[Free] 2018(May) EnsurePass Examcollection Microsoft 70-412 Dumps with VCE and PDF 111-120

Ensurepass.com : Ensure you pass the IT Exams
2018 May Microsoft Official New Released 70-412
100% Free Download! 100% Pass Guaranteed!

Configuring Advanced Windows Server 2012 R2 Services

Question No: 111 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server

2012 R2.

Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.

You add two additional nodes to Cluster1. You need to ensure that Cluster1 stops running if three nodes fail.

What should you configure?

  1. Affinity-None

  2. Affinity-Single

  3. The cluster quorum settings

  4. The failover settings

  5. A file server for general use

  6. The Handling priority

  7. The host priority

  8. Live migration

  9. The possible owner

  10. The preferred owner

  11. Quick migration

  12. the Scale-Out File Server

Answer: C Explanation:

The quorum configuration in a failover cluster determines the number of failures that the cluster can sustain.

Reference: Understanding Quorum Configurations in a Failover Cluster http://technet.microsoft.com/en-us/library/cc731739.aspx

Question No: 112 – (Topic 2)

Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. The domains contain three domain controllers. The domain controllers are configured as shown in the following table.

Ensurepass 2018 PDF and VCE

You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring setting is enforced in both domains.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  1. Raise the domain functional level of contoso.com.

  2. Raise the domain functional level ofchildl.contoso.com.

  3. Raise the forest functional level of contoso.com.

  4. Upgrade DC11 to Windows Server 2012 R2.

  5. Upgrade DC1 to Windows Server 2012 R2.

Answer: A,E Explanation:

The root domain in the forest must be at Windows Server 2012 level. First upgrade DC1 to this level (E), then raise the contoso.com domain functional level to Windows Server 2012 (A).

  • (E) To support resources that use claims-based access control, the principal’s domains will need to be running one of the following:

    / All Windows Server 2012 domain controllers.

    / Sufficient Windows Server 2012 domain controllers to handle all the Windows 8 device authentication requests.

    / Sufficient Windows Server 2012 domain controllers to handle all the Windows Server 2012 resource protocol transition requests to support non-Windows 8 devices.

    Reference: What#39;s New in Kerberos Authentication http://technet.microsoft.com/en-us/library/hh831747.aspx.

    Question No: 113 – (Topic 2)

    Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server3 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.

    DHCP is configured as shown in the exhibit. (Click the Exhibit button.)

    Ensurepass 2018 PDF and VCE

    Scope1, Scope2, and Scope3 are configured to assign the IP addresses of two DNS servers to DHCP clients. The remaining scopes are NOT configured to assign IP addresses of DNS servers to DHCP clients.

    You need to ensure that only Scope1, Scope3, and Scopes assign the IP addresses of the DNS servers to the DHCP clients. The solution must minimize administrative effort.

    What should you do?

    1. Create a superscope and a filter.

    2. Create a superscope and scope-level policies.

    3. Configure the Server Options.

    4. Configure the Scope Options.

    Answer: D Explanation:

    Scope options are applied to any clients that obtain a lease within that particular scope. Active scope option types always apply to all computers obtaining a lease in a given scope unless they are overridden by class or reserved client settings for the option type.

    Incorrect:

    Not A, not B. A superscope allows a DHCP server to provide leases from more than one scope to clients on a single physical network. It is not applicable here.

    Not C. If we configure the Server Options and set the DNS Servers then all DHCP clients would be assigned a DNS server.

    Reference: Managing DHCP Options https://technet.microsoft.com/en-us/library/cc958929.aspx

    Question No: 114 – (Topic 2)

    Your network contains two Active Directory forests named contoso.com and adatum.com. Each forest contains one domain. Contoso.com has a two-way forest trust to adatum.com. Selective authentication is enabled on the forest trust.

    Contoso contains 10 servers that have the File Server role service installed. Users successfully access shared folders on the file servers by using permissions granted to the Authenticated Users group.

    You migrate the file servers to adatum.com.

    Contoso users report that after the migration, they are unable to access shared folders on the file servers.

    You need to ensure that the Contoso users can access the shared folders on the file

    servers.

    What should you do?

    1. Disable selective authentication on the existing forest trust.

    2. Disable SID filtering on the existing forest trust.

    3. Run netdom and specify the /quarantine attribute.

    4. Replace the existing forest trust with an external trust.

    Answer: B Explanation:

    Although it is not recommended, you can use this procedure to disable security identifier (SID) filter quarantining for an external trust with the Netdom.exe tool. You should consider disabling SID filter quarantining only in the following situations:

  • Users have been migrated to the trusted domain with their SID histories preserved, and you want to grant those users access to resources in the trusting domain (the former domain of the migrated users) based on the sIDHistory attribute.

