Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(161-170)!

QUESTION 161
Your network contains an Active Directory forest.
The forest contains one domain named contoso.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[18]
DC1 has all of the operations master roles installed. You transfer all of the operations master roles to DC2, and then you uninstall Active Directory from DC1. You need to ensure that you can use Password Settings objects (PSOs) in the domain.
What should you do?

A.    Change the domain functional level.
B.    Upgrade DC2.
C.    Run the dcgpofix.exe command.
D.    Transfer the schema master role.

Answer: A
Explanation:
A. The domain functional level must be Windows Server 2008 to use PSO’s B. DC1 needs to be upgraded
C. Recreates the default Group Policy Objects (GPOs) for a domain D. Schema isn’t up to right level
http://technet.microsoft.com/en-us/library/cc770394(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh875588(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc753104.aspx

QUESTION 162
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server3 that runs Windows Server 2012 R2 and has the DHCP Server server role installed. DHCP is configured as shown in the exhibit.
 clip_image001[20]
You need to ensure that only Scope1, Scope3, and Scope5 assign the same DNS servers to DHCP clients. The solution must minimize administrative effort.
What should you do?

A.    Create a superscope and scope-level policies.
B.    Configure the Scope Options.
C.    Create a superscope and a filter.
D.    Configure the Server Options.

Answer: B
Explanation:
B. Any DHCP scope options configured for assignment to DHCP clients
http://technet.microsoft.com/en-us/library/dd759218.aspx
http://technet.microsoft.com/en-us/library/cc757682(v=WS.10).aspx

QUESTION 163
You have a server named Server1 that runs Windows Server 2012 R2. Server1 fails. You identify that the master
boot record (MBR) is corrupt. You need to repair the MBR. Which tool should you use?

A.    Bcdedit
B.    Bcdboot
C.    Bootrec
D.    Fixmbr

Answer: C
Explanation:
A. BCDEdit is a command-line tool for managing BCD stores. It can be used for a variety of purposes, including creating new stores, modifying existing stores, adding boot menu options, and so on. BCDEdit serves essentially the same purpose as Bootcfg.exe on earlier versions of Windows B. The BCDboot tool is a command-line tool that enables you to manage system partition files.
C. Bootrec.exe tool to troubleshoot "Bootmgr Is Missing" issue. The /ScanOs option scans all disks for installations that are compatible with Windows Vista or Windows 7. Additionally, this option displays the entries that are currently not in the BCD store. Use this option when there are Windows Vista or Windows 7 installations that the Boot Manager menu does not list.
D. Repairs the master boot record of the boot disk. The fixmbr command is only available when you are using the Recovery Console. Fixmbr option in Server 2008 and 2012 is a bootrec option
http://technet.microsoft.com/en-us/library/cc709667(v=ws.10).aspx http://technet.microsoft.com/en-us/library/dd744347(v=ws.10).aspx http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/enus/bootcons_fix mbr.mspx?mfr=true
http://www.youtube.com/watch?v=kFU8kngy6O0
http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/bbf4f440-50ce4ea2- a3eaa96dc2500352

QUESTION 164
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[22]
You configure a user named User1 as a delegated administrator of DC10.
You need to ensure that User1 can log on to DC10 if the network link between the Main site and the Branch site fails. What should you do?

A.    Add User1 to the Domain Admins group.
B.    On DC10, run ntdsutil and configure the settings in the Roles context.
C.    Run repadmin and specify the /prp parameter.
D.    On DC1, modify the User Rights Assignment in Default Domain Controllers Group Policy object (GPO).

Answer: D
Explanation:
Modify the following policy:
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights
Assignment\Allow log on locally
Note:
* User Rights Assignment policies determines which users or groups have logon rights or privileges on the computer.
* Delegated administrator accounts gain local administrative permissions to the RODC. These users can operate with privileges equivalent to the local computer’s Administrators group. They are not members of the Domain Admins or the domain built-in Administrators groups. This option is useful for delegating branch office administration without giving out domain administrative permissions. Configuring delegation of administration is not required.

QUESTION 165
You perform a full installation of Windows Server 2012 R2 on a virtual machine named Server1. You plan to use Server1 as a reference image. You need to minimize the amount of storage space used by the Windows Server 2012 R2 installation. Which cmdlet should you use?

A.    Remove-Module
B.    Optimize-VHD
C.    Optimize-Volume
D.    Uninstall-WindowsFeature

Answer: B
Explanation:
The Optimize-VHD cmdlet optimizes the allocation of space in or more virtual hard disk files, except for fixed virtual hard disks. The Compact operation is used to optimize the files. This operation reclaims unused blocks as well as rearranges the blocks to be more efficiently packed, which reduces the size of a virtual hard disk file.
Reference: Optimize-VHD
http://technet.microsoft.com/en-us/library/hh849732.aspx
http://technet.microsoft.com/en-us/library/hh848458.aspx
http://technet.microsoft.com/en-us/library/hh848675.aspx
http://technet.microsoft.com/en-us/library/jj205471.aspx

QUESTION 166
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
Server1 has a scope named Scope1. A policy named Policy1 is configured for Scope1. Policy1 is configured to provide Hyper-V virtual machines a one-day lease. All other computers receive an eight-day lease.
You implement an additional DHCP server named Server2 that runs Windows Server 2012 R2.
On Server1, you configure Scopel for DHCP failover.
You discover that virtual machines that receive IP addresses from Server2 have a lease duration of eight days.
You need to ensure that when Server2 assigns IP addresses to the Hyper-V virtual machines, the lease duration is one day. The solution must ensure that other computers that receive IP addresses from Server2 have a lease duration of eight days.
What should you do?

A.    On Server2, right-click Scope1, and then click Reconcile.
B.    On Server1, right-click Scope1, and then click Replicate Scope.
C.    On Server2, create a new DHCP policy.
D.    On Server1, delete Policy1, and then recreate the policy.

Answer: B
Explanation:
Scope 1 has been set up for DHCP failover. Now we need to replicate it from Server1 to Server2.
http://technet.microsoft.com/en-us/library/dd183579(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc772101.aspx

QUESTION 167
You deploy an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as the attribute store. Some users report that they fail to authenticate to the AD FS infrastructure. You discover that only users who run third-party web browsers experience issues. You need to ensure that all of the users can authenticate to the AD FS infrastructure successfully. Which Windows PowerShell command should you run?

A.    Set-ADFSProperties -ProxyTrustTokenLifetime 1:00:00
B.    Set-ADFSProperties -AddProxyAuthenticationRules None
C.    Set-ADFSProperties -SSOLifetime 1:00:00
D.    Set-ADFSProperties -ExtendedProtectionTokenCheck None

Answer: A
Explanation:
A. Sets the valid token lifetime for proxy trust tokens (in minutes). This value is used by the federation server proxy to authenticate with its associated federation server. B. Specifies a policy rule set that can be used to establish authorization permissions for setting up trust proxies. The default value allows the AD FS 2.0 service user account or any member of BUILTIN\Administrators to register a federation server proxy with the Federation Service. C. Specifies the duration of the single sign-on (SSO) experience for Web browser clients (in minutes). D. pecifies the level of extended protection for authentication supported by the federation server. Extended Protection for Authentication helps protect against man-in-the-middle (MITM) attacks, in which an attacker intercepts a client’s credentials and forwards them to a server.
http://technet.microsoft.com/zh-cn/library/ee892317.aspx

QUESTION 168
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a file server named Server1. The domain contains a domain controller named DC1.
Server1 contains three shared folders. The folders are configured as shown in the following table.
 clip_image001[24]
Folder2 has a conditional expression of User.Department= = MMarketing".
You discover that a user named User1 cannot access \\Server1\folder2. User1 can access \\Server1\folderl and \\Server1\folder3. You verify the group membership of User1 as shown in the Member Of exhibit. (Click the Exhibit button.)
 clip_image001[26]
You verify the organization information of User1 as shown in the Organization exhibit.
(Click the Exhibit button.)
 clip_image001[28]
You verify the general properties of User1 as shown in the General exhibit. (Click the Exhibit button.)
 clip_image001[30]
You need to ensure that User1 can access the contents of \\Server1\folder2. What should you do?

A.    From a Group Policy object (GPO), set the Support for Dynamic Access Control and Kerberos armoring
setting to Always provide claims.
B.    Change the department attribute of User1.
C.    Grant the Full Control NTFS permissions on Folder2 to User1.
D.    Remove Userl1from the Accounting global group.

Answer: B
Explanation:
B. Conditional Expression and users Department must match http://technet.microsoft.com/en-us/library/jj134043.aspx

QUESTION 169
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[32]
The Branch site contains a perimeter network.
For security reasons, client computers in the perimeter network can communicate with client computers in the Branch site only. You plan to deploy a new RODC to the perimeter network in the Branch site. You need to ensure that the new RODC will be able to replicate from DC10. What should you do first on DC10?

A.    Enable the Bridge all site links setting.
B.    Run the Active Directory Domain Services Configuration Wizard.
C.    Create an Active Directory site link bridge.
D.    Create an Active Directory site.

Answer: C
Explanation:
A. Site link transitivity is controlled by the Bridge all site links option on the properties pages of transport folders (such as IP or SMTP) in the Active Directory Sites and Services snapin. Site link transitivity is enabled by default.
B.
C.
If you cannot place a writable Windows Server 2008 domain controller in the nearest site to the RODC, RODC replication depends on a site link bridge between the site links that contain the site of the RODC and the site of the writable Windows Server 2008 domain controller.
D.
AD Site not readed for RODC
http://technet.microsoft.com/en-us/library/dd736189(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc738789(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc732632(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc778718(v=WS.10).aspx

QUESTION 170
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has Microsoft SQL Server 2012 installed.
You install the Active Directory Federation Services server role on Server2. You need to configure Server2 as the first Active Directory Federation Services (AD FS) server in the domain. The solution must ensure that the AD FS database is stored in a SQL Server database on Server1.
What should you do on Server2?

A.    From a command prompt, run fsutil.exe.
B.    From Windows PowerShell, run Install-ADFSFarm.
C.    From Server Manager, install the Federation Service Proxy.
D.    From Server Manager, install the AD FS Web Agents.

Answer: B
Explanation:
A. Performs tasks that are related to file allocation table (FAT) and NTFS file systems, such as managing reparse points, managing sparse files, or dismounting a volume.
B. Creates the first node of a new federation server farm
C. Not installing Proxy
D. Not Installing web agents
http://technet.microsoft.com/en-us/library/cc753059(v=ws.10).aspx http://technet.microsoft.com/en-us/library/jj553792.aspx Parameter: -SQLConnectionString<String>
Specifies the SQL Server database that will store the AD FS configuration settings. If not specified, the AD FS installer uses the Windows Internal Database to store configuration settings.

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(151-160)!

QUESTION 151
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001
The Branch site contains a member server named Server1 that runs Windows Server 2012 R2.
You need to identify which domain controller authenticated the computer account of Server1. What should you do?

A.    Verify the value of the %LOGONSERVER% environment variable.
B.    Run nltest /sc_query.
C.    Verify the value of the %SESSIONNAME% environment variable.
D.    Run nltest /dsgetsite.

Answer: A
Explanation:
A. %LOGONSERVER% is the domain controller that authenticated the current user.
B. Reports on the state of the secure channel the last time that you used it. (The secure channel is the one that the NetLogon service established.)
This parameter lists the name of the domain controller that you queried on the secure channel, also.
D. Returns the name of the site in which the domain controller resides.
http://technet.microsoft.com/en-us/library/cc753915(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc731935(v=ws.10).aspx
 clip_image001[4]

QUESTION 152
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 is a file server that has the Hyper-V server role installed. Server1 hosts several virtual machines. The virtual machine configuration files are stored on drive D and the VHD files are stored on drive E.
You plan to replace drive E with a larger volume. You need to ensure that the virtual machines on Server1 remain available while drive E is being replaced. What should you do?

A.    Perform a quick migration.
B.    Add Server1 and Server2 as nodes in a failover cluster.
C.    Perform a live migration.
D.    Perform a storage migration.

Answer: D
Explanation:
D. Hyper-V in Windows Server 2012 R2 introduces support for moving virtual machine storage without downtime by making it possible to move the storage while the virtual machine remains running. http://technet.microsoft.com/en-us/library/hh831656.aspx
 clip_image001[6]

QUESTION 153
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named File1 that runs a Server Core Installation of Windows Server 2012 R2. File1 has a volume named D that contains home folders. File1 creates a shadow copy of volume D twice a day.
You discover that volume D is almost full. You add a new volume named H to File1. You need to ensure that the shadow copies of volume D are stored on volume H. Which command should you run?

