Exam Code: 70-412 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Configuring Advanced Windows Server 2012 Services
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass 70-412 Exam.
2016 Apr 70-412 Study Guide Questions:
Q1. Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the Active Directory Federation Services server role installed. Server2 is a file server.
Your company introduces a Bring Your Own Device (BYOD) policy.
You need to ensure that users can use a personal device to access domain resources by using Single Sign-On (SSO) while they are connected to the internal network.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Enable the Device Registration Service in Active Directory.
B. Publish the Device Registration Service by using a Web Application Proxy.
C. Configure Active Directory Federation Services (AD FS) for the Device Registration Service.
D. Create and configure a sync share on Server2.
E. Install the Work Folders role service on Server2.
* Workplace Join leverages a feature included in the Active Directory Federation Services (AD FS) Role in Windows Server 2012 R2, called Device Registration Service (DRS). DRS provisions a device object in Active Directory when a device is Workplace Joined. Once the device object is in Active Directory, attributes of that object can be retrieved and used to provide conditional access to resources and applications. The device identity is represented by a certificate which is set on the personal device by DRS when the device is Workplace Joined.
* In Windows Server 2012 R2, AD FS and Active Directory Domain Services have been extended to comprehend the most popular mobile devices and provide conditional access to enterprise resources based on user+device combinations and access policies. With these policies in place, you can control access based on users, devices, locations, and access times.
Reference: BYOD Basics: Enabling the use of Consumer Devices using Active Directory in Windows Server 2012 R2
Q2. Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as a standalone certification authority (CA).
You install a second server named Server2. You install the Online Responder role service on Server2.
You need to ensure that Server1 can issue an Online Certificate Status Protocol (OCSP) Response Signing certificate to Server2.
What should you run on Server1?
A. The certreq.exe command and specify the -policy parameter
B. The certutil.exe command and specify the -getkey parameter
C. The certutil.exe command and specify the -setreg parameter
D. The certreq.exe command and specify the -retrieve parameter
Explanation: To prepare a computer running Windows Server to issue OCSP Response Signing certificates
On the server hosting the CA, open a command prompt, and type: certutil -v -setreg policy\EnableRequestExtensionList +184.108.40.206.220.127.116.11.1.5 Stop and restart the CA. You can do this at a command prompt by running the following commands: net stop certsvc
net start certsvc
Reference: Configure a CA to Support OCSP Responders
Q3. DRAG DROP
You have a server that runs Windows Server 2012 R2.
You create a new work folder named Share1.
You need to configure Share1 to meet the following requirements:
Ensure that all synchronized copies of Share1 are encrypted.
Ensure that clients synchronize to Share1 every 30 minutes.
Ensure that Share1 inherits the NTFS permissions of the parent folder.
Which cmdlet should you use to achieve each requirement?
To answer, drag the appropriate cmdlets to the correct requirements. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Q4. Your network contains an Active Directory forest named contoso.com.
Users frequently access the website of an external partner company. The URL of the website is http://partners.adatum.com. The partner company informs you that it will perform maintenance on its Web server and that the IP addresses of the Web server will change.
After the change is complete, the users on your internal network report that they fail to access the website. However, some users who work from home report that they can access the website.
You need to ensure that your DNS servers can resolve partners.adatum.com to the correct IP address immediately.
What should you do?
A. Run dnscmd and specify the CacheLockingPercent parameter.
B. Run Set-DnsServerGlobalQueryBlockList.
C. Run ipconfig and specify the Renew parameter.
D. Run Set-DnsServerCache.
The Set-DnsServerCache cmdlet modifies cache settings for a Domain Name System
Run Set-DnsServerCache with the -LockingPercent switch.
Specifies a percentage of the original Time to Live (TTL) value that caching can consume.
Cache locking is configured as a percent value. For example, if the cache locking value is
set to 50, the DNS server does not overwrite a cached entry for half of the duration of the
TTL. By default, the cache locking percent value is 100. This value means that the DNS
server will not overwrite cached entries for the entire duration of the TTL.
