Vivid 70-412 Exam Dumps 2021

NEW QUESTION 1
Your network contains two Active Directory forests named contoso.com and fabrikam.com. A two- way forest trust exists between the forests.
The contoso.com forest contains an enterprise certification authority (CA) named CAl.
You implement cross-forest certificate enrollment between the contoso.com forest and the fabrikam.com forest.
On CA1, you create a new certificate template named Template1.
You need to ensure that users in the fabrikam.com forest can request certificates that are
based on Template1. Which tool should you use?

• A. Sync-ADObject
• B. Pkiview.msc
• C. CertificateServices.ps1
• D. Certutil
• E. PKISync.ps1

Answer: E

Explanation: A. Replicates a single object between any two domain controllers that have partitions in common.
B. Monitoring and troubleshooting the health of all certification authorities (CAs) in a public key infrastructure (PKI) are essential administrative tasks facilitated by the Enterprise PKI snap-in.
D. use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.
E. PKISync.ps1 copies objects in the source forest to the target forest http://technet.microsoft.com/en-us/library/hh852296.aspx http://technet.microsoft.com/en-us/library/cc732261(v=ws.10).aspx http://technet.microsoft.com/en-us/library/ff955845(v=ws.10).aspx

NEW QUESTION 2
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server2 that runs Windows Server 2012 R2.
You are a member of the local Administrators group on Server2. You install an Active Directory Rights Management Services (AD RMS) root cluster on Server2.
You need to ensure that the AD RMS cluster is discoverable automatically by the AD RMS client computers and the users in contoso.com.
Which additional configuration settings should you configure? To answer, select the appropriate tab in the answer area.

Answer:

Explanation: * Active Directory Domain Services (AD DS) service connection point (SCP) automatic service discovery. This is the recommended way to deploy an AD RMS environment. In this scenario, an SCP is created in the Active Directory forest where the AD RMS cluster is installed. When the AD RMS client attempts user activation on the computer, it queries the SCP to find the AD RMS cluster and download the rights account certificate (RAC). With automatic service discovery, no additional configuration is required on the AD RMS client.
* Cluster - Cluster Properties - SCP Tab

NEW QUESTION 3
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a Clustered Shared Volume (CSV).
A developer creates an application named App1. App1 is NOT a cluster-aware application. App1 stores data in the file system.
You need to ensure that App1 runs in Cluster1. The solution must minimize development effort.
Which cmdlet should you run?

• A. Add-ClusterServerRole
• B. Add-ClusterGenericServiceRole
• C. Add ClusterScaleOutFileServerRole
• D. Add ClusterGenericApplicationRole

Answer: D

Explanation: Add-ClusterGenericApplicationRole
Configure high availability for an application that was not originally designed to run in a failover cluster.
If you run an application as a Generic Application, the cluster software will start the application, then periodically query the operating system to see whether the application appears to be running. If so, it is presumed to be online, and will not be restarted or failed over.
EXAMPLE 1.
Command Prompt: C:PS>
Add-ClusterGenericApplicationRole -CommandLine NewApplication.exe Name OwnerNode State
---- --------- -----
cluster1GenApp node2 Online Description
-----------
This command configures NewApplication.exe as a generic clustered application. A default name will be used for client access and this application requires no storage.
Reference: Add-ClusterGenericApplicationRole http://technet.microsoft.com/en-us/library/ee460976.aspx

NEW QUESTION 4
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 are configured as shown in the following table.

You need to ensure that when new targets are added to Server1, the targets are registered on Server2 automatically.
What should you do on Server1?

• A. Configure the Discovery settings of the iSCSI initiator.
• B. Configure the security settings of the iSCSI target.
• C. Run the Set-WmiInstance cmdlet.
• D. Run the Set-IscsiServerTarget cmdlet.

Answer: C

Explanation: Explanation/Reference:
Manage iSNS server registration
The iSNS server registration can be done using the following cmdlets, which manages the WMI objects.
To add an iSNS server:
Set-WmiInstance -Namespace rootwmi -Class WT_iSNSServer –Arguments
@{ServerName="ISNSservername"}
Note: The Set-WmiInstance cmdlet creates or updates an instance of an existing WMI class. The created or updated instance is written to the WMI repository.
Reference: iSCSI Target cmdlet reference http://blogs.technet.com/b/filecab/archive/2012/06/08/iscsi-target-cmdlet-reference.aspx

NEW QUESTION 5
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured as nodes in an NLB cluster named Cluster1. Both servers connect to the same switch.
Cluster1 hosts a secure web Application named WebApp1. WebApp1 saves user state information in a central database.
You need to ensure that the connections to WebApp1 are distributed evenly between the nodes. The solution must minimize port flooding.
What should you configure? To answer, configure the appropriate affinity and the appropriate mode for Cluster1 in the answer area.

