It is impossible to pass Microsoft 70-412 exam without any help in the short term. Come to Exambible soon and find the most advanced, correct and guaranteed Microsoft 70-412 practice questions. You will get a surprising result by our Far out Configuring Advanced Windows Server 2012 Services practice guides.
2021 Mar 70-412 actual test
Q21. You have a server named Server1 that runs Windows Server 2012 R2.
You modify the properties of a system driver and you restart Server1.
You discover that Server1 continuously restarts without starting Windows Server 2012 R2.
You need to start Windows Server 2012 R2 on Server1 in the least amount of time. The
solution must minimize the amount of data loss.
Which Advanced Boot Option should you select?
A. Repair Your Computer
B. Last Known Good Configuration (advanced)
C. Disable Driver Signature Enforcement
D. Disable automatic restart on system failure
Answer: B
Explanation:
Try using Last Known Good Configuration if you can't start Windows, but it started correctly the last time you turned on the computer.
Reference: Using Last Known Good Configuration
Q22. HOTSPOT
Your network contains one Active Directory forest named contoso.com and one Active Directory forest named adatum.com. Each forest contains a single domain.
You have the domain controllers configured as shown in the following table.
You perform the following three actions:
Create a user named User1 on DC3.
Create a file named File1.txt in the SYSVOL folder on DC1.
Create a Group Policy object (GPO) named GPO1 on DC1 and link GPO1 to
Site2.
You need to identify on which domain controller or controllers each object is stored.
What should you identify? To answer, select the appropriate options in the answer area.
Answer:
Q23. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
You are creating a central access rule named TestFinance that will be used to grant members of the Authenticated users group access to a folder stored on a Microsoft SharePoint Server 2013 server.
You need to ensure that the permissions are granted when the rule is published.
What should you do?
A. Set the Permissions to Use the following permissions as proposed permissions.
B. Set the Permissions to Use following permissions as current permissions.
C. Add a Resource condition to the current permissions entry for the Authenticated Users principal.
D. Add a User condition to the current permissions entry for the Authenticated Users principal.
Answer: B
Explanation:
To create a central access rule (see step 5 below): In the left pane of the Active Directory Administrative Center, click Tree View, select Dynamic Access Control, and then click Central Access Rules. Right-click Central Access Rules, click New, and then click Central Access Rule. In the Name field, type Finance Documents Rule. In the Target Resources section, click Edit, and in the Central Access Rule dialog box, click Add a condition. Add the following condition: [Resource] [Department] [Equals] [Value] [Finance], and then click OK. In the Permissions section, select Use following permissions as current permissions, click Edit, and in the Advanced Security Settings for Permissions dialog box click Add.
Note (not A): Use the following permissions as proposed permissions option lets you create the policy in staging.
6. In the Permission entry for Permissions dialog box, click Select a principal, type Authenticated Users, and then click OK.
Etc.
Incorrect:
Not A. Proposed permissions enable an administrator to more accurately model the impact
of potential changes to access control settings without actually changing them.
Reference: Deploy a Central Access Policy (Demonstration Steps)
https://technet.microsoft.com/en-us/library/hh846167.aspx
Q24. Your network contains an Active Directory forest named adatum.com. All servers run Windows Server 2012 R2. The domain contains four servers. The servers are configured as shown in the following table.
You need to deploy IP Address Management (IPAM) to manage DNS and DHCP.
On which server should you install IPAM?
A. Server1
B. Server2
C. Server3
D. Server4
Answer: D
Explanation:
An IPAM server is intended as a single-purpose server. It is not recommended to collocate
other network infrastructure roles such as DNS or DHCP on the same server. IPAM installation is not supported on a domain controller, and discovery of DHCP servers will be disabled if you install IPAM on a server that is also running the DHCP Server service. The following features and tools are automatically installed when you install IPAM Server.
Reference: IPAM Deployment Planning
Q25. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed.
You need to store the contents of all the DNS queries received by Server1.
What should you configure?
A. Logging from Windows Firewall with Advanced Security
B. Debug logging from DNS Manager
C. A Data Collector Set (DCS) from Performance Monitor
D. Monitoring from DNS Manager
Answer: B
Explanation:
Debug logging allows you to log the packets sent and received by a DNS server. Debug logging is disabled by default, and because it is resource intensive, you should only activate it temporarily when you need more specific detailed information about server performance.
Reference: Active Directory 2008: DNS Debug Logging Facts…
Far out 70-412 exam question:
Q26. Your network contains one Active Directory forest named contoso.com. The forest contains two child domains and six domain controllers. The domain controllers are configured as shown in the following table.
You need to prevent administrators from accidentally deleting any of the sites in the forest. What should you use?