A.    The Set-Volume cmdlet with the -driveletter parameter
B.    The vssadmin.exe create shadow command
C.    The Set-Volume cmdlet with the -path parameter
D.    The vssadmin.exe add shadowstorage command

Answer: D
Explanation:
A. Sets or changes the file system label of an existing volume. -DriveLetter Specifies a letter used to identify a drive or volume in the system.
B. Displays current volume shadow copy backups and all installed shadow copy writers and providers. Shadow Creates a new shadow copy of a specified volume. C. Sets or changes the file system label of an existing volume -Path Contains valid path information.
D. Displays current volume shadow copy backups and all installed shadow copy writers and providers.
AddShadowStroage Adds a shadow copy storage association for a specified volume.
http://technet.microsoft.com/en-us/library/cc754968(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh848673(v=wps.620).aspx

QUESTION 154
Your network contains a perimeter network and an internal network. The internal network contains an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as the attribute store.
You plan to deploy a federation server proxy to a server named Server2 in the perimeter network. You need to identify which value must be included in the certificate that is deployed to Server2. What should you identify?

A.    The FQDN of the AD FS server
B.    The name of the Federation Service
C.    The name of the Active Directory domain
D.    The public IP address of Server2

Answer: A
Explanation:
A. It must contain the FQDN
http://technet.microsoft.com/en-us/library/cc776786(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc782620(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc759635(v=ws.10).aspx
 clip_image001[8]

QUESTION 155
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
You are creating a file management task as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[10]
You need to ensure that the Include all folders that store the following kinds of data list displays an entry named Corporate Data.
What should you do?

A.    Modify the properties of the System Files file group.
B.    Create a new classification property.
C.    Create a new file group.
D.    Modify the Folder Usage classification property.

Answer: B
Explanation:
B. Classification properties are used to assign values to files.
http://technet.microsoft.com/en-us/library/dd758765(v=WS.10).aspx

QUESTION 156
Your network contains an Active Directory forest named adatum.com. The forest contains an Active Directory Rights Management Services (AD RMS) cluster.
A partner company has an Active Directory forest named litwareinc.com. The partner company does not have AD RMS deployed.
You need to ensure that users in litwareinc.com can consume rights-protected content from adatum.com.
Which type of trust policy should you create?

A.    At federated trust
B.    A trusted user domain
C.    A trusted publishing domain
D.    Windows Live ID

Answer: A
Explanation:
A. In AD RMS rights can be assigned to users who have a federated trust with Active Directory Federation Services (AD FS). This enables an organization to share access to rights-protected content with another organization without having to establish a separate Active Directory trust or Active Directory Rights Management Services (AD RMS) infrastructure.
http://technet.microsoft.com/en-us/library/dd772651(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc738707(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc757344(v=ws.10).aspx
 clip_image001[12]

QUESTION 157
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[14]
The Branch site contains a perimeter network.
For security reasons, client computers in the perimeter network can communicate with client computers in the Branch site only. You plan to deploy a new RODC to the perimeter network in the Branch site. You need to ensure that the new RODC will be able to replicate from DC10. What should you do first on DC10?

A.    Run the Add-ADDSReadOnlyDomainControllerAccount cmdlet.
B.    Create an Active Directory site.
C.    Run the Active Directory Domain Services Configuration Wizard.
D.    Create an Active Directory subnet.

Answer: A
Explanation:
Add-ADDSReadOnlyDomainControllerAccount Creates a read-only domain controller (RODC) account that can be used to install an RODC in Active Directory.
Note:
* Notes
Once you have added the RODC account, you can add an RODC to a server computer by using the Install-ADDSDomainController cmdlet with the -ReadOnlyReplica switch parameter.
* Example
Adds a new read-only domain controller (RODC) account to the corp.contoso.com domain using the North America site as the source site for the replication source domain controller.
C:\PS>Add-ADDSReadOnlyDomainControllerAccount -DomainControllerAccountName RODC1 -DomainName corp.contoso.com -SiteName NorthAmerica Incorrect:
Not B: There already is a branch site.
Reference: Add-ADDSReadOnlyDomainControllerAccount

QUESTION 158
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[16]
You configure a user named User1 as a delegated administrator of DC10.
You need to ensure that User1 can log on to DC10 if the network link between the Main site and the Branch site fails.
What should you do?

A.    Add User1 to the Domain Admins group.
B.    Modify the properties of the DC10 computer account.
C.    Run repadmin and specify /replsingleobject parameter.
D.    On DC10, modify the User Rights Assignment in Local Policies.

Answer: D
Explanation:
Modify the following policy:
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on locally
Note:
* User Rights Assignment policies determines which users or groups have logon rights or privileges on the computer.
* Delegated administrator accounts gain local administrative permissions to the RODC. These users can operate with privileges equivalent to the local computer’s Administrators group. They are not members of the Domain Admins or the domain built-in Administrators groups. This option is useful for delegating branch office administration without giving out domain administrative permissions. Configuring delegation of administration is not required.

QUESTION 159
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest functional level is Windows Server 2012 R2.
You have a domain controller named DC1. On DC1, you create a new Group Policy object (GPO) named GPO1. You need to verify that GPO1 was replicated to all of the domain controllers.
Which tool should you use?

A.    Group Policy Management
B.    Active Directory Sites and Services
C.    DFS Management
D.    Active Directory Administrative Center

Answer: A
Explanation:
http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/3e580e00-d6194d25-b22d- 18f0170279c4
http://technet.microsoft.com/en-us/library/jj134176.aspx

QUESTION 160
Your network contains two DNS servers named DNS1 and DNS2 that run Windows Server 2012 R2. DNS1 has a primary zone named contoso.com. DNS2 has a secondary copy of the contoso.com zone. You need to log the zone transfer packets sent between DNS1 and DNS2. What should you configure?

A.    Monitoring from DNS Manager
B.    Logging from Windows Firewall with Advanced Security
C.    A Data Collector Set (DCS) from Performance Monitor
D.    Debug logging from DNS Manager

Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc776361(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc749337.aspx

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(141-150)!

QUESTION 141
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[50]
You discover that when you run Group Policy Results from Group Policy Management, the settings from site-linked Group Policy objects (GPOs) fail to appear in the results. You need to ensure that the settings from site-linked GPOs appear in the results. What should you do first?

A.    Run adprep on DC3 by using Windows Server 2012 R2 installation media.
B.    Transfer the infrastructure master role to DC3.
C.    Upgrade DC2 to Windows Server 2012 R2.
D.    Run adprep on DC1 by using Windows Server 2003 installation media.

Answer: A
Explanation:
In this scenario a Windows 2012 server has been added to a Windows 2003 network.
Note:
* Before adding your new Windows 2012 Domain Controller, or attempting to perform an inplace upgrade of an existing Windows 2008 or 2008 R2 DC, you must make sure that the Schema is upgraded to support your new Windows 2012 DC, and that you prepare each domain where you plan to install Windows 2012 DCs. To do this we can use the ADPREP.exe tool found in the support\adprep folder on your installation media.
* Starting with Windows 2012 there is only one version of ADPREP available, and that is a 64-bit version.
* Adprep is the utility–included in the OS installation media–that performs several crucial functions to upgrade AD to support that OS. The utility has three major options: /forestprep, /domainprep, and /rodcprep. The /forestprep option runs first, extending the AD schema with new object and attribute classes that the new AD version needs. The /domainprep option creates new well-known objects in AD, App1ies security changes, and miscellaneous other bits. Finally, /rodcprep makes forest-wide security changes to allow read-only domain controller (RODC) functionality. The Windows Server 2012 R2 version of adprep.exe can run on any server that runs a 64- bit version of Windows Server 2008 or later. Reference: How to add a Windows Server 2012 R2 domain controller to an existing Windows 2008 domain
http://technet.microsoft.com/en-us/library/bb726995.aspx
http://www.ipuptime.net/Multicast.aspx
http://technet.microsoft.com/en-us/library/gg144561(v=exchg.141).aspx http://en.wikipedia.org/wiki/Unique_local_address

QUESTION 142
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DNS Server server role installed. Server1 is configured to use a DNS server from an Internet Service Provider (ISP) as a forwarder. Corporate management requires that client computers only resolve names of contoso.com computers. You need to configure Server1 to resolve names in the contoso.com zone only.
What should you do on Server1?

A.    From DNS Manager, modify the root hints of Server1.
B.    From Windows PowerShell, run the Remove-DnsServerForwarder cmdlet.
C.    From Windows PowerShell, run the Set-NetDnsTransitionConfiguration cmdlet.
D.    From DNS Manager, modify the Advanced properties of Server1.

Answer: A
Explanation:
If the DNS server does not know the address of the requested site, then it will forward the request to another DNS server. In order to do so, the DNS server must know of the IP address of another DNS server that it can forward the request to. This is the job of root hints. Root hints provides a list of IP addresses of DNS servers that are considered to be authoritative at the root level of the DNS hierarchy(also known as root name server).
http://technet.microsoft.com/en-us/library/ee649221(v=ws.10).aspx http://technet.microsoft.com/en-us/library/jj649867.aspx
http://technet.microsoft.com/en-us/library/jj613703.aspx

QUESTION 143
You have a server named Server1 that runs Windows Server 2012 R2. Each day, Server1 is backed up fully to an external disk. On Server1, the disk that contains the operating system fails. You replace the failed disk. You need to perform a bare-metal recovery of Server1 by using the Windows Recovery Environment (Windows RE). What should you use?

A.    The Wbadmin.exe command
B.    The Repair-bde.exe command
C.    The Get-WBBareMetalRecovery cmdlet
D.    The Start-WBVolumeRecovery cmdlet

Answer: A
Explanation:
A. Enables you to back up and restore your operating system, volumes, files, folders, and applications from a command prompt.
B. Accesses encrypted data on a severely damaged hard disk if the drive was encrypted by using BitLocker. Repair-bde can reconstruct critical parts of the drive and salvage recoverable data as long as a valid recovery password or recovery key is used to decrypt the data. C. Gets the value that indicates whether the ability to perform bare metal recoveries from backups has been added to the backup policy (WBPolicy object).
D. Starts a volume recovery operation.

QUESTION 144
You have a file server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. Server1 has a volume named D that contains user data. Server1 has a volume named E that is empty. Server1 is configured to create a shadow copy of volume D every hour. You need to configure the shadow copies of volume D to be stored on volume E. What should you run?

A.    The Set-Volume cmdlet with the -driveletter parameter
B.    The Set-Volume cmdlet with the -path parameter
C.    The vssadmin.exe add shadowstorage command
D.    The vssadmin.exe create shadow command

Answer: C
Explanation:
A. Sets or changes the file system label of an existing volume. -DriveLetter Specifies a letter used to identify a drive or volume in the system.
B. Sets or changes the file system label of an existing volume -Path Contains valid path information. C. Displays current volume shadow copy backups and all installed shadow copy writers and providers. AddShadowStroage Adds a shadow copy storage association for a specified volume.
D. Displays current volume shadow copy backups and all installed shadow copy writers and providers. Shadow Creates a new shadow copy of a specified volume.
http://technet.microsoft.com/en-us/library/cc754968(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh848673(v=wps.620).aspx

QUESTION 145
Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2012 R2.
The domain contains four servers.
The servers are configured as shown in the following table.
 clip_image001[52]
You need to deploy IP Address Management (IPAM) to manage DNS and DHCP. On which server should you install IPAM?

A.    DC1
B.    DC2
C.    DC3
D.    Server1

Answer: D

QUESTION 146
You have a server named Server1 that runs Windows Server 2012 R2.
Server1 is backed up by using Windows Server Backup. The backup configuration is shown in the exhibit.
 clip_image002[24]
You discover that only the last copy of the backup is maintained. You need to ensure that multiple backup copies are maintained. What should you do?

A.    Modify the backup destination.
B.    Configure the Optimize Backup Performance settings.
C.    Modify the Volume Shadow Copy Service (VSS) settings.
D.    Modify the backup times.

Answer: A
Explanation:
A, The destination in the exhibit shows a network share is used. If a network share is being used only the latest copy will be saved
http://windows.microsoft.com/en-us/windows7/where-should-i-save-my-backup
 clip_image001[54]

QUESTION 147
You have a server named Server1 that runs Windows Server 2012 R2. Server1 is located in the perimeter network and has the DNS Server server role installed. Server1 has a zone named contoso.com. You apply a security template to Server1. After you apply the template, users report that they can no longer resolve names from contoso.com. On Server1, you open DNS Manager as shown in the DNS exhibit. (Click the Exhibit button.)
 clip_image001[56]
On Server1, you open Windows Firewall with Advanced Security as shown in the Firewall exhibit. (Click the Exhibit button.)
 clip_image002[26]
You need to ensure that users can resolve contoso.com names. What should you do?

A.    From Windows Firewall with Advanced Security, disable the DNS (TCP, Incoming) rule and the
DNS (UDP, Incoming) rule.
B.    From DNS Manager, modify the Zone Transfers settings of the contoso.com zone.
C.    From DNS Manager, unsign the contoso.com zone.
D.    From DNS Manager, modify the Start of Authority (SOA) of the contoso.com zone.
E.    From Windows Firewall with Advanced Security, modify the profiles of the DNS (TCP, Incoming) rule
and the DNS (UDP, Incoming) rule.

