyper-V – Part 3: Storage Migration
Q115. Your network contains an Active Directory forest. The forest contains one domain named adatum.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.
DC2 has all of the domain-wide operations master roles. DC3 has all of the forest-wide operation master roles.
You need to ensure that you can use Password Settings objects (PSOs) in the domain.
What should you do first?
A. Uninstall Active Directory from DC1.
B. Change the domain functional level.
C. Transfer the domain-wide operations master roles.
D. Transfer the forest-wide operations master roles.
Answer: A
Explanation:
In Windows Server 2008 and later, you can use fine-grained password policies to specify multiple password policies and apply different password restrictions and account lockout policies to different sets of users within a single domain.
Note: In Microsoft Windows 2000 and Windows Server 2003 Active Directory domains, you could apply only one password and account lockout policy, which is specified in the domain's Default Domain Policy, to all users in the domain. As a result, if you wanted different password and account lockout settings for different sets of users, you had to either create a password filter or deploy multiple domains. Both options were costly for different reasons.
Reference: AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide
Rebirth 70-412 training:
Q116. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC2 that runs Windows Server 2012 R2. DC2 has the DHCP Server server role installed.
DHCP is configured as shown in the exhibit. (Click the Exhibit button.)
You discover that client computers cannot obtain IPv4 addresses from DC2.
You need to ensure that the client computers can obtain IPv4 addresses from DC2.
What should you do?
A. Disable the Deny filters.
B. Enable the Allow filters.
C. Authorize DC2.
D. Restart the DHCP Server service
Answer: C
Explanation:
From the exhibit we see a red marker on the IPv4 server icon. The DHCP server is not
authorized.
Authorize DHCP Server
The final step is to authorize the server.
Right-click your FQDN and select Authorize.
Refresh the view by right-clicking your FQDN and selecting Refresh.
You should now see green check mark next to IPv4.
Example:
Reference: Server 2012 DHCP Server Role
Q117. Your network contains an Active Directory domain named contoso.com. The domain
contains three servers named Server1, Server2, and Server3 that run Windows Server 2012 R2. All three servers have the Hyper-V server role installed and the Failover Clustering feature installed.
Server1 and Server2 are nodes in a failover cluster named Cluster1. Several highly available virtual machines run on Cluster1. Cluster1 has the Hyper-V Replica Broker role installed. The Hyper-V Replica Broker currently runs on Server1.
Server3 currently has no virtual machines.
You need to configure Cluster1 to be a replica server for Server3 and Server3 to be a replica server for Cluster1.
Which two tools should you use? (Each correct answer presents part of the solution. Choose two.)
A. The Hyper-V Manager console connected to Server3
B. The Failover Cluster Manager console connected to Server3
C. The Hyper-V Manager console connected to Server1.
D. The Failover Cluster Manager console connected to Cluster1
E. The Hyper-V Manager console connected to Server2
Answer: A,D
Explanation:
A. To configure the Replica server [on a server that is not part of a cluster which in this case is Server3] In Hyper-V Manager, click Hyper-V Settings in the Actions pane. In the Hyper-V Settings dialog, click Replication Configuration.
In the Details pane, select Enable this computer as a Replica server. Etc.
D. To configure a Replica server that is part of a failover cluster.
1. In Server Manager, open Failover Cluster Manager.
2. In the left pane, connect to the cluster, and while the cluster name is highlighted, click Roles in the Navigate category of the Details pane.
3. Right-click the role and choose Replication Settings.
4. In the Details pane, select Enable this cluster as a Replica server. Etc.
Reference: Deploy Hyper-V Replica , Step 2: Enable Replication
http://technet.microsoft.com/en-us/library/jj134240.aspx
Q118. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 has the DNS Server server role installed.
The network contains client computers that run either Linux, Windows 7, or Windows 8.
You have a zone named adatum.com as shown in the exhibit. (Click the Exhibit button.)
You plan to configure Name Protection on all of the DHCP servers.
You need to configure the adatum.com zone to support Name Protection.
What should you do?
A. Change the zone type.
B. Sign the zone.
C. Add a DNSKEY record.
D. Configure Dynamic updates.
Answer: D
Explanation:
Name protection requires secure update to work. Without name protection DNS names may be hijacked.
You can use the following procedures to allow only secure dynamic updates for a zone. Secure dynamic update is supported only for Active Directory–integrated zones. If the zone type is configured differently, you must change the zone type and directory-integrate the zone before securing it for Domain Name System (DNS) dynamic updates.
Enable secure dynamic updates:
Reference: DHCP: Secure DNS updates should be configured if Name Protection is
enabled on any IPv4 scope http://technet.microsoft.com/en-us/library/ee941152(v=ws.10).aspx
Q119. Your network contains an Active Directory forest named contoso.com.
Users frequently access the website of an external partner company. The URL of the website is http://partners.adatum.com. The partner company informs you that it will perform maintenance on its Web server and that the IP addresses of the Web server will change.
After the change is complete, the users on your internal network report that they fail to access the website. However, some users who work from home report that they can access the website.
You need to ensure that your DNS servers can resolve partners.adatum.com to the correct IP address immediately.
What should you do?
A. Run dnscmd and specify the CacheLockingPercent parameter.
B. Run Set-DnsServerGlobalQueryBlockList.
C. Run ipconfig and specify the Renew parameter.
D. Run Set-DnsServerCache.
Answer: D
Explanation:
The Set-DnsServerCache cmdlet modifies cache settings for a Domain Name System
(DNS) server.
Run Set-DnsServerCache with the -LockingPercent switch.
/ -LockingPercent<UInt32>
Specifies a percentage of the original Time to Live (TTL) value that caching can consume.
Cache locking is configured as a percent value. For example, if the cache locking value is
set to 50, the DNS server does not overwrite a cached entry for half of the duration of the
TTL. By default, the cache locking percent value is 100. This value means that the DNS
server will not overwrite cached entries for the entire duration of the TTL.
Note. A better way would be clear the DNS cache on the DNS server with either Dnscmd
/ClearCache (from command prompt), or Clear-DnsServerCache (from Windows
PowerShell).
Reference: Set-DnsServerCache
http://technet.microsoft.com/en-us/library/jj649852.aspx
Incorrect:
Not A. You need to use the /config parameter as well:
You can change this value if you like by using the dnscmd command:
dnscmd /Config /CacheLockingPercent<percent>
Q120. HOTSPOT
You have a file server named Server1 that runs Windows Server 2012 R2.
You need to ensure that you can use the NFS Share - Advanced option from the New
Share Wizard in Server Manager.
Which two role services should you install?
To answer, select the appropriate two role services in the answer area.
Answer: