Microsoft 70-412 Online Practice Questions and Exam Preparation

Microsoft 70-412 Online Questions & Answers

• Question 271:

  Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains three Active Directory sites named SiteA, SiteB, and SiteC.

  The sites contain four domain controllers.

  The domain controllers are configured as shown in the following table.

  

  An IP site link exits between each site.

  You discover that the users in SiteC are authenticated by the domain controllers in SiteA and SiteB.

  You need to ensure that the SiteC users are authenticated by the domain controllers in SiteB, unless all of the domain controllers in SiteB are unavailable.

  What should you do?

  A. Create a site link bridge.
  B. Create additional connection objects for DC3 and DC4.
  C. Create additional connection objects for DC1 and DC2.
  D. Increase the cost of the site link between SiteA and SiteC.
  D. Increase the cost of the site link between SiteA and SiteC.

  ---

  

  References: https://technet.microsoft.com/en-us/library/dd277430.aspx#XSLTsection126121120120

• Question 272:

  Your network contains servers that run Windows Server 2012 R2.

  The network contains a large number of iSCSI storage locations and iSCSI clients.

  You need to deploy a central repository that can discover and list iSCSI resources on the network automatically.

  Which feature should you deploy?

  A. the Windows Standards-Based Storage Management feature
  B. the iSCSI Target Server role service
  C. the iSCSI Target Storage Provider feature
  D. the iSNS Server service feature
  D. the iSNS Server service feature

  ---

  D. The Internet Storage Name Service (iSNS) protocol is used for interaction between iSNS servers and iSNS clients. iSNS clients are computers, also known as initiators, that are attempting to discover storage devices, also known as targets, on an Ethernet network.

  

  Incorrect Answers:

  A: Windows Server 2012 R2 enables storage management that is comprehensive and fully scriptable, and administrators can manage it remotely. A WMI-based interface provides a single mechanism through which to manage all storage, including non-Microsoft intelligent storage subsystems and virtualized local storage (known as Storage Spaces). Additionally, management applications can use a single Windows API to manage different storage types by using standards-based protocols such as Storage Management Initiative Specification (SMI-S).

  B: Targets are created in order to manage the connections between an iSCSI device and the servers that need to access it. A target defines the portals (IP addresses) that can be used to connect to the iSCSI device, as well as the security settings (if any) that the iSCSI device requires in order to authenticate the servers that are requesting access to its resources.

  C: iSCSI Target Storage Provider enables applications on a server that is connected to an iSCSI target to perform volume shadow copies of data on iSCSI virtual disks. It also enables you to manage iSCSI virtual disks by using older applications that require a Virtual Disk Service (VDS) hardware provider, such as the Diskraid command.

  References: https://technet.microsoft.com/en-us/library/cc726015.aspx https://technet.microsoft.com/en-us/library/cc772568.aspx

• Question 273:

  HOTSPOT

  Your network contains an Active Directory forest named contoso.com that contains a single domain. The forest contains three sites named Site1, Site2, and Site3.

  Domain controllers run either Windows Server 2008 R2 or Windows Server 2012 R2.

  Each site contains two domain controllers. Site1 and Site2 contain a global catalog server.

  You need to create a new site link between Site1 and Site2. The solution must ensure that the site link supports the replication of all the naming contexts.

  From which node should you create the site link?

  To answer, select the appropriate node in the answer area.

  Hot Area:

  

  

  ---

  Create a Site Link

  To create a site link

  Open Active Directory Sites and Services. To open Active Directory Sites and Services, click Start, click Administrative Tools, and then click Active Directory Sites and Services.

  To open Active Directory Sites and Services in Windows Server® 2012, click Start, type dssite.msc.

  In the console tree, right-click the intersite transport protocol that you want the site link to use.

  Use the IP intersite transport unless your network has remote sites where network connectivity is intermittent or end-to-end IP connectivity is not available. Simple Mail Transfer Protocol (SMTP) replication has restrictions that do not apply to

  IP replication.

