[Free] 2018(May) EnsurePass Examcollection Microsoft 70-412 Dumps with VCE and PDF 61-70

Ensurepass.com : Ensure you pass the IT Exams
2018 May Microsoft Official New Released 70-412
100% Free Download! 100% Pass Guaranteed!

Configuring Advanced Windows Server 2012 R2 Services

Question No: 61 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.

The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA).

All users in the domain are issued a smart card and are required to log on to their domain- joined client computer by using their smart card.

A user named User1 resigned and started to work for a competing company.

You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not prevent other users from logging on to the domain.

Which tool should you use?

  1. Active Directory Administrative Center

  2. Certificate Templates

  3. The Security Configuration Wizard

  4. The Certificates snap-in

Answer: A Explanation:

To disable or enable a user account using Active Directory Administrative Center

  1. To open Active Directory Administrative Center, clickStart, clickAdministrative Tools, and then clickActive Directory Administrative Center.

    To open Active Directory Users and Computers in Windows Server 2012, clickStart, typedsac.exe.

  2. In the navigation pane, select the node that contains the user account whose status you want to change.

  3. In the management list, right-click the user whose status you want to change.

  4. Depending on the status of the user account, do one of the following:

    ->uk.co.certification.simulator.questionpool.PList@f41e020

    Reference: Disable or Enable a User Account

    Question No: 62 – (Topic 2)

    Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.

    Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.

    You configure File Services and DHCP as clustered resources for Cluster1. Server1 is the active node for both clustered resources.

    You need to ensure that if two consecutive heartbeat messages are missed between Server1 and Server2, Server2 will begin responding to DHCP requests. The solution must ensure that Server1remains the active node for the File Services clustered resource for up to five missed heartbeat messages.

    What should you configure?

    1. Affinity-None

    2. Affinity-Single

    3. The cluster quorum settings

    4. The failover settings

    5. A file server for general use

    6. The Handling priority

    7. The host priority

    8. Live migration

    9. The possible owner

    10. The preferred owner

    11. Quick migration

    12. the Scale-Out File Server

Answer: D Explanation:

The number of heartbeats that can be missed before failover occurs is known as the heartbeat threshold. Heartbeat threshold is failover clustering setting.

Reference: Tuning Failover Cluster Network Thresholds

http://technet.microsoft.com/en-us/library/dn265972.aspx http://technet.microsoft.com/en-us/library/dd197562(v=ws.10).aspx http://blogs.msdn.com/b/clustering/archive/2012/11/21/10370765.aspx

Question No: 63 DRAG DROP – (Topic 2)

Your network contains an Active Directory domain named contoso.com. The domain contains four member servers named Server1, Server2, Server3, and Server4. All servers run Windows Server 2012 R2.

Server1 and Server3 are located in a site named Site1. Server2 and Server4 are located in a site named Site2. The servers are configured as nodes in a failover cluster named Cluster1.

Dynamic quorum management is disabled.

Cluster1 is configured to use the Node Majority quorum configuration.

You need to ensure that users in Site2 can access Cluster1 if the network connection between the two sites becomes unavailable.

What should you run from Windows PowerShell?

To answer, drag the appropriate commands to the correct location. Each command may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Ensurepass 2018 PDF and VCE

Answer:

Ensurepass 2018 PDF and VCE

Explanation:

Ensurepass 2018 PDF and VCE

NodeWeight settings are used during quorum voting to support disaster recovery and multi- subnet scenarios for AlwaysOn Availability Groups and SQL Server Failover Cluster Instances.

Example (Powershell)

The following example changes the NodeWeight setting to remove the quorum vote for the “AlwaysOnSrv1” node.

Import-Module FailoverClusters

$node = “AlwaysOnSrv1”

(Get-ClusterNode $node).NodeWeight = 0

Question No: 64 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the Active Directory Federation Services server role installed. Server2 is a file server.

Your company introduces a Bring Your Own Device (BYOD) policy.

You need to ensure that users can use a personal device to access domain resources by using Single Sign-On (SSO) while they are connected to the internal network.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  1. Enable the Device Registration Service in Active Directory.

  2. Publish the Device Registration Service by using a Web Application Proxy.

  3. Configure Active Directory Federation Services (AD FS) for the Device Registration Service.

  4. Create and configure a sync share on Server2.

  5. Install the Work Folders role service on Server2.

Answer: A,C Explanation:

  • Workplace Join leverages a feature included in the Active Directory Federation Services (AD FS) Role in Windows Server 2012 R2, called Device Registration Service (DRS).

