Highest Quality 70-412 Exam Questions and Answers 2021

NEW QUESTION 1
Your network contains an Active Directory domain named contoso.com.
A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS) on a server named Server1.
After the proof of concept was complete, the Active Directory Rights Management Services server role was removed.
You attempt to deploy AD RMS.
During the configuration of AD RMS, you receive an error message indicating that an
existing AD RMS Service Connection Point (SCP) was found.
You need to ensure that clients will only attempt to establish connections to the new AD RMS deployment.
Which should you do?

• A. From DNS, remove the records for Server1.
• B. From DNS, increase the priority of the DNS records for the new deployment of AD RMS.
• C. From Active Directory, remove the computer object for Server1.
• D. From Active Directory, remove the SCP.

Answer: D

Explanation: The Active Directory Rights Management Services (AD RMS) Service Connection Point (SCP) is an object in Active Directory that holds the web address of the AD RMS certification cluster. AD RMS-enabled applications use the SCP to discover the AD RMS service; it is the first connection point for users to discover the AD RMS web services.
Only one SCP can exist in your Active Directory forest. If you try to install AD RMS and an SCP already exists in your forest from a previous AD RMS installation that was not properly deprovisioned, the new SCP will not install properly. It must be removed before you can establish the new SCP.
Reference: The AD RMS Service Connection Point http://social.technet.microsoft.com/wiki/contents/articles/710.the-ad-rms-service-connection-point.aspx

NEW QUESTION 2
Your network contains an Active Directory domain named adatum.com. The domain contains two domain controllers that run Windows Server 2012 R2. The domain controllers are configured as shown in the following table.

You log on to DC1 by using a user account that is a member of the Domain Admins group, and then you create a new user account named User1.
You need to prepopulate the password for User1 on DC2.
What should you do first?

• A. Connect to DC2 from Active Directory Users and Computers.
• B. Add DC2 to the Allowed RODC Password Replication Policy group.
• C. Add the User1 account to the Allowed RODC Password Replication Policy group.
• D. Run Active Directory Users and Computers as a member of the Enterprise Admins group.

Answer: D

Explanation: To prepopulate the password cache for an RODC by using Active Directory Users and Computers(see step 1 below).
Administrative credentials: To prepopulate the password cache for an RODC, you must be a member of the Domain Admins group.
✑ ClickStart, clickAdministrative Tools, and then clickActive Directory Users and Computers.
✑ Ensure that Active Directory Users and Computers points to the writable domain
controller that is running Windows Server 2008, and then clickDomain Controllers.
✑ In the details pane, right-click the RODC computer account, and then clickProperties.
✑ Click thePassword Replication Policytab.
✑ ClickAdvanced.
✑ ClickPrepopulate Passwords.
✑ Type the name of the accounts whose passwords you want to prepopulate in the cache for the RODC, and then clickOK.
✑ When you are asked if you want to send the passwords for the accounts to the RODC, clickYes.
Note: You can prepopulate the password cache for an RODC with the passwords of user and computer accounts that you plan to authenticate to it. When you prepopulate the RODC password cache, you trigger the RODC to replicate and cache the passwords for users and computers before the accounts try to log on in the branch office.
Incorrect:
Not C. You don't need to add User1 to the Allowed RODC Password Replication Policy group. As a first step you should runActive Directory Users and Computersas a member of the Domain/Enterprise Admins group.-
Reference: Password Replication Policy Administration http://technet.microsoft.com/en-us/library/cc753470(v=ws.10).aspx#BKMK_pre

NEW QUESTION 3
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
You attempt to delete a classification property and you receive the error message as shown in the exhibit. (Click the Exhibit button.)

You need to delete the isConfidential classification property. What should you do?

• A. Delete the classification rule that is assigned the isConfidential classification property.
• B. Disable the classification rule that is assigned the isConfidential classification property.
• C. Set files that have an isConfidential classification property value of Yes to No.
• D. Clear the isConfidential classification property value of all files.

