Configuring Advanced Windows Server 2012 Services

 

QUESTION 151

Your company has two offices. The offices are located in Seattle and Montreal.

 

The network contains an Active Directory domain named contoso.com. The domain contains two DHCP servers named Server1 and Server2. Server1 is located in the Seattle office. Server2 is located in the Montreal office. All servers run Windows Server 2012 R2.

 

You need to create a DHCP scope for video conferencing in the Montreal office. The scope must be configured as shown in the following table.

 

clip_image002

 

Which Windows PowerShell cmdlet should you run?

 

A.

Add-DchpServerv4SuperScope

B.

Add-DchpServerv4MulticastScope

C.

Add-DHCPServerv4Policy

D.

Add-DchpServerv4Scope

 

Correct Answer: B

 

 

 

 

 

 

 

 

 

QUESTION 152

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 has the DHCP Server server role installed.

 

DHCP is configured as shown in the exhibit. (Click the Exhibit button.)

 

clip_image004

 

You discover that client computers cannot obtain IPv4 addresses from DC1.

 

You need to ensure that the client computers can obtain IPv4 addresses from DC1.

 

What should you do?

 

A.

Activate the scope.

B.

Authorize DC1.

C.

Disable the Allow filters.

D.

Disable the Deny filters.

 

Correct Answer: C

Explanation:

By enab
ling the allow list, you automatically deny access to the DHCP server addresses to any client computer not on the list.

 

So we have to disable the “Allow Filters”

http://technet.microsoft.com/en-us/library/ee956897(v=ws.10).aspx

 

clip_image006

 

 

QUESTION 153

Your network contains an Active Directory forest named adatum.com. All servers run Windows Server 2012 R2. The domain contains four servers. The servers are configured as shown in the following table.

 

clip_image008

 

You need to deploy IP Address Management (IPAM) to manage DNS and DHCP.

 

On which server should you install IPAM?

 

A.

Server1

B.

Server2

C.

Server3

D.

Server4

 

Correct Answer: D

 

 

 

 

 

 

QUESTION 154

You have an Active Directory Rights Management Services (AD RMS) cluster. You need to prevent users from encrypting new content. The solution must ensure that the users can continue to decrypt content that was encrypted already. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

 

A.

From the Active Directory Rights Management Services console, enable decommissioning.

B.

From the Active Directory Rights Management Services console, create a user exclusion policy.

C.

Modify the NTFS permissions of %systemdrive%\inetpub\wwwroot\_wmcs\licensing.

D.

Modify the NTFS permissions of %systemdrive%\inetpub\wwwroot\_wmcs\decommission.

E.

From the Active Directory Rights Management Services console, modify the rights policy templates.

 

Correct Answer: AD

 

 

QUESTION 155

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012. Server1 is the enterprise root certification authority (CA) for contoso.com. You need to enable CA role separation on Server1. Which tool should you use?

 

A.

The Certutil command

B.

The Authorization Manager console

C.

The Certsrv command

D.

The Certificates snap-in

 

Correct Answer: A

 

 

QUESTION 156

Your network contains an Active Directory domain named corp.contoso.com. You deploy Active Directory Rights Management Services (AD RMS). You have a rights policy template named Template1. Revocation is disabled for the template. A user named User1 can open content that is protected by Template1 while the user is connected to the corporate network. When User1 is disconnected from the corporate network, the user cannot open the protected content even if the user previously opened the content. You need to ensure that the content protected by Template1 can be opened by users who are disconnected from the corporate network. What should you modify?

 

A.

The User Rights settings of Template1

B.

The templates file location of the AD RMS cluster

C.

The Extended Policy settings of Template1

D.

The exclusion policies of the AD RMS cluster

 

Correct Answer: C

Explanation:

C. You can add trust policies so that AD RMS can process licensing requests for content that was rights protected

http://technet.microsoft.com/en-us/library/ee221071(v=ws.10).aspx

 

 

 

 

QUESTION 157

DRAG DROP

Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server3. The network contains a standalone server named Server2.

 

All servers run Windows Server 2012 R2. The servers are configured as shown in the following table.

 

clip_image010

 

Server3 hosts an application named App1. App1 is accessible internally by using the URL https://app1.contoso.com. App1 only supports Integrated Windows authentication.

 

You need to ensure that all users from the Internet are pre-authenticated before they can access App1.

 

What should you do?

 

To answer, drag the appropriate servers to the correct actions. Each server may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

 

clip_image012

 

Correct Answer:

clip_image014

QUESTION 158

Your network contains two Active Directory forests named contoso.com and adatum.com. All of the domain controllers in both of the forests run Windows Server 2012 R2. The adatum.com domain contains a file server named Servers.

 

Adatum.com has a one-way forest trust to contoso.com.

 

A contoso.com user name User10 attempts to access a shared folder on Servers and receives the error message shown in the exhibit. (Click the Exhibit button.)

 

clip_image016

 

You verify that the Authenticated Users group has Read permissions to the Data folder.

 

You need to ensure that User10 can read the contents of the Data folder on Server5 in the adatum.com domain.

 

What should you do?

 

A.

Grant the Other Organization group Read permissions to the Data folder.

B.

Modify the list of logon workstations of the contoso\User10 user account.

C.

Enable the Netlogon Service (NP-In) firewall rule on Server5.

D.

Modify the permissions on the Server5 computer object in Active Directory.

 

Correct Answer: D

Explanation:

To resolve the issue, I had to open up AD Users and Computers –> enable Advanced Features –> Select the Computer Object –> Properties –> Security –> Add the Group I want to allow access to the computer (in this case, DomainA\Domain users) and allow “Allowed to Authenticate”. Once I did that, everything worked:

http://technet.microsoft.com/en-us/library/cc816733(v=ws.10).aspx

 

 

 

QUESTION 159

Your network contains an Active Directory forest. The forest contains one domain named contoso.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.

 

clip_image018

 

DC1 has all of the operations master roles installed.

 

You transfer all of the operations master roles to DC2, and then you uninstall Active Directory from DC1.

 

You need to ensure that you can use Password Settings objects (PSOs) in the domain.

 

What should you do?

 

A.

Change the domain functional level.

B.

Upgrade DC2.

C.

Run the dcgpofix.exe command.

D.

Transfer the schema master role.

 

Correct Answer: A

Explanation:

A. The domain functional level must be Windows Server 2008 to use PSO’s

B. DC1 needs to be upgraded

C. Recreates the default Group Policy Objects (GPOs) for a domain

D. Schema isn’t up to right level

 

http://technet.microsoft.com/en-us/library/cc770394(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/hh875588(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/cc753104.aspx

 

 

QUESTION 160

Your network contains an Active Directory domain named adatum.com. The domain contains two sites named Site1 and Site2 and two domain controllers named DC1 and DC2. DC1 is located in Site1 and DC2 is located in Site2. You install an additional domain controller named DC3 in Site1 and you ship DC3 to Site2. A technician connects DC3 to Site2. You discover that users in Site2 are authenticated only by DC2. You need to ensure that the users in Site2 are authenticated by both DC2 and DC3. What should you do?

 

A.

In Active Directory Users and Computers, configure the msDS-PrimaryComputer attribute for DC3.

B.

In Active Directory Users and Computers, configure the msDS-Site-Affinity attribute for DC3.

C.

From Active Directory Sites and Services, move DC3.

D.

From Active Directory Sites and Services, modify the site link between Site1 and Site2.

 

Correct Answer: C

 

Free VCE & PDF File for Microsoft 70-412 Actual Tests

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…