A. Set-ADSite
B. Set-ADReplicationSite
C. Set-ADDomain
D. Set-ADReplicationSiteLink
E. Set-ADGroup
F. Set-ADForest
G. Netdom
Answer: B
Explanation: The Set-ADReplicationSite sets the replication properties for an Active
Directory site.
Parameter: -ProtectedFromAccidentalDeletion<Boolean>
Specifies whether to prevent the object from being deleted. When this property is set to
$True, you cannot delete the corresponding object without changing the value of the
property. The acceptable values for this parameter are:
-- $False or 0
-- $True or 1
Reference: Technet, Set-ADReplicationSite
https://technet.microsoft.com/en-us/library/hh852305(v=wps.630).aspx
Q27. Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that has the Active Directory Federation Services server role installed. All servers run Windows Server 2012.
You complete the Active Directory Federation Services Configuration Wizard on Server1. You need to ensure that client devices on the internal network can use Workplace Join. Which two actions should you perform on Server1? (Each correct answer presents part of the solution. Choose two.)
A. Run Enable-AdfsDeviceRegistration -PrepareActiveDirectory.
B. Edit the multi-factor authentication global authentication policy settings.
C. Run Enable-AdfsDeviceRegistration.
D. Run Set-AdfsProxyProperties HttpPort 80.
E. Edit the primary authentication global authentication policy settings.
Answer: C,E
Explanation:
C. To enable Device Registration Service
On your federation server, open a Windows PowerShell command window and type:
Enable-AdfsDeviceRegistration
Repeat this step on each federation farm node in your AD FS farm.
E. Enable seamless second factor authentication
Seamless second factor authentication is an enhancement in AD FS that provides an
added level of access protection to corporate resources and applications from external
devices that are trying to access them. When a personal device is Workplace Joined, it
becomes a ‘known’ device and administrators can use this information to drive conditional
access and gate access to resources.
To enable seamless second factor authentication, persistent single sign-on (SSO) and
conditional access for Workplace Joined devices.
In the AD FS Management console, navigate to Authentication Policies. Select Edit Global
Primary Authentication. Select the check box next to Enable Device Authentication, and
then click OK.
Reference: Configure a federation server with Device Registration Service.
Q28. Your network contains an Active Directory domain named adatum.com. The domain contains two sites named Site1 and Site2 and two domain controllers named DC1 and DC2. DC1 is located in Site1 and DC2 is located in Site2.
You install an additional domain controller named DC3 in Site1 and you ship DC3 to Site2.
A technician connects DC3 to Site2.
You discover that users in Site2 are authenticated only by DC2.
You need to ensure that the users in Site2 are authenticated by both DC2 and DC3.
What should you do?
A. In Active Directory Users and Computers, configure the msDS-PrimaryComputer attribute for DC3.
B. In Active Directory Users and Computers, configure the msDS-Site-Affinity attribute for DC3.
C. From Active Directory Sites and Services, move DC3.
D. From Active Directory Sites and Services, modify the site link between Site1 and Site2.
Answer: C
Explanation:
DC3 needs to be moved to Site2 in AD DS
Reference: Move a domain controller between sites
http://technet.microsoft.com/en-us/library/cc759326(v=ws.10).aspx
Q29. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 and a server named Server1. Both servers run Windows Server 2012 R2.
You configure the classification of a share on Server1 as shown in the Share1 Properties exhibit. (Click the Exhibit button.)
You configure the resource properties in Active Directory as shown in the Resource Properties exhibit. (Click the Exhibit button.)
You need to ensure that the Impact classification can be assigned to Share1 immediately.
Which cmdlet should you run on each server?
To answer, select the appropriate cmdlet for each server in the answer area.
Answer:
Q30. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured as nodes in an NLB cluster named Cluster1.
Port rules are configured for all clustered Applications.
You need to ensure that Server2 handles all client requests to the cluster that are NOT covered by a port rule.
What should you configure?
A. Affinity-None
B. Affinity-Single
C. The cluster quorum settings
D. The failover settings
E. A file server for general use
F. The Handling priority
G. The host priority
H. Live migration
I. The possible owner
J. The preferred owner
K. Quick migration
L. The Scale-Out File Server
Answer: G
Explanation:
Host Priorities Each cluster host is assigned a unique host priority in the range of 1 to 32, where lower numbers denote higher priorities. The host with the highest host priority (lowest numeric value) is called the default host. It handles all client traffic for the virtual IP addresses that is not specifically intended to be load-balanced. This ensures that server applications not configured for load balancing only receive client traffic on a single host. If the default host fails, the host with the next highest priority takes over as default host.
Reference: Network Load Balancing Technical Overview
http://technet.microsoft.com/en-us/library/bb742455.aspx