Answer: E

QUESTION 148
Your network contains an Active Directory domain named corp.contoso.com. You deploy Active Directory Rights Management Services (AD RMS). You have a rights policy template named Template1. Revocation is disabled for the template. A user named User1 can open content that is protected by Template1 while the user is connected to the corporate network. When User1 is disconnected from the corporate network, the user cannot open the protected content even
if the user previously opened the content. You need to ensure that the content protected by Template1 can be opened by users who are disconnected from the corporate network. What should you modify?

A.    The User Rights settings of Template1
B.    The templates file location of the AD RMS cluster
C.    The Extended Policy settings of Template1
D.    The exclusion policies of the AD RMS cluster

Answer: C
Explanation:
C. You can add trust policies so that AD RMS can process licensing requests for content that was rights protected
http://technet.microsoft.com/en-us/library/ee221071(v=ws.10).aspx

QUESTION 149
Your company recently deployed a new Active Directory forest named contoso.com. The forest contains two Active Directory sites named Site1 and Site2. The first domain controller in the forest runs Windows Server 2012 R2.
You need to force the replication of the SYSVOL folder from Site1 to Site2.
Which tool should you use?

A.    Active Directory Sites and Services
B.    DFS Management
C.    Repadmin
D.    Dfsrdiag

Answer: D
Explanation:
D. In Windows Server 2012 R2, Windows Server 2008 R2, or Windows Server 2008, you can force replication immediately by using DFS Management, as described in Edit Replication Schedules. You can also force replication by using the Dfsrdiag SyncNow command.
You can force polling by using the Dfsrdiag PollAD command.
http://technet.microsoft.com/en-us/library/cc773238(v=ws.10).aspx#BKMK_072

QUESTION 150
You have 30 servers that run Windows Server 2012 R2. All of the servers are backed up daily by using Windows Azure Online Backup. You need to perform an immediate backup of all the servers to Windows Azure Online Backup. Which Windows PowerShell cmdlets should you run on each server?

A.    Get-OBPolicy | StartOBBackup
B.    Start-OBRegistration | StartOBBackup
C.    Get-WBPolicy | Start-WBBackup
D.    Get-WBBackupTarget | Start-WBBackup

Answer: A
Explanation:
A. starts a backup job using a policy
B. Registers the current computer to Windows Azure Backup.
C. Not using Azure
D. Not using Azure
http://technet.microsoft.com/en-us/library/hh770406(v=wps.620).aspx http://technet.microsoft.com/en-us/library/hh770426.aspx
http://technet.microsoft.com/en-us/library/hh770398.aspx

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(131-140)!

QUESTION 131
You are employed as a network administrator at contoso.com . Contoso.com has an active directory domain named contoso.com All servers on the contoso.com network have Windows Server 2012 R2 installed.
Contoso.com has a server named server1,which is configured as a file server.
You have been instructed to enabled a feature that discovers and eradicates duplication within data without compromising its reliability or accuracy.
Which of the following actions should you take?

A.    You should consider having the Data Deduplication feature enabled.
B.    You should consider having the Storage Spaces feature enabled.
C.    You should consider having the Storage Management feature enabled.
D.    You should consider having the folder redirection feature enabled.

Answer: A
Explanation:
A. Data deduplication involves finding and removing duplication within data without compromising its fidelity or integrity
B. Storage Spaces in Windows Server 2012 R2 and Windows 8 enables cost-effective, optimally used, highly available, scalable, and flexible storage solutions for business-critical (virtual or physical) deployments.
C. Windows Server 2012 R2 enables storage management that is comprehensive and fully
scriptable, and administrators can manage it remotely.
D. older Redirection lets administrators redirect the path of a folder to a new location.
http://technet.microsoft.com/en-us/library/hh831602.aspx
http://technet.microsoft.com/en-us/library/hh831739.aspx
http://technet.microsoft.com/en-us/library/hh831751.aspx
http://technet.microsoft.com/en-us/library/cc732275.aspx http://blogs.technet.com/b/filecab/archive/2012/05/21/introduction-to-data-deduplication- inwindows-server-2012.aspxclip_image001[40]

clip_image001[42]

QUESTION 132
You are employed as a network administrator at contoso.com. contoso.com has a single Active Directory domain named contoso.com.All servers on the Contoso.com network have Windows Server 2012 R2 installed.
Contoso.com has two servers,named server1 and server2 which are configured in a two-node fail over cluster.
You are currently configuration the quorum settings for the cluster.
You want to make use of a quorum mode that allows each node to vote if it is available and in communication.
Which of the following is the mode you should use?

A.    Node Majority
B.    Node and Disk Majority
C.    Node and File Share Majority
D.    No Majority:Disk Only

Answer: A
Explanation:
A. Allows each node to vote
B. Allows each node and a disk witness to vote
C. Allows each node and a File share witness to vote
D. Allows one node with a specified disk to have quorum
http://technet.microsoft.com/en-us/library/cc770620(v=ws.10).aspx
 clip_image001[44]
QUESTION 133
You are employed as a network administrator at contoso.com. Contoso.com has a single Active Directory domain named contoso.com. All servers on the contoso.com network have Windows Server 2012 R2 installed.
You are preparing to install a third-party application on a contoso.com server,named SERVER1.
You find that the application is unable to install completely due to its driver not being digitally signed.
You want to make sure that the application can be installed succesfully.
Which of the following actions should you take_?

A.    You should consider downloading a signed driver
B.    You should consider having SERVER1 is restored to an earlier date
C.    You should consider making use of the Disable Driver Signature Enforcement option from the
Advanced Boot Option.
D.    You should consider restarting SERVER1 in safe Mode

Answer: C
Explanation:
A. The 3rd Party installation would need to be repackaged with a signed driver.
B. The restore to an older date would only work if the earlier date had Driver Sig Enforcement disabled.
C. Disable Driver Signature Enforcement from Advanced Boot Options allows the OS to load without the signed driver requirements
D. Safe Mode will not allow the unsigned driver to be installed, you need to select Disable Driver Signature Enforcement to not required signed drivers
http://technet.microsoft.com/en-us/library/bb491036.aspx
http://windows.microsoft.com/en-us/windows-vista/advanced-startup-options-includingsafe-mode
 clip_image001[46]

QUESTION 134
You are employed as a senior network administrator at contoso.com. Contoso.com has a single Active Directory Domain named contoso.com. All servers on the contoso.com network have Windows Server 2012 R2 installed.
You are running a training exercise for junior network administrator.
You are currently discussing the Dnslint.exe tool.
Which of the following should this tool be used for ? (Choose all that apply)

A.    To help diagnose common DNS name resolution issues
B.    For developing scripts for configuring a DNS server
C.    To administer the DNS server Service.
D.    To look for specific DNS record set and sure that they are consistent across multiple DNS servers.
E.    To verify that DNS records used specifially for Active Directory replication are correct
F.    To Create and delete zones and resource records.

Answer: ADE
Explanation:
http://support.microsoft.com/kb/321045
 clip_image002[14]
QUESTION 135
You work as an administrator at contoso.com. Contoso.com network consists of a single domain named contoso.com. All servers on the contoso.com network have Windows Server 2012 R2 installed. Contoso.com has a server,named SERVER1,which has the AD DS,DHCP and DNS server roles installed.Contoso.com also has a server named SERVER2,which has the DHCP and Remote Access Server Role installed.You have configured a server,which has the File and Storage Services Server role installed.to automatically acquire an IP address.The server is named Server3
You then create a filter on SERVER1 Which of the following is a reason for this configuration?

A.    To make sure that SERVER1 issues Server3 an IP address.
B.    To make sure that SERVER1 does not issue SERVER3 an IP address
C.    To make sure that SERVER3 acquires a constant IP address from SERVER2 only.
D.    To make sure that SERVER3 is configured with a static IP address

Answer: B
Explanation:
A. MAC Address Filtering allows the ability to Deny a MAC addresses to be issued a IP from the DHCP server
B. Deny Filter would not allow SERVER1 to issue SERVER3 an IP
C. A DHCP Reservation on SERVER2 would be needed for a constant IP
D. QUESTION: states it
is configure to automatically acquire IP
http://technet.microsoft.com/en-us/library/cc779507(v=ws.10).aspx http://technet.microsoft.com/en-us/library/ee941155(v=ws.10).aspx
 clip_image002[16]
QUESTION 136
You are employed as a network administrator at ABC.com. ABC.com has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2012 R2 installed.
You have been instructed to configure a custom Windows Recovery Environmen(Windows RE) image that should allow for a drive is mapped automatically to a network share in the event that a server is started using the image
Which of the following actions should you take?

A.    You should consider configuring the startnet.cmd in the image
B.    You should consider configuring the startup.exe command included in the image.
C.    You should consider configuring the ntdsutil command included in the image
D.    You should consider configuring the certutil.exe command included in the image

Answer: A

QUESTION 137
You are employed as a senior network administrator at ABC.com. ABC.com has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2012 R2 installed. You are currently running a training exercise for junior network administrators.You are discussing the endpoint types supported by Active Directory Federation Services(AD FS) Which of the following are supported types?(Choose all that apply)

A.    SAML WebSSO
B.    Anonymous
C.    WS-Federation Passive
D.    Client Certicate
E.    WS-Trust

Answer: ACE
Explanation:
http://technet.microsoft.com/en-us/library/adfs2-help-endpoints(v=ws.10).aspx

QUESTION 138
You are employed as a senior network administrator at ABC.com. ABC.com has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2012 R2 installed The ABC.com domain has an Active Directory site configured in London,and an Active Directory site in New york.
You have been instructed to make sure that the synchronization of account lockout data happens quicker.

A.    You should consider editing the options attribute from WANLINK properties
B.    You should consider editing the options attribute from LANLIK properties
C.    You should consider editing the options attribute from the DEFAULTSITELINK properties
D.    You should consider editing the proxyAddressess attribute from the DEFAULTIPSITELINK properties.

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc961787.aspx
 clip_image002[18]
 clip_image002[20]

QUESTION 139
You are employed as a senior network administrator at ABC.com. ABC.com has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2012 R2 installed.
ABC.com has two servers,named SERVER1 and SERVER2 which are configured in a two-node failover cluster. Server1 includes a folder,named ABCAppData,which is configured as a Distributed File System (DFS) name space folder target. After configuring another two nodes in the failover cluster, you are instructed to make sure that access to ABC AppData is highly available.
You also have to make sure that application data is replicated to ABCAppData via DFS replication.
Which following actions should you take ?

A.    You should consider configuring a scale-out File Server
B.    You should consider configuring the replication settings for the cluster
C.    You should consider configuring a file server for general use
D.    You should consider configuring the Quorum settings

Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/hh831349.aspx
 clip_image001[48]
 clip_image002[22]
QUESTION 140
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
You need to create an IPv6 scope on Server1. The scope must use an address space that is reserved for private networks. The addresses must be routable.
Which IPV6 scope prefix should you use?

A.    FF00::
B.    2001::
C.    FD00:123:4567::
D.    FE80::

Answer: C
Explanation:
Prefixes in the fd00::/8 range have similar properties as those of the IPv4 private address ranges:
* They are not allocated by an address registry and may be used in networks by anyone without outside involvement.
* They are not guaranteed to be globally unique.
* Reverse Domain Name System (DNS) entries (under ip6.arpa) for fd00::/8 ULAs cannot be delegated in the global DNS.
As fd00::/8 ULAs are not meant to be routed outside their administrative domain (site or organization), administrators of interconnecting networks normally do not need to worry about the uniqueness of ULA prefixes.

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(121-130)!

QUESTION 121
you are employee as a network administrator at abc.com. ABC.com has an active directory domain named ABC.com All servers on the abc.com network have Windows Server 2012 R2 installed and all workstations have windows 8 enterprise installed. ABC.com has established a remote Active directory site that only host workstations.The Computer accounts for these workstations have been placed in an organizational unit (OU),named ABCADRemote,which has a group policy object(GPO) associated with it. You are in the process of configuration Branchcahce for the remote Active directory site. You have Already turned Branchcache on. Which of the following actions should you take next_?

A.    You Should consider having the set Branchcache HostedServer Cache mode setting configured
B.    You Should consider having the set Branchcache Hostedclient Cache mode settting configured
C.    You Should consider having the set Branchcache distributed cache mode setting configured
D.    You should consider having the set BranchCache disabled cache mode settings configured

Answer: C

QUESTION 122
You are employed as a network administrator at ABC.com. ABC.com has an active directory domain named ABC.com. ALL servers on the ABC.com network have Windows Server 2012 R2. ABC.com has a server,named server 1, which runs the windows deployment services server role.
You make use of windows server backup to back up server 1. Subsequent to a disk array on server 1 becoming corrupt,you swap the disk array with new hardware.
You now need to recover server1 in the shortest time conceivable.
Which of the following actions should you take?

A.    you should consider making use of the Windows Server 2012 R2 installation media to start server1
B.    you should consider restoring server1 from a snapshot backup
C.    you should consider restoring server 1 from an incremental backup
D.    you should consider restoring server 1 from a differential backup

Answer: A

QUESTION 123
You are employed as a senior network administrator at ABC.com. ABC.com has an active directory domain named ABC.com. all servers on the abc.com network windows server2012 installed.
You are currently running a training exercise for junior network administrators.
You are discussing the PKISync.ps1 tool.
Which of the following is true with regards to The PKISync.ps1?

A.    it adds a certificate template to the CA
B.    it asssists administrators in diagnosing replication problems between windows domain controllers
C.    it is used to display information about the digital certificates that are installed on a directAccess client,
DirectAcces server,or intranet resource
D.    it copies objects in the source forest to the target forest.

Answer: D

QUESTION 124
You are employed as a network administrator ABC.com.
ABC.com has an active directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2012 R2 installed. ABC.com has a server named server1 which is configured as a DHCP server.
You have created a superscope on server1.
Which of the following describes reason for creating a superscope?(choose all that apply.)

A.    To support DHCP clients on a single physical network segment where multiple logical ip networks are used.
B.    To allow for the sending of network traffic to a group of endpoints destination hosts.
C.    To support remote DHCP clients located on the far side of DHCP and BOOTP relay agents.
D.    To provide fault tolerance

Answer: AC
Explanation:
http://technet.microsoft.com/en-us/library/cc757614(v=ws.10).aspx

QUESTION 125
You are employed as a network administrator at ABC.com. ABC.com has an active directory domain named ABC.com all servers including domain controllers on the ABC.com network have Windows Server 2012 R2 installed. ABC.com has its headquarters in London and an office in paris. The London Office has a domain controller named server1,which is configured as a writeable domain controller that servers as a Global catalog server and a DNS server. Server1 is configured to host an Active Directory-integrated zone for ABC.com
The Paris office has a Read-Only domain controller (RODC) named server2 which servers as a Global catalog server. After installing the DNS server role on server2, you want to make sure that the ABC.com zone is replicated to server2 via active directory replication.
Which of the following actions should you take?

A.    You should consider making use of Active Directory Sites and Services to Configured replication
B.    You should consider making use of replmon.exe to configure replication.
C.    You should consider making use of repadmin.exe to configure replication
D.    You should consider making use of Active Directory Schema To configure replication

Answer: A

QUESTION 126
You are employed as a network administrator at ABC.com. ABC.com has an Active Directory domain named. Abc.com all servers on the ABC.com network have Windows Server 2012 R2.
You are running a training exercise for junior network administrators.
You are currently discussing DHCP failover architecture.
You have informed the trainees that DHCP servers can be deployed as fail over partners in either hot standby mode or load sharing mode.
Which of the following is TRUE with regards to hot standby mode? (Choose all that apply)

A.    It is when two servers function in a fail over relationship where an active server is responsible for
leasing IP address and configuration data to all clients in a scope or subnet
B.    It when two servers in a fail over relationship server IP addresses and options to clients on a given
subnet at the same time
C.    It is best suited to deployments where a data center server acts as a standby backup server to a
server at a remote site
D.    It is best suited deployments where both servers in a fail over relationship are located at the same
physical site

Answer: AC
Explanation:
http://blogs.technet.com/b/teamdhcp/archive/2012/09/03/dhcp-failove r-hot-standby-mode.aspx

QUESTION 127
You are emloyed as a network administrator at ABC.com Abc.com has an Active directory domain named ABC.com all servers on the ABC.com network have Windows Server 2012 R2. The ABC.com domain has two Active Directory sites configured.
You want to make use of change notification configure replication between these Active Directory Sites.You have opened DEFAULTIPSITELINK Properties to configure the necessary attribute.
Which of the following is the attribute that needs to be configured?

A.    The revisiobn attribute
B.    The Options attribute
C.    The schedule attribute
D.    The proxyAddresses attribute

Answer: B

QUESTION 128
You are employed as a network administrator at ABC.com. ABC.com has an Active Directory domain named ABC.com all servers on the ABC.com network have Windows Server 2012 R2 installed. ABC.com has a server named SERVER1 which has been configured to run the HYPER-V server role Server1 is configures to host multiple vitrual mahines. When ABC.com acquires a server with a better hardware configuration to SERVER1 you are instructed to relocate the vitrual machines to the new server with as little interruptions as possible.
Which of the following actions should you take ? (Choose all that apply.)

A.    You should consider exporting the vitrual machines from Server1.
B.    You should consider running a snapshot backup of the SERVER1.
C.    You should consider importing the vitrual machine from Server1 to the new server.
D.    You shoul consider restoring the snapshot backup on the hard drives of the new server.

Answer: AC

QUESTION 129
You are employed as a network administrator at consoto.com. Contoso.com has in an Active Directory domain named contoso.com. All Servers on the contoso.com network have Windows Server 2012 R2 installed. A contoso.com server ,named Server1,hosts the Active Directory Certificate Services Server role and utilizes a hardware security module(HSM) to safeguard its private key.
You have beed instructed to backup the Active Directory Certificate Services (ADCS) database,log files,and private key regularly.
You should not use a utility supplied by the hardware security module (HSM) creator.
Which of the following actions should you take?

A.    You should consider scheduling an incremental backup
B.    You Should consider making use of the certutil.exe command.
C.    You should consider schedulling a differential backup
D.    You should consider schedulling a copy backup

Answer: B
Explanation:
A. ADCS needs to be backup up using certutil
B. -Backup, -backupdb, -backupKey: You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.
C. ADCS needs to be backup up using certutil
D. ADCS needs to be backup up using certutil
http://technet.microsoft.com/library/cc732443.aspx
http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backup http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupDB http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupKey http://blogs.technet.com/b/pki/archive/2010/04/20/disaster-recovery-procedures-for-theactive- directorycertificate-services-adcs.aspx
 clip_image001[36]
QUESTION 130
You are employed as a senior network administrator at contoso.com contoso.com has an active directory domain named contoso.com. All servers on the contoso.com network have Windows Server 2012 R2 installed.
You are currently running at training exercise for junior network administrators.
You are discussing the DNSSEC NRPT rule properly.
Which of the following describes the purpose of this rule property?

A.    It is used to indicate the namespace to which the policy applies.
B.    It is used to indicate whether the DNS client should check for DNSSEC validation in the response.
C.    It is used to indicate DNSSEC must be used to protect DNS traffic for queries belonging to the namespace.
D.    It is used to whether DNS connections over DNSSEC will use encryption

Answer: B
Explanation:
A. NRPT is a table that contains rules you can configure to specify DNS settings or special behavior for names or namespaces
B. The DNS client’s behavior is controlled by a policy(GPO) that determines whether the client should check for validation results for names within a given namespace.
C.
D. DNS does not provide any mechanism for the encryption of DNS queries and responses.
http://technet.microsoft.com/en-us/library/ee649241(v=ws.10).aspx http://technet.microsoft.com/en-us/library/ee683904(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/ee649205(v=ws.10).aspx

clip_image001[38]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(111-120)!

QUESTION 111
You manage an environment that has many servers. The servers run Windows Server 2012 R2 and use iSCSI storage. Administrators report that it is difficult to locate available iSCSI resources on the network. You need to ensure that the administrators can locate iSCSI resources on the network by using a central repository. Which feature should you deploy?

A.    The iSCSI Target Server role service
B.    The iSNS Server service feature
C.    The Windows Standards-Based Storage Management feature
D.    The iSCSI Target Storage Provider feature

Answer: B
Explanation:
A. iSNS facilitates automated discovery, management, and configuration of iSCSI and Fibre Channel devices (using iFCP gateways) on a TCP/IP network.
C. Windows Server 2012 R2 enables storage management that is comprehensive and fully scriptable, and administrators can manage it remotely
D. iSCSI Target Server enables you to network boot multiple computers from a single operating system image that is stored in a centralized location
http://technet.microsoft.com/en-us/library/cc772568.aspx
http://technet.microsoft.com/en-us/library/hh831751.aspx
http://technet.microsoft.com/en-us/library/dn305893.aspx

QUESTION 112
Your network contains an Active Directory domain named contoso.com. The network contains a file server named Server1 that runs Windows Server 2012 R2. You create a folder named Folder1. You share Folder1 as Share1. The NTFS permissions on Folder1 are shown in the Folder1 exhibit. (Click the Exhibit button.)
 clip_image002[6]
The Everyone group has the Full control Share permission to Folder1. You configure a central access policy as shown in the Central Access Policy exhibit. (Click the Exhibit button.)
 clip_image002[8]
Members of the IT group report that they cannot modify the files in Folder1. You need to ensure that the IT group members can modify the files in Folder1. The solution must use central access policies to control the permissions. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    On the Classification tab of Folder1, set the classification to Information Technology.
B.    On the Security tab of Folder1, add a conditional expression to the existing permission entry for
the IT group.
C.    On Share1, assign the Change Share permission to the IT group.
D.    On the Security tab of Folder1, remove the permission entry for the IT group.
E.    On the Security tab of Folder1, assign the Modify permission to the Authenticated Users group.

Answer: AE
Explanation:
Central access policies for files enable organizations to centrally deploy and manage authorization policies that include conditional expressions that use user groups, user claims, device claims, and resource properties. (Claims are assertions about the attributes of the object with which they are associated). For example, to access high-business-impact (HBI) data, a user must be a full-time employee, obtain access from a managed device, and log on with a smart card. These policies are defined and hosted in Active Directory Domain Services (AD DS). http://technet.microsoft.com/en-us/library/hh846167.aspx
 clip_image001[20]

clip_image001[22]

clip_image001[24]

QUESTION 113
You have a server named File1 that runs Windows Server 2012 R2. Fuel has the File Server role service installed. You plan to back up all shared folders by using Microsoft Online Backup. You download and install the Microsoft Online Backup Service Agent on File1. You need to ensure that you use Windows Server Backup to back up data to Microsoft Online Backup. What should you do?

A.    From Computer Management, add the File1 computer account to the Backup Operators group.
B.    From Windows Server Backup, run the Register Server Wizard.
C.    From a command prompt, run wbadmin.exe enable backup.
D.    From the Services console, modify the Log On settings of the Microsoft Online Backup Service Agent.

Answer: B
Explanation:
A. Enables you to back up and restore your operating system, volumes, files, folders, and applications from a command prompt.
B. To register a server for use with Windows Azure Backup you must run the register server wizard
http://technet.microsoft.com/en-us/library/hh831677.aspx

QUESTION 114
Your network contains an Active Directory domain named contoso.com. You are creating a custom Windows Recovery Environment (Windows RE) image. You need to ensure that when a server starts from the custom Windows RE image, a drive is mapped automatically to a network share. What should you modify in the image?

A.    startnet.cmd
B.    Xsl-mApp1ngs.xml
C.    Win.ini
D.    smb.types.ps1xml

Answer: A
Explanation:
The best way to define what to start is using starnet.cmd
http://technet.microsoft.com/en-us/library/cc766521(v=ws.10).aspx
 clip_image001[26]

QUESTION 115
You have a file server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. You need to ensure that users can access previous versions of files that are shared on Server1 by using the Previous Versions tab. Which tool should you use?

A.    Diskpart
B.    Wbadmin
C.    Vssadmin
D.    Storrept

Answer: C
Explanation:
A. Enables you to back up and restore your operating system, volumes, files, folders, and applications from a command prompt.
B. DiskPart is a text-mode command interpreter that enables you to manage objects (disks, partitions, volumes, or virtual hard disks) by using scripts or direct input from a command prompt. C. The storrept command is installed with File Server Resource Manager and includes
subcommands for creating and managing storage reports and storage report tasks, as well as for configuring general administrative options for File Server Resource Manager.
D. Displays current volume shadow copy backups and all installed shadow copy writers and providers. To view the command syntax for any of the commands in the following table, click the command name.
http://technet.microsoft.com/en-us/library/cc754015(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc770877(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc753567(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc754968.aspx
 clip_image001[28]

QUESTION 116
Your company has a main office and a branch office. The main office contains a file server named Server1. Server1 has the BranchCache for Network Files role service installed. The branch office contains a server named Server2. Server2 is configured as a BranchCache hosted cache server. You need to preload the data from the file shares on Server1 to the cache on Server2. You generate hashes for the file shares on Server1. Which cmdlet should you run next?

