QUESTION 1
Your network contains an Active Directory domain named adatum.com. The domain contains two domain controllers that run Windows Server 2012. The domain controllers are configured as shown in the following table.
You log on to DC1 by using a user account that is a member of the Domain Admins group, and then you create a new user account named User1. You need to prepopulate the password for User1 on DC2. What should you do first?
A. Connect to DC2 from Active Directory Users and Computers.
B. Add DC2 to the Allowed RODC Password Replication Policy group.
C. Add the User1 account to the Allowed RODC Password Replication Policy group.
D. Run Active Directory Users and Computers as a member of the Enterprise Admins group.
Answer: C
QUESTION 2
Your company has offices in Montreal, New York, and Amsterdam. The network contains an Active Directory forest named contoso.com. An Active Directory site exists for each office. All of the sites connect to each other by using the DEFAULTIPSITELINK site link. You need to ensure that only between 20:00 and 08:00, the domain controllers in the Montreal office replicate the Active Directory changes to the domain controllers in the Amsterdam office. The solution must ensure that the domain controllers in the Montreal and the New York offices can replicate the Active Directory changes any time of day. What should you do?
A. Create a new site link that contains Montreal and Amsterdam.
Remove Amsterdam from DEFAULTIPSITELINK.
Modify the schedule of DEFAULTIPSITELINK.
B. Create a new site link that contains Montreal and Amsterdam.
Create a new site link bridge.
Modify the schedule of DEFAU LTIPSITELINK.
C. Create a new site link that contains Montreal and Amsterdam.
Remove Amsterdam from DEFAULTIPSITELINK.
Modify the schedule of the new site link.
D. Create a new site link that contains Montreal and Amsterdam.
Create a new site link bridge.
Modify the schedule of the new site link.
Answer: C
QUESTION 3
Your network contains two Active Directory forests named contoso.com and adatum.com. A two- way forest trust exists between the forests. The contoso.com forest contains an enterprise certification authority (CA) named Server1. You implement cross-forest certificate enrollment between the contoso.com forest and the adatum.com forest. On Server1, you create a new certificate template named Template1. You need to ensure that users in the adatum.com forest can request certificates that are based on Template1. Which tool should you use?
A. DumpADO.ps1
B. Repadmin
C. Add-CATemplate
D. Certutil
E. PKISync.ps1
Answer: E
QUESTION 4
You have a server named Server1 that runs Windows Server 2012. Server1 has the Windows Deployment Services server role installed. You back up Server1 each day by using Windows Server Backup. The disk array on Server1 fails. You replace the disk array. You need to restore Server1 as quickly as possible. What should you do?
A. Start Server1 from the Windows Server 2012 installation media.
B. Start Server1and press F8.
C. Start Server1 and press Shift+F8.
D. Start Server1 by using the PXE.
Answer: A
QUESTION 5
Your network contains two servers named Server1 and Server2 that run Windows Server 2012. Both servers have the Hyper-V server role installed. Server1 and Server2 are located in different offices. The offices connect to each other by using a high-latency WAN link. Server2 hosts a virtual machine named VM1. You need to ensure that you can start VM1 on Server1 if Server2 fails. The solution must minimize hardware costs. What should you do?
A. On Server1, install the Multipath I/O (MPIO) feature. Modify the storage location of the VHDs for VM1.
B. From the Hyper-V Settings of Server2, modify the Replication Configuration settings. Enable replication for VM1.
C. On Server2, install the Multipath I/O (MPIO) feature. Modify the storage location of the VHDs for VM1.
D. From the Hyper-V Settings of Server1, modify the Replication Configuration settings. Enable replication for VM1.
Answer: D
QUESTION 6
You have a server named Server1 that runs Windows Server 2012. You modify the properties of a system driver and you restart Server1. You discover that Server1 continuously restarts without starting Windows Server 2012. You need to start Windows Server 2012 on Server1 in the least amount of time. The solution must minimize the amount of data loss. Which Advanced Boot Option should you select?
