Valid Tips For 100% Pass Exam 70-412: PassLeader now is providing the best 70-412 346q practice test for your 70-412 certification exam. We offer the latest 70-412 346q exam questions to ensure that you can 100 percent pass 70-412 exam, and what’s more, we will offer you the new updated 70-412 exam dumps for one year free and free new version VCE Player. Welcome to visit our site — passleader.com and get the valid 70-412 346q exam dumps to pass exam as soon as possible.
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and configured. For all users, you are deploying smart cards for logon. You are using an enrollment agent to enroll the smart card certificates for the users. You need to configure the Contoso Smartcard Logon certificate template to support the use of the enrollment agent. Which setting should you modify? To answer, select the appropriate setting in the answer area.
Your network contains an Active Directory domain named contoso.com. The domain contains the two servers.The servers are configured as shown in the following table.
You investigate a report about the potential compromise of a private key for a certificate issued to Server2. You need to revoke the certificate issued to Server2. The solution must ensure that the revocation can be reverted. Which reason code should you select? To answer, select the appropriate reason code in the answer area.
Drag and Drop Question
Your network contains two Active Directory forests named contoso.com and adatum.com. All domain controllers run Windows Server 2012 R2. A federated trust exists between adatum.com and contoso.com. The trust provides adatum.com users with access to contoso.com resources. You need to configure Active Directory Federation Services (AD FS) claim rules for the federated trust. The solution must meet the following requirements:
– In contoso.com, replace an incoming claim type named Group with an outgoing claim type named Role.
– In adatum.com, allow users to receive their tokens for the relying party by using their Active Directory group membership as the claim type.
The AD FS claim rules must use predefined templates. Which rule types should you configure on each side of the federated trust? To answer, drag the appropriate rule types to the correct location or locations. Each rule type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Drag and Drop QuestionYour network contains four servers that run Windows Server 2012 R2. Each server has the Failover Clustering feature installed. Each server has three network adapters installed. An iSCSI SAN is available on the network. You create a failover cluster named Cluster1. You add the servers to the cluster. You plan to configure the network settings of each server node as shown in the following table.
You need to configure the network settings for Cluster1. What should you do? To answer, drag the appropriate network communication setting to the correct cluster network. Each network communication setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
You have a server named Server1 that runs Windows Server 2012 R2. The volumes on Server1 are configured as shown in the following table.
A new corporate policy states that backups must use Windows Azure Online Backup whenever possible. You need to identify which backup methods you must use to back up Server1. The solution must use Windows Azure Online Backup whenever possible. Which backup type should you identify for each volume? To answer, select the appropriate backup type for each volume in the answer area.
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com. The domain contains four member servers named Server1, Server2, Servers, and Server4. All servers run Windows Server 2012 R2. Server1 and Server2 are located in a site named Site1. Server3 and Server4 are located in a site named Site2. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 is configured to use the Node Majority quorum configuration. You need to ensure that Server1 is the only server in Site1 that can vote to maintain quorum. What should you run from Windows PowerShell? To answer, drag the appropriate commands to the correct location. Each command may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.
You plan to test an application on a server named Server1. Server1 is currently located in Site1. After the test, Server1 will be moved to Site2. You need to ensure that Server1 attempts to authenticate to DC3 first, while you test the application. What should you do?
A. Create a new site and associate the site to an existing site link object.
B. Modify the priority of site-specific service location (SRV) DNS records for Site2.
C. Create a new subnet object and associate the subnet object to an existing site.
D. Modify the weight of site-specific service location (SRV) DNS records Site1.
Service Location (SRV) Resource Record. Priority A number between 0 and 65535 that indicates the priority or level of preference given for this record to the host that is specified in Host offering this service. Priority indicates this host’s priority with respect to the other hosts in this domain that offer the same service and are specified by different service location (SRV) resource records.
Weight: A number between 1 and 65535 to be used as a load-balancing mechanism. When you select among more than one target SRV host for the type of service (specified in Service) that use the same Priority number, you can use this field to weight preference toward specific hosts. Where several hosts share equal priority, SRV-specified hosts with higher weight values that are entered here should be returned first to resolver clients in SRV query results. Reference: Service Location (SRV) Resource Record Dialog Box.
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1.
The File Server Resource Manager role service is installed on Server1. All servers run Windows Server 2012 R2. A Group Policy object (GPO) named GPO1 is linked to the organizational unit (OU) that contains Server1. The following graphic shows the configured settings in GPO1. Server1 contains a folder named Folder1. Folder1 is shared as Share1. You attempt to configure access-denied assistance on Server1, but the Enable access-denied assistance option cannot be selected from File Server Resource Manager. You need to ensure that you can configure access-denied assistance on Server1 manually by using File Server Resource Manager. Which two actions should you perform?
A. Set the Enable access-denied assistance on client for all file types policy setting to Disabled for GPO1.
B. Set the Customize message for Access Denied errors policy setting to Not Configured for GPO1.
C. Set the Enable access-denied assistance on client for all file types policy setting to Enabled for GPO1.
D. Set the Customize message for Access Denied errors policy setting to Enabled for GPO1.
Your company has a main office and a remote office. The remote office is used for disaster recovery. The network contains an Active Directory domain named contoso.com. The domain contains member servers named Server1, Server2, Server3, and Server4. All servers run Windows Server 2012 R2. Server1 and Server2 are located in the main office. Server3 and Server4 are located in the remote office. All servers have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Storage is replicated between the main office and the remote site. You need to ensure that Cluster1 is available if two nodes in the same office fail. What are two possible quorum configurations that achieve the goal? (Each correct answer presents a complete solution. Choose two.)
A. Node Majority
B. No Majority: Disk Only
C. Node and File Share Majority
D. Node and Disk Majority
Depending on the quorum configuration option that you choose and your specific settings, the cluster will be configured in one of the following quorum modes:
* (A) Node majority (no witness) Only nodes have votes. No quorum witness is configured. The cluster quorum is the majority of voting nodes in the active cluster membership.
* (B) No majority (disk witness only) No nodes have votes. Only a disk witness has a vote. The cluster quorum is determined by the state of the disk witness. The cluster has quorum if one node is available and communicating with a specific disk in the cluster storage. Generally, this mode is not recommended, and it should not be selected because it creates a single point of failure for the cluster.
* Node majority with witness (disk or file share). Nodes have votes. In addition, a quorum witness has a vote. The cluster quorum is the majority of voting nodes in the active cluster membership plus a witness vote. A quorum witness can be a designated disk witness or a designated file share witness.
* Quorum in Windows 2008 R2 referred to a consensus , that is, a majority of votes is required in order to reach quorum and maintain stability of the cluster. A new option created in Windows Server 2012 R2 which was also back ported to Windows Server 2008 R2 SP1 was the ability to stop a node being able to participate in the voting process.
* Dynamic quorum is the ability of the cluster to recalculate quorum on the fly and still maintain a working cluster. This is a huge improvement as we are now able to continue to run a cluster even if the number of nodes remaining in the cluster is less than 50%. This was not possible before but the dynamic quorum concept now allows us to do this. In fact we can reduce the cluster down to the last node (known as last man standing) and still maintain quorum. Reference: Configure and Manage the Quorum in a Windows Server 2012 R2 Failover Cluster.
Drag and Drop Question
Your network contains an Active Directory domain named adatum.com. The domain contains three servers. The servers are configured as shown in the following table.
Server1 is configured as shown in the exhibit. (Click the Exhibit button.)
Template1 contains custom cryptography settings that are required by the corporate security team. On Server2, an administrator successfully installs a certificate based on Template1. The administrator reports that Template1 is not listed in the Certificate Enrollment wizard on Server3, even after selecting the Show all templates check box. You need to ensure that you can install a server authentication certificate on Server3. The certificate must comply with the cryptography requirements. Which three actions should you perform in sequence? To answer, move the appropriate three actions from the list of actions to the answer area and arrange them in the correct order.
Your company has two offices. The offices are located in Seattle and Montreal. The network contains an Active Directory domain named contoso.com. The domain contains two DHCP servers named Server1 and Server2. Server1 is located in the Seattle office. Server2 is located in the Montreal office. All servers run Windows Server 2012 R2. You need to create a DHCP scope for video conferencing in the Montreal office. The scope must be configured as shown in the following table.
