Configuring Advanced Windows Server 2012 R2 Services
Question No: 151 HOTSPOT – (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the IP Address Management (IPAM) Server feature installed.
You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1 and Server2. You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2. To which group on Server2 should you add Tech1? To answer, select the appropriate group in the answer area.
If you are accessing the IPAM server remotely using Server Manager IPAM client RSAT, then you must be a member of the WinRMRemoteWMIUsers group on the IPAM server, in addition to being a member of the appropriate IPAM security group (or local Administrators group).
Question No: 152 HOTSPOT – (Topic 3)
You run Get-ISCSIServerTarget and you receive the following output.
Use the drop-down menus to select the answer choice that completes each statement.
The Get-IscsiServerTarget command obtains iSCSI targets and their associated properties.
* Usually, an iSCSI participant can be defined by three or four fields:
->Hostname or IP Address (e.g., quot;iscsi.example.comquot;)
->Port Number (e.g., 3260)
->iSCSI Name (e.g., the IQN quot;iqn.2003-01.com.ibm:00.fcd0ab21.shark128quot;)
->An optional CHAP Secret (e.g., quot;secretsarefunquot;)
-iSCSI Qualified Name (IQN) the fields are:
literal iqn (iSCSI Qualified Name)
date (yyyy-mm) that the naming authority took ownership of the domain
reversed domain name of the authority (e.g. org.alpinelinux, com.example, to.yp.cr) Optional quot;:quot; prefixing a storage target name specified by the naming authority.
Specifies the iSCSI initiator identifiers (IDs) to which the iSCSI target is assigned.
Use this parameter to filter out the iSCSI Server Target object which can be accessed by the given iSCSI initiator.
The format of this parameter is IdType:Value.
The acceptable values for this parameter are: DNSName, IPAddress, IPv6Address, IQN, or MACAddress.
Question No: 153 DRAG DROP – (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server3. The network contains a standalone server named Server2.
All servers run Windows Server 2012 R2. The servers are configured as shown in the following table.
Server3 hosts an application named App1. App1 is accessible internally by using the URL https://app1.contoso.com. App1 only supports Integrated Windows authentication.
You need to ensure that all users from the Internet are pre-authenticated before they can access App1.
What should you do?
To answer, drag the appropriate servers to the correct actions. Each server may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Box 1: Server1
For all types of application that you can publish using AD FS preauthentication, you must add a AD FS relying party trust to the Federation Service.
Use Server1 as it has AD FS.
Box 2: Server2
When publishing applications that use Integrated Windows authentication, the Web Application Proxy server uses Kerberos constrained delegation to authenticate users to the published application.
Box 3: Server2
To publish a claims-based application
On the Web Application Proxy server, in the Remote Access Management console, in the Navigation pane, click Web Application Proxy, and then in the Tasks pane, click Publish.
On the Publish New Application Wizard, on the Welcome page, click Next. Etc.
Box 4: Server2
Configure CAs and certificates (see c below)
Web Application Proxy servers require the following certificates in the certificate store on each Web Application Proxy server:
A certificate whose subject covers the federation service name. If you want to use Workplace Join, the certificate must also contain the following subject alternative names (SANs): lt;federation service namegt;.lt;domaingt; and enterpriseregistration.lt;domaingt;.
A wildcard certificate, a subject alternative name (SAN) certificate, several SAN certificates, or several certificates whose subjects cover each web application.
A copy of the certificate issued to external servers when using client certificate preauthentication.
Question No: 154 – (Topic 3)
You have a server named Server1 that runs Windows Server 2012 R2.
A Microsoft Azure Backup of Server1 is created automatically every day. You need to view the items that are included in the backup.
Which cmdlet should you run?
Answer: C Explanation:
The Get-OBPolicy cmdlet gets the current backup policy that is set for the server, including the details about scheduling backups, files included in the backup, and retention policy.
Reference: Technet, Get-OBPolicy
Question No: 155 – (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 has the DHCP Server server role installed.
DHCP is configured as shown in the exhibit. (Click the Exhibit button.)
You discover that client computers cannot obtain IPv4 addresses from DC1.
You need to ensure that the client computers can obtain IPv4 addresses from DC1. What should you do?
Activate the scope.
Disable the Allow filters.
Disable the Deny filters.
Answer: C Explanation:
You have enabled the Allow list but haven#39;t entered any MAC addresses, thus everyone is denied. Either Disable the Allow filters or start adding MAC addresses to the Allow filter.
Note: MAC address based filtering allows specific control over which clients have access to DHCP addresses. You can create a list of computers that are allowed to obtain DHCP addresses from the server by adding the client MAC address to the list of allowed client computers. By enabling the allow list, you automatically deny access to the DHCP server addresses to any client computer not on the list.
Reference: DHCP: If the allow list is enabled, MAC address filtering should be populated https://technet.microsoft.com/en-us/library/ee956897(v=ws.10)
Question No: 156 HOTSPOT – (Topic 3)
You have a server named Server1 that runs Windows Server 2012 R2. The volumes on Server1 are configured as shown in the following table.
A new corporate policy states that backups must use Windows Azure Online Backup whenever possible.
You need to identify which backup methods you must use to back up Server1. The solution must use Windows Azure Online Backup whenever possible.
Which backup type should you identify for each volume?