A. Last Know Good Configuration (advanced)
B. Repair Your Computer
C. Disable automatic restart on system failure
D. Disable Driver Signature Enforcement
Answer: A
QUESTION 7
Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server1, Server2, and Server3 that run Windows Server 2012. All three servers have the Hyper-V server role installed and the Failover Clustering feature installed. Server1 and Server2 are nodes in a failover cluster named Cluster1. Several highly available virtual machines run on Cluster1. Cluster1 has the Hyper-V Replica Broker role installed. The Hyper-V Replica Broker currently runs on Server1. Server3 currently has no virtual machines. You need to configure Cluster1 to be a replica server for Server3 and Server3 to be a replica server for Cluster1. Which two tools should you use? (Each correct answer presents part of the solution. Choose two.)
A. The Hyper-V Manager console connected to Server3
B. The Failover Cluster Manager console connected to Server3
C. The Hyper-V Manager console connected to Server1.
D. The Failover Cluster Manager console connected to Cluster1
E. The Hyper-V Manager console connected to Server2
Answer: AD
QUESTION 8
You have a file server named Server1 that runs Windows Server 2012. The folders on Server1 are configured as shown in the following table.
A new corporate policy states that backups must use Microsoft Online Backup whenever possible. You need to identify which technology you must use to back up Server1. The solution must use Microsoft Online Backup whenever What should you identify? To answer, drag the appropriate backup type to the correct location or locations. Each backup type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
QUESTION 9
You have a DNS server named Server1 that runs Windows Server 2012. Server1 has a signed zone for contoso.com. You need to configure DNS clients to perform DNSSEC validation for the contoso.com DNS domain. What should you configure?
A. The Network Connection settings
B. A Name Resolution Policy
C. The Network Location settings
D. The DNS Client settings
Answer: B
QUESTION 10
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012. On Dc1, you open DNS Manager as shown in the exhibit. (Click the Exhibit button.)
You need to change the replication scope of the contoso.com zone. What should you do before you change the replication scope?
A. Modify the Zone Transfers settings.
B. Add DC1 to the Name Servers list.
C. Add your user account to the Security settings of the zone.
D. Unsign the zone.
Answer: D
QUESTION 11
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 and a member server named Server1. Server1 has the IP Address Management (IPAM) Server feature installed. On Dc1, you configure Windows Firewall to allow all of the necessary inbound ports for IPAM. On Server1, you open Server Manager as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can use IPAM on Server1 to manage DNS on DC1. What should you do?
A. Modify the outbound firewall rules on Server1.
B. Modify the inbound firewall rules on Server1.
C. Add Server1 to the Remote Management Users group.
D. Add Server1 to the Event Log Readers group.
Answer: D
QUESTION 12
Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2 that run Windows Server 2012. Server1 has the IP Address Management (IPAM) Server feature installed. You install the IPAM client on Server2. You open Server Manager on Server2 as shown in the exhibit. (Click the Exhibit button.)
You need to manage IPAM from Server2. What should you do first?
A. On Server1, add the Server2 computer account to the IPAM MSM Administrators group.
B. On Server2, open Computer Management and connect to Server1.
C. On Server2, add Server1 to Server Manager.
D. On Server1, add the Server2 computer account to the IPAM ASM Administrators group.
Answer: C
QUESTION 13
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named Dc1. DC1 has the DNS Server server role installed. The network has two sites named Site1 and Site2. Site1 uses 10.10.0.0/16 IP addresses and Site2 uses 10.11.0.0/16 IP addresses. All computers use DC1 as their DNS server. The domain contains four servers named Server1, Server2, Server3, and Server4. All of the servers run a service named Service1. DNS host records are configured as shown in the exhibit. (Click the Exhibit button.)
You discover that computers from the 10.10.1.0/24 network always resolve Service1 to the [P address of Server1. You need to configure DNS on DC1 to distribute computers in Site1 between Server1 and Server2 when the computers attempt to resolve Service1. What should run on DC1?