Answer: A

Explanation: You would have to delete the classification rule in order to delete the classification property.

NEW QUESTION 4
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 has the IP Address Management (IPAM) Server feature installed.
A technician performs maintenance on Server1.
After the maintenance is complete, you discover that you cannot connect to the IPAM
server on Server1.
You open the Services console as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that you can connect to the IPAM server. Which service should you start?

• A. Windows Process Activation Service
• B. Windows Event Collector
• C. Windows Internal Database
• D. Windows Store Service (WSService)

Answer: C

Explanation:
Windows Internal Database
Windows Internal Database is a relational data store that can be used only by Windows roles and features.
IPAM does not support external databases. Only a Windows Internal Database is supported.
IPAM stores 3 years of forensics data (IP address leases, host MAC addresses, user login/logoff information) for 100,000 users in a Windows Internal Database. There is no database purge policy provided, and the administrator must purge data manually as needed.
Incorrect:
Not A. IPAM works even if the Windows Process Activation Service is not running.
Not B. IPAM does not require the Windows Event Collector Service. It need to be running on the managed DC/DNS/DHCP computers.
Not D. IPAM does not require the Windows Store Service. It provides infrastructure support for Windows Store.This service is started on demand and if disabled applications bought using Windows Store will not behave correctly.
Reference: IPAM Deployment Planning

NEW QUESTION 5
You have a server named Server1 that runs Windows Server 2012 R2.
Server1 is backed up by using Windows Server Backup. The backup configuration is shown in the exhibit. (Click the Exhibit button.)

You discover that only the last copy of the backup is maintained. You need to ensure that multiple backup copies are maintained. What should you do?

• A. Modify the backup destination.
• B. Configure the Optimize Backup Performance settings.
• C. Modify the Volume Shadow Copy Service (VSS) settings.
• D. Modify the backup times.

Answer: A

Explanation: The destination in the exhibit shows a network share is used. If a network share is being used only the latest copy will be saved

Reference: Where should I save my backup?
http://windows.microsoft.com/en-us/windows7/where-should-i-save-my-backup

NEW QUESTION 6
Your network contains an Active Directory forest.
The forest contains two domains named contoso.com and fabrikam.com.
The forest functional level is Windows 2000. The contoso.com domain contains domain controllers that run either Windows Server 2008 or Windows Server 2008 R2.
The domain functional level is Windows Server 2008.
The fabrikam.com domain contains domain controllers that run either Windows 2000 Server or Windows Server 2003.
The domain functional level is Windows 2000 native.
The contoso.com domain contains a member server named Server1 that runs Windows Server 2012 R2.
You need to add Server1 as a new domain controller in the contoso.com domain. What should you do first?

• A. Raise the functional level of the contoso.com domain to Windows Server 2008 R2.
• B. Upgrade the domain controllers that run Windows Server 2008 to Windows Server 2008 R2.
• C. Raise the functional level of the fabrikam.com domain to Windows Server 2003.
• D. Decommission the domain controllers that run Windows 2000.
• E. Raise the forest functional level to Windows Server 2003.

Answer: D

Explanation: D. Server 2003 is the minimum Domain Functional level for any domain in the forest Windows Server 2012 R2 requires a Windows Server 2003 forest functional level.
That is, before you can add a domain controller that runs Windows Server 2012 R2 to an existing Active Directory forest, the forest functional level must be Windows Server 2003 or higher.
http://technet.microsoft.com/en-us/library/cc771294.aspx

NEW QUESTION 7
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and configured.
For all users, you are deploying smart cards for logon. You are using an enrollment agent
to enroll the smart card certificates for the users.
You need to configure the Contoso Smartcard Logon certificate template to support the use of the enrollment agent.
Which setting should you modify? To answer, select the appropriate setting in the answer area.

Answer:

Explanation: / In application policy drop-down list select Certificate Request Agent.
/ The Issuance Requirements Tab
* Application policy. This option specifies the application policy that must be included in the signing certificate used to sign the certificate request. It is enabled when Policy type required in signature is set to either Application policy or Both application and issuance policy.