    DRS provisions a device object in Active Directory when a device is Workplace Joined. Once the device object is in Active Directory, attributes of that object can be retrieved and used to provide conditional access to resources and applications. The device identity is represented by a certificate which is set on the personal device by DRS when the device is Workplace Joined.

  • In Windows Server 2012 R2, AD FS and Active Directory Domain Services have been extended to comprehend the most popular mobile devices and provide conditional access to enterprise resourcesbased on user device combinations and access policies. With these policies in place, you can control access based on users, devices, locations, and access times.

  • Reference: BYOD Basics: Enabling the use of Consumer Devices using Active Directory in Windows Server 2012 R2

    Question No: 65 – (Topic 2)

    Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 has the DNS Server server role installed.

    The network contains client computers that run either Linux, Windows 7, or Windows 8. You have a zone named adatum.com as shown in the exhibit. (Click the Exhibit button.)

    Ensurepass 2018 PDF and VCE

    You plan to configure Name Protection on all of the DHCP servers.

    You need to configure the adatum.com zone to support Name Protection. What should you do?

    1. Change the zone type.

    2. Sign the zone.

    3. Add a DNSKEY record.

    4. Configure Dynamic updates.

    Answer: D Explanation:

    Name protection requires secure update to work. Without name protection DNS names may be hijacked.

    You can use the following procedures to allow only secure dynamic updates for a zone. Secure dynamic update is supported only for Active Directory-integrated zones. If the zone type is configured differently, you must change the zone type and directory-integrate the zone before securing it for Domain Name System (DNS) dynamic updates.

    Enable secure dynamic updates:

    Ensurepass 2018 PDF and VCE

    Reference: DHCP: Secure DNS updates should be configured if Name Protection is enabled on any IPv4 scope

    http://technet.microsoft.com/en-us/library/ee941152(v=ws.10).aspx

    Question No: 66 – (Topic 2)

    Your network contains an Active Directory domain named adatum.com. The domain contains two domain controllers that run Windows Server 2012 R2. The domain controllers

    are configured as shown in the following table.

    Ensurepass 2018 PDF and VCE

    You log on to DC1 by using a user account that is a member of the Domain Admins group, and then you create a new user account named User1.

    You need to prepopulate the password for User1 on DC2. What should you do first?

    1. Connect to DC2 from Active Directory Users and Computers.

    2. Add DC2 to the Allowed RODC Password Replication Policy group.

    3. Add the User1 account to the Allowed RODC Password Replication Policy group.

    4. Run Active Directory Users and Computers as a member of the Enterprise Admins group.

    Answer: D Explanation:

    To prepopulate the password cache for an RODC by using Active Directory Users and Computers(see step 1 below).

    Administrative credentials: To prepopulate the password cache for an RODC, you must be a member of the Domain Admins group.

    ->ClickStart, clickAdministrative Tools, and then clickActive Directory Users and Computers.

    ->Ensure that Active Directory Users and Computers points to the writable domain

    controller that is running Windows Server 2008, and then clickDomain Controllers.

    ->In the details pane, right-click the RODC computer account, and then clickProperties.

    ->Click thePassword Replication Policytab.

    ->ClickAdvanced.

    ->ClickPrepopulate Passwords.

    ->Type the name of the accounts whose passwords you want to prepopulate in the cache for the RODC, and then clickOK.

    ->When you are asked if you want to send the passwords for the accounts to the RODC, clickYes.

    Note: You can prepopulate the password cache for an RODC with the passwords of user and computer accounts that you plan to authenticate to it. When you prepopulate the RODC password cache, you trigger the RODC to replicate and cache the passwords for users and computers before the accounts try to log on in the branch office.

    Incorrect:

    Not C. You don#39;t need to add User1 to the Allowed RODC Password Replication Policy group. As a first step you should runActive Directory Users and Computersas a member of the Domain/Enterprise Admins group.-

    Reference: Password Replication Policy Administration http://technet.microsoft.com/en-us/library/cc753470(v=ws.10).aspx#BKMK_pre

    Question No: 67 HOTSPOT – (Topic 2)

    Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. The servers have the Hyper-V server role installed.

    A certification authority (CA) is available on the network.

    A virtual machine named vml.contoso.com is replicated from Server1 to Server2. A virtual machine named vm2.contoso.com is replicated from Server2 to Server1.

    You need to configure Hyper-V to encrypt the replication of the virtual machines. Which common name should you use for the certificates on each server?

    To answer, configure the appropriate common name for the certificate on each server in the answer area.