Note. A better way would be clear the DNS cache on the DNS server with either Dnscmd
/ClearCache (from command prompt), or Clear-DnsServerCache (from Windows
Not A. You need to use the /config parameter as well:
You can change this value if you like by using the dnscmd command:
dnscmd /Config /CacheLockingPercent<percent>
Your network contains an Active Directory domain named contoso.com. The domain contains two Active Directory sites named Site1 and Site2.
You discover that when the account of a user in Site1 is locked out, the user can still log on to the servers in Site2 for up to 15 minutes by using Remote Desktop Services (RDS).
You need to reduce the amount of time it takes to synchronize account lockout information across the domain.
Which attribute should you modify?
To answer, select the appropriate attribute in the answer area.
Improved mcsa 70-412 pdf:
Q6. You have a Hyper-V host named Server1 that runs Windows Server 2012 R2. Server1 contains a virtual machine named VM1 that runs Windows Server 2012 R2.
You fail to start VM1 and you suspect that the boot files on VM1 are corrupt.
On Server1, you attach the virtual hard disk (VHD) of VM1 and you assign the VHD a drive
letter of F.
You need to repair the corrupt boot files on VM1. What should you run?
A. bootrec.exe /rebuildbcd
B. bootrec.exe /scanos
C. bcdboot.exe f:\windows /s c:
D. bcdboot.exe c:\windows /s f:
Enables you to quickly set up a system partition, or to repair the boot environment located on the system partition. The system partition is set up by copying a simple set of Boot Configuration Data (BCD) files to an existing empty partition.
Reference: BCDboot Command-Line Options
Q7. A user named User1 is a member of the local Administrators group on Node1 and Node2.
User1 creates a new clustered File Server role named File1 by using the File Server for general use option.
A report is generated during the creation of File1 as shown in the exhibit. (Click the Exhibit button.)
File1 fails to start.
You need to ensure that you can start File1.
What should you do?
A. Log on to the domain by using the built-in Administrator for the domain, and then recreate the clustered File Server role by using the File Server for general use option.
B. Assign the user account permissions of User1 to the Servers OU.
C. Assign the computer account permissions of Cluster2 to the Servers OU.
D. Increase the value of the ms-DS-MachineAccountQuota attribute of the domain.
E. Recreate the clustered File Server role by using the File Server for scale-out application data option.
Scenario: You have created a Windows Server 2012 Scale-Out File Server. The cluster,
including the network and storage, pass the cluster validation test. Everything looks and is
good. You create a File Server role for application data (SOFS) but it fails to start.
Problem: Basically, the cluster needs permissions to create a computer object (for the
SOFS) in the same Active Directory OU that the cluster object (Demo-FSC1) is stored in.
Resolution: Reconfigure the permissions on the Servers OU.
In this case we assign the user account permissions of User1 to the Servers OU.
Reference: Scale-Out File Server Role Fails To Start With Event IDs 1205, 1069, and 1194
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 and a member server named Server1. All servers run Windows Server 2012 R2.
You install the IP Address Management (IPAM) Server feature on Server1.
From the Provision IPAM wizard, you select the Group Policy Based provisioning method and enter a GPO name prefix of IPAM1.
You need to provision IPAM by using Group Policy.
What command should you run on Server1 to complete the process? To answer, select the appropriate options in the answer area.
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and configured.
For all users, you are deploying smart cards for logon. You are using an enrollment agent to enroll the smart card certificates for the users.
You need to configure the Contoso Smartcard Logon certificate template to support the use of the enrollment agent.
Which setting should you modify? To answer, select the appropriate setting in the answer area.
Q10. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs a Server Core installation of Windows Server 2012 R2.
You need to deploy a certification authority (CA) to Server1. The CA must support the auto-enrollment of certificates.
Which two cmdlets should you run? (Each correct answer presents part of the solution.
B. The Install-AdcsCertificationAuthority cmdlet performs installation and configuration of
the AD CS CA role service. It can be used to install a root CA.
