Microsoft 70-412 Online Practice Questions and Exam Preparation

Microsoft 70-412 Online Questions & Answers

• Question 191:

  HOTSPOT

  Your network contains 25 Web servers that run Windows Server 2012 R2. You need to configure auditing policies that meet the following requirements:

  

  Generate an event each time a new process is created.

  

  Generate an event each time a user attempts to access a file share.

  Which two auditing policies should you configure?

  To answer, select the appropriate two auditing policies in the answer area.

  Hot Area:

  

  

  ---

  * Audit object access

  Determines whether to audit the event of a user accessing an object (for example, file, folder, registry key, printer, and so forth) which has its own system access control list (SACL) specified.

  * Audit process tracking

  This security setting determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access.

  Reference: https://technet.microsoft.com/en-us/library/cc976403.aspx

  Reference: https://technet.microsoft.com/sv-se/library/Cc775520(v=WS.10).aspx

• Question 192:

  Your network contains two servers named Server1 and Server2.

  Both servers run Windows Server 2012 R2, On Server1, you create a Data Collector Set (DCS) named Data1.

  You need to export Data1 to Server2.

  What should you do first?

  A. Right-click Data1and click Data Manager...
  B. Right-click Data1 and click Save template...
  C. Right-click Data1 and click Properties.
  D. Right-click Data1 and click Export list...
  B. Right-click Data1 and click Save template...

  ---

  http://technet.microsoft.com/en-us/library/cc766318.aspx

• Question 193:

  Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.

  You need to create an IPv6 scope on Server1. The scope must use an address space that is reserved for private networks. The addresses must be routable. Which IPV6 scope prefix should you use?

  A. 2001:123:4567:890A::
  B. FE80:123:4567::
  C. FF00:123:4567:890A::
  D. FD00:123:4567::
  D. FD00:123:4567::

  ---

  A unique local address (ULA) is an IPv6 address in the block fc00::/7, defined in RFC 4193. It is the approximate IPv6 counterpart of the IPv4 private address.

  The address block fc00::/7 is divided into two /8 groups:

  The block fc00::/8 has not been defined yet.

  The block fd00::/8 is defined for /48 prefixes, formed by setting the 40 least-significant bits of the prefix to a randomly generated bit string.

  Prefixes in the fd00::/8 range have similar properties as those of the IPv4 private address ranges:

  They are not allocated by an address registry and may be used in networks by anyone without outside involvement.

  They are not guaranteed to be globally unique.

  Reverse Domain Name System (DNS) entries (under ip6.arpa) for fd00::/8 ULAs cannot be delegated in the global DNS.

  Reference: RFC 4193

• Question 194:

  You have a server named SCI that runs a Server Core Installation of Windows Server 2012 R2. Shadow copies are enabled on all volumes.

  You need to delete a specific shadow copy. The solution must minimize server downtime.

  Which tool should you use?

  A. Shadow
  B. Diskshadow
  C. Wbadmin
  D. Diskpart
  B. Diskshadow

  ---

  DiskShadow.exe is a tool that exposes the functionality offered by the Volume Shadow Copy Service (VSS). The diskshadow command delete shadows deletes shadow copies.

  

  References: Technet, Diskshadow https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/diskshadow

• Question 195:

  Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office.

  All domain controllers run Windows Server 2012 R2.

  The domain contains two domain controllers.

  DC1 hosts an Active Directory- integrated zone for contoso.com.

  You add the DNS Server server role to DC2.

  You discover that the contoso.com DNS zone fails to replicate to DC2.

  You verify that the domain, schema, and configuration naming contexts replicate from DC1 to DC2.

  You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication.

  Which tool should you use?

  A. Dnscmd
  B. Dnslint
  C. Repadmin
  D. Ntdsutil
  E. DNS Manager
  F. Active Directory Sites and Services
  G. Active Directory Domains and Trusts
  H. Active Directory Users and Computers
  F. Active Directory Sites and Services

  ---

  If you see questions about AD Replication, first preference is AD sites and services, then Repadmin and then DNSLINT.

  References: https://technet.microsoft.com/en-us/library/cc739941(v=ws.10).aspx

• Question 196:

  Your network contains two Active Directory forests named contoso.com and adatum.com. A two- way forest trust exists between the forests.

  The contoso.com forest contains an enterprise certification authority (CA) named Server1.

  You implement cross-forest certificate enrollment between the contoso.com forest and the adatum.com forest. On Server1, you create a new certificate template named Template1.

  You need to ensure that users in the adatum.com forest can request certificates that are based on Template1.

  Which tool should you use?

