[Free] 2018(May) EnsurePass Examcollection Microsoft 70-412 Dumps with VCE and PDF 201-210

Ensurepass.com : Ensure you pass the IT Exams
2018 May Microsoft Official New Released 70-412
100% Free Download! 100% Pass Guaranteed!

Configuring Advanced Windows Server 2012 R2 Services

Question No: 201 – (Topic 3)

You have a DNS server that runs Windows Server 2012 R2. The server hosts the zone for contoso.com and is accessible from the Internet.

You need to create a DNS record for theSender Policy Framework(SPF) to list the hosts that are authorized to send email for contoso.com.

Which type of record should you create?

  1. mail exchanger (MX)

  2. resource record signature (RRSIG)

  3. text (TXT)

  4. name server (NS)

Answer: C Explanation:

To configure SPF records in the Windows Server DNS, follow these steps:

->Click Start, point to All Programs, point to Administrative Tools, and then click DNS.

->In the left pane, expand the DNS server object, and then expand Forward Lookup Zones.

->Right-click the domain folder to which you want to add the SPF record, and then click Other New Records.

->In the Select a resource record type list, click Text (TXT), and then click Create Record.

->If you add a record for the parent domain, leave the Record name box blank. If you do not add a record for the parent domain, type the single part name of the domain in the Record name box.

->In the Text box, type v=spf1 mx -all.

->Click OK, and then click Done.

Reference: How to configure Sender of Policy Framework records in the Windows Server 2003 Domain Name System

https://support.microsoft.com/en-us/kb/912716

Question No: 202 – (Topic 3)

You have a file server named Server1 that runs a Server Core Installation of Windows Server 2012 R2.

Server1 has a volume named D that contains user data. Server1 has a volume named E that is empty.

Server1 is configured to create a shadow copy of volume D every hour. You need to configure the shadow copies of volume D to be stored on volume E.

What should you run?

  1. The Set-Volume cmdlet with the -driveletter parameter

  2. The Set-Volume cmdlet with the -path parameter

  3. The vssadmin.exe add shadowstorage command

  4. The vssadmin.exe create shadow command

Answer: C Explanation:

Add ShadowStorage

Adds a shadow copy storage association for a specified volume.

Incorrect:

Not A. Sets or changes the file system label of an existing volume. -DriveLetter Specifies a letter used to identify a drive or volume in the system.

Not B. Create Shadow

Creates a new shadow copy of a specified volume.

Not C. Sets or changes the file system label of an existing volume -Path Contains valid path information.

Reference: Vssadmin; Set-Volume

http://technet.microsoft.com/en-us/library/cc754968(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh848673(v=wps.620).aspx

Question No: 203 – (Topic 3)

Your network contains one Active Directory forest named contoso.com. The forest contains two child domains and six domain controllers. The domain controllers are configured as shown in the following table.

Ensurepass 2018 PDF and VCE

You need to prevent administrators from accidentally deleting any of the sites in the forest. What should you use?

  1. Set-ADSite

  2. Set-ADReplicationSite

  3. Set-ADDomain

  4. Set-ADReplicationSiteLink

  5. Set-ADGroup

  6. Set-ADForest

  7. Netdom

Answer: B Explanation:

The Set-ADReplicationSite sets the replication properties for an Active Directory site. Parameter: -ProtectedFromAccidentalDeletionlt;Booleangt;

Specifies whether to prevent the object from being deleted. When this property is set to

$True, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are:

– $False or 0

– $True or 1

Reference: Technet, Set-ADReplicationSite https://technet.microsoft.com/en-us/library/hh852305(v=wps.630).aspx

Question No: 204 – (Topic 3)

Your network contains an Active Directory domain named adatum.com. The domain contains two sites named Site1 and Site2 and two domain controllers named DC1 and DC2. DC1 is located in Site1 and DC2 is located in Site2.

You install an additional domain controller named DC3 in Site1 and you ship DC3 to Site2. A technician connects DC3 to Site2.

You discover that users in Site2 are authenticated only by DC2.

You need to ensure that the users in Site2 are authenticated by both DC2 and DC3. What should you do?

  1. In Active Directory Users and Computers, configure the msDS-PrimaryComputer attribute for DC3.

  2. In Active Directory Users and Computers, configure the msDS-Site-Affinity attribute for DC3.

  3. From Active Directory Sites and Services, move DC3.

  4. From Active Directory Sites and Services, modify the site link between Site1 and Site2.

Answer: C Explanation:

DC3 needs to be moved to Site2 in AD DS Reference: Move a domain controller between sites

http://technet.microsoft.com/en-us/library/cc759326(v=ws.10).aspx

Question No: 205 – (Topic 3)

Your network contains an Active Directory domain named adatum.com. The domain contains a server named CA1 that runs Windows Server 2012 R2. CA1 has the Active Directory Certificate Services server role installed and is configured to support key archival and recovery.

You need to ensure that a user named User1 can decrypt private keys archived in the Active Directory Certificate Services (AD CS) database. The solution must prevent User1 from retrieving the private keys from the AD CS database.

What should you do?

  1. Assign User1 the Issue and Manage Certificates permission to CA1.

  2. Assign User1 the Read permission and the Write permission to all certificate templates.

  3. Provide User1 with access to a Key Recovery Agent certificate and a private key.

  4. Assign User1 the Manage CA permission to CA1.

Answer: C Explanation:

Understanding the Key Recovery Agent Role

KRAs are Information Technology (IT) administrators who can decrypt users’ archived private keys. An organization can assign KRAs by issuing KRA certificates to designated administrators and configure them on the CA. The KRA role is not one of the default roles defined by the Common Criteria specifications but a virtual role that can provide separation between Certificate Managers and the KRAs. This allows the separation between the Certificate Manager, who can retrieve the encrypted key from the CA database but not decrypt it, and the KRA, who can decrypt private keys but not retrieve them from the CA database.

Reference: Understanding User Key Recovery

Question No: 206 – (Topic 3)

Your network contains one Active Directory domain named contoso.com. The domain contains the domain controllers configured as shown in the following table.

Ensurepass 2018 PDF and VCE

The functional level of the domain and the forest is Windows Server 2008. An administrator named Admin1 is a member of the Domain Admins group.

You need to ensure that Admin1 can deploy a Windows Server 2012 R2 domain controller to contoso.com.

What should you do?

  1. Raise the forest functional level.

  2. Run the Set-ADForestMode cmdlet.

  3. Raise the domain functional level.

  4. Run the adprep.exe command.

  5. Demote DC1 to a member server.

  6. Upgrade DC1 to Windows Server 2012.

  7. Add Admin1 to the Schema Admin Group.

Answer: D,F Explanation:

Adprep.exe commands run automatically as needed as part of the AD DS installation process on servers that run Windows Server 2012 or later. The commands need to run in the following cases:

  • Before you add the first domain controller that runs a version of Windows Server that is later than the latest version that is running in your existing domain.

  • Before you upgrade an existing domain controller to a later version of Windows Server, if that domain controller will be the first domain controller in the domain or forest to run that version of Windows Server.

  • Reference: Running Adprep.exe

    https://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx

    Question No: 207 HOTSPOT – (Topic 3)

    Your network contains one Active Directory forest named adatum.com. The forest contains a single domain.

    The forest contains the domain controllers configured as shown in the following table.

    Ensurepass 2018 PDF and VCE

    Recently, a domain controller named DC4 was deployed to adatum.com. DC4 is in the Default-First-Site-Name site.

    The adatum.com site links are configured as follows.

    Ensurepass 2018 PDF and VCE

    The schedule for SiteLink1 is shown in the SiteLink1 exhibit. (Click the Exhibit button.)

    Ensurepass 2018 PDF and VCE

    The schedule for SiteLink2 is shown in the SiteLink2 exhibit. (Click the Exhibit button.)

    Ensurepass 2018 PDF and VCE

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    Ensurepass 2018 PDF and VCE

    Answer:

    Ensurepass 2018 PDF and VCE

    Explanation:

    Ensurepass 2018 PDF and VCE

    • SiteLink1 replication is not available at 10:00.

    • SiteLink1 and SiteLink2 replication is available at Friday at 23:00. Replication intervals are 15 minutes and 30 minutes respectively.

    • DefaultIPSitelink will be used to replicate an object from DC1 to DC4. The replication interval of DefaultIPSitelink is 180 minutes.

    Question No: 208 – (Topic 3)

    Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012.

    Server1 is the enterprise root certification authority (CA) for contoso.com. You need to enable CA role separation on Server1.

    Which tool should you use?

    1. The Certutil command

    2. The Authorization Manager console

    3. The Certsrv command

    4. The Certificates snap-in

    Answer: A Explanation:

    To enable role separation

    ->Open Command Prompt.

    ->Type:

    certutil -setreg ca\RoleSeparationEnabled 1 Etc.

    Reference: Enable role separation

    Question No: 209 HOTSPOT – (Topic 3)

    Your network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA).

    The domain contains a server named Server1 that runs Windows Server 2012 R2. You install the Active Directory Federation Services server role on Server1.

    You plan to configure Server1 as an Active Directory Federation Services (AD FS) server. The Federation Service name will be set to adfs1.contoso.com.

    You need to identify which type of certificate template you must use to request a certificate for AD FS.

    Ensurepass 2018 PDF and VCE

    Answer:

    Ensurepass 2018 PDF and VCE

    Explanation:

    Ensurepass 2018 PDF and VCE

    In general installation of ADFS Service is a very straight forward process:

    • Create Service Account for ADFS 2.0 Service

    • Create Web Server Certificate Template

    This step might be optional if you already have a template for Web Server. Etc.

    Question No: 210 – (Topic 3)

    Your network contains two Web servers named Server1 and Server2. Both servers run Windows Server 2012 R2.

    Server1 and Seiver2 are nodes in a Network Load Balancing (NLB) cluster. The NIB cluster contains an application named App1 that is accessed by using the URL http://app1.contoso.com.

    You plan to perform maintenance on Server1.

    You need to ensure that all new connections to App1 are directed to Server2. The solution must not disconnect the existing connections to Server1.

    What should you run?

    1. The Stop-NlbCluster cmdlet

    2. The nlb.exe stop command

    3. The Suspend-NlbCluster cmdlet

    4. The nlb.exe suspend command

    Answer: A Explanation:

    The Stop-NlbClusterNode cmdlet stops a node in an NLB cluster. When you use the stop the nodes in the cluster, client connections that are already in progress are interrupted. To avoid interrupting active connections, consider using the -drain parameter, which allows the node to continue servicing active connections but disables all new traffic to that node.

    100% Ensurepass Free Download!
    Download Free Demo:70-412 Demo PDF
    100% Ensurepass Free Guaranteed!
    70-412 Dumps

    EnsurePass ExamCollection Testking
    Lowest Price Guarantee Yes No No
    Up-to-Dated Yes No No
    Real Questions Yes No No
    Explanation Yes No No
    PDF VCE Yes No No
    Free VCE Simulator Yes No No
    Instant Download Yes No No

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.