Etc.

Reference: Disabling SID filter quarantining http://technet.microsoft.com/en-us/library/cc794713(v=ws.10).aspx

Question No: 115 – (Topic 2)

Your network contains two Active Directory forests named contoso.com and litwareinc.com. A two-way forest trusts exists between the forest. Selective authentication is enabled on the trust.

The contoso.com forest contains a server named Server1.

You need to ensure that users in litwareinc.com can access resources on Server1. What should you do?

  1. Install Active Directory Rights Management Services on a domain controller in contoso.com.

  2. Modify the permission on the Server1 computer account.

  3. Install Active Directory Rights Management Services on a domain controller in litwareinc.com.

  4. Configure SID filtering on the trust.

Answer: B Explanation:

Selective authentication between forests

If you decide to set selective authentication on an incoming forest trust, you need to manually assign permissions on each computer in the domain as well as the resources to which you want users in the second forest to have access. To do this, set a control access right Allowed to authenticate on the computer object that hosts the resource in Active Directory Users and Computers in the second forest. Then, allow user or group access to the particular resources you want to share.

Reference: Accessing resources across forests

Question No: 116 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.

Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.

You add two additional nodes to Cluster1.

You have a folder named Folder1 on Server1 that contains Application data. You plan to provide continuously available access to Folder1.

You need to ensure that all of the nodes in Cluster1 can actively respond to the client requests for Folder1.

What should you configure?

  1. Affinity-None

  2. Affinity-Single

  3. The cluster quorum settings

  4. The failover settings

  5. A file server for general use

  6. The Handling priority

  7. The host priority

  8. Live migration

  9. The possible owner

  10. The preferred owner

  11. Quick migration

  12. The Scale-Out File Server

Answer: L Explanation:

Scale-Out File Server is a feature that is designed to provide scale-out file shares that are continuously available for file-based server application storage. Scale-out file shares provides the ability to share the same folder from multiple nodes of the same cluster.

Note: You can deploy and configure a clustered file server by using either of the following methods:

  • Scale-Out File Server for Application data (Scale-Out File Server)

  • File Server for general use

    Scale-Out File Server for Application data (Scale-Out File Server) This clustered file server is introduced in Windows Server 2012 R2 and lets you store server Application data, such as Hyper-V virtual machine files, on file shares, and obtain a similar level of reliability, availability, manageability, and high performance that you would expect from a storage area network. All file shares are online on all nodes simultaneously. File shares associated with this type of clustered file server are called scale-out file shares. This is sometimes referred to as active-active.

    Reference: Scale-Out File Server for Application Data Overview http://technet.microsoft.com/en-us/library/hh831349.aspx

    Question No: 117 – (Topic 2)

    You have a server named Server1 that runs Windows Server 2012 R2. Server1 is located in the perimeter network and has the DNS Server server role installed.

    Server1 has a zone named contoso.com. You App1y a security template to Server1.

    After you App1y the template, users report that they can no longer resolve names from contoso.com.

    On Server1, you open DNS Manager as shown in the DNS exhibit. (Click the Exhibit button.)

    Ensurepass 2018 PDF and VCE

    On Server1, you open Windows Firewall with Advanced Security as shown in the Firewall exhibit. (Click the Exhibit button.)

    Ensurepass 2018 PDF and VCE

    You need to ensure that users can resolve contoso.com names. What should you do?

    1. From Windows Firewall with Advanced Security, disable the DNS (TCP, Incoming) rule and the DNS (UDP, Incoming) rule.

    2. From DNS Manager, modify the Zone Transfers settings of the contoso.com zone.

    3. From DNS Manager, unsign the contoso.com zone.

    4. From DNS Manager, modify the Start of Authority (SOA) of the contoso.com zone.

    5. From Windows Firewall with Advanced Security, modify the profiles of the DNS (TCP, Incoming) rule and the DNS (UDP, Incoming) rule.

    Answer: E Explanation:

    To configure Windows Firewall on a managed DNS server

    ->On the Server Manager menu, clickToolsand then clickWindows Firewall with Advanced Security.

    ->Right-clickInbound Rules, and then clickNew Rule. TheNew Inbound Rule Wizardwill launch.

    ->InRule Type, selectPredefined, chooseDNS Servicefrom the list, and then clickNext.

    ->InPredefined Rules, underRules, select the checkboxes next to the following rules:

    ->ClickNext, chooseAllow the connection, and then clickFinish.