A.    Add-BCDataCacheExtension
B.    Set-BCCache
C.    Publish-BCFileContent
D.    Export-BCCachePackage

Answer: D
Explanation:
A. increases the amount of cache storage space that is available on a hosted cache server by adding a new cache file.
B. Modifies the cache file configuration.
C. Generates hashes, also called content information, for files in shared folders on a file server that have BranchCache enabled and the BranchCache for Network Files role service installed.
D. Exports a cache package
http://technet.microsoft.com/en-us/library/hh848405.aspx
http://technet.microsoft.com/en-us/library/hh848413.aspx
http://technet.microsoft.com/en-us/library/hh848412.aspx
http://technet.microsoft.com/en-us/library/hh848409.aspx
http://technet.microsoft.com/fr-fr/library/jj572970.aspx
 clip_image001[30]

QUESTION 117
Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Both servers have the DHCP Server server role installed. Server1 is located in the main office site. Server2 is located in the branch office site. Server1 provides IPv4 addresses to the client computers in the main office site. Server2 provides IPv4 addresses to the client computers in the branch office site. You need to ensure that if either Server1 or Server2 are offline, the client computers can still obtain IPv4 addresses.
The solution must meet the following requirements:
– The storage location of the DHCP databases must not be a single point of failure.
– Server1 must provide IPv4 addresses to the client computers in the branch office site only if Server2 is offline.
– Server2 must provide IPv4 addresses to the client computers in the main office site only if Server1 is offline.
Which configuration should you use?

A.    load sharing mode failover partners
B.    a failover cluster
C.    hot standby mode failover partners
D.    a Network Load Balancing (NLB) cluster

Answer: C
Explanation:
 clip_image001[32]
http://blogs.technet.com/b/teamdhcp/archive/2012/09/03/dhcp-failover-hot-standby-mode.aspx
http://blogs.technet.com/b/teamdhcp/archive/2012/09/03/dhcp-failover-hot-standby-mode.aspx

QUESTION 118
Your company has a main office and a branch office. The main office is located in Detroit. The branch office is located in Seattle. The network contains an Active Directory domain named adatum.com. Client computers run either Windows 7 Enterprise or Windows 8 Enterprise. The main office contains 1,000 client computers and 50 servers. The branch office contains 20 client computers. All computer accounts for the branch office are located in an organizational unit (OU) named SeattleComputers. A Group Policy object (GPO) named GPO1 is linked to the SeattleComputers OU. You need to configure BranchCache for the branch office.
 clip_image002[10]
Answer:
 clip_image002[12]

QUESTION 119
You have a server named Server 1 that runs Windows Server 2012 R2. Server1 has five network adapters. Three of the network adapters are connected to a network named LAN1. The two other network adapters are connected to a network named LAN2. You create a network adapter team named Team1 from two of the adapters connected to LAN1. You create a network adapter team named Team2 from the two adapters connected to LAN2. A company policy states that all server IP addresses must be assigned by using a reserved address in DHCP. You need to identify how many DHCP reservations you must create for Server1. How many reservations should you identify?

A.    2
B.    3
C.    5
D.    7

Answer: B
Explanation:
3 adapter on LAN 1
2 adapters on LAN 2
2 adapters on LAN 1 used in a team, so that’s 3 – 2 leaving 1. 2 adapaters on LAN 2 used in a team, so that’s 2 – 2 leaving 0. 1 team on LAN 1 + 1 team on LAN 2 + remaining adapter on LAN 1 = 3.

QUESTION 120
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the IP Address Management (IPAM) Server feature installed. IPAM is configured currently for Group Policy-based provisioning. You need to change the IPAM provisioning method on Server1. What should you do?

A.    Run the ipamgc.exe command.
B.    Run the Set-IPAMConfiguration cmdlet.
C.    Reinstall the IP Address Management (IPAM) Server feature.
D.    Delete IPAM Group Policy objects (GPOs) from the domain.

Answer: C
Explanation:
You cannot change the provisioning method after completing the initial setup.

clip_image001[34]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(101-110)!

QUESTION 101
You have a server named Server1 that runs Windows Server 2012 R2. Windows Server 2012 R2 is installed on volume C. You need to ensure that Safe Mode with Command Prompt loads the next time Server1 restarts. Which tool should you use?

A.    The Restart-Server cmdlet
B.    The Bootcfg command
C.    The Restart-Computer cmdlet
D.    The Bcdedit command

Answer: D
Explanation:
A. Restart-Server is not a CMDLET
B. modifies the Boot.ini file
C. Restarts computer
D. Boot Configuration Data (BCD) files provide a store that is used to describe boot applications and boot application settings.
http://support.microsoft.com/kb/317521
http://technet.microsoft.com/en-us/library/hh849837.aspx
http://technet.microsoft.com/en-us/library/cc731662(v=ws.10).aspx
 clip_image001
You can see with msconfig tool that boot options have changed as follows:
NOTE: Alternate Shell may be used
 clip_image001[6]
After reboot you should remove the safeboot option using bcdedit:
– bcdedit /deletevalue safeboot

QUESTION 102
You have a server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. Shadows copies are enabled on all volumes. You need to delete a specific shadow copy. The solution must minimize server downtime. Which tool should you use?

A.    Vssadmin
B.    Diskpart
C.    Wbadmin
D.    Shadow

Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc788026(v=ws.10).aspx
 clip_image001[8]
QUESTION 103
Your network contains two Web servers named Server1 and Server2. Server1 and Server2 are nodes in a Network Load Balancing (NLB) cluster. You configure the nodes to use the port rule shown in the exhibit. (Click the Exhibit button.)
 clip_image001[10]
You need to configure the NLB cluster to meet the following requirements:
– HTTPS connections must be directed to Server1 if Server1 is available.
– HTTP connections must be load balanced between the two nodes.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

A.    From the host properties of Server1, set the Handling priority of the existing port rule to 2.
B.    From the host properties of Server1, set the Handling priority of the existing port rule to 1.
C.    From the host properties of Server2, set the Priority (Unique host ID) value to 1.
D.    Create a port rule for TCP port 80. Set the Filtering mode to Multiple host and set the Affinity to None.
E.    From the host properties of Server2, set the Handling priority of the existing port rule to 2.
F.    Create an additional port rule for TCP port 443. Set the Filtering mode to Multiple host and set the Affinity
to Single.

Answer: BDE
Explanation:
Handling priority: When Single host filtering mode is being used, this parameter specifies the local host’s priority for handling the networking traffic for the associated port rule. The host with the highest handling priority (lowest numerical value) for this rule among the current members of the cluster will handle all of the traffic for this rule. The allowed values range from 1, the highest priority, to the maximum number of hosts allowed (32). This value must be unique for all hosts in the cluster.
E (not C): Lower priority (2) for Server 2.
D: HTTP is port 80.
Multiple hosts. This parameter specifies that multiple hosts in the cluster handle network traffic for the associated port rule. This filtering mode provides scaled performance in addition to fault tolerance by distributing the network load among multiple hosts. You can specify that the load be equally distributed among the hosts or that each host handle a specified load weight. Reference:
Network Load Balancing parameters

QUESTION 104
Your network contains two Active Directory forests named contoso.com and litwareinc.com. A two- way forest trusts exists between the forest. Selective authentication is enabled on the trust. The contoso.com forest contains a server named Server1. You need to ensure that users in litwareinc.com can access resources on Server1. What should you do?

A.    Install Active Directory Rights Management Services on a domain controller in contoso.com.
B.    Modify the permission on the Server1 computer account.
C.    Install Active Directory Rights Management Services on a domain controller in litwareinc.com.
D.    Configure SID filtering on the trust.

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc772808(v=ws.10).aspx
 clip_image001[12]

QUESTION 105
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. You add two additional nodes to Cluster1. You have a folder named Folder1 on Server1 that contains application data. You plan to provide continuously available access to Folder1. You need to ensure that all of the nodes in Cluster1 can actively respond to the client requests for Folder1. What should you configure?

A.    Affinity-None
B.    Affinity-Single
C.    The cluster quorum settings
D.    The failover settings
E.    A file server for general use
F.    The Handling priority
G.    The host priority
H.    Live migration
I.    The possible owner
J.    The preferred owner
K.    Quick migration
L.    the Scale-Out File Server

Answer: L
Explanation:
http://technet.microsoft.com/en-us/library/hh831349.aspx
Scale-Out File Server for application data (Scale-Out File Server) This clustered file server is introduced in Windows Server 2012 R2 and lets you store server application data, such as Hyper-V virtual machine files, on file shares, and obtain a similar level of reliability, availability, manageability, and high performance that you would expect from a storage area network. All file shares are online on all nodes simultaneously. File shares associated with this type of clustered file server are called scale-out file shares. This is sometimes referred to as active-active.
 clip_image001[14]
QUESTION 106
Information and details provided in a question apply only to that question. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured as nodes in an NLB cluster named Cluster1. Cluster1 hosts a secure web application named WebApp1. WebApp1 saves user state information locally on each node. You need to ensure that when users connect to WebApp1, their session state is maintained. What should you configure?

A.    Affinity-None
B.    Affinity-Single
C.    The cluster quorum settings
D.    The failover settings
E.    A file server for general use
F.    The Handling priority
G.    The host priority
H.    Live migration
I.    The possible owner
J.    The preferred owner
K.    Quick migration
L.    the Scale-Out File Server

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/bb687542.aspx
 clip_image001[16]

QUESTION 107
Your network contains an Active Directory domain named contoso.com. A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS). After the proof of concept was complete, the Active Directory Rights Management Services server role was removed. You attempt to deploy AD RMS. During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service Connection Point (SCP) was found. You need to remove the existing AD RMS SCP. Which tool should you use?

A.    ADSI Edit
B.    Active Directory Users and Computers
C.    Active Directory Domains and Trusts
D.    Active Directory Sites and Services
E.    Services
F.    Authorization Manager
G.    TPM Management
H.    Certification Authority

Answer: AD

QUESTION 108
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. The functional level of the forest is Windows Server 2003. You have a domain outside the forest named adatum.com. You need to configure an access solution to meet the following requirements:
– Users in adatum.com must be able to access resources in contoso.com.
– Users in adatum.com must be prevented from accessing resources in fabrikam.com.
– Users in both contoso.com and fabrikam.com must be prevented from accessing resources in adatum.com.
What should you create?

A.    a one-way realm trust from contoso.com to adatum.com
B.    a one-way realm trust from adatum.com to contoso.com
C.    a one-way external trust from contoso.com to adatum.com
D.    a one-way external trust from adatum.com to contoso.com

Answer: C

QUESTION 109
Your network contains an Active Directory domain named contoso.com. All file servers in the domain run Windows Server 2012 R2. The computer accounts of the file servers are in an organizational unit (OU) named OU1. A Group Policy object (GPO) named GPO1 is linked to OU1. You plan to modify the NTFS permissions for many folders on the file servers by using central access policies. You need to identify any users who will be denied access to resources that they can cu
rrently access once the new permissions are implemented. In which order should you Perform the five actions?
 clip_image002
Answer:
 clip_image002[4]
Explanation:
I hate steps like this because you can create a rule first and then the policy, or you can create the policy and create the rule during the creation of the policy. Either way I’m going to go with creating the policy first, and then the rule.

QUESTION 110
You have a file server named Server1 that runs Windows Server 2012 R2. Data Deduplication is enabled on drive D of Server1. You need to exclude D:\Folder1 from Data Deduplication. What should you configure?

A.    Disk Management in Computer Management
B.    File and Storage Services in Server Manager
C.    the classification rules in File Server Resource Manager (FSRM)
D.    the properties of D:\Folder1

Answer: B
Explanation:
B. Data deduplication exclusion on a Volume are set from File & Storage Services, Server Manager or PowerShell
http://technet.microsoft.com/en-us/library/hh831434.aspx

clip_image001[18]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(91-100)!

QUESTION 91
Your network contains an Active Directory domain named contoso.com. The domain contains two Active Directory sites named Site1 and Site2. You need to configure the replication between the sites to occur by using change notification. Which attribute should you modify?
 clip_image001[90]
Answer:
 clip_image001[92]

QUESTION 92
Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 clip_image002[22]
DC1 hosts an Active Directory-integrated zone for contoso.com. You add the DNS Server server role to DC2. You discover that the contoso.com DNS zone fails to replicate to DC2. You verify that the domain, schema, and configuration naming contexts replicate from DC1 to DC2. You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication. Which tool should you use?

A.    Dnslint
B.    A DNS Manager
C.    Active Directory Users and Computers
D.    Dnscmd
Answer: A
Explanation:
Note: If you see question about AD Replication, First preference is AD sites and services, then
Repadmin and then DNSLINT.

QUESTION 93
Your network contains an Active Directory forest named adatum.com. The forest contains a single domain. The domain contains four servers. The servers are configured as shown in the following table.
 clip_image001[94]
You need to update the schema to support a domain controller that will run Windows Server 2012 R2. On which server should you run adprep.exe?

A.    Server1
B.    DC3
C.    DC2
D.    DC1

Answer: B
Explanation:
C. DC3 is the only server that could be assumed to be 64bit
http://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx#BKMK_WS2012
 clip_image001[96]
QUESTION 94
Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012 R2. You plan to implement a new Active Directory forest. The new forest will be used for testing and will be isolated from the production network. In the test network, you deploy a server named Server1 that runs Windows Server 2012 R2. You need to configure Server1 as a new domain controller in a new forest named contoso.test. The solution must meet the following.
 clip_image002[24]
 clip_image002[26]
Select two options below.

