Top 15 free demo 70-412 for IT examinee (46 to 60)

Free of 70-412 free practice exam materials and answers for Microsoft certification for IT learners, Real Success Guaranteed with Updated 70-412 pdf dumps vce Materials. 100% PASS Configuring Advanced Windows Server 2012 Services exam Today!

2016 Apr 70-412 Study Guide Questions:

Q46. You deploy an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as the attribute store. 

Some users report that they fail to authenticate to the AD FS infrastructure. 

You discover that only users who run third-party web browsers experience issues. 

You need to ensure that all of the users can authenticate to the AD FS infrastructure successfully. 

Which Windows PowerShell command should you run? 

A. Set-ADFSProperties -ProxyTrustTokenLifetime 1:00:00 

B. Set-ADFSProperties -AddProxyAuthenticationRules None 

C. Set-ADFSProperties -SSOLifetime 1:00:00 

D. Set-ADFSProperties -ExtendedProtectionTokenCheck None 

Answer: D 

Explanation: 

Explanation/Reference: Certain client browser software, such as Firefox, Chrome, and Safari, do not support the Extended Protection for Authentication capabilities that can be used across the Windows platform to protect against man-in-the-middle attacks. To prevent this type of attack from occurring over secure AD FS communications, AD FS 2.0 enforces (by default) that all communications use a channel binding token (CBT) to mitigate against this threat. 

Note: Disable the extended Protection for authentication To disable the Extended Protection for Authentication feature in AD FS 2.0 

. On a federation server, login using the Administrator account, open the Windows PowerShell command prompt, and then type the following command: Set-ADFSProperties –ExtendedProtectionTokenCheck None . Repeat this step on each federation server in the farm. 

Reference: Configuring Advanced Options for AD FS 2.0 


Q47. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. 

You install the IP Address Management (IPAM) Server feature on a server named Server1 

and select Manual as the provisioning method. 

The IPAM database is located on a server named SQL1. 

You need to configure IPAM to use Group Policy Based provisioning. 

What command should you run first? 

To answer, select the appropriate options in the answer area. 



Answer: 



Q48. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA). 

The domain contains a server named Server1 that runs Windows Server 2012 R2. You install the Active Directory Federation Services server role on Server1. 

You plan to configure Server1 as an Active Directory Federation Services (AD FS) server. The Federation Service name will be set to adfs1.contoso.com. 

You need to identify which type of certificate template you must use to request a certificate for AD FS. 


Answer: 



Q49. Your network contains one Active Directory domain named contoso.com. The domain contains an IP Address Management (IPAM) server named Server1. Server1 manages several DHCP and DNS servers. 

From Server Manager on Server1, you create a custom role for IPAM. 

You need to assign the role to a group named IP_Admins. 

What should you do? 

A. From Windows PowerShell, run the Add-Member cmdlet. 

B. From Server Manager, create an access policy. 

C. From Windows PowerShell, run the Set-IpamConfiguration cmdlet. 

D. From Server Manager, create an access scope. 

Answer: B 

Explanation: A role is a collection of IPAM operations. You can associate a role with a user or group in Windows using an access policy. Several built-in roles are provided, but you can also create customized roles to meet your business requirements. 

Reference: Manage IPAM, Access Control 

https://technet.microsoft.com/en-us/library/dn741281.aspx 


Q50. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. Server1 is configured to resolve single-label names for DNS clients. 

You need to view the number of queries for single-label names that are resolved by Server1. 

What command should you run? 

To answer, select the appropriate options in the answer area. 



Answer: 



70-412 pdf exam

Replace 70-412 answers:

Q51. Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. All client computers run Windows 8. 

You need to configure a custom Access Denied message that will be displayed to users when they are denied access to folders or files on Server1. 

What should you configure? 

A. A classification property 

B. The File Server Resource Manager Options 

C. A file management task 

D. A file screen template 

Answer: B 

Explanation: 

Access-denied assistance can be configured by using the File Server Resource Manager console on the file server. 

Note: Access-denied assistance is a new feature in Windows Server 2012, which provides the following ways to troubleshoot issues that are related to access to files and folders: 

* Self-assistance. If a user can determine the issue and remediate the problem so that they can get the requested access, the impact to the business is low, and no special exceptions are needed in the central access policy. Access-denied assistance provides an access-denied message that file server administrators can customize with information specific to their organizations. For example, an administrator could set the message so that users can request access from a data owner without involving the file server administrator. 