A. dnscmd /config /bindsecondaries 1
B. dnscmd /config /localnetpriority 0
C. dnscmd /config /localnetprioritynetmask 0x0000ffff
D. dnscmd /config /roundrobin 0
Answer: C
QUESTION 14
Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office. The domain contains two servers named Server1 and Server2 that run Windows Server 2012. Both servers have the DHCP Server server role installed. Server1 is located in the main office site. Server2 is located in the branch office site. Server1 provides IPv4 addresses to the client computers in the main office site. Server2 provides IPv4 addresses to the client computers in the branch office site. You need to ensure that if either Server1 or Server2 are offline, the client computers can still obtain IPv4 addresses.
The solution must meet the following requirements:
– The storage location of the DHCP databases must not be a single point of failure.
– Server1 must provide IPv4 addresses to the client computers in the branch office site only if Server2 is offline.
– Server2 must provide IPv4 addresses to the client computers in the main office site only if Server1 is offline.
Which configuration should you use?
A. load sharing mode failover partners
B. a failover cluster
C. hot standby mode failover partners
D. a Network Load Balancing (NLB) cluster
Answer: C
QUESTION 15
You have a DHCP server named Server1. Server1 has an IP address 192.168.1.2 is located on a subnet that has a network ID of 192.168.1.0/24. On Server1, you create the scopes shown in the following table.
You need to ensure that Server1 can assign IP addresses from both scopes to the DHCP clients on the local subnet. What should you create on Server1?
A. A scope
B. A superscope
C. A split-scope
D. A multicast scope
Answer: B
QUESTION 16
Your network contains servers that run Windows Server 2012. The network contains a large number of iSCSI storage locations and iSCSI clients. You need to deploy a central repository that can discover and list iSCSI resources on the network automatically. Which feature should you deploy?
A. the Windows Standards-Based Storage Management feature
B. the iSCSI Target Server role service
C. the iSCSI Target Storage Provider feature
D. the iSNS Server service feature
Answer: D
QUESTION 17
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012. All domain user accounts have the Division attribute automatically populated as part of the user provisioning process. The Support for Dynamic Access Control and Kerberos armoring policy is enabled for the domain. You need to control access to the file shares on Server1 based on the values in the Division attribute and the Division resource property. Which three actions should you perform in sequence?
QUESTION 18
Your network contains two Active Directory forests named contoso.com and fabrikam.com. The contoso.com forest contains two domains named corp.contoso.com and contoso.com. You establish a two-way forest trust between contoso.com and fabrikam.com. Users from the corp.contoso.com domain report that they cannot log on to client computers in the fabrikam.com domain by using their corp.contoso.com user account. When they try to log on, they receive following error message:
“The computer you are signing into is protected by an authentication firewall. The specified account is not allowed to authenticate to the computer.” Corp.contoso.com users can log on successfully to client computers in the contoso.com domain by using their corp.contoso.com user account credentials. You need to allow users from the corp.contoso.com domain to log on to the client computers in the fabrikam.com forest. What should you do?
A. Configure Windows Firewall with Advanced Security.
B. Enable SID history.
C. Configure forest-wide authentication.
D. Instruct the users to log on by using a user principal name (UPN).
Answer: C
QUESTION 19
Your network contains two servers named Server1 and Server2 that run Windows Server 2012. Both servers have the Hyper-V server role installed. The servers have the hardware configurations shown in the following table.
Server1 hosts five virtual machines that run Windows Server 2012. You need to move the virtual machines from Server1 to Server2. The solution must minimize downtime. What should you do for each virtual machine?
A. Export the virtual machines from Server1 and import the virtual machines to Server2.
B. Perform a live migration.
C. Perform a quick migration.
D. Perform a storage migration.
Answer: A
QUESTION 20
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the Hyper-V server role installed. You plan to replicate virtual machines between Server1 and Server2. The replication will be encrypted by using Secure Sockets Layer (SSL). You need to request a certificate on Server1 to ensure that the virtual machine replication is encrypted. Which two intended purposes should the certificate for Server1 contain? (Each correct answer presents part of the solution. Choose two.)
A. Client Authentication
B. Kernel Mode Code Signing
C. Server Authentication
D. IP Security end system
E. KDC Authentication
Answer: AC
Passleader 70-412 Study Materials Tell You What Questions Are On The Real 70-412 Exam