Ensurepass

QUESTION 1

Your company recently deployed a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2. You need to identify the time-to-live (TTL) value for domain referrals to the NETLOGON and SYSVOL shared folders. Which tool should you use?

 

A.

Ultrasound

B.

Replmon

C.

Dfsdiag

D.

Frsutil

 

Correct Answer: C

Explanation:

http://blogs.technet.com/b/josebda/archive/2009/07/15/five-ways-to-check-your-dfs-namespaces-dfs-nconfiguration-with-the-dfsdiag-exe-tool.aspx

 

clip_image002

 

 

QUESTION 2

HOTSPOT

Your network contains an Active Directory forest named contoso.com that contains a single domain. The forest contains three sites named Site1, Site2, and Site3.

 

Domain controllers run either Windows Server 2008 R2 or Windows Server 2012 R2.

 

Each site contains two domain controllers. Site1 and Site2 contain a global catalog server.

 

You need to create a new site link between Site1 and Site2. The solution must ensure that the site link supports the replication of all the naming contexts.

 

From which node should you create the site link?

 

To answer, select the appropriate node in the answer area.

 

clip_image004

 

Correct Answer:

clip_image006

QUESTION 3

Your network contains two Active Directory forests named contoso.com and adatum.com. Contoso.com contains one domain. Adatum.com contains a child domain named child.adatum.com. Contoso.com has a one-way forest trust to adatum.com. Selective authentication is enabled on the forest trust. Several user accounts are migrated from child.adatum.com to adatum.com. Users report that after the migration, they fail to access resources in contoso.com. The users successfully accessed the resources in contoso.com before the accounts were migrated. You need to ensure that the migrated users can access the resources in contoso.com. What should you do?

 

A.

Replace the existing forest trust with an external trust.

B.

Run netdom and specify the /quarantine attribute.

C.

Disable SID filtering on the existing forest trust.

D.

Disable selective authentication on the existing forest trust.

 

Correct Answer: C

Explanation:

B. Enables administrators to manage Active Directory domains and trust relationships from the command prompt, /quarantine Sets or clears the domain quarantine

C. Need to gain access to the resources in contoso.com

D. Selective authentication over a forest trust restricts access to only those users in a trusted forest who have been explicitly given authentication permissions to computer objects (resource computers) that reside in the trusting forest

 

http://technet.microsoft.com/en-us/library/cc755321(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/cc758152(v=ws.10).aspx

 

clip_image008

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 4

HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012 R2.

 

You plan to implement a new Active Directory forest. The new forest will be used for testing and will be isolated from the production network.

 

In the test network, you deploy a server named Server1 that runs Windows Server 2012 R2.

 

You need to configure Server1 as a new domain controller in a new forest named contoso.test.

 

The solution must meet the following requirements:

 

clip_image010The functional level of the forest and of the domain must be the same as that of contoso.com.

clip_image010[1]Server1 must provide name resolution services for contoso.test.

 

What should you do?

 

To answer, configure the appropriate options in the answer area.

 

clip_image012

 

Correct Answer:

clip_image014

 

 

QUESTION 5

Your network contains an Active Directory forest named adatum.com. The forest contains a single domain. The domain contains four servers. The servers are configured as shown in the following table.

 

clip_image016

 

You need to update the schema to support a domain controller that will run Windows Server 2012 R2.

 

On which server should you run adprep.exe?

 

A.

Server1

B.

DC3

C.

DC2

D.

DC1

 

Correct Answer: B

Explanation:

You can use adprep.exe on domain controllers that run 64-bit versions of Windows Server 2008 or Windows Server 2008 R2 to upgrade to Windows Server 2012. You cannot upgrade domain controllers that run Windows Server 2003 or 32-bit versions of Windows Server 2008. To replace them, install domain controllers that run a later version of Windows Server in the domain, and then remove the domain controllers that Windows Server 2003.

 

Ref:

http://technet.microsoft.com/en-us/library/hh994618.aspx#BKMK_UpgradePaths

http://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx

 

clip_image018

 

 

QUESTION 6

HOTSPOT

Your network contains three Active Directory forests. The forests are configured as shown in the following table.