Reference: Scenario: Access-Denied Assistance 


Q52. HOTSPOT 

Your company has a main office and a branch office. The main office is located in Detroit. The branch office is located in Seattle. 

The network contains an Active Directory domain named adatum.com. Client computers run either Windows 7 Enterprise or Windows 8 Enterprise. 

The main office contains 1,000 client computers and 50 servers. The branch office contains 20 client computers. 

All computer accounts for the branch office are located in an organizational unit (OU) named SeattleComputers. A Group Policy object (GPO) named GPO1 is linked to the SeattleComputers OU. 

You need to configure BranchCache for the branch office. 


Answer: 



Q53. Your company has offices in Montreal, New York, and Amsterdam. 

The network contains an Active Directory forest named contoso.com. An Active Directory site exists for each office. All of the sites connect to each other by using the DEFAULTIPSITELINK site link. 

You need to ensure that only between 20:00 and 08:00, the domain controllers in the Montreal office replicate the Active Directory changes to the domain controllers in the Amsterdam office. 

The solution must ensure that the domain controllers in the Montreal and the New York offices can replicate the Active Directory changes any time of day. 

What should you do? 

A. Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam from DEFAULTIPSITE1INK. Modify the schedule of DEFAULTIPSITELINK. 

B. Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge. Modify the schedule of DEFAULTIPSITELINK. 

C. Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam from DEFAULTIPSITELINK. Modify the schedule of the new site link. 

D. Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge. Modify the schedule of the new site link. 

Answer: C 

Explanation: 

We create a new site link between Montreal and Amsterdam and schedule it only between 

20:00 and 08:00. To ensure that traffic between Montreal and Amsterdam only occurs at this time we also remove Amsterdam from the DEFAULTIPSITELINK. 

Reference: How Active Directory Replication Topology Works 

http://technet.microsoft.com/en-us/library/cc755994(v=ws.10).aspx 


Q54. DRAG DROP 

Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows Server 2012 R2. 

You configure a new failover cluster named Cluster1. Server1 and Server2 are nodes in Cluster1. You need to configure the disk that will be used as a witness disk for Cluster1. 

How should you configure the witness disk? 

To answer, drag the appropriate configurations to the correct location or locations. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. 


Answer: 



Q55. Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. The domains contain three domain controllers. 

The domain controllers are configured as shown in the following table. 


You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring setting is enforced in the child1.contoso.com domain. 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. Upgrade DC1 to Windows Server 2012 R2. 

B. Upgrade DC11 to Windows Server 2012 R2. 

C. Raise the domain functional level of childl.contoso.com. 

D. Raise the domain functional level of contoso.com. 

E. Raise the forest functional level of contoso.com. 

Answer: A,D 

Explanation: 

The root domain in the forest must be at Windows Server 2012 level. First upgrade DC1 to this level (A), then raise the contoso.com domain functional level to Windows Server 2012 (D). 

* (A) To support resources that use claims-based access control, the principal’s domains will need to be running one of the following: / All Windows Server 2012 domain controllers / Sufficient Windows Server 2012 domain controllers to handle all the Windows 8 device authentication requests / Sufficient Windows Server 2012 domain controllers to handle all the Windows Server 

2012 resource protocol transition requests to support non-Windows 8 devices. Reference: What's New in Kerberos Authentication http://technet.microsoft.com/en-us/library/hh831747.aspx. 


70-412 test preparation

Pinpoint 70-412 Q&A:

Q56. You have a server named Server1 that runs Windows Server 2012 R2. 

Server1 fails. 

You identify that the master boot record (MBR) is corrupt. 

You need to repair the MBR. 

Which tool should you use? 

A. Bcdedit 

B. Bcdboot 

C. Bootrec 

D. Fixmbr 

Answer: C 

Explanation: 

Repairing an unbootable Windows installation with bootrec.exe If the boot/recovery partition is corrupted or lost, you can modify your Windows OS partition to boot. 

. Boot from your Windows Vista/7/Server2008/R2/2012 media and choose the 

"Repair Windows" option. . Open the command prompt. . Using diskpart, mark your Windows partition as bootable. . If your windows partition does not have it, copy the "boot" folder from the 

installation media. 