A.    There is no need to set the Forest Functional Level.
B.    Set Forest Functional Level to Windows 2003.
C.    Set Forest Functional Level to Windows 2008
D.    Set Forest Functional Level to Windows 2008 R2.
E.    Set Forest Functional Level to Windows 2012.
F.    There is no need to set the Domain Functional Level.
G.    Set Domain Functional Level to Windows 2003.
H.    Set Domain Functional Level to Windows 2008
I.    Set Domain Functional Level to Windows 2008 R2.
J.    Set Domain Functional Level to Windows 2012.

Answer: BG
Explanation:
When you deploy AD DS, set the domain and forest functional levels to the highest value that your environment can support. This way, you can use as many AD DS features as possible. For example, if you are sure that you will never add domain controllers that run Windows Server 2003 to the domain or forest, select the Windows Server 2008 functional level during the deployment process. However, if you might retain or add domain controllers that run Windows Server 2003, select the Windows Server 2003 functional level. When you deploy a new forest, you are prompted to set the forest functional level and then set the domain functional level. You cannot set the domain functional level to a value that is lower than the forest functional level. Reference: Understanding Active Directory Domain Services (AD DS) Functional Levels
REWORDED
Very smartly reworded that you need to configure server 1 as new DC in a new forest named contoso.test and "also do name resolution". In the answer you will have to select Windows 2003 as domain and forest functional level and you should also check "Domain name system(DNS) server….
This is not in any dumps
* When you deploy AD DS, set the domain and forest functional levels to the highest value that your environment can support. This way, you can use as many AD DS features as possible. For example, if you are sure that you will never add domain controllers that run Windows Server 2003 to the domain or forest, select the Windows Server 2008 functional level during the deployment process. However, if you might retain or add domain controllers that run Windows Server 2003, select the Windows Server 2003 functional level. When you deploy a new forest, you are prompted to set the forest functional level and then set the domain functional level. You cannot set the domain functional level to a value that is lower than the forest functional level.
http://technet.microsoft.com/en-us/library/understanding-active-directory- functionallevels(v=ws.10).aspx

QUESTION 95
Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2. You have a Password Settings object (PSOs) named PSO1. You need to view the settings of PSO1. Which tool should you use?

A.    Get-ADDomainControllerPasswordReplicationPolicy
B.    Get-ADDefaultDomainPasswordPolicy
C.    Server Manager
D.    Get-ADFineGrainedPasswordPolicy

Answer: D
Explanation:
A. Gets the members of the allowed list or denied list of a read-only domain controller’s password replication policy
B. Gets the default password policy for an Active Directory domain.
C. PSO’s managed from AD AC or Powershell Only
D. Gets one or more Active Directory fine grained password policies.
http://technet.microsoft.com/en-us/library/ee617207.aspx
http://technet.microsoft.com/en-us/library/ee617244.aspx
http://technet.microsoft.com/en-us/library/ee617231.aspx

QUESTION 96
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the IP Address Management (IPAM) Server feature installed. You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1 and Server2. You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2. To which group on Server2 should you add Tech1? To answer, select the appropriate group in the answer area.
 clip_image001[98]
Answer:
 clip_image001[100]
Explanation:
http://www.microsoft.com/en-us/download/dlx/ThankYou.aspx?id=29012
 clip_image002[28]
Both WinRMRemoteWMIUsers_ and Remote Management Users have the exact same description. As such, I tested connecting with server manager remotely with a non-administrative account. I tried before adding to either group and got this error:
 clip_image001[102]
I then added to Remote Management Users and got this error:
 clip_image001[104]
Note that this is due to access to the event log only.
Next I removed from Remote Management Users and added to WinRMRemoteWMIUsers_ and got this error:
 clip_image001[106]
The error is exactly the same and the explanation is due to event log. In summary, Either one of these answers is correct, however since the document explicitly says use the "WinRMRemoteWMIUsers_" group, then that’s what we got to do.

QUESTION 97
You have a server named Server2 that runs Windows Server 2012 R2. You have storage provisioned on Server2 as shown in the exhibit. (Click the Exhibit button.) You need to configure the storage so that it appears in Windows Explorer as a drive letter on Server1. Which three actions should you perform in sequence? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
 clip_image002[30]
Answer:
 clip_image002[32]
QUESTION 98
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 Both servers have the IP Address Management (IPAM) Server feature installed. You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1 and Server2. You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2. To which group on Server2 should you add Tech1.

A.    IPAM MSM Administrators
B.    IPAM Administrators
C.    winRMRemoteWMIUsers_
D.    Remote Management Users

Answer: C
Explanation:
A. IPAM MSM Administrators can’t access remotely
B. IPAM Administrators can’t access remotely
C. If you are accessing the IPAM server remotely using Server Manager IPAM client RSAT, then you must be a member of the WinRMRemoteWMIUsers group on the IPAM server, in addition to being a member of the appropriate IPAM security group (or local Administrators group).
http://msdn.microsoft.com/en-us/library/windows/desktop/aa384295(v=vs.85).aspx http://www.microsoft.com/en-us/download/details.aspx?id=29012

QUESTION 99
Your network contains two Active Directory forests named contoso.com and adatum.com. Both forests contain multiple domains. All domain controllers run Windows Server 2012 R2. Contoso.com has a one-way forest trust to adatum.com. A domain named paris.eu.contoso.com hosts several legacy applications that use NTLM authentication. Users in a domain named london.europe.adatum.com report that it takes a long time to be authenticated when they attempt to access the legacy applications hosted in paris.eu.contoso.com. You need to reduce how long it takes for the london.europe.adatum.com users to be authenticated in paris.eu.contoso.com. What should you do?

A.    Create a shortcut trust.
B.    Create an external trust between the forest root domains.
C.    Disable SID filtering on the existing trust.
D.    Create an external trust.

Answer: A
Explanation:
A. Shortcut trusts are one-way or two-way, transitive trusts that can be used when administrators need to optimize the authentication process. Authentication requests must first travel a trust path between domain trees, and in a complex forest this can take time, which can be reduced with shortcut trusts.
B. Use external trusts to provide access to resources located on a Windows NT 4.0 domain or a domain located in a separate forest that is not joined by a forest trust.
C. Filters users or SIDs from one domain
D. Use external trusts to provide access to resources located on a Windows NT 4.0 domain or a domain located in a separate forest that is not joined by a forest trust
http://technet.microsoft.com/en-us/library/cc737939(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc775736(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc772633(v=ws.10).aspx
 clip_image001[108]
QUESTION 100
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. You are creating a central access rule named TestFinance that will be used to audit members of the Authenticated Users group for access failure to shared folders in the finance department. You need to ensure that access requests are unaffected when the rule is published.
What should you do?

A.    Add a User condition to the current permissions entry for the Authenticated Users principal.
B.    Set the Permissions to Use the following permissions as proposed permissions.
C.    Add a Resource condition to the current permissions entry for the Authenticated Users principal.
D.    Set the Permissions to Use following permissions as current permissions.

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/jj134043.aspx

clip_image001[110]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(81-90)!

QUESTION 81
Your network contains an Active Directory domain named contoso.com. A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS). After the proof of concept was complete, the Active Directory Rights Management Services server role was removed. You attempt to deploy AD RMS. During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service Connection Point (SCP) was found. You need to remove the existing AD RMS SCP. Which tool should you use?

A.    Authorization Manager
B.    TPM Management
C.    Active Directory Sites and Services
D.    Services

Answer: C

QUESTION 82
Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[60]
DC1 hosts an Active Directory-integrated zone for contoso.com. You add the DNS Server server role to DC2. You discover that the contoso.com DNS zone fails to replicate to DC2. You verify that the domain, schema, and configuration naming contexts replicate from DC1 to DC2. You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication. Which tool should you use?

A.    Ntdsutil
B.    Repadmin
C.    Dnslint
D.    Active Directory Domains and Trusts

Answer: B
Explanation:
If you see question about AD Replication, First preference is AD sites and services, then
Repadmin and then DNSLINT.

QUESTION 83
You have a server named Server1 that runs Windows Server 2012 R2. Windows Server 2012 R2 is installed on volume C. You need to ensure that Safe Mode with Networking loads the next time Server1 restarts. Which tool should you use?

A.    The Msconfig command
B.    The Restart-Server cmdlet
C.    The Restart-Computer cmdlet
D.    The Bootcfg command

Answer: A
Explanation:
A. Use system config to configure boot options
B. Not a valid cmdlet
C. Restarts ("reboots") the operating system on local and remote computers. No boot options
D. modifies the Boot.ini file no option for safe mode/networking for win8/2012
http://technet.microsoft.com/en-us/library/hh849837.aspx
http://support.microsoft.com/kb/317521
http://technet.microsoft.com/en-us/library/cc725967.aspx
 clip_image001[62]

QUESTION 84
You have a file server named FS1 that runs Windows Server 8. Data Deduplication is enabled on FS1. You need to configure Data Deduplication to run at a normal priority from 20:00 to 06:00 daily. What should you configure?

A.    File and Storage Services in Server Manager
B.    The Data Deduplication process in Task Manager
C.    Disk Management in Computer Management
D.    The properties of drive C

Answer: A
Explanation:
A. In Windows Server 2012 R2, deduplication can be enabled locally or remotely by using Windows PowerShell or Server Manager.
http://technet.microsoft.com/en-us/library/hh831700.aspx
 clip_image001[64]

QUESTION 85
Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8 Enterprise. You have a remote site that only contains client computers. All of the client computer accounts are located in an organizational unit (CU) named Remote1. A Group Policy object (GPO) named GPO1 is linked to the Remote1 CU. You need to configure BranchCache for the remote site. Which two settings should you configure in GPO1? To answer, select the two appropriate settings in the answer area.
 clip_image001[66]
Answer:
 clip_image001[68]

QUESTION 86
Your company has a main office and a branch office. An Active Directory site exists for each office. The network contains an Active Directory forest named contoso.com. The contoso.com domain contains three member servers named Server1, Server2, and Server3. All servers run Windows Server 2012 R2. In the main office, you configure Server1 as a file server that uses BranchCache. In the branch office, you configure Server2 and Server3 as BranchCache hosted cache servers. You are creating a Group Policy for the branch office site. In the branch office, you need to configure the client computers that run Windows B to use Server2 and Server3 as BranchCache.
 clip_image001[70]
Answer:
 clip_image001[72]

QUESTION 87
Your network contains two Active Directory forests named contoso.com and fabrikam.com. A two- way forest trust exists between the forests. The contoso.com forest contains an enterprise certification authority (CA) named CAl. You implement cross-forest certificate enrollment between the contoso.com forest and the fabrikam.com forest. On CA1, you create a new certificate template named Template1. You need to ensure that users in the fabrikam.com forest can request certificates that are based on Template1. Which tool should you use?

A.    Sync-ADObject
B.    Pkiview.msc
C.    CertificateServices.ps1
D.    Certutil
E.    PKISync.ps1

Answer: E
Explanation:
A. Replicates a single object between any two domain controllers that have partitions in common. B. Monitoring and troubleshooting the health of all certification authorities (CAs) in a public key infrastructure (PKI) are essential administrative tasks facilitated by the Enterprise PKI snap-in.
D. use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.
E. PKISync.ps1 copies objects in the source forest to the target forest
http://technet.microsoft.com/en-us/library/hh852296.aspx
http://technet.microsoft.com/en-us/library/cc732261(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/ff955845(v=ws.10).aspx
 clip_image001[76]
 clip_image001[78]
QUESTION 88
Your network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA). The domain contains a server named Server1 that runs Windows Server 2012 R2. You install the Active Directory Federation Services server role on Server1. You plan to configure Server1 as an Active Directory Federation Services (AD FS) server. The Federation Service name will be set to adfs1.contoso.com. You need to identify which type of certificate template you must use to request a certificate for AD FS.
 clip_image001[80]
Answer:
 clip_image001[82]

QUESTION 89
Your network contains an Active Directory domain named contoso.com. A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS). After the proof of concept was complete, the Active Directory Rights Management Services server role was removed. You attempt to deploy AD RMS. During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service Connection Point (SCP) was found. You need to remove the existing AD RMS SCP.

A.    Certification Authority
B.    Authorization Manager
C.    ADSI Edit
D.    Active Directory Domains and Trusts

Answer: C
 clip_image001[84]

QUESTION 90
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as an enterprise certification authority (CA). You need to ensure that all of the users in the domain are issued a certificate that can be used for the following purposes:
– Email security
– Client authentication
– Encrypting File System (EFS)
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    From a Group Policy, configure the Certificate Services Client – Auto-Enrollment settings.
B.    From a Group Policy, configure the Certificate Services Client – Certificate Enrollment Policy settings.
C.    Modify the properties of the User certificate template, and then publish the template.
D.    Duplicate the User certificate template, and then publish the template.
E.    From a Group Policy, configure the Automatic Certificate Request Settings settings.