    Ensurepass 2018 PDF and VCE

    Ensurepass 2018 PDF and VCE

    Answer:

    Ensurepass 2018 PDF and VCE

    Explanation:

    Ensurepass 2018 PDF and VCE

    Hyper-V Replica Certificate Requirements

    If you want to use HTTPS, then you will need to create certificates for the hosts/clusters in both the primary and secondary sites.

    Question No: 68 DRAG DROP – (Topic 2)

    Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.

    You plan to install the Active Directory Federation Services server role on Server1 to allow for Workplace Join.

    You run nslookup enterprise registration and you receive the following results:

    Ensurepass 2018 PDF and VCE

    You need to create a certificate request for Server1 to support the Active Directory Federation Services (AD FS) installation.

    How should you configure the certificate request?

    To answer, drag the appropriate names to the correct locations. Each name may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

    Ensurepass 2018 PDF and VCE

    Answer:

    Ensurepass 2018 PDF and VCE

    Explanation:

    Ensurepass 2018 PDF and VCE

    Obtain a server SSL certificate from either a public certificate authority (CA) or from your organization#39;s PKI subordinate CA that is trusted by a public certificate authority.

    The server SSL certificate must have the following certificate attributes to be used with Workplace Join:

    • Subject Name (CN): adfs1.contoso.com

    • Subject Alternative Name (DNS): adfs1.contoso.com

    • Subject Alternative Name (DNS): enterpriseregistration.contoso.com

    Question No: 69 – (Topic 2)

    Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2.

    You install the DHCP Server server role on Server1 and Server2. You install the IP Address Management (IPAM) Server feature on Server1.

    You notice that you cannot discover Server1 or Server2 in IPAM.

    You need to ensure that you can use IPAM to discover the DHCP infrastructure.

    Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

    1. On Server2, create an IPv4 scope.

    2. On Server1, run the Add-IpamServerInventory cmdlet.

    3. On Server2, run the Add-DhcpServerInDc cmdlet

    4. On both Server1 and Server2, run the Add-DhcpServerv4Policy cmdlet.

    5. On Server1, uninstall the DHCP Server server role.

    Answer: B,C Explanation:

    1. The Add-IpamServerInventory cmdlet adds a new infrastructure server to the IP Address Management (IPAM) server inventory. Use the fully qualified domain name (FQDN) of the server to add to the server inventory.

    2. TheAdd-DhcpServerInDCcmdlet adds the computer running the DHCP server service to

    the list of authorized Dynamic Host Configuration Protocol (DHCP) server services in the Active Directory (AD). A DHCP server service running on a domain joined computer needs to be authorized in AD so that it can start leasing IP addresses on the network.

    Reference: Add-IpamServerInventory; Add-DhcpServerInDC

    Question No: 70 – (Topic 2)

    Your network contains an Active Directory domain named contoso.com. The domain contains two sites named Site1 and Site2 and two domain controllers named DC1 and DC2. Both domain controllers are located in Site1.

    You install an additional domain controller named DC3 in Site1 and you ship DC3 to Site2. A technician connects DC3 to Site2.

    You discover that users in Site2 are authenticated by all three domain controllers.

    You need to ensure that the users in Site2 are authenticated by DC1 or DC2 only if DC3 is unavailable.

    What should you do?

    1. From Network Connections, modify the IP address of DC3.

    2. In Active Directory Sites and Services, modify the Query Policy of DC3.

    3. From Active Directory Sites and Services, move DC3.

    4. In Active Directory Users and Computers, configure the insDS-PrimaryComputer attribute for the users in Site2.

    Answer: C Explanation:

    DC3 needs to be moved to Site2 in AD DS Incorrect:

    Not A. Modifying IP will not affect authentication

    Not B. A query policy prevents specific Lightweight Directory Access Protocol (LDAP)

    operations from adversely impacting the performance of the domain controller and also makes the domain controller more resilient to denial-of-service attacks.

    Reference: Move a domain controller between sites http://technet.microsoft.com/en-us/library/cc759326(v=ws.10).aspx

    100% Ensurepass Free Download!
    Download Free Demo:70-412 Demo PDF
    100% Ensurepass Free Guaranteed!
    Download 2018 EnsurePass 70-412 Full Exam PDF and VCE

    EnsurePass ExamCollection Testking
    Lowest Price Guarantee Yes No No
    Up-to-Dated Yes No No
    Real Questions Yes No No
    Explanation Yes No No
    PDF VCE Yes No No
    Free VCE Simulator Yes No No
    Instant Download Yes No No

    Leave a Reply

    Your email address will not be published. Required fields are marked *