Configuring Advanced Windows Server 2012 R2 Services
Question No: 171 DRAG DROP – (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows Server 2012
You configure a new failover cluster named Cluster1. Server1 and Server2 are nodes in Cluster1. You need to configure the disk that will be used as a witness disk for Cluster1.
How should you configure the witness disk?
To answer, drag the appropriate configurations to the correct location or locations. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Disk witness requirements include:
Basic disk with a single volume
Can be formatted with NTFS or ReFS
Question No: 172 HOTSPOT – (Topic 3)
Your network contains an Active Directory domain named contoso.com. You have a Dynamic Access Control policy named Policy1.
You create a new Central Access Rule named Rule1. You need to add Rule1 to Policy1.
What command should you run?
To answer, select the appropriate options in the answer area.
The Add-ADCentralAccessPolicyMember cmdlet adds central access rules to a central access policy in Active Directory.
Syntax: Add-ADCentralAccessPolicyMember [-Identity] lt;ADCentralAccessPolicygt; [- Members] lt;ADCentralAccessRulegt;
Question No: 173 HOTSPOT – (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains two Active Directory sites named Site1 and Site2.
You need to configure the replication between the sites to occur by using change notification.
Which attribute should you modify?
Active Directory Replication Change Notification
Right-click the site link object for the sites for which you want to enable change notification, and then click Properties.
In the Select a property to view box, select options.
http://blogs.msdn.com/resized-image.ashx/ size/250×0/ key/communityserver-blogs- components-weblogfiles/00-00-01-19-00/8623.3-options.JPG
*In the Edit Attribute box, if the Value(s) box shows lt;not setgt; , type 1 in the Edit Attribute box.
http://blogs.msdn.com/resized-image.ashx/ size/250×0/ key/communityserver-blogs- components-weblogfiles/00-00-01-19-00/4520.4-option-set.JPG
Question No: 174 – (Topic 3)
You have an Active Directory Rights Management Services (AD RMS) cluster.
You need to prevent users from encrypting new content. The solution must ensure that the users can continue to decrypt content that was encrypted already.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
From the Active Directory Rights Management Services console, enable decommissioning.
From the Active Directory Rights Management Services console, create a user exclusion policy.
Modify the NTFS permissions of %systemdrive%\inetpub\wwwroot\_wmcs\licensing.
Modify the NTFS permissions of
From the Active Directory Rights Management Services console, modify the rights policy templates.
Answer: A,D Explanation:
Decommissioning refers to the entire process of removing the AD RMS cluster and its associated databases from an organization. This process allows you to save rights- protected files as ordinary files before you remove AD RMS from your infrastructure so that you do not lose access to these files.
Decommissioning an AD RMS cluster is achieved by doing the following:
/ Enable the decommissioning service. (A)
/ Modify permissions on the decommissioning pipeline.
/ Configure the AD RMS-enabled application to use the decommissioning pipeline.
To modify the permissions on the decommissioning pipeline
Log on to ADRMS-SRV as cpandl\administrator.
Click Start, type %systemdrive%\inetpub\wwwroot\_wmcs in the Start Search box, and then press ENTER.
Right-click the decommission folder, and then click Properties.
Click the Security tab, click Edit, and then click Add. (D) Etc.
Reference: Step 1: Decommission AD RMS Root Cluster
Question No: 175 HOTSPOT – (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Federation Services (AD FS) server role installed.
Adatum.com is a partner organization.
You are helping the administrator of adatum.com set up a federated trust between adatum.com and contoso.com. The administrator of adatum.com asks you to provide a file containing the federation metadata of contoso.com.
You need to identify the location of the federation metadata file. Which node in the AD FS console should you select?
To answer, select the appropriate node in the answer area.
See figure below.
Question No: 176 – (Topic 3)
You have a group Managed Service Account named Service01. Three servers named Server01, Server02, and Server03 currently use the Service01 service account.
You plan to decommission Server01.