  

  Reference: Create a Site Link technet.microsoft.com/en-us/library/cc731294.aspx

• Question 274:

  Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.

  You make a change to GPO1.

  You need to force all of the computers in OU1 to refresh their Group Policy settings immediately.

  The solution must minimize administrative effort.

  Which tool should you use?

  A. The Set-AdComputer cmdlet
  B. Group Policy Object Editor
  C. Active Directory Users and Computers
  D. Group Policy Management Console (GPMC)
  D. Group Policy Management Console (GPMC)

  ---

  In the previous versions of Windows, this was accomplished by having the user run GPUpdate.exe on their computer. Starting with Windows Server 2012 and Windows 8, you can now remotely refresh Group Policy settings for all computers in an OU from one central location through the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdate cmdlet to refresh Group Policy for a set of computers, not limited to the OU structure, for example, if the computers are located in the default computers container. Note: Group Policy Management Console (GPMC) is a scriptable Microsoft Management Console (MMC) snap-in, providing a single administrative tool for managing Group Policy across the enterprise. GPMC is the standard tool for managing Group Policy.

  Incorrect Answers:

  B: Secedit configures and analyzes system security by comparing your current configuration to at least one template.

• Question 275:

  Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DNS Server server role installed.

  Server1 is configured to use a DNS server from an Internet Service Provider (ISP) as a forwarder. Corporate management requires that client computers only resolve names of contoso.com computers.

  You need to configure Server1 to resolve names in the contoso.com zone only.

  What should you do on Server1?

  A. From DNS Manager, modify the root hints of Server1.
  B. From Windows PowerShell, run the Remove-DnsServerForwarder cmdlet.
  C. From Windows PowerShell, run theSet-NetDnsTransitionConfiguration cmdlet.
  D. From DNS Manager, modify the Advanced properties of Server1.
  A. From DNS Manager, modify the root hints of Server1.

  ---

  If the DNS server does not know the address of the requested site, then itwill forward the request to another DNS server. Inorder to do so, the DNS server must know of the IP address of another DNS server that it can forward the request to. This is the job of root hints. Root hints provides a list of IP addresses of DNS serversthat are considered to be authoritative at the root level of the DNS hierarchy (also known as root name server).

  http://technet.microsoft.com/en-us/library/ee649221(v=ws.10).aspx http://technet.microsoft.com/en-us/library/jj649867.aspx http://technet.microsoft.com/en-us/library/jj613703.aspx

• Question 276:

  Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.

  Server1 and Server2 are nodes in a Hyper-V cluster named Cluster1. Cluster1 hosts 10 virtual machines. All of the virtual machines run Windows Server 2012 R2 and are members of the domain.

  You need to ensure that the first time a service named Service1 fails on a virtual machine, the virtual machine is moved to a different node.

  You configure Service1 to be monitored from Failover Cluster Manager.

  What should you configure on the virtual machine?

  A. From the Recovery settings of Service1, set the First failure recovery action to Take No Action.
  B. From the General settings, modify the Startup type.
  C. From the Recovery settings of Service1, set the First failure recovery action to Restart the Service.
  D. From the General settings, modify the Service status.
  A. From the Recovery settings of Service1, set the First failure recovery action to Take No Action.

  ---

  When a monitored service fails the Recovery features of the service will take action. Example:

  

  In this case for the first failure the service will be restarted by the Service Control Manager inside the guest operating system, if the service fails for a second time the service will again be restarted via guest operating system. In case of a third failure the Service Control Manager will take no action and the Cluster service running on the Hyper-V host will take over recovery actions.

  References: How to configure VM Monitoring in Windows Server 2012

• Question 277:

  Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com.

  The forest functional level is Windows 2000.

  The contoso.com domain contains domain controllers that run either Windows Server 2008 or Windows Server 2008 R2.

  The domain functional level is Windows Server 2008.

  The fabrikam.com domain contains domain controllers that run either Windows 2000 Server or Windows Server 2003.