 

clip_image020

 

A two-way forest trust exists between contoso.com and division1.contoso.com. A two-way forest trust also exists between contoso.com and division2.contoso.com.

 

You plan to create a one-way forest trust from division1.contoso.com to division2.contoso.com.

 

You need to ensure that any cross-forest authentication requests are sent to the domain controllers in the appropriate forest after the trust is created.

 

How should you configure the existing forest trust settings?

 

In the table below, identify which configuration must be performed in each forest. Make only one selection in each column. Each correct selection is worth one point.

 

clip_image022

 

Correct Answer:

clip_image024

 

 

QUESTION 7

Your network contains an Active Directory forest named contoso.com. The forest contains three domains. All domain controllers run Windows Server 2012 R2. The forest has a two-way realm trust to a Kerberos realm named adatum.com. You discover that users in adatum.com can only access resources in the root domain of contoso.com. You need to ensure that the adatum.com users can access the resources in all of the domains in the forest. What should you do in the forest?

 

A.

Delete the realm trust and create a forest trust.

B.

Delete the realm trust and create three external trusts.

C.

Modify the incoming realm trust.

D.

Modify the outgoing realm trust.

 

Correct Answer: D

 

 

QUESTION 8

Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. The domains contain three domain controllers.

 

The domain controllers are configured as shown in the following table.

 

clip_image026

You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring setting is enforced in the child1.contoso.com domain.

 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

 

A.

Upgrade DC1 to Windows Server 2012 R2.

B.

Upgrade DC11 to Windows Server 2012 R2.

C.

Raise the domain functional level of child1.contoso.com.

D.

Raise the domain functional level of contoso.com.

E.

Raise the forest functional level of contoso.com.

 

Correct Answer: BC

Explanation:

If you want to create access control based on claims and compound authentication, you need to deploy Dynamic Access Control. This requires that you upgrade to Kerberos clients and use the KDC, which support these new authorization types. With Windows Server 2012 R2, you do not have to wait until all the domain controllers and the domain functional level are upgraded to take advantage of new access control options.

http://technet.microsoft.com/en-us/library/hh831747.aspx.

 

 

QUESTION 9

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers.

 

The domain controllers are configured as shown in the following table.

 

clip_image028

 

You configure a user named User1 as a delegated administrator of DC10.

 

You need to ensure that User1 can log on to DC10 if the network link between the Main site and the Branch site fails.

 

What should you do?

 

A.

Add User1 to the Domain Admins group.

B.

On DC10, modify the User Rights Assignment in Local Policies.

C.

Run repadmin and specify the /prp parameter.

D.

On DC10, run ntdsutil and configure the settings in the Roles context.

 

Correct Answer: C

Explanation:

repadmin /prp will allow the password caching of
the local administrator to the RODC.

 

 

 

QUESTION 10

Your company has offices in Montreal, New York, and Amsterdam. The network contains an Active Directory forest named contoso.com. An Active Directory site exists for each office. All of the sites connect to each other by using the DEFAULTIPSITE1INK site link. You need to ensure that only between 20:00 and 08:00, the domain controllers in the Montreal office replicate the Active Directory changes to the domain controllers in the Amsterdam office. The solution must ensure that the domain controllers in the Montreal and the New York offices can replicate the Active Directory changes any time of day. What should you do?

 

A.

Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam from DEFAULTIPSITE1INK. Modify the schedule of DEFAULTIPSITE1INK.

B.

Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge. Modify the schedule of DEFAU LTIPSITE1INK.

C.

Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam from DEFAULTIPSITE1INK. Modify the schedule of the new site link.

D.

Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge. Modify the schedule of the new site link.

 

Correct Answer: C

Explanation:

Very Smartly reworded with same 3 offices. In the exam correct answer is “Create a new site link that contains Newyork to Montreal. Remove Montreal from DEFAULTIPSITE1INK.Modify the schedule of the new site link”.

http://technet.microsoft.com/en-us/library/cc755994(v=ws.10).aspx

 

Free VCE & PDF File for Microsoft 70-412 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…