Answer:

Explanation: The Affinity parameter is applicable only for the Multiple hosts filtering mode.
/ The Single option specifies that NLB should direct multiple requests from the same client IP address to the same cluster host.

NEW QUESTION 6
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured to support key archival and recovery.
You create a new Active Directory group named Group1.
You need to ensure that the members of Group1 can request a Key Recovery Agent certificate.
The solution must minimize the permissions assigned to Group1.
Which two permissions should you assign to Group1? (Each correct answer presents part of the solution. Choose two.)

• A. Read
• B. Auto enroll
• C. Write
• D. Enroll
• E. Full control

Answer: AD

Explanation: See step 6 below.
To configure the Key Recovery Agent certificate template
✑ Open the Certificate Templates snap-in.
✑ In the console tree, right-click theKey Recovery Agentcertificate template.
✑ ClickDuplicate Template.
✑ InTemplate, type a new template display name, and then modify any other optional properties as needed.
✑ On theSecuritytab, clickAdd, type the name of the users you want to issue the key recovery agent certificates to, and then clickOK.
✑ UnderGroup or user names, select the user names that you just added.
UnderPermissions, select theReadandEnrollcheck boxes, and then clickOK. Reference: Identify a Key Recovery Agent

NEW QUESTION 7
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 and a member server named Server1. Server1 has the IP Address Management (IPAM) Server feature installed.
On Dc1, you configure Windows Firewall to allow all of the necessary inbound ports for IPAM.
On Server1, you open Server Manager as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that you can use IPAM on Server1 to manage DNS on DC1. What should you do?

• A. Modify the outbound firewall rules on Server1.
• B. Modify the inbound firewall rules on Server1.
• C. Add Server1 to the Remote Management Users group.
• D. Add Server1 to the Event Log Readers group.

Answer: D

Explanation: To access configuration data and server event logs, the IPAM server must be a member of the domain IPAM Users Group (IPAMUG). The IPAM server must also be a member of the Event Log Readers security group.
Note: The computer account of the IPAM server must be a member of the Event Log Readers security group.
Reference: Manually Configure DC and NPS Access Settings.
http://technet.microsoft.com/en-us/library/jj878317.aspx http://technet.microsoft.com/en-us/library/jj878313.aspx

NEW QUESTION 8
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 is a file server that has the Hyper-V server role installed.
Server1 hosts several virtual machines. The virtual machine configuration files are stored on drive D and the VHD files are stored on drive E.
You plan to replace drive E with a larger volume.
You need to ensure that the virtual machines on Server1 remain available while drive E is being replaced.
What should you do?

• A. Perform a quick migration.
• B. Add Server1 and Server2 as nodes in a failover cluster.
• C. Perform a live migration.
• D. Perform a storage migration.

Answer: D

Explanation: Hyper-V in Windows Server 2012 R2 introduces support for moving virtual machine storage without downtime by making it possible to move the storage while the virtual machine remains running.
Reference: Virtual Machine Storage Migration Overview http://technet.microsoft.com/en-us/library/hh831656.aspx

NEW QUESTION 9
You have five servers that run Windows Server 2012 R2. The servers have the Failover Clustering feature installed. You deploy a new cluster named Cluster1. Cluster1 is configured as shown in the following table.

Server1, Server2, and Server3 are configured as the preferred owners of the cluster roles. Dynamic quorum management is disabled.
You plan to perform hardware maintenance on Server3.
You need to ensure that if the WAN link between Site1 and Site2 fails while you are performing maintenance on Server3, the cluster resource will remain available in Site1.
What should you do?

• A. Add a file share witness in Site1.
• B. Enable DrainOnShutdown on Cluster1.
• C. Remove the node vote for Server4 and Server5.
• D. Remove the node vote for Server3.

Answer: C

Explanation: Recommended Adjustments to Quorum Voting
When enabling or disabling a given WSFC (Windows Server Failover Clustering) node’s vote, follow these guidelines:
* Exclude secondary site (here site2) nodes (here server4 and server5). In general, do not give votes to WSFC nodes that reside at a secondary disaster recovery site. You do not want nodes in the secondary site to contribute to a decision to take the cluster offline when there is nothing wrong with the primary site.
Reference: WSFC Quorum Modes and Voting Configuration (SQL Server)

NEW QUESTION 10
Your network contains an Active Directory domain named contoso.com.
You are creating a custom Windows Recovery Environment (Windows RE) image.
You need to ensure that when a server starts from the custom Windows RE image, a drive is mapped automatically to a network share.
What should you modify in the image?