Answer: AD
Explanation:
The default user template supports all of the requirements EXCEPT auto enroll as shown below:
 clip_image001[86]
However a duplicated template from users has the ability to autoenroll:
 clip_image001[88]
The Automatic Certificate Request Settings GPO setting is only available to Computer, not user.
http://technet.microsoft.com/en-us/library/dd851772.aspx

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(71-80)!

QUESTION 71
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. You configure File Services and DHCP as clustered resources for Cluster1. Server1 is the active node for both clustered resources. You need to ensure that if two consecutive heartbeat messages are missed between Server1 and Server2, Server2 will begin responding to DHCP requests. The solution must ensure that Server1 remains the active node for the File Services clustered resource for up to five missed heartbeat messages. What should you configure?

A.    Affinity-None
B.    Affinity-Single
C.    The cluster quorum settings
D.    The failover settings
E.    A file server for general use
F.    The Handling priority
G.    The host priority
H.    Live migration
I.    The possible owner
J.    The preferred owner
K.    Quick migration
L.    the Scale-Out File Server

Answer: D
Explanation:
A. The number of heartbeats that can be missed before failover occurs is known as the heartbeat threshold
http://technet.microsoft.com/en-us/library/dn265972.aspx
http://technet.microsoft.com/en-us/library/dd197562(v=ws.10).aspx http://blogs.msdn.com/b/clustering/archive/2012/11/21/10370765.aspx

QUESTION 72
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows Server 2012 R2. You configure a new failover cluster named Cluster1. Server1 and Server2 are nodes in Cluster1. You need to configure the disk that will be used as a witness disk for Cluster1. How should you configure the witness disk?
To answer, drag the appropriate configurations to the correct location or locations. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 clip_image001[40]
Answer:
 clip_image002

QUESTION 73
Your network contains an Active Directory forest named contoso.com that contains a single domain. The forest contains three sites named Site1, Site2, and Site3. Domain controllers run either Windows Server 2008 R2 or Windows Server 2012 R2. Each site contains two domain controllers. Site1 and Site2 contain a global catalog server. You need to create a new site link between Site1 and Site2. The solution must ensure that the site link supports the replication of all the naming contexts. From which node should you create the site link?
To answer, select the appropriate node in the answer area.
 clip_image002[14]
Answer:
 clip_image002[16]

QUESTION 74
Your network contains an Active Directory domain named adatum.com. All servers run Windows Server 2012 R2. All domain controllers have the DNS Server server role installed. You have a domain controller named DC1. On DC1, you create an Active Directory-integrated zone named adatum.com and you sign the zone by using DNSSEC. You deploy a new read-only domain controller (RODC) named R0DC1. You need to ensure that the contoso.com zone replicates to R0DC1. What should you configure on DC1?
To answer, select the appropriate tab in the answer area.
 clip_image001[42]
Answer:
 clip_image001[44]

QUESTION 75
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has a single volume that is encrypted by using BitLocker Drive Encryption (BitLocker). BitLocker is configured to save encryption keys to a Trusted Platform Module (TPM). Server1 is configured to perform a daily system image backup. The motherboard on Server1 is upgraded. After the upgrade, Windows Server 2012 R2 on Server1 fails to start. You need to start the operating system on Server1 as soon as possible.
What should you do?
Start Server1 from the installation media. Run startrec.exe. Move the disk to a server that has a model of the old motherboard. Start the server from the installation media. Run bcdboot.exe. Move the disk to a server that has a model of the old motherboard. Start the server. Run tpm.msc. Start Server1 from the installation media. Perform a system image recovery.

A.    Start Server1 from the installation media. Run startrec.exe.
B.    Move the disk to a server that has a model of the old motherboard.
Start the server from the installation media.
Run bcdboot.exe.
C.    Move the disk to a server that has a model of the old motherboard.
Start the server. Run tpm.msc.
D.    Start Server1 from the installation media. Perform a system image recovery.

Answer: D
Explanation:
Encryption keys are lost. Nothing mentioned about password/keys recovery. My point is that the only way is to restore the server from a backup.
http://social.technet.microsoft.com/Forums/windows/en-US/6b34b4da-b1e2-4038- 8d6d192f973cadea/usingsystem-image-with-a-bitlocker-system-drive

QUESTION 76
You have a test server named Server1 that is configured to dual-boot between Windows Server 2008 R2 and Windows Server 2012 R2. You start Server1 and you discover that the boot entry for Windows Server 2008 R2 no longer appears on the boot menu. You start Windows Server 2012 R2 on Server1 and you discover the disk configurations shown in the following table.
 clip_image001[46]
You need to restore the Windows Server 2008 R2 boot entry on Server1. What should you do?

A.    Run bootrec.exe and specify the /scanos parameter.
B.    Run bcdedit.exe and specify the /create store parameter.
C.    Run bootcfg.exe and specify the /copy parameter.
D.    Run bootrec.exe and specify the /rebuildbcd parameter.

Answer: D

QUESTION 77
You have 3 server named LON-DC1 that runs Windows Server 2012 R2. An iSCSI virtual disk named VirtualiSCSIl.vhd exists on LON-DC1 as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[18]
You create a new iSCSI virtual disk named VirtualiSCSI2.vhd by using the existing itgt iSCSI target. VirtualiSCSIl.vhd is removed from LON-DC1. You need to assign VirtualiSCSI2.vhd a logical unit value of 0. What should you do?

A.    Modify the properties of the VirtualiSCSI2.vhd iSCSI virtual disk.
B.    Run the Add-IscsiVirtualDiskTargetMapping cmdlet and specify the -Lun parameter.
C.    Run the iscsicli command and specify the reportluns parameter.
D.    Run the iscsicpl command and specify the virtualdisklun parameter.

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/jj612800(v=wps.620).aspx
 clip_image001[48]
QUESTION 78
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains three Active Directory sites named SiteA, SiteB, and SiteC. The sites contain four domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[50]
An IP site link exits between each site. You discover that the users in SiteC are authenticated by the domain controllers in SiteA and SiteB. You need to ensure that the SiteC users are authenticated by the domain controllers in SiteB, unless all of the domain controllers in SiteB are unavailable. What should you do?

A.    Create a site link bridge.
B.    Create additional connection objects for DC3 and DC4.
C.    Create additional connection objects for DC1 and DC2.
D.    Increase the cost of the site link between SiteA and SiteC.

Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/dd277430.aspx#XSLTsection126121120120
 clip_image001[52]
QUESTION 79
You have a file server named Server1 that runs Windows Server 2012 R2. The folders on Server1 are configured as shown in the following table.
 clip_image001[56]
A new corporate policy states that backups must use Windows Azure Online Backup whenever possible. You need to identify which technology you must use to back up Server1. The solution must use Windows Azure Online Backup whenever possible. What should you identify? To answer, drag the appropriate backup type to the correct location or locations. Each backup type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 clip_image002[20]
Answer:
 clip_image002[6]

QUESTION 80
You have a server named File1 that runs Windows Server 2012 R2. File1 has the File Server role service installed. You plan to back up all shared folders by using Windows Azure Online Backup. You download and install the Windows Azure Online Backup Service Agent on File1. You need to ensure that you use Windows Server Backup to back up data to Windows Azure Online Backup. What should you do?

A.    From Computer Management, add the File1 computer account to the Backup Operators group.
B.    From the Services console, modify the Log On settings of the Windows Azure Online Backup Service Agent.
C.    From Windows Server Backup, run the Register Server Wizard.
D.    From a command prompt, run wbadmin.exe enable backup.

Answer: C
Explanation:
http://blogs.technet.com/b/windowsserver/archive/2012/03/28/microsoft-online- backupservice.aspx

clip_image001[58]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(61-70)!

QUESTION 61
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. The forest functional level is Windows 2000. The contoso.com domain contains domain controllers that run either Windows Server 2008 or Windows Server 2008 R2. The domain functional level is Windows Server 2008. The fabrikam.com domain contains domain controllers that run either Windows 2000 Server or Windows Server 2003. The domain functional level is Windows 2000 native. The contoso.com domain contains a member server named Server1 that runs Windows Server 2012 R2. You need to add Server1 as a new domain controller in the contoso.com domain. What should you do first?

A.    Raise the functional level of the contoso.com domain to Windows Server 2008 R2.
B.    Upgrade the domain controllers that run Windows Server 2008 to Windows Server 2008 R2.
C.    Raise the functional level of the fabrikam.com domain to Windows Server 2003.
D.    Decommission the domain controllers that run Windows 2000.
E.    Raise the forest functional level to Windows Server 2003.

Answer: D
Explanation:
D. Server 2003 is the minimum Domain Functional level for any domain in the forest Windows Server 2012 R2 requires a Windows Server 2003 forest functional level. That is, before you can add a domain controller that runs Windows Server 2012 R2 to an existing Active Directory forest, the forest functional level must be Windows Server 2003 or higher.
http://technet.microsoft.com/en-us/library/cc771294.aspx
 clip_image001[24]

QUESTION 62
Your network contains an Active Directory domain named adatum.com. The domain contains four servers. The servers are configured as shown in the following table.
 clip_image002[8]
You plan to deploy an enterprise certification authority (CA) on a server named Server5. Server5 will be used to issue certificates to domain-joined computers and workgroup computers. You need to identify which server you must use as the certificate revocation list (CRL) distribution point for Server5. Which server should you identify?

A.    Server 3
B.    Server 2
C.    Server 4
D.    Server 1

Answer: C
Explanation:
A. We cannot use AD DS because workgroup computers must access CRL distribution point
B. We cannot use File Share because workgroup computers must access CRL distribution point
C. Public facing web server can be used
D. AD DS, Web & File Share only
http://technet.microsoft.com/en-us/library/cc771079.aspx
 clip_image001[26]

QUESTION 63
You have a server named Server1 that has the Active Directory Certificate Services server role installed. Server1 uses a hardware security module (HSM) to protect the private key of Server1. You need to ensure that the Active Directory Certificate Services (AD CS) database, log files, and private key are backed up. You perform regular backups of the HSM module by using a backup utility provided by the HSM manufacturer. What else should you do?

A.    Run the certutil.exe command and specify the -backupkey parameter.
B.    Run the certutil.exe command and specify the -backupdb parameter.
C.    Run the certutil.exe command and specify the -backup parameter.
D.    Run the certutil.exe command and specify the -dump parameter.

Answer: B
Explanation:
A. Backup the Active Directory Certificate Services certificate and private key
B. Backup the Active Directory Certificate Services database
C. Backup Active Directory Certificate Services
D. Dump configuration information or files
http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupKey http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupDB http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backup http://technet.microsoft.com/library/cc732443.aspx#BKMK_dump
 clip_image001[28]

QUESTION 64
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Federation Services (AD FS) server role installed. Adatum.com is a partner organization. You are helping the administrator of adatum.com set up a federated trust between adatum.com and contoso.com. The administrator of adatum.com asks you to provide a file containing the federation metadata of contoso.com. You need to identify the location of the federation metadata file. Which node in the AD FS console should you select?
To answer, select the appropriate node in the answer area.
 clip_image002[10]
Answer:
 clip_image002[12]

QUESTION 65
Your network contains three Active Directory forests. Each forest contains an Active Directory Rights Management Services (AD RMS) root cluster. All of the users in all of the forests must be able to access protected content from any of the forests. You need to identify the minimum number of AD RMS trusts required. How many trusts should you identify?

A.    2
B.    3
C.    4
D.    6

Answer: D
Explanation:
3 Forests. Bi Direcrional test needed means each forest needs 2 other forests TUD file. 3 x 2 =6 http://technet.microsoft.com/en-us/library/ee221071(v=ws.10).aspx
 clip_image001[30]

QUESTION 66
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA). All users in the domain are issued a smart card and are required to log on to their domain-joined client computer by using their smart card. A user named User1 resigned and started to work for a competing company. You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not prevent other users from logging on to the domain. Which tool should you use?

A.    Active Directory Sites and Services
B.    Active Directory Administrative Center
C.    Server Manager
D.    Certificate Templates

Answer: B
Explanation:
B. Disable user1 from ADAC
http://technet.microsoft.com/en-us/library/dd861307.aspx

QUESTION 67
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. Server1 hosts 10 virtual machines that run Windows Server 2012 R2. You add a new server named Server2. Server2 has faster hard disk drives, more RAM, and a different processor manufacturer than Server1. You need to move all of the virtual machines from Server1 to Server2. The solution must minimize downtime. What should you do for each virtual machine?

A.    Perform a quick migration.
B.    Perform a storage migration.
C.    Export the virtual machines from Server1 and import the virtual machines to Server2.
D.    Perform a live migration.