Which Windows PowerShell cmdlet should you run?
You have a server named Server1 that runs Windows Server 2012 R2. The storage on Server1 is configured as shown in the following table.
You plan to implement Data Deduplication on Server1. You need to identify on which drives you can enable Data Deduplication. Which three drives should you identify? (Each correct answer presents part of the solution. Choose three.)
Volumes that are candidates for deduplication must conform to the following requirements:
* (not A) Must not be a system or boot volume. Deduplication is not supported on operating system volumes.
* Can be partitioned as a master boot record (MBR) or a GUID Partition Table (GPT), and must be formatted using the NTFS file system.
* Can reside on shared storage, such as storage that uses a Fibre Channel or an SAS array, or when an iSCSI SAN and Windows Failover Clustering is fully supported.
* Do not rely on Cluster Shared Volumes (CSVs).
You can access data if a deduplicationenabled volume is converted to a CSV, but you cannot continue to process files for deduplication.
* (not C) Do not rely on the Microsoft Resilient File System (ReFS).
* Must be exposed to the operating system as non-removable drives. Remotely-mapped drives are not supported.
You have 20 servers that run Windows Server 2012 R2. You need to create a Windows PowerShell script that registers each server in Windows Azure Online Backup and sets an encryption passphrase. Which two PowerShell cmdlets should you run in the script? (Each correct answer presents part of the solution. Choose two.)
E. Set OBMachineSetting
D: Start-OBRegistration. Registers the current computer with Windows Azure Online Backup using the credentials (username and password) created during enrollment.
E: The Set-OBMachineSetting cmdlet sets a OBMachineSetting object for the server that includes proxy server settings for accessing the internet, network bandwidth throttling settings, and the encryption passphrase that is required to decrypt the files during recovery to another server.
Not C: The Add-OBFileSpec cmdlet adds the OBFileSpec object, which specifies the items to include or exclude from a backup, to the backup policy (OBPolicy object). The OBFileSpec object can include or exclude multiple files, folders, or volumes.
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. You need to ensure that a WIM file that is located on a network share is used as the installation source when installing server roles and features on Server1. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Run the dism.exe command and specify the /remove-package parameter.
B. Run the Remove-WindowsFeature cmdlet.
C. Enable and configure the Specify settings for optional component installation and component repair policy setting by using a Group Policy object (GPO).
D. Enable the Enforce upgrade component rules policy setting by using a Group Policy object (GPO).
E. Run the Remove-WindowsPackage cmdlet.
A: To remove packages from an offline image by using DISM Example:
At a command prompt, specify the package identity to remove it from the image. You can remove multiple packages on one command line.
DISM /Image:C:\test\offline /Remove-Package/PackageName:Microsoft.Windows.Calc.Demo~6595b6144ccf1df~x86~en~220.127.116.11 /PackageName:Microsoft-Windows-MediaPlayerPackage~31bf3856ad364e35~x86~~6.1.6801.0
* You can use Group Policy to specify a Windows image repair source to use within your network. The repair source can be used to restore Windows features or to repair a corrupted Windows image.
* Set Group Policy.
You can use Group Policy to specify when to use Windows Update, or a network location as a repair source for features on demand and automatic corruption repair. To configure Group Policy for Feature on Demand Open the group policy editor. For example, on a computer that is running Windows?8, click Search, click Settings, type Edit Group Policy, and then select the Edit Group Policy setting. Click Computer Configuration, click Administrative Templates, click System, and then double-click the Specify settings for optional component uninstallation and component repair setting. Select the settings that you want to use for Features on Demand.
* The Windows Imaging Format (WIM) is a file-based disk image format. It was developed by Microsoft to help deploy Windows Vista and subsequent versions of Windows operating system family, as well as Windows Fundamentals for Legacy PCs.
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. The functional level of the forest is Windows Server 2003. You have a domain outside the forest named litwareinc.com. You need to configure an access solution to meet the following requirements:
– Users in litwareinc.com must be able to access resources on a server named Server1 in contoso.com.