• A. startnet.cmd
• B. Xsl-mApp1ngs.xml
• C. Win.ini
• D. smb.types.ps1xml

Answer: A

Explanation: The best way to define what to start is using starnet.cmd. http://technet.microsoft.com/en-us/library/cc766521(v=ws.10).aspx

NEW QUESTION 11
You have a datacenter that contains six servers. Each server has the Hyper-V server role installed and runs Windows Server 2012 R2. The servers are configured as shown in the following table.

Host4 and Host5 are part of a cluster named Cluster1. Cluster1 hosts a virtual machine named VM1.
You need to move VM1 to another Hyper-V host. The solution must minimize the downtime of VM1.
To which server and by which method should you move VM1?

• A. To Host3 by using a storage migration
• B. To Host6 by using a storage migration
• C. To Host2 by using a live migration
• D. To Host1 by using a quick migration

Answer: A

Explanation: With Hyper-V live migration, you can move running VMs from one Hyper-V physical host to another without any disruption of service or perceived downtime.
Host3 has an Intel processer, as does Host4 and Host5 in Cluster1, so the migration will work fine.
Incorrect:
Not B, not C. The migration of a virtual machine between physical computers is only supported on computers that have the same processor steppings or are from the same vendor. Therefore you cannot move a virtual machine from a Hyper-V host on an Intel- based server to a Hyper-V Host on an AMD-based server.
Not D. Quick Migration saves, moves and restores VMs, which results in some downtime. Reference: Hyper-V Migration Guide
http://technet.microsoft.com/en-us/library/ee849855(v=WS.10).aspx
Reference: Virtual Machine Storage Migration Overview http://technet.microsoft.com/en-us/library/hh831656.aspx
Reference: Windows Server 2008 R2 & Microsoft Hyper-V Server 2008 R2 - Hyper-V Live Migration Overview & Architecture (http://www.microsoft.com/en- us/download/details.aspx?id=12601)

NEW QUESTION 12
DRAG DROP
You plan to deploy a failover cluster that will contain two nodes that run Windows Server 2012 R2.
You need to configure a witness disk for the failover cluster. How should you configure the witness disk?
To answer, drag the appropriate configurations to the correct location or locations. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Answer:

Explanation: Disk witness requirements include:
* Basic disk with a single volume
* Can be formatted with NTFS or ReFS

NEW QUESTION 13
Your network contains an Active Directory forest named adatum.com. The forest contains a single domain. The domain contains four servers. The servers are configured as shown in the following table.

You need to update the schema to support a domain controller that will run Windows Server 2012 R2.
On which server should you run adprep.exe?

• A. Server1
• B. DC3
• C. DC2
• D. DC1

Answer: B

Explanation: We must use the Windows Server 2008 R2 Server.
Upgrade Domain Controllers to Windows Server 2012 R2 and Windows Server 2012
You can use adprep.exe on domain controllers that run 64-bit versions of Windows Server 2008 or Windows Server 2008 R2 to upgrade to Windows Server 2012. You cannot upgrade domain controllers that run Windows Server 2003 or 32-bit versions of Windows Server 2008. To replace them, install domain controllers that run a later version of Windows Server in the domain, and then remove the domain controllers that Windows Server 2003.
Reference: Upgrade Domain Controllers to Windows Server 2012 R2 and Windows Server 2012, Supported in-place upgrade paths.
http://technet.microsoft.com/en-us/library/hh994618.aspx#BKMK_UpgradePaths

NEW QUESTION 14
HOTSPOT
Your network contains an Active Directory domain named contoso.com. You have a Dynamic Access Control policy named Policy1.
You create a new Central Access Rule named Rule1.
You need to add Rule1 to Policy1.
What command should you run?
To answer, select the appropriate options in the answer area.

Answer:

Explanation: The Add-ADCentralAccessPolicyMember cmdlet adds central access rules to a central access policy in Active Directory.
Syntax: Add-ADCentralAccessPolicyMember [-Identity] <ADCentralAccessPolicy> [- Members] <ADCentralAccessRule[]>

NEW QUESTION 15
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as a standalone certification authority (CA).
You install a second server named Server2. You install the Online Responder role service on Server2.
You need to ensure that Server1 can issue an Online Certificate Status Protocol (OCSP) Response Signing certificate to Server2.
What should you run on Server1?

