Free 70-412 Exam – Microsoft Study Guides

We developed Microsoft 70-412 exam sample questions with the help of our highly certified professionals according to the latest Huawei updates. FLYDUMPS Microsoft 70-412 exam sample questions assure you passing your Microsoft 70-412 in your first attempt with high scores and become Adobe certified professional. FLYDUMPS Microsoft 70-412 exam sample questions are actually set of Microsoft 70-412 questions copied from actual exams and let you know the real facade of test pattern and contents of concern. This Microsoft 70-412 test actually gives you convenient practice for showing desired performance in real exams. This FLYDUMPS Microsoft 70-412 exam sample questions help you pass your Microsoft 70-412 exam. If you prepare for the Microsoft 70-412 exam using our FLYDUMPS Microsoft 70-412 exam sample questions, we guarantee your success in the first attempt. http://www.teststarter.com/70-412.html

70-412 exam

QUESTION 12
Your network contains a perimeter network and an internal network. The internal network con- tains an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as the attribute store.
You plan to deploy a federation server proxy to a server named Server2 in the perimeter net- work.
You need to identify which value must be included in the certificate that is deployed to Server2.
What should you identify?
A. The FQDN of the AD FS server
B. The name of the Federation Service
C. The name of the Active Directory domain
D. The public IP address of Server2
Correct Answer: A Explanation

Explanation/Reference:
Explanation:
To add a host (A) record to corporate DNS for a federation server On a DNS server for the corporate
network, open the DNS snap-in.

1.
In the console tree, right-click the applicable forward lookup zone, and then click New Host (A).

2.
In Name, type only the computer name of the federation server or federation server cluster (for example, type fs for the fully qualified domain name (FQDN) fs.adatum.com).

3.
In IP address, type the IP address for the federation server or federation server cluster (for ex- ample, 192.168.1.4).

4.
Click Add Host. Reference: Add a host (A) record to corporate DNS for a federation server http://technet.microsoft.com/en-us/library/cc776786(v=ws.10).aspx
QUESTION 13
Your network contains an Active directory forest named contoso.com. The forest contains two child domains named east.contoso.com and west.contoso.com.
You install an Active Directory Rights Management Services (AD RMS) cluster in each child domain.
You discover that all of the users in the contoso.com forest are directed to the AD RMS cluster in east.contoso.com.
You need to ensure that the users in west.contoso.com are directed to the AD RMS cluster in west.contoso.com and that the users in east.contoso.com are directed to the AD RMS cluster in east.contoso.com.
What should you do?
A. Modify the Service Connection Point (SCP).
B. Configure the Group Policy object (GPO) settings of the users in the west.contoso.com do- main.
C. Configure the Group Policy object (GPO) settings of the users in the east.contoso.com do- main.
D. Modify the properties of the AD RMS cluster in west.contoso.com. Correct Answer: B

Explanation Explanation/Reference:
The west.contoso.com are the ones in trouble that need to be redirected to the west.contoso.com not the east.contoso.com.
Note: It is recommended that you use GPO to deploy AD RMS client settings and that you only deploy settings as needed. Reference: AD RMS Best Practices Guide
QUESTION 14
You have a server named Server1 that runs Windows Server 2012 R2.
From Server Manager, you install the Active Directory Certificate Services server role on Server1.
A domain administrator named Admin1 logs on to Server1.
When Admin1 runs the Certification Authority console, Admin1 receive the following error message.
You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error message does not appear.
What should you do?
A. Install the Active Directory Certificate Services (AD CS) tools.
B. Run the regsvr32.exe command.
C. Modify the PATH system variable.
D. Configure the Active Directory Certificate Services server role from Server Manager. Correct Answer: D

Explanation Explanation/Reference:
The error message is related to missing role configuration.
* Cannot Manage Active Directory Certificate Services
Resolution: configure the two Certification Authority and Certification Authority Web Enroll- ment Roles:
Reference: Cannot manage Active Directory Certificate Services in Server 2012 Error 0x800070002
QUESTION 15
Your network contains an Active Directory domain named contoso.com.
A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS).
After the proof of concept was complete, the Active Directory Rights Management Services server role was removed.
You attempt to deploy AD RMS.
During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS
Service Connection Point (SCP) was found.

You need to remove the existing AD RMS SCP. Which tool should you use?
A. Active Directory Users and Computers
B. Authorization Manager
C. Active Directory Domains and Trusts
D. Active Directory Sites and Services
E: Active Directory Rights Management Services
Correct Answer: D Explanation

Explanation/Reference:
ADRMS will registered the Service Connection Point (SCP) in Active Directory and you will need to unregister first before you remove the ADRMS server role If your ADRMS server is still alive, you can easily manually remove the SCP by below: Reference: How to manually remove or reinstall ADRMS
QUESTION 16
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that has the Active Directory Federation Services server role in- stalled. All servers run Windows Server 2012.d
You complete the Active Directory Federation Services Configuration Wizard on Server1.
You need to ensure that client devices on the internal network can use Workplace Join.
Which two actions should you perform on Server1? (Each correct answer presents part of the so- lution. Choose two.)
A. Run Enable-AdfsDeviceRegistration -PrepareActiveDirectory.
B. Edit the multi-factor authentication global authentication policy settings.
C. Run Enable-AdfsDeviceRegistration.
D. Run Set-AdfsProxyProperties HttpPort 80.
E. Edit the primary authentication global authentication policy settings.
Correct Answer: CE Explanation

Explanation/Reference:
C: To enable Device Registration Service On your federation server, open a Windows PowerShell command window and type: Enable-AdfsDeviceRegistration
Repeat this step on each federation farm node in your AD FS farm..
E: Enable seamless second factor authentication Seamless second factor authentication is an enhancement in AD FS that provides an added level of access protection to corporate resources and applications from external devices that are trying to access them. When a personal device is Workplace Joined, it becomes a `known’ device and administrators can use this information to drive conditional access and gate access to resources. To enable seamless second factor authentication, persistent single sign-on (SSO) and conditional access for Workplace Joined devices In the AD FS Management console, navigate to Authentication Policies. Select Edit Global Pri- mary Authentication. Select the check box next to Enable Device Authentication, and then click OK.
QUESTION 17
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Cer- tificate Services server role installed and is configured as an enterprise certification authority (CA).
You need to ensure that all of the users in the domain are issued a certificate that can be used for the following purposes:
Email security

Client authentication

Encrypting File System (EFS)
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. From a Group Policy, configure the Certificate Services Client Auto-Enrollment settings.
B. From a Group Policy, configure the Certificate Services Client Certificate Enrollment Pol- icy settings.
C. Modify the properties of the User certificate template, and then publish the template.
D. Duplicate the User certificate template, and then publish the template.
E. From a Group Policy, configure the Automatic Certificate Request Settings settings.
Correct Answer: AD Explanation

Explanation/Reference:
Explanation:
The default user template supports all of the requirements EXCEPT auto enroll as shown below:
However a duplicated template from users has the ability to autoenroll: The Automatic Certificate Request Settings GPO setting is only available to Computer, not user.
Reference: Manage Certificate Enrollment Policy by Using Group Policy http://technet.microsoft.com/en-us/library/dd851772.aspx
QUESTION 18
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server3 that runs Windows Server 2012 R2 and has the DHCP Server server role installed. DHCP is configured as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that only Scope1, Scope3, and Scope5 assign the same DNS servers to DHCP clients. The solution must minimize administrative effort.
What should you do?
A. Create a superscope and scope-level policies.
B. Configure the Scope Options.
C. Create a superscope and a filter.
D. Configure the Server Options.
Correct Answer: B Explanation

Explanation/Reference:
Explanation:
Any DHCP scope options can be configured for assignment to DHCP clients, such as DNS server.

Reference: Configuring a DHCP Scope
http://technet.microsoft.com/en-us/library/dd759218.aspx

QUESTION 19
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DNS Server server role in- stalled. Server1 has a zone named contoso.com. The zone is configured as shown in the exhibit. (Click the Exhibit button.)

You need to assign a user named User1 permission to add and delete records from the contoso.- com zone only.
What should you do first?
A. Enable the Advanced view from DNS Manager.
B. Add User1 to the DnsUpdateProxy group.
C. Run the New Delegation Wizard.
D. Configure the zone to be Active Directory-integrated.
Correct Answer: D Explanation

Explanation/Reference:
Secure dynamic updates are only supported or configurable for resource records in zones that are stored in Active Directory Domain Services (AD DS).
Note: To modify security for a resource record
1.
Open DNS Manager.

2.
In the console tree, click the applicable zone.

3.
In the details pane, click the record that you want to view.

4.
On the Action menu, click Properties.

5.
On the Security tab, modify the list of member users or groups that are allowed to securely up- date the applicable record and reset their permissions as needed.
Reference: Modify Security for a Resource Record
QUESTION 20
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
An administrator installs the IP Address Management (IPAM) Server feature on a server named Server2.
The administrator configures IPAM by using Group Policy based provisioning and starts server discovery.
You plan to create Group Policies for IPAM provisioning.
You need to identify which Group Policy object (GPO) name prefix must be used for IPAM Group Policies.
What should you do on Server2?

A. From Server Manager, review the IPAM overview.
B. Run the ipamgc.exe tool.
C. From Task Scheduler, review the IPAM tasks.
D. Run the Get-IpamConfiguration cmdlet. Correct Answer: D

Explanation Explanation/Reference:
Example:

You could go through each and every Microsoft 70-412 question and answer given in this format thoroughly, and be confident about appearing in your final 200-125 pdf. Once you have gone through the entire Microsoft 70-412 practice exam, you could analyze your learning with the self test engine. The FLYDUMPS provide two more forms of study material for Microsoft 70-412 exam sample questions. The Microsoft 70-412 study guide is meant for those professionals, who do not get enough time to study. FLYDUMPS Microsoft 70-412 exam sample questions come with 80 real exam questions and answers for preparing the Microsoft 70-412 Test. http://www.teststarter.com/70-412.html

Read More:

Exam 70-412: Configuring Advanced Windows Server 2012 Services

 

Comments are closed