Answer: C
Explanation:
C. Other options require same CPU family and cluster
http://technet.microsoft.com/en-us/library/hh848491.aspx
http://technet.microsoft.com/en-us/library/hh848495.aspx
http://technet.microsoft.com/en-us/library/jj628158.aspx
The different processor manufacturer is the key here. Storage, Live, and Quick all require same manufacturer.
 clip_image001[32]
 clip_image001[34]
QUESTION 68
You have a datacenter that contains six servers. Each server has the Hyper-V server role installed and runs Windows Server 2012 R2. The servers are configured as shown in the following table.
 clip_image001[36]
Host4 and Host5 are part of a cluster named Cluster1. Cluster1 hosts a virtual machine named VM1. You need to move VM1 to another Hyper-V host. The solution must minimize the downtime of VM1. To which server and by which method should you move VM1?

A.    To Host3 by using a storage migration
B.    To Host6 by using a storage migration
C.    To Host2 by using a live migration
D.    To Host1 by using a quick migration

Answer: A
Explanation:
A. Host3 is the only option to allow minimum downtime and has same processor manufacturers
B. Live Storage Migration requires same processor manufacturers
C. Live migration requires same same processor manufacturers
D. Quick migration has downtime
NOTE: Exam may have more options but same answer
http://technet.microsoft.com/en-us/library/dd446679(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh831656.aspx
http://technet.microsoft.com/en-us/library/jj628158.aspx

QUESTION 69
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 hosts an application named App1. You need to ensure that Server2 handles all of the client requests to the cluster for App1. The solution must ensure that if Server2 fails, Server1 becomes the active node for Appl. What should you configure?

A.    Affinity-None
B.    Affinity-Single
C.    The cluster quorum settings
D.    The failover settings
E.    A file server for general use
F.    The Handling priority
G.    The host priority
H.    Live migration
I.    The possible owner
J.    The preferred owner
K.    Quick migration
L.    the Scale-Out File Server

Answer: J
Explanation:
http://blogs.msdn.com/b/clustering/archive/2008/10/14/9000092.aspx
The preferred owner in a 2 server cluster will always be the active node unless it is down.

QUESTION 70
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. You add two additional nodes to Cluster1. You need to ensure that Cluster1 stops running if three nodes fail. What should you configure?

A.    Affinity-None
B.    Affinity-Single
C.    The cluster quorum settings
D.    The failover settings
E.    A file server for general use
F.    The Handling priority
G.    The host priority
H.    Live migration
I.    The possible owner
J.    The preferred owner
K.    Quick migration
L.    the Scale-Out File Server

Answer: C
Explanation:
C. The quorum configuration in a failover cluster determines the number of failures that the cluster can sustain.
http://technet.microsoft.com/en-us/library/cc731739.aspx

clip_image001[38]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(51-60)!

QUESTION 51
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed. You need to configure Server1 to resolve queries for single-label DNS names. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Run the Set-DNSServerGlobalNameZone cmdlet.
B.    Modify the DNS suffix search list setting.
C.    Modify the Primary DNS Suffix Devolution setting.
D.    Create a zone named ".".
E.    Create a zone named GlobalNames.
F.    Run the Set-DNSServerRootHint cmdlet.

Answer: AE
Explanation:
http://technet.microsoft.com/en-us/library/cc731744.aspx
http://technet.microsoft.com/en-us/library/jj649907(v=wps.620).aspx
clip_image001[4] clip_image001
 

clip_image001[6]

QUESTION 52
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the IP Address Management (IPAM) Server feature installed. Server2 has the DHCP Server server role installed. A user named User1 is a member of the IPAM Users group on Server1. You need to ensure that User1 can use IPAM to modify the DHCP scopes on Server2. The solution must minimize the number of permissions assigned to User1. To which group should you add User1?

A.    DHCP Administrators on Server2
B.    IPAM ASM Administrators on Server1
C.    IPAMUG in Active Directory
D.    IPAM MSM Administrators on Server1

Answer: A
Explanation:
The user need rights to change DHCP not IPAM
C. Members of the DHCP Administrators group can view and modify any data at the DHCP server. http://technet.microsoft.com/en-us/library/jj878348.aspx
http://technet.microsoft.com/en-us/library/cc737716(v=ws.10).aspx

QUESTION 53
You have a server named DC2 that runs Windows Server 2012 R2. DC2 contains a DNS zone named adatum.com. The adatum.com zone is shown in the exhibit. (Click the Exhibit button.)
 clip_image002
You need to configure DNS clients to perform DNSSEC validation for the adatum.com DNS domain.
What should you configure?

A.    The Network Location settings
B.    A Name Resolution Policy
C.    The DNS Client settings
D.    The Network Connection settings

Answer: B
B. The Name Resolution Policy Table (NRPT) is a table that contains rules you can configure to specify DNS settings or special behavior for names or namespaces. The NRPT can be configured using Group Policy or by using the Windows Registry.
C. client component that resolves and caches Domain Name System (DNS) domain names. When the DNS Client service receives a request to resolve a DNS name that it does not contain in its cache, it queries an assigned DNS server for an IP address for the name
D. Network connections make it possible for computers to access resources on the network and the internet
http://technet.microsoft.com/en-us/library/hh831411.aspx#config_client1
 clip_image002[4]

QUESTION 54
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the DHCP Server server role installed. Server2 has the Hyper-V server role installed. Server2 has an IP address of 192.168.10.50. Server1 has a scope named Scope1 for the 192.168.10.0/24 network. You plan to deploy 20 virtual machines on Server2 that will be connected to the external network. The MAC addresses for the virtual machines will begin with 00-15-SD-83-03. You need to configure Server1 to offer the virtual machines IP addresses from 192.168.10.200 to 192.168.10.21g. Physical computers on the network must be offered IP addresses outside this range. You want to achieve this goal by using the minimum amount of administrative effort. What should you do from the DHCP console?

A.    Create reservations.
B.    Create a policy.
C.    Delete Scope1 and create two new scopes.
D.    Configure Allow filters and Deny filters.

Answer: B
Explanation:
A. With client reservations, it is possible to reserve a specific IP address for permanent use by a DHCP client. A new feature in Windows Server 2012 R2 called policy based assignment allows for even greater flexibility.
B. Policy based assignment allows the policy to be scoped to a MAC address and IP range
C.
D. A DHCP server offers its services to the DHCP clients based on the availability of MAC address filtering.
Once the Allow filter is set, all DHCP operations are based on the access controls (allow/deny).
http://blogs.technet.com/b/teamdhcp/archive/2012/08/22/granular-dhcp-serveradministration- using-dhcppolicies-in-windows-server-2012.aspx
http://technet.microsoft.com/en-us/library/hh831538.aspx
http://technet.microsoft.com/en-us/library/ee405265(v=ws.10).aspx

QUESTION 55
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the IP Address Management (IPAM) Server feature installed. You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1 and Server2. You need to ensure that Tech 1 can use Server Manager on Server1 to manage IPAM on Server2. To which group on Server2 should you add Tech1.

A.    Remote Management Users
B.    IPAM MSM Administrators
C.    IPAM Administrators
D.    WinRM Remote WM1 Users

Answer: D

QUESTION 56
Your network contains two Active Directory forests named contoso.com and adatum.com. All of the domain controllers in both of the forests run Windows Server 2012 R2. The adatum.com domain contains a file server named Servers. Adatum.com has a one-way forest trust to contoso.com. A contoso.com user name User10 attempts to access a shared folder on Servers and receives the error message shown in the exhibit. (Click the Exhibit button.)
 clip_image001[8]
You verify that the Authenticated Users group has Read permissions to the Data folder. You need to ensure that User10 can read the contents of the Data folder on Server5 in the adatum.com domain.
What should you do?

A.    Grant the Other Organization group Read permissions to the Data folder.
B.    Modify the list of logon workstations of the contoso\User10 user account.
C.    Enable the Netlogon Service (NP-In) firewall rule on Server5.
D.    Modify the permissions on the Server5 computer object in Active Directory.

Answer: D
Explanation:
To resolve the issue, I had to open up AD Users and Computers –> enable Advanced Features –> Select the Computer Object –> Properties –> Security –> Add the Group I want to allow access to the computer (in this case, DomainA\Domain users) and allow "Allowed to Authenticate". Once I did that, everything worked:

QUESTION 57
Your network contains an Active Directory domain named contoso.com. The domain contains two Active Directory sites named Site1 and Site2. You discover that when the account of a user in Site1 is locked out, the user can still log on to the servers in Site2 for up to 15 minutes by using Remote Desktop Services (RDS). You need to reduce the amount of time it takes to synchronize account lockout information across the domain. Which attribute should you modify? To answer, select the appropriate attribute in the answer area.
 clip_image001[10]
Answer:
 clip_image001[12]

QUESTION 58
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. The functional level of the forest is Windows Server 2003. You have a domain outside the forest named adatum.com. You need to configure an access solution to meet the following requirements:
– Users in adatum.com must be able to access resources in contoso.com.
– Users in adatum.com must be prevented from accessing resources in fabrikam.com.
– Users in both contoso.com and fabrikam.com must be prevented from accessing resources in adatum.com.
What should you create?

A.    a one-way external trust from adatum.com to fabrikam.com
B.    a one-way realm trust from fabrikam.com to adatum.com
C.    a one-way realm trust from adatum.com to fabrikam.com
D.    a one-way external trust from fabrikam.com to adatum.com

Answer: A
Explanation:
A. A one-way trust is a unidirectional authentication path that is created between two domains. This means that in a one-way trust between Domain A and Domain B, users in Domain A can access resources in Domain B. However, users in Domain B cannot access resources in Domain A. This would allow adatum.com users access to contoso which is desired.
B. This would allow contoso.com users access to adatum which must be prevented and used for non windows realm to AD.
C. This would allow adatum.com users access to contoso which is desired but realm trust types are used for non windows realm to AD.
D. This would allow adatum users access to contoso which must be prevented and You need to make trust relationship where domain contoso.com trusts adatum.com.
NOTE: On exam the domain names were changed, so understand the question well
http://technet.microsoft.com/en-us/library/cc728024(v=ws.10).aspx
 clip_image001[14]

QUESTION 59
Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[16]
DC1 hosts an Active Directory-integrated zone for contoso.com. You add the DNS Server server role to DC2. You discover that the contoso.com DNS zone fails to replicate to DC2. You verify that the domain, schema, and configuration naming contexts replicate from DC1 to DC2. You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication. Which tool should you use?

A.    Active Directory Sites and Services
B.    Ntdsutil
C.    DNS Manager
D.    Active Directory Domains and Trusts

Answer: A
Explanation:
A. To control replication between two sites, you can use the Active Directory Sites and Services snap- in to configure settings on the site link object to which the sites are added. By configuring settings on a site link, you can control when replication occurs between two or more sites, and how often
B. Ntdsutil.exe is a command-line tool that provides management facilities for Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS). You can use the ntdsutil commands to perform database maintenance of AD DS, manage and control single master operations, and remove metadata left behind by domain controllers that were removed from the network without being properly uninstalled.
C. DNS Manager is the tool you’ll use to manage local and remote DNS Servers
D. Active Directory Domains and Trusts is the Microsoft Management Console (MMC) snap-in that you can use to administer domain trusts, domain and forest functional levels, and user principal name (UPN) suffixes.
http://technet.microsoft.com/en-us/library/cc731862.aspx
http://technet.microsoft.com/en-us/library/cc753343(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc722541.aspx
http://technet.microsoft.com/en-us/library/cc770299.aspx
Note: If you see question about AD Replication, First preference is AD sites and services, then
Repadmin and then DNSLINT.

QUESTION 60
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. The functional level of the forest is Windows Server 2003. The
contoso.com domain contains domain controllers that run either Windows Server 2008 or Windows Server 2008 R2. The functional level of the domain is Windows Server 2008. The fabrikam.com domain contains domain controllers that run either Windows Server 2003 or Windows Server 2008. The functional level of the domain is Windows Server 2003. The contoso.com domain contains a member server named Server1 that runs Windows Server 2012 R2. You install the Active Directory Domain Services server role on Server1. You need to add Server1 as a new domain controller in the contoso.com domain. What should you do?

A.    Run the Active Directory Domain Services Configuration Wizard.
B.    Run adprep.exe /domainprep, and then run dcpromo.exe.
C.    Raise the functional level of the forest, and then run dcprorno.exe.
D.    Modify the Computer Name/Domain Changes properties.

Answer: A
Explanation:
Windows Server 2012 R2 requires a Windows Server 2003 forest functional level. That is, before you can add a domain controller that runs Windows Server 2012 R2 to an existing Active Directory forest, the forest functional level must be Windows Server 2003 or higher.
http://blogs.technet.com/b/askpfeplat/archive/2012/09/03/introducing-the-first-windowsserver- 2012-domaincontroller.aspx
http://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx http://technet.microsoft.com/en-us/library/jj574134.aspx
 clip_image001[18]
 clip_image001[20]

clip_image002[6]

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html