NEW QUESTION 8
You have a virtual machine named VM1 that runs on a host named Host1.
You configure VM1 to replicate to another host named Host2. Host2 is located in the same physical location as Host1.
You need to add an additional replica of VM1. The replica will be located in a different physical site.
What should you do?

• A. From VM1 on Host2, click Extend Replication.
• B. On Host1, configure the Hyper-V settings.
• C. From VM1 on Host1, click Extend Replication.
• D. On Host2, configure the Hyper-V settings.

Answer: A

Explanation: Extend Replication through UI:
Before you Extend Replication to third site, you need to establish the replication between a primary server and replica server.
Once that is done, go to replica site and from Hyper-V UI manager select the VM for which you want to extend the replication. Right click on VM and select “Replication->Extend Replication …”. This will open Extend Replication Wizard which is similar to Enable Replication Wizard.
NOTE: You configure a server to receive replication with Hyper-V Manager, in this situation the replica site is assumed to be the Replica Server. Therefore you extend replication from VM1 on Host2.
Note 2: With Hyper-V Extend Replication feature in Windows Server 2012 R2, customers
can have multiple copies of data to protect them from different outage scenarios. For example, as a customer I might choose to keep my second DR site in the same campus or a few miles away while I want to keep my third copy of data across the continents to give added protection for my workloads. Hyper-V Replica Extend replication exactly addresses this problem by providing one more copy of workload at an extended site apart from replica site.
Reference: Hyper-V Replica: Extend Replication http://blogs.technet.com/b/virtualization/archive/2013/12/10/hyper-v-replica-extend-replication.aspx

NEW QUESTION 9
Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2012 R2.
The domain contains four servers. The servers are configured as shown in the following table.

You need to deploy IP Address Management (IPAM) to manage DNS and DHCP. On which server should you install IPAM?

• A. DC1
• B. DC2
• C. DC3
• D. Server1

Answer: D

Explanation:
IPAM cannot be installed on Domain Controllers. All servers, except Server1, have the DC role
Reference: IP Address Management (IPAM) Overview http://technet.microsoft.com/en-us/library/hh831353.aspx

NEW QUESTION 10
Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 and Server2 are nodes in a failover cluster named Cluster1. The network contains two servers named Server3 and Server4 that run Windows Server 2012 R2. Server3 and Server4 are nodes in a failover cluster named Cluster2.
You need to move all of the applications and the services from Cluster1 to Cluster2. What should you do first from Failover Cluster Manager?

• A. On a server in Cluster2, configure Cluster-Aware Updating.
• B. On a server in Cluster2, click Move Core Cluster Resources, and then click Best Possible Node.
• C. On a server in Cluster1, click Move Core Cluster Resources, and then click Best Possible Node.
• D. On a server in Cluster1, click Migrate Roles.

Answer: D

Explanation:
Incorrect:
Not A. Cluster Aware Updating can greatly simplify the process of applying operating system patches to Windows Server 2012 or 2012 R2 failover cluster nodes.
Not B. Not C. Move Core Cluster Resources is used to resources from one node to another within the same cluster.
Reference: Migrating Clustered Services and Applications to Windows Server 2012,
Migration Between Two Multi-Node Clusters
https://technet.microsoft.com/en-us/library/dn486774.aspx#BKMK_Steps_for_migrating

NEW QUESTION 11
You have a server named Server1.
A Microsoft Azure Backup of Server1 is created automatically every day. You rename Server1 to Server2.
You discover that backups are no longer created in Azure. You need to back up the server to Azure.
What should you do?

• A. From the Azure Management Portal, modify the configuration of backup vault.
• B. On Server2, run theAdd-WBBackupTargetcmdlet.
• C. On Server2, run theStart-OBRegistrationcmdlet.
• D. From the Azure Management Portal, upload the Server2 certificate as a management certificate.

Answer: C

Explanation: The Start-OBRegistration cmdlet registers the server with using the vault credentials downloaded during enrollment.
Reference: Azure Backup – FAQ
https://azure.microsoft.com/sv-se/documentation/articles/backup-azure-backup-faq/ Reference: Start-OBRegistration
https://technet.microsoft.com/en-us/library/hh770398(v=wps.630).aspx

NEW QUESTION 12
Your network contains an Active Directory domain named adatum.com. The domain contains four servers.
The servers are configured as shown in the following table.

You plan to deploy an enterprise certification authority (CA) on a server named Server5. Server5 will be used to issue certificates to domain-joined computers and workgroup
computers.
You need to identify which server you must use as the certificate revocation list (CRL) distribution point for Server5.
Which server should you identify?

• A. Server 3
• B. Server 2
• C. Server 4
• D. Server 1

Answer: A

Explanation: A. We cannot use AD DS because workgroup computers must access CRL distribution point
B. We cannot use File Share because workgroup computers must access CRL distribution point
C. Public facing web server can be used
D. AD DS, Web & File Share only http://technet.microsoft.com/en-us/library/cc771079.aspx

NEW QUESTION 13
You have a server named Server1 that runs Windows Server 2012 R2. You install the File and Storage Services server role on Server1.
From Windows Explorer, you view the properties of a folder named Folder1 and you discover that the Classification tab is missing.
You need to ensure that you can assign classifications to Folder1 from Windows Explorer
manually.
What should you do?

• A. From Folder Options, clear Hide protected operating system files (Recommended).
• B. Install the File Server Resource Manager role service.
• C. From Folder Options, select the Always show menus.
• D. Install the Share and Storage Management Tools.

Answer: B

Explanation: On the Classification tab of the file properties in Windows Server 2012, File Classification Infra-structure adds the ability to manually classify files. You can also classify folders so that any file added to the classified folder will inherit the classifications of the parent folder.
Reference: What's New in File Server Resource Manager in Windows Server.

NEW QUESTION 14
You have a test server named Server1 that is configured to dual-boot between Windows Server 2008 R2 and Windows Server 2012 R2.
You start Server1 and you discover that the boot entry for Windows Server 2008 R2 no longer appears on the boot menu.
You start Windows Server 2012 R2 on Server1 and you discover the disk configurations shown in the following table.

You need to restore the Windows Server 2008 R2 boot entry on Server1. What should you do?

• A. Run bcdedit.exe and specify the /createstore parameter
• B. Run bootrec.exe and specify the /scanos parameter
• C. Run bcdboot.exe d:windows.
• D. Run bootrec.exe and specify the /rebuildbcd parameter

Answer: D

Explanation: A. BCDEdit is a command-line tool for managing BCD stores.
It can be used for a variety of purposes, including creating new stores, modifying existing stores, adding boot menu options, /Createstore Creates a new empty boot configuration data store.
The created store is not a system store.
B. Bootrec.exe tool to troubleshoot "Bootmgr Is Missing" issue.
The /ScanOs option scans all disks for installations that are c mpatible with Windows Vista or Windows 7.
Additionally, this option displays the entries that are currently not in the BCD store. Use this option when there are Windows Vista or Windows 7 installations that the Boot Manager menu does not list.
C.
D. Bootrec.exe tool to troubleshoot "Bootmgr Is Missing" issue. The /ScanOs option scans all disks for installations that are compatible with Windows Vista or Windows 7. Additionally, this option displays the entries that are currently not in the BCD store. Use this option when there are Windows Vista or Windows 7 installations that the Boot Manager menu does not list.
http://technet.microsoft.com/en-us/library/cc709667(v=ws.10).aspx http://support.microsoft.com/kb/927392/en-us

NEW QUESTION 15
HOTSPOT
Your network contains an Active Directory forest named contoso.com that contains a single domain. The forest contains three sites named Site1, Site2, and Site3.
Domain controllers run either Windows Server 2008 R2 or Windows Server 2012 R2. Each site contains two domain controllers. Site1 and Site2 contain a global catalog server. You need to create a new site link between Site1 and Site2. The solution must ensure that
the site link supports the replication of all the naming contexts.
From which node should you create the site link?
To answer, select the appropriate node in the answer area.