    ->Right-clickInbound Rules, and then clickNew Rule. TheNew Inbound Rule Wizardwill launch.

    etc.

    Reference: Manually Configure DNS Access Settings

    Question No: 118 DRAG DROP – (Topic 2)

    Your network contains two Active Directory forests named contoso.com and adatum.com. Each forest contains an Active Directory Rights Management Services (AD RMS) root cluster. All servers run Windows Server 2012 R2.

    You need to ensure that the rights account certificates issued in adatum.com are accepted by the AD RMS root cluster in contoso.com.

    What should you do in each forest?

    To answer, drag the appropriate actions to the correct forests. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

    Ensurepass 2018 PDF and VCE

    Answer:

    Ensurepass 2018 PDF and VCE

    Explanation:

    Ensurepass 2018 PDF and VCE

    A trusted user domain, often referred as a TUD, is a trust between AD RMS clusters that instructs a licensing server to accept rights account certificates (the certificates identifying users) from another AD RMS server in a different Active Directory forest. An AD RMS trust is not the same as an Active Directory trust, but it is similar in that it refers to the ability of one environment to accept identities from another environment as valid subjects.

    Illustration:

    Ensurepass 2018 PDF and VCE

    fc8d52c8-a2d8-4584-be1d-99e67989a944

    Question No: 119 – (Topic 2)

    Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.

    You are creating a central access rule named TestFinance that will be used to grant members of the Authenticated users group access to a folder stored on a Microsoft SharePoint Server 2013 server.

    You need to ensure that the permissions are granted when the rule is published. What should you do?

    1. Set the Permissions to Use the following permissions as proposed permissions.

    2. Set the Permissions to Use following permissions as current permissions.

    3. Add a Resource condition to the current permissions entry for the Authenticated Users principal.

    4. Add a User condition to the current permissions entry for the Authenticated Users principal.

    Answer: B Explanation:

    To create a central access rule (see step 5 below):

    ->In the left pane of the Active Directory Administrative Center, clickTree View, selectDynamic Access Control, and then clickCentral Access Rules.

    ->Right-clickCentral Access Rules, clickNew, and then clickCentral Access Rule.

    ->In theNamefield, typeFinance Documents Rule.

    ->In theTarget Resourcessection, clickEdit, and in theCentral Access Ruledialog box, clickAdd a condition. Add the following condition:

    ->[Resource] [Department] [Equals] [Value] [Finance], and then clickOK.

    ->In thePermissionssection, selectUse following permissions as current permissions, clickEdit, and in theAdvanced Security Settings for Permissionsdialog box clickAdd.

    Note (not A): Use the following permissions as proposed permissions option lets you create the policy in staging.

    1. In thePermission entry for Permissionsdialog box, clickSelect a principal, type

      Authenticated Users, and then clickOK. Etc.

      Incorrect:

      Not A. Proposed permissions enable an administrator to more accurately model the impact of potential changes to access control settings without actually changing them.

      Reference: Deploy a Central Access Policy (Demonstration Steps) https://technet.microsoft.com/en-us/library/hh846167.aspx

      Question No: 120 – (Topic 2)

      Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 have the Hyper-V server role installed. Server1 and Server2 are configured as Hyper-V replicas of each other.

      Server2 hosts a virtual machine named VM5. VM5 is replicated to Server1.

      You need to verify whether the replica of VM5 on Server1 is functional. The solution must ensure that VM5 remains accessible to clients.

      What should you do from Hyper-V Manager?

      1. On Server1, execute a Planned Failover.

      2. On Server1, execute a Test Failover.

      3. On Server2, execute a Planned Failover.

      4. On Server2, execute a Test Failover.

    Answer: B Explanation:

    Test Failover (TFO) is an operation initiated on your replica virtual machine (in this scenario on Server1) which allows you to test the sanity of the virtualized workload without interrupting your production workload or ongoing replication.

    TFO is performed on the replica virtual machine by right-clicking on the VM and choosing the Test Failover operation (either from the Hyper-V Manager or from the Failover Clustering Manager).

    Reference: Types of failover operations in Hyper-V Replica – Part I – Test Failover.

    Topic 3, Volume C

    100% Ensurepass Free Download!
    Download Free Demo:70-412 Demo PDF
    100% Ensurepass Free Guaranteed!
    Download 2018 EnsurePass 70-412 Full Exam PDF and VCE

    EnsurePass ExamCollection Testking
    Lowest Price Guarantee Yes No No
    Up-to-Dated Yes No No
    Real Questions Yes No No
    Explanation Yes No No
    PDF VCE Yes No No
    Free VCE Simulator Yes No No
    Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *