[Free] Download New Updated Microsoft 70-412 Actual Tests 21-30

Ensurepass

 

QUESTION 21

Your network contains an Active directory forest named contoso.com. The forest contains two child domains named east.contoso.com and west.contoso.com. You install an Active Directory Rights Management Services (AD RMS) cluster in each child domain. You discover that all of the users in the contoso.com forest are directed to the AD RMS cluster in east.contoso.com. You need to ensure that the users in west.contoso.com are directed to the AD RMS cluster in west.contoso.com and that the users in east.contoso.com are directed to the AD RMS cluster in east.contoso.com. What should you do?

 

A.

Modify the Service Connection Point (SCP).

B.

Configure the Group Policy object (GPO) settings of the users in the west.contoso.com domain.

C.

Configure the Group Policy object (GPO) settings of the users in the east.contoso.com domain.

D.

Modify the properties of the AD RMS cluster in west.contoso.com.

 

Correct Answer: B

Explanation:

The west.contoso.com are the ones in trouble that need to be redirected to the west.contoso.com not the east.contoso.com.

 

 

 

 

 

 

 

 

QUESTION 22

You have a server named Server1 that runs Windows Server 2012 R2.

 

From Server Manager, you install the Active Directory Certificate Services server role on Server1.

 

A domain administrator named Admin1 logs on to Server1.

 

When Admin1 runs the Certification Authority console, Admin1 receive the following error message.

 

clip_image001

 

You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error message does not appear.

 

What should you do?

 

A.

Install the Active Directory Certificate Services (AD CS) tools.

B.

Run the regsvr32.exe command.

C.

Modify the PATH system variable.

D.

Configure the Active Directory Certificate Services server role from Server Manager.

 

Correct Answer: D

Explanation:

The error message is related to missing role configuration.

 

 

QUESTION 23

Your network contains an Active Directory domain named contoso.com. A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS). After the proof of concept was complete, the Active Directory Rights Management Services server role was removed. You attempt to deploy AD RMS. During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service Connection Point (SCP) was found. You need to remove the existing AD RMS SCP. Which tool should you use?

 

A.

Active Directory Users and Computers

B.

Authorization Manager

C.

Active Directory Domains and Trusts

D.

Active Directory Sites and Services

 

Correct Answer: D

 

 

QUESTION 24

Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that has the Active Directory Federation Services server role installed. All servers run Windows Server 2012. You complete the Active Directory Federation Services Configuration Wizard on Server1. You need to ensure that client devices on the internal network can use Workplace Join. Which two actions should you perform on Server1? (Each correct answer presents part of the solution. Choose two.)

 

A.

Run Enable-AdfsDeviceRegistration -PrepareActiveDirectory.

B.

Edit the multi-factor authentication global authentication policy settings.

C.

Run Enable-AdfsDeviceRegistration.

D.

Run Set-AdfsProxyProperties HttpPort 80.

E.

Edit the primary authentication global authentication policy settings.

 

Correct Answer: CE

Explanation:

* To enable Device Registration Service

On your federation server, open a Windows PowerShell command window and type:

Enable-AdfsDeviceRegistration

Repeat this step on each federation farm node in your AD FS farm..

Enable seamless second factor authentication

Seamless second factor authentication is an enhancement in AD FS that provides an added level of access protection to corporate resources and applications from external devices that are trying to access them. When a personal device is Workplace Joined, it becomes a `known’ device and administrators can use this information to drive conditional access and gate access to resources.

To enable seamless second factor authentication, persistent single sign-on (SSO) and conditional access for Workplace Joined devices

In the AD FS Management console, navigate to Authentication Policies. Select Edit Global Primary Authentication. Select the check box next to Enable Device Authentication, and then click OK.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 25

DRAG DROP

Your network contains an Active Directory domain named contoso.com.

 

You need to ensure that third-party devices can use Workplace Join to access domain resources on the Internet.

 

Which four actions should you perform in sequence?

 

To answer, move the appropriate four actions from the list of actions to the answer area and arrange them in the correct order.

 

clip_image003

 

Correct Answer:

clip_image005

 

 

 

 

 

 

QUESTION 26

HOTSPOT

Your company has a primary data center and a disaster recovery data center.

 

The network contains an Active Directory domain named contoso.com. The domain contains a server named that runs Windows Server 2012 R2. Server1 is located in the primary data center.

 

Server1 has an enterprise root certification authority (CA) for contoso.com.

 

You deploy another server named Server2 to the disaster recovery data center.

 

You plan to configure Server2 as a secondary certificate revocation list (CRL) distribution point.

 

You need to configure Server2 as a CRL distribution point (CDP).

 

Which tab should you use to configure the required CDP entry?

 

To answer, select the appropriate tab in the answer area.

 

clip_image007

 

Correct Answer:

clip_image009

 

 

QUESTION 27

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as an enterprise certification authority (CA).

 

You need to ensure that all of the users in the domain are issued a certificate that can be used for the following purposes:

 

clip_image011Email security

clip_image011[1]Client authentication

clip_image011[2]Encrypting File System (EFS)

 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

 

A.

From a Group Policy, configure the Certificate Services Client – Auto-Enrollment settings.

B.

From a Group Policy, configure the Certificate Services Client – Certificate Enrollment Policy settings.

C.

Modify the properties of the User certificate template, and then publish the template.

D.

Duplicate the User certificate template, and then publish the template.

E.

From a Group Policy, configure the Automatic Certificate Request Settings settings.

 

Correct Answer: AD

Explanation:

The default user template supports all of the requirements EXCEPT auto enroll as shown below:

 

clip_image012

 

However a duplicated template from users has the ability to autoenroll:

 

clip_image013

 

The Automatic Certificate Request Settings GPO setting is only available to Computer, not user.

 

http://technet.microsoft.com/en-us/library/dd851772.aspx

 

clip_image014

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 28

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server3 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.

 

DHCP is configured as shown in the exhibit. (Click the Exhibit button.)

 

clip_image015

 

You need to ensure that only Scope1, Scope3, and Scope5 assign the same DNS servers to DHCP clients. The solution must minimize administrative effort.

 

What should you do?

 

A.

Create a superscope and scope-level policies.

B.

Configure the Scope Options.

C.

Create a superscope and a filter.

D.

Configure the Server Options.

 

Correct Answer: B

Explanation:

B. Any DHCP scope options configured for assignment to DHCP clients

http://technet.microsoft.com/en-us/library/dd759218.aspx

http://technet.microsoft.com/en-us/library/cc757682(v=WS.10).aspx

 

 

 

 

 

 

 

 

QUESTION 29

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DNS Server server role installed.

 

Server1 has a zone named contoso.com. The zone is configured as shown in the exhibit. (Click the Exhibit button.)

 

clip_image016

 

You need to assign a user named User1 permission to add and delete records from the contoso.com zone only.

 

What should you do first?

 

A.

Enable the Advanced view from DNS Manager.

B.

Add User1 to the DnsUpdateProxy group.

C.

Run the New Delegation Wizard.

D.

Configure the zone to be Active Directory-integrated.

 

Correct Answer: D

 

 

 

 

 

 

 

QUESTION 30

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed. An administrator installs the IP Address Management (IPAM) Server feature on a server named Server2. The administrator configures IPAM by using Group Policy based provisioning and starts server discovery. You plan to create Group Policies for IPAM provisioning. You need to identify which Group Policy object (GPO) name prefix must be used for IPAM Group Policies. What should you do on Server2?

 

A.

From Server Manager, review the IPAM overview.

B.

Run the ipamgc.exe tool.

C.

From Task Scheduler, review the IPAM tasks.

D.

Run the Get-IpamConfiguration cmdlet.

 

Correct Answer: D

 

 

Free VCE & PDF File for Microsoft 70-412 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP… Instant Access to Free PDF Files: MCSE|MCSA|MCITP…