• A. The certreq.exe command and specify the -policy parameter
• B. The certutil.exe command and specify the -getkey parameter
• C. The certutil.exe command and specify the -setreg parameter
• D. The certreq.exe command and specify the -retrieve parameter

Answer: C

Explanation: To prepare a computer running Windows Server to issue OCSP Response Signing certificates
✑ On the server hosting the CA, open a command prompt, and type:
✑ certutil -v -setreg policyEnableRequestExtensionList +1.3.6.1.5.5.7.48.1.5
✑ Stop and restart the CA. You can do this at a command prompt by running the following commands:
✑ net stop certsvc net start certsvc
Reference: Configure a CA to Support OCSP Responders https://technet.microsoft.com/en-us/library/cc732526.aspx

NEW QUESTION 16
You have a server named Server1 that runs Windows Server 2012 R2.
When you install a custom Application on Server1 and restart the server, you receive the following error message: "The Boot Configuration Data file is missing some required information.
File: BootBCD
Error code: 0x0000034."
You start Server1 by using Windows RE.
You need to ensure that you can start Windows Server 2012 R2 on Server1. Which tool should you use?

• A. Bootsect
• B. Bootim
• C. Bootrec
• D. Bootcfg

Answer: C

Explanation: * Bootrec.exe tool to troubleshoot "Bootmgr Is Missing" issue. The /ScanOs option scans all disks for installations that are compatible with Windows Vista or Windows 7. Additionally, this option displays the entries that are currently not in the BCD store. Use this option when there are Windows Vista or Windows 7 installations that the Boot Manager menu does not list.
* Error code 0x0000034 while booting. Resolution:
1. Put the Windows Windows 7 installation disc in the disc drive, and then start the computer.
2. Press any key when the message indicating "Press any key to boot from CD or DVD …". appears.
3. Select a language, time, currency, and a keyboard or another input method. Then click Next.
4. Click Repair your computer.
5. Click the operating system that you want to repair, and then click Next.
6. In the System Recovery Options dialog box, click Command Prompt.
7. Type Bootrec /RebuildBcd, and then press ENTER.
Incorrect:
Not A. Bootsect.exe updates the master boot code for hard disk partitions to switch between BOOTMGR and NTLDR. You can use this tool to restore the boot sector on your computer. This tool replaces FixFAT and FixNTFS.
Not D. The bootcfg command is a Microsoft Windows Server 2003 utility that modifies the Boot.ini file.
Reference: Bootsect Command-Line Options http://technet.microsoft.com/en-us/library/cc749177(v=ws.10).aspx http://support.microsoft.com/kb/927392/en-us
http://answers.microsoft.com/en-us/windows/forum/windows_7-system/error-code-0x0000034-in-windows-7/4dcb8d38-a206-40ed-bced-55e4a4de9bf2

NEW QUESTION 17
Your network contains two Active Directory forests named contoso.com and
corp.contoso.com.

User1 is a member of the DnsAdmins domain local group in contoso.com.
User1 attempts to create a conditional forwarder to corp.contoso.com but receive an error message shown in the exhibit. (Click the Exhibit button.)

You need to configure bi-directional name resolution between the two forests. What should you do first?

• A. Add User1 to the DnsUpdateProxy group.
• B. Configure the zone to be Active Directory-integrated.
• C. Enable the Advanced view from DNS Manager.
• D. Run the New Delegation Wizard.

Answer: B

Explanation: The zone must be Active Directory-integrated.

NEW QUESTION 18
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed. Server1 has an IPv6 scope named Scope1.
You implement an additional DHCP server named Server2 that runs Windows Server 2012 R2.
You need to provide high availability for Scope1. The solution must minimize administrative effort.
What should you do?

• A. Install and configure Network Load Balancing (NLB) on Server1 and Server2.
• B. Create a scope on Server2.
• C. Configure DHCP failover on Server1.
• D. Install and configure Failover Clustering on Server1 and Server2.

Answer: C

Explanation: Overview: Configure DHCP failover using the DHCP console
To configure DHCP failover using the DHCP console, right-click a DHCP scope or right- click IPv4 and then click Configure Failover.

Configure Failover
TheConfigure Failoverwizard guides you through configuring DHCP failover on the selected scope.
Note: The DHCP server failover feature, available in Windows Server 2012 and later, provides the ability to have two DHCP servers provide IP addresses and option configuration to the same subnet or scope, providing for continuous availability of DHCP service to clients.
Incorrect:
Not A. NLB is not related to DHCP scope availability. Not B. DHCP failover requirements include:
DHCP Scopes requirement:
At least one IPv4 DHCP scope must be configured on the primary DHCP server.
The same DHCP scope ID, or an overlapping scope, must not be configured on the failover partner.
Not D. Failover clustering is possibly, but would not minimize administration. Reference: Deploy DHCP Failover