Answer:

Explanation: Create a Site Link To create a site link
✑ Open Active Directory Sites and Services. To open Active Directory Sites and
Services, clickStart, clickAdministrative Tools, and then clickActive Directory Sites and Services.
To open Active Directory Sites and Services in Windows Server® 2012, clickStart, typedssite.msc.
✑ In the console tree, right-click the intersite transport protocol that you want the site
link to use.
Use the IP intersite transport unless your network has remote sites where network connectivity is intermittent or end-to-end IP connectivity is not available. Simple Mail Transfer Protocol (SMTP) replication has restrictions that do not apply to IP replication.

NEW QUESTION 16
Which security groups must a user account be a member of to modify the AD RMS SCP? (Choose two answers. Each answer forms part of a complete solution.)

• A. Domain Admins
• B. AD RMS Enterprise Administrators
• C. Enterprise Admins
• D. Cryptographic Operators.

Answer: BC

NEW QUESTION 17
DRAG DROP
Your network contains two Active Directory forests named contoso.com and adatum.com. All domain controllers run Windows Server 2012 R2.
A federated trust exists between adatum.com and contoso.com. The trust provides adatum.com users with access to contoso.com resources.
You need to configure Active Directory Federation Services (AD FS) claim rules for the federated trust.
The solution must meet the following requirements:
✑ In contoso.com, replace an incoming claim type named Group with an outgoing claim type named Role.
✑ In adatum.com, allow users to receive their tokens for the relying party by using
their Active Directory group membership as the claim type. The AD FS claim rules must use predefined templates.
Which rule types should you configure on each side of the federated trust?
To answer, drag the appropriate rule types to the correct location or locations. Each rule type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Answer:

Explanation: * Acceptance transform rule set
A set of claim rules that you use on a particular claims provider trust to specify the incoming claims that will be accepted from the claims provider organization and the outgoing claims that will be sent to the relying party trust.
Used on: Claims provider trusts
* Issuance Authorization Rule Set
A set of claim rules that you use on a relying party trust to specify the claims that will be issued to the relying party.
Used on: Relying party trusts

NEW QUESTION 18
Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server1, Server2, and Server3 that run Windows Server 2012 R2. All three servers have the Hyper-V server role installed and the Failover Clustering feature installed.
Server1 and Server2 are nodes in a failover cluster named Cluster1. Several highly available virtual machines run on Cluster1. Cluster1 has the Hyper-V Replica Broker role installed. The Hyper-V Replica Broker currently runs on Server1.
Server3 currently has no virtual machines.
You need to configure Cluster1 to be a replica server for Server3 and Server3 to be a replica server for Cluster1.
Which two tools should you use? (Each correct answer presents part of the solution. Choose two.)

• A. The Hyper-V Manager console connected to Server3
• B. The Failover Cluster Manager console connected to Server3
• C. The Hyper-V Manager console connected to Server1.
• D. The Failover Cluster Manager console connected to Cluster1
• E. The Hyper-V Manager console connected to Server2

Answer: AD

Explanation: A. To configure the Replica server [on a server that is not part of a cluster which in this case is Server3]
✑ In Hyper-V Manager, clickHyper-V Settingsin theActionspane.
✑ In theHyper-V Settingsdialog, clickReplication Configuration.
✑ In the Details pane, selectEnable this computer as a Replica server.
Etc.
D. To configure a Replica server that is part of a failover cluster.
1. In Server Manager, open Failover Cluster Manager.
2. In the left pane, connect to the cluster, and while the cluster name is highlighted, click Roles in the Navigate category of the Details pane.
3. Right-click the role and choose Replication Settings.
4. In the Details pane, select Enable this cluster as a Replica server. Etc.
Reference: Deploy Hyper-V Replica , Step 2: Enable Replication http://technet.microsoft.com/en-us/library/jj134240.aspx