To answer, select the appropriate backup type for each volume in the answer area.
Box 1: Windows Server Backup
Volume1 is NTFS and on a fixed disk, but Bitlocker is used.
Windows Azure Online Backup cannot backup volume that has Bitlocker.
Box 2: Windows Azure Online Backup
Volume2 is NTFS, on a fixed disk, and Bitlocker is not used. Windows Azure Online Backup can be used.
Box 3: Windows Server Backup
Volume3 is not on a fixed disk. It is on a USB disk. Additionally bitlocker is used.
Windows Azure Online Backup cannot be used. Box 4: Windows Server Backup
Volume3 is not on a fixed disk. It is on a USB disk. Windows Azure Online Backup cannot be used.
Note: You can use Microsoft Azure Backup to back up content stored on fixed NTFS volumes. It cannot be used in the following situations:
Volume is locked by BitLocker Drive Encryption. If BitLocker is enabled on the volume, the volume must be unlocked before it can be backed up.
Drive type is not fixed.
Volume is not formatted with NTFS.
Volume is read-only.
Volume is not currently online. Volume is on a network share.
Question No: 157 HOTSPOT – (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Federation Services server role installed.
You need to make configuration changes to the Windows Token-based Agent role service. Which tool should you use?
To answer, select the appropriate tool in the answer area.
To configure the Windows token-based agent
->ClickStart, point toAdministrative Tools, and then clickInternet Information Services (IIS) Manager.
Question No: 158 – (Topic 3)
You have two servers named Server1 and Server2 that run Windows Server 2012 R2.
You have a Microsoft Azure subscription that has two backup vaults named Vault1 and Vault2.
Server1 is backed up to Vault1. The backup of Server1 contains a file named Data.db. Server2 is backed up to Vault2.
You need to recover a copy of Data.db to Server2. What should you do?
From the Azure Management Portal, modify the policies of Vault1. On Server2, run the Recover Data Wizard.
From Server2, modify the logon settings for the Microsoft Azure Recovery Services Agent service, and then run the Recover Data Wizard.
From the Azure Management Portal, allow the re-registration of Server1. On Server2, modify the Microsoft Azure Backup properties, and then run the Recover Data Wizard.
From Server2, copy the Vault1 credentials and the passphrase. Run the Recover data Wizard.
Answer: D Explanation:
We need the Vault1 credentials to be able to access the data in Vault1.
We need the passphrase of Server1 to access the backup that was made on Server1.
Question No: 159 HOTSPOT – (Topic 3)
You need to configure Server1 to meet the following requirements:
->Ensure that old files in folder named Folder1 are archived automatically to a folder named Archive1.
->Ensure that JPG files can always be saved to a local computer, even when a file
Which two nodes should you configure?
Node 1: File expiration tasks are used to automatically move all files that match certain criteria to a specified expiration directory, where an administrator can then back those files up and delete them.
To create a file expiration task
->Click theFile Management Tasksnode.
->Right-clickFile Management Tasks, and then clickCreate File Management Task(or clickCreate File Management Taskin theActionspane). This opens theCreate File Management Taskdialog box.
->In theException pathtext box, type or select the path that the exception will apply to. The exception will apply to the selected folder and all of its subfolders.
Occasionally, you need to allow exceptions to file screening. For example, you might want to block video files from a file server, but you need to allow your training group to save the video files for their computer-based training. To allow files that other file screens are blocking, create a file screen exception.
You assign file groups to determine which file types will be allowed in the file screen exception.
To create a file screen exception
->InFile Screening Management, click theFile Screensnode.
->Right-clickFile Screens, and clickCreate File Screen Exception(or selectCreate File Screen Exceptionfrom theActionspane). This opens theCreate File Screen Exceptiondialog box.
Note: On the File Screening Management node of the File Server Resource Manager MMC snap-in, you can perform the following tasks:
Create file screens to control the types of files that users can save, and generate notifications when users attempt to save unauthorized files.
Define file screening templates that can be applied to new volumes or folders and that
can be used across an organization.
Create file screening exceptions that extend the flexibility of the file screening rules.
Question No: 160 HOTSPOT – (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. Server1 is configured to resolve single-label names for DNS clients.
You need to view the number of queries for single-label names that are resolved by Server1.
What command should you run?
To answer, select the appropriate options in the answer area.
The Get-DnsServerStatistics cmdlet retrieves statistics of a Domain Name System (DNS) server. If the ZoneName parameter is specified, this cmdlet gets statistics for the zones specified by that parameter.
To help network administrators migrate to DNS for all name resolution, the DNS Server role in Windows Server 2008 (and later) supports a specially named zone, called GlobalNames. By deploying a zone with this name, you can have the static, global records with single-label names, without relying on WINS. These single-label names typically refer to records for important, well-known and widely-used servers-servers that are already assigned static IP addresses and that are currently managed by IT-administrators using WINS.
100% Ensurepass Free Download!
–Download Free Demo:70-412 Demo PDF
100% Ensurepass Free Guaranteed!
–Download 2018 EnsurePass 70-412 Full Exam PDF and VCE
EnsurePass ExamCollection Testking Lowest Price Guarantee Yes No No Up-to-Dated Yes No No Real Questions Yes No No Explanation Yes No No PDF VCE Yes No No Free VCE Simulator Yes No No Instant Download Yes No No