You need to remove the cached password of the Service01 service account from Server01. The solution must ensure that Server02 and Server03 continue to use Service01.
Which cmdlet should you run?
Answer: B Explanation:
We reset the password for the service.
The Reset-ADServiceAccountPassword cmdlet resets the service account password for the local computer. This cmdlet needs to be run on the computer where the service account is installed.
Not A: The Set-ADServiceAccount cmdlet cannot modify the password of the service.
Reference: Reset-ADServiceAccountPassword https://technet.microsoft.com/en-us/library/ee617201.aspx
Question No: 177 HOTSPOT – (Topic 3)
Your network contains one Active Directory forest named contoso.com. The forest contains the domain controllers configured as shown in the following table.
You perform the following actions:
->Create a file named File1.txt in the SYSVOL folder on DC1.
->Create a user named User1 on DC4.
You need to identify on which domain controller or controllers a copy of each object is stored.
What should you identify? To answer, select the appropriate options in the answer area.
Question No: 178 – (Topic 3)
A user named User1 is a member of the local Administrators group on Node1 and Node2.
User1 creates a new clustered File Server role named File1 by using the File Server for general use option.
A report is generated during the creation of File1 as shown in the exhibit. (Click the Exhibit button.)
File1 fails to start.
You need to ensure that you can start File1. What should you do?
Log on to the domain by using the built-in Administrator for the domain, and then recreate the clustered File Server role by using the File Server for general use option.
Assign the user account permissions of User1 to the Servers OU.
Assign the computer account permissions of Cluster2 to the Servers OU.
Increase the value of the ms-DS-MachineAccountQuota attribute of the domain.
Recreate the clustered File Server role by using the File Server for scale-out application data option.
Answer: B Explanation:
Scenario: You have created a Windows Server 2012 Scale-Out File Server. The cluster, including the network and storage, pass the cluster validation test. Everything looks and is good. You create a File Server role for application data (SOFS) but it fails to start.
Problem: Basically, the cluster needs permissions to create a computer object (for the SOFS) in the same Active Directory OU that the cluster object (Demo-FSC1) is stored in.
Resolution: Reconfigure the permissions on the Servers OU.
In this case we assign the user account permissions of User1 to the Servers OU.
Question No: 179 – (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Guster1. Cluster1 contains a file server role named FS1 and a generic service role named SVC1. Server1 is the preferred node for FS1. Server 2 is the preferred node for SVC1.
You plan to run a disk maintenance tool on the physical disk used by FS1.
You need to ensure that running the disk maintenance tool does not cause a failover to occur.
What should you do before you run the tool?
Run cluster.exe and specify the pause parameter.
Run cluster.exe and specify the offline parameter.
Question No: 180 – (Topic 3)
Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify which security principals are authorized to have their password cached on RODC01.
Which cmdlet should you use?
Answer: B Explanation:
The Get-ADDomainControllerPasswordReplicationPolicy gets the users, computers, service accounts and groups that are members of the applied list or denied list for a read- only domain controller#39;s (RODC) password replication policy. To get the members of the applied list, specify the AppliedList parameter. To get the members of the denied list, specify the DeniedList parameter.
Example: Get from an RODC domain controller password replication policy the allowed accounts showing the name and object class of each:
Get-ADDomainControllerPasswordReplicationPolicy -Identity quot;FABRIKAM-RODC1quot; – Allowed | ft Name,ObjectClass
Reference: Get-ADDomainControllerPasswordReplicationPolicy https://technet.microsoft.com/en-us/library/ee617207.aspx
100% Ensurepass Free Download!
–Download Free Demo:70-412 Demo PDF
100% Ensurepass Free Guaranteed!
–Download 2018 EnsurePass 70-412 Full Exam PDF and VCE
EnsurePass ExamCollection Testking Lowest Price Guarantee Yes No No Up-to-Dated Yes No No Real Questions Yes No No Explanation Yes No No PDF VCE Yes No No Free VCE Simulator Yes No No Instant Download Yes No No