. Run the following commands: >c: >cd boot >attrib bcd -s -h -r >ren c:\boot\bcd bcd.old >bootrec /RebuildBcd Reboot and Windows should boot normally. If not, return to the command prompt and run: >bootrec /FixMBR >bootrec /FixBoot 

Incorrect: Not A. BCDEdit is a command-line tool for managing BCD stores. It can be used for a variety of purposes, including creating new stores, modifying existing stores, adding boot menu options, and so on. BCDEdit serves essentially the same purpose as Bootcfg.exe on earlier versions of Windows Not B. The BCDboot tool is a command-line tool that enables you to manage system partition files Not D. Fixmbr is not a tool. Fixmbr is an option when using the bootrec tool. 

Reference: Windows BCD Store 

http://www.itsgotme.com/wiki/Windows_BCD 


Q57. Your network contains an Active Directory domain named adatum.com. The domain contains a server named CA1 that runs Windows Server 2012 R2. CA1 has the Active Directory Certificate Services server role installed and is configured to support key archival and recovery. 

You need to ensure that a user named User1 can decrypt private keys archived in the Active Directory Certificate Services (AD CS) database. The solution must prevent User1 from retrieving the private keys from the AD CS database. 

What should you do? 

A. Assign User1 the Issue and Manage Certificates permission to CA1. 

B. Assign User1 the Read permission and the Write permission to all certificate templates. 

C. Provide User1 with access to a Key Recovery Agent certificate and a private key. 

D. Assign User1 the Manage CA permission to CA1. 

Answer: C 

Explanation: 

Understanding the Key Recovery Agent Role KRAs are Information Technology (IT) administrators who can decrypt users’ archived private keys. An organization can assign KRAs by issuing KRA certificates to designated administrators and configure them on the CA. The KRA role is not one of the default roles defined by the Common Criteria specifications but a virtual role that can provide separation between Certificate Managers and the KRAs. This allows the separation between the Certificate Manager, who can retrieve the encrypted key from the CA database but not decrypt it, and the KRA, who can decrypt private keys but not retrieve them from the CA database. 

Reference: Understanding User Key Recovery 


Q58. DRAG DROP 

Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2. 

All domain user accounts have the Division attribute automatically populated as part of the user provisioning process. The Support for Dynamic Access Control and Kerberos armoring policy is enabled for the domain. 

You need to control access to the file shares on Server1 based on the values in the Division attribute and the Division resource property. 

Which three actions should you perform in sequence? 


Answer: 



Q59. You configure the nodes to use the port rule shown in the exhibit. (Click the Exhibit button.) 


You need to configure the NLB cluster to meet the following requirements: 

. HTTPS connections must be directed to Server1 if Serverl is available. . HTTP connections must be load balanced between the two nodes. 

Which three actions should you perform? {Each correct answer presents part of the solution. Choose three. 

A. From the host properties of Server2, set the Handling priority of the existing port rule to 2. 

B. Create a port rule for TCP port 80. Set the Filtering mode to Multiple host and set the Affinity to None. 

C. Create an additional port rule for TCP port 443. Set the Filtering mode to Multiple host and set the Affinity to Single. 

D. From the host properties of Server1, set the Handling priority of the existing port rule to 2. 

E. From the host properties of Server2, set the Priority (Unique host ID) value to 1. 

F. From the host properties of Server1, set the Handling priority of the existing port rule to 1. 

Answer: A,B,F 

Explanation: 

Multiple hosts. This parameter specifies that multiple hosts in the cluster handle network traffic for the associated port rule. This filtering mode provides scaled performance in addition to fault tolerance by distributing the network load among multiple hosts. You can specify that the load be equally distributed among the hosts or that each host handle a specified load weight. 

Note: Handling priority: When Single host filtering mode is being used, this parameter specifies the local host's priority for handling the networking traffic for the associated port rule. The host with the highest handling priority (lowest numerical value) for this rule among the current members of the cluster will handle all of the traffic for this rule. The allowed values range from 1, the highest priority, to the maximum number of hosts allowed (32). This value must be unique for all hosts in the cluster. 

Reference: Network Load Balancing parameters. 


Q60. HOTSPOT 

You have a server named Server1 that runs Windows Server 2012 R2. 

You are configuring a storage space on Server1. 

You need to ensure that the storage space supports tiered storage. 

Which settings should you configure? 

To answer, select the appropriate options in the answer area. 



Answer: 




see more 70-412 - Configuring Advanced Windows Server 2012 Services

Microsoft 70-412 Certification Sample Questions and Answers: http://www.braindumpsall.net/70-412-dumps/

P.S. New 70-412 dumps PDF: http://www.4easydumps.com/70-412-dumps-download.html