  The domain functional level is Windows 2000 native.

  The contoso.com domain contains a member server named Server1 that runs Windows Server 2012 R2.

  You need to add Server1 as a new domain controller in the contoso.com domain.

  What should you do first?

  A. Raise the functional level of the contoso.com domainto Windows Server 2008 R2.
  B. Upgrade the domain controllers that run Windows Server 2008 to Windows Server 2008 R2.
  C. Raise the functional level of the fabrikam.com domain to Windows Server 2003.
  D. Decommission the domain controllers that run Windows 2000.
  E. Raise the forest functional level to Windows Server 2003.
  D. Decommission the domain controllers that run Windows 2000.

  ---

  Server 2003 is the minimum Domain Functional level for any domain in the forest Windows Server 2012 R2 requires a Windows Server 2003 forest functional level. That is, before you can add a domain controller that runs Windows Server 2012 R2 to an existing Active Directory forest, the forest functional level must be Windows Server 2003 or higher.

  

  References: https://technet.microsoft.com/en-us/library/cc771294.aspx

• Question 278:

  Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.

  

  You configure a user named User1 as a delegated administrator of DC10.

  You need to ensure that User1 can log on to DC10 if the network link between the Main site and the Branch site fails.

  What should you do?

  A. Add User1 to the Domain Admins group.
  B. On DC10, modify the User Rights Assignment in Local Policies.
  C. Run repadmin and specify the /prp parameter.
  D. On DC10, run ntdsutil and configure the settings in the Roles context.
  E. Run repadmin and specify /replsingleobject parameter.
  F. On DC1, modify the User Rights Assignment in Default Controllers Group Policy object (GPO).
  C. Run repadmin and specify the /prp parameter.

  ---

  repadmin /prp will allow the password caching of the local administrator to the RODC.

  This command lists and modifies the Password Replication Policy (PRP) for read-only domain controllers (RODCs).

  References: RODC Administration

  https://technet.microsoft.com/en-us/library/cc755310%28v=ws.10%29.aspx

• Question 279:

  Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that has the Active Directory Federation Services server role installed. All servers run Windows Server 2012.

  You complete the Active Directory Federation Services Configuration Wizard on Server1.

  You need to ensure that client devices on the internal network can use Workplace Join.

  Which two actions should you perform on Server1? (Each correct answer presents part of the solution. Choose two.)

  A. Run Enable-AdfsDeviceRegistration -PrepareActiveDirectory.
  B. Edit the multi-factor authentication global authentication policy settings.
  C. Run Enable-AdfsDeviceRegistration.
  D. Run Set-AdfsProxyProperties HttpPort 80.
  E. Edit the primary authentication global authentication policy settings.
  C. Run Enable-AdfsDeviceRegistration.
  E. Edit the primary authentication global authentication policy settings.

  ---

  C. To enable Device Registration Service

  On your federation server, open a Windows PowerShell command window and type:

  Enable-AdfsDeviceRegistration

  Repeat this step on each federation farm node in your AD FS farm.

  E. Enable seamless second factor authentication

  Seamless second factor authentication is an enhancement in AD FS that provides an added level of access protection to corporate resources and applications from external devices that are trying to access them. When a personal device is

  Workplace Joined, it becomes a `known' device and administrators can use this information to drive conditional access and gate access to resources. To enable seamless second factor authentication, persistent single sign-on (SSO) and

  conditional access for Workplace Joined devices.

  In the AD FS Management console, navigate to Authentication Policies. Select Edit Global Primary Authentication. Select the check box next to Enable Device Authentication, and then click OK.

  Reference: Configure a federation server with Device Registration Service.

• Question 280:

  You have moved several domain controllers out of your organization's head office site to a new secondary datacenter that has its own site. Which of the following consoles should be used to update the site association of these domain controllers?

  A. Active Directory Administrative Center
  B. Active Directory Users and Computers
  C. Active Directory Sites And Services
  D. Active Directory Domains And Trusts
  C. Active Directory Sites And Services