  A. DumpADO.ps1
  B. Repadmin
  C. Add-CATemplate
  D. Certutil
  E. PKISync.ps1
  E. PKISync.ps1

  ---

  PKISync.ps1 copies objects in the source forest to the target forest

  Consolidating certificate from multiple forests Because AD CS deployments can vary greatly, the exact steps you must take to consolidate your existing certificate templates cannot be described in this guide. The goal is to reduce the number of CAs and certificate templates in a multiforest environment by creating a set of certificate templates issued by resource forest CAs that provide certificates to domain members in all forests. Based on the number of forests and certificate templates in your environment, the timeframe you have to complete AD CS consolidation, and the requirements of your organization, you can use a combination of procedures described in this section to define the set of certificate templates issued by your resource forest CAs. For each certificate template you plan to issue from the resource forest, consider which of the following methods best meets the goals and requirements of your organization and complete the procedures described in that section. Copying account forest certificate templates into the resource forest Consolidating certificate templates with similar purposes from multiple account forests Consolidating version 2 and version 3 default certificate templates Consolidating version 1 default certificate templates The procedures described in this section require the Windows PowerShell script PKISync.ps1.

  Incorrect Answers:

  B: Repadmin.exe helps administrators diagnose Active Directory replication problems between domain controllers running Microsoft Windows operating systems.

  C: Adds a certificate template to the CA.

  D: Use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.

  References: https://technet.microsoft.com/en-us/library/ff955845(v=ws.10).aspx#BKMK_Consolidating https://technet.microsoft.com/en-us/library/cc770963(v=ws.10).aspx https://technet.microsoft.com/en-us/library/hh848372.aspx https://technet.microsoft.com/library/cc732443.aspx https://technet.microsoft.com/en-us/library/ff961506(v=ws.10).aspx

• Question 197:

  HOTSPOT

  Your network contains one active directory domain.

  The domain contains the servers configured as shown in the following table:

  

  Server1 has the zones shown in the following table: Server3 has the following output:

  Use the drop-down list to select the answer choice that completes each assignment.

  Hot Area:

  

  

• Question 198:

  Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs a Server Core installation of Windows Server 2012 R2.

  You need to deploy a certification authority (CA) to Server1. The CA must support the auto-enrollment of certificates.

  Which two cmdlets should you run? (Each correct answer presents part of the solution. Choose two.)

  A. Add-CAAuthoritylnformationAccess
  B. Install-AdcsCertificationAuthority
  C. Add-WindowsFeature
  D. Install-AdcsOnlineResponder
  E. Install-AdcsWebEnrollment
  B. Install-AdcsCertificationAuthority
  E. Install-AdcsWebEnrollment

  ---

  B. The Install-AdcsCertificationAuthority cmdlet performs installation and configuration of the AD CS CA role service. It can be used to install a root CA.

  Example:

  Install-AdcsCertificationAuthority 瑿AType StandaloneRootCA瑿ACommonName "ContosoRootCA" 璌eyLength 2048 璈ashAlgorithm SHA1瑿ryptoProviderName "RSA#Microsoft Software Key Storage Provider"

  E: The Install-AdcsWebEnrollment cmdlet performs initial installation and configuration of the Certification Authority Web Enrollment role service.

  Note: Prior to the availability of Certificate Enrollment Web Services, AD CS required that client computers configured for certificate auto-enrollment be connected directly to the corporate network. Certificate Enrollment Web Services allows organizations to enable AD CS using a perimeter network. This allows users and computers outside the corporate network to enroll for certificates.

  

  Certificate Enrollment web service Reference: Deploying AD CS Using Windows PowerShell

• Question 199:

  Your network contains an Active Directory domain named contoso.com. The domain contains a file server named File1 that runs a Server Core Installation of Windows Server 2012 R2.

  File1 has a volume named D that contains home folders. File1 creates a shadow copy of volume D twice a day.

  You discover that volume D is almost full.

  You add a new volume named H to File1.

  You need to ensure that the shadow copies of volume D are stored on volume H.

  Which command should you run?

  A. The Set-Volume cmdlet with the -driveletter parameter
  B. The vssadmin.exe create shadow command
  C. The Set-Volume cmdlet with the -path parameter
  D. The vssadmin.exe add shadowstorage command
  D. The vssadmin.exe add shadowstorage command

  ---

  Add ShadowStorage

  Adds a shadow copy storage association for a specified volume.

  Incorrect Answers:

  A. Sets or changes the file system label of an existing volume. -DriveLetter Specifies a letter used to identify a drive or volume in the system.

  B. Create Shadow

  Creates a new shadow copy of a specified volume.

  C. Sets or changes the file system label of an existing volume -Path Contains valid path information.

  References: Vssadmin; Set-Volume

  https://technet.microsoft.com/en-us/library/cc754968(v=ws.10).aspx

  https://technet.microsoft.com/en-us/library/hh848673(v=wps.620).aspx

• Question 200:

  Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the IP Address Management (IPAM) Server feature installed.

  You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1 and Server2.

  You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2.

  To which group on Server2 should you add Tech1? To answer, select the appropriate group in the answer area.

  A. IPAM MSM Administrators
  B. Remote Management Users
  C. WinRMPemoteWMNIUsers_
  D. IPAM Administrators
  C. WinRMPemoteWMNIUsers_

  ---

  If you are accessing the IPAM server remotely using Server Manager IPAM client RSAT, then you must be a member of the WinRMRemoteWMIUsers group on the IPAM server, in addition to being a member of the appropriate IPAMsecurity group (or local Administrators group).