– Users in the contoso.com forest must be prevented from accessing any resources in litwareinc.com.
– Users in litwareinc.com must be prevented from accessing any other resources in the contoso.com forest.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. Configure SID filtering on the trust.
B. Configure forest-wide authentication on the trust.
C. Create a one-way forest trust.
D. Create a one-way external trust
E. Modify the permission on the Server1 object.
F. Configure selective authentication on the trust.
D (not C): litwareinc.com is outside the forest so we need an external trust (not a forest trust).
E: Must grant the required permissions on Server1.
F(not B): For external trust we must either select Domain-Wide or Selective Authentication (forst- wide authentication is not an option).
* You can create an external trust to form a one-way or two-way, nontransitive trust with domains that are outside your forest. External trusts are sometimes necessary when users need access to resources in a Windows NT 4.0 domain or in a domain that is located in a separate forest that is not joined by a forest trust.
/ To select the scope of authentication for users that are authenticating through a forest trust, click the forest trust that you want to administer, and then click Properties.
On the Authentication tab, click either Forest-wide authentication or Selective authentication.
/ To select the scope of authentication for users that are authenticating through an external trust, click the external trust that you want to administer, and then click Properties.
On the Authentication tab, click either Domain-wide authentication or Selective authentication.
* The forest-wide authentication setting permits unrestricted access by any users in the trusted forest to all available shared resources in any of the domains in the trusting forest.
* Forest-wide authentication is generally recommended for users within the same organization. Reference: Select the Scope of Authentication for Users.
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. All client computers run Windows 8. You need to configure a custom Access Denied message that will be displayed to users when they are denied access to folders or files on Server1. What should you configure?
A. A classification property
B. The File Server Resource Manager Options
C. A file management task
D. A file screen template
File Server Resource Manager is a suite of tools that allows administrators to understand, control, and manage the quantity and type of data stored on their servers. By using File Server Resource Manager, administrators can place quotas on folders and volumes, actively screen files, and generate comprehensive storage reports. This set of advanced instruments not only helps the administrator to efficiently monitor existing storage resources but it also aids in the planning and implementation of future policy changes.
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains three Active Directory sites named SiteA, SiteB, and SiteC. The sites contain four domain controllers. The domain controllers are configured as shown in the following table.
You discover that the users in SiteC are authenticated by the domain controllers in SiteA and SiteB. You need to ensure that the SiteC users are authenticated by the domain controllers in SiteB, unless all of the domain controllers in SiteB are unavailable. What should you do?
A. Create additional connection objects for DC3 and DC4.
B. Decrease the cost of the site link between SiteB and SiteC.
C. Create a site link bridge.
D. Disable site link bridging.
By decreasing the cost between SiteB and SiteC, the SiteC users will be authenticated by SiteB domain controllers.
* A site link bridge connects two or more site links and enables transitivity between site links. Each site link in a bridge must have a site in common with another site link in the bridge.
* By default, all site links are transitive.
Your network contains an Active Directory domain named contoso.com. The domain contains a. DC2 has the DHCP Server server role installed. DHCP is configured as shown in the exhibit. (Click the Exhibit button.)
You discover that client computers cannot obtain IPv4 addresses from DC2. You need to ensure that the client computers can obtain IPv4 addresses from DC2. What should you do?
A. Disable the Deny filters.
B. Enable the Allow filters.
C. Authorize DC2.
D. Restart the DHCP Server service.
Your network contains an Active Directory forest named adatum.com. All servers run Windows Server 2012 R2. The domain contains four servers. The servers are configured as shown in the following table.
You need to deploy IP Address Management (IPAM) to manage DNS and DHCP. On which server should you install IPAM?
D. IPAM cannot be installed on Domain Controllers. All other servers have the DC role.
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA). All users in the domain are issued a smart card and are required to log on to their domain-joined client computer by using their smart card. A user named User1 resigned and started to work for a competing company. You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not prevent other users from logging on to the domain. Which tool should you use?
A. Active Directory Users and Computers
B. Server Manager
C. The Certificates snap-in
D. The Certification Authority console