Install-AdcsCertificationAuthority –CAType StandaloneRootCA –CACommonName
"ContosoRootCA" –KeyLength 2048 –HashAlgorithm SHA1 –CryptoProviderName
"RSA#Microsoft Software Key Storage Provider"
E: The Install-AdcsWebEnrollment cmdlet performs initial installation and configuration of
the Certification Authority Web Enrollment role service.
Note: Prior to the availability of Certificate Enrollment Web Services, AD CS required that client computers configured for certificate auto-enrollment be connected directly to the corporate network. Certificate Enrollment Web Services allows organizations to enable AD CS using a perimeter network. This allows users and computers outside the corporate network to enroll for certificates.
Certificate Enrollment web service
Reference: Deploying AD CS Using Windows PowerShell
Real free pdf 70-412:
Q11. You have a server named Server1 that runs Windows Server 2012 R2.
You have a subscription to Windows Azure.
You need to register the Microsoft Azure Backup Agent on Server1.
What should you do first?
A. Install the Microsoft System Center 2012 Data Protection Manager (DPM) agent.
B. Create a backup vault.
C. Create Site Recovery vault.
D. Configure a passphrase for the Azure Backup Agent.
Explanation: To back up files and data from your Windows Server to Azure, you must create a backup vault in the geographic region where you want to store the data. The main steps include:
* the creation of the vault you will use to store backups
* downloading a vault credential
* the installation of a backup agent
Reference: Configure Azure Backup to quickly and easily back up Windows Server
Q12. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA).
All users in the domain are issued a smart card and are required to log on to their domain-joined client computer by using their smart card.
A user named User1 resigned and started to work for a competing company.
You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not prevent other users from logging on to the domain.
Which tool should you use?
A. Active Directory Users and Computers
B. Server Manager
C. The Certificates snap-in
D. Active Directory Administrative Center
To disable or enable a user account using Active Directory Administrative Center
1. To open Active Directory Administrative Center, click Start , click Administrative Tools ,
and then click Active Directory Administrative Center .
To open Active Directory Users and Computers in Windows Server 2012, click Start , type
2. In the navigation pane, select the node that contains the user account whose status you
want to change.
3. In the management list, right-click the user whose status you want to change.
4. Depending on the status of the user account, do one of the following: . uk.co.certification.simulator.questionpool.PList@ef38f20
Reference: Disable or Enable a User Account
Q13. Your network contains an Active Directory forest named contoso.com. The forest contains
a single domain. The forest functional level is Windows Server 2012 R2.
You have a domain controller named DC1.
On DC1, you create a new Group Policy object (GPO) named GPO1. You need to verify that GPO1 was replicated to all of the domain controllers.
Which tool should you use?
A. Group Policy Management
B. Active Directory Sites and Services
C. DFS Management
D. Active Directory Administrative Center
In Windows Server 2012, the Group Policy Management Console (GPMC) was enhanced to provide a report for the overall health state of the Group Policy infrastructure for a domain, or to scope the health view to a single GPO.
Reference: Check Group Policy Infrastructure Status
You have a server that runs Windows Server 2012 R2 and has the iSCSI Target Server role service installed.
You run the New-IscsiVirtualDisk cmdlet as shown in the New-IscsiVirtualDisk exhibit. (Click the Exhibit button.)
To answer, complete each statement according to the information presented in the exhibits. Each correct selection is worth one point.
Your network contains two application servers that run Windows Server 2012 R2. The application servers have the Network Load Balancing (NLB) feature installed.
You create an NLB cluster that contains the two servers.
You plan to deploy an application named App1 to the nodes in the cluster. App1 uses TCP port 8080 and TCP port 8081.
Clients will connect to App1 by using HTTP and HTTPS via a single reverse proxy. App1 does not use session state information.
You need to configure a port rule for Appl. The solution must ensure that connections to App1 are distributed evenly between the nodes.
Which port rule should you use?
To answer, select the appropriate rule in the answer area.
see more 70-412 - Configuring Advanced Windows Server 2012 Services
Microsoft 70-412 Certification Sample Questions and Answers: http://www.braindumpsall.net/70-412-dumps/
P.S. New 70-412 dumps PDF: http://www.4easydumps.com/70-412-dumps-download.html