Lead2pass 2017 September New Microsoft 70-412 Exam Dumps
100% Free Download! 100% Pass Guaranteed!
I have already passed Microsoft 70-412 certification exam yesterday….Scored 984/1000 in US! Many new exam questions added into the 2017 70-412 test! So I just come here to share with your guys and wish more 70-412 candidates can pass easily!
Following questions and answers are all new published by Microsoft Official Exam Center: https://www.lead2pass.com/70-412.html
QUESTION 141
Your network contains an Active Directory forest named contoso.com.
The forest contains a single domain. The domain contains three domain controllers.
The domain controllers are configured as shown in the following table.
You discover that when you run Group Policy Results from Group Policy Management, the settings from site-linked Group Policy objects (GPOs) fail to appear in the results.
You need to ensure that the settings from site-linked GPOs appear in the results.
What should you do first?
A. Run adprep on DC3 by using Windows Server 2012 R2 installation media.
B. Transfer the infrastructure master role to DC3.
C. Upgrade DC2 to Windows Server 2012 R2.
D. Run adprep on DC1 by using Windows Server 2003 installation media.
Answer: A
Explanation:
In this scenario a Windows 2012 server has been added to a Windows 2003 network.
Note:
* Before adding your new Windows 2012 Domain Controller, or attempting to perform an inplace upgrade of an existing Windows 2008 or 2008 R2 DC, you must make sure that the Schema is upgraded to support your new Windows 2012 DC, and that you prepare each domain where you plan to install Windows 2012 DCs. To do this we can use the ADPREP.exe tool found in the support\adprep folder on your installation media.
* Starting with Windows 2012 there is only one version of ADPREP available, and that is a 64-bit version.
* Adprep is the utility–included in the OS installation media–that performs several crucial functions to upgrade AD to support that OS. The utility has three major options: /forestprep, /domainprep, and /rodcprep. The /forestprep option runs first, extending the AD schema with new object and attribute classes that the new AD version needs. The /domainprep option creates new well-known objects in AD, App1ies security changes, and miscellaneous other bits. Finally, /rodcprep makes forest-wide security changes to allow read-only domain controller (RODC) functionality. The Windows Server 2012 R2 version of adprep.exe can run on any server that runs a 64- bit version of Windows Server 2008 or later.
http://technet.microsoft.com/en-us/library/bb726995.aspx
http://www.ipuptime.net/Multicast.aspx
http://technet.microsoft.com/en-us/library/gg144561(v=exchg.141).aspx
http://en.wikipedia.org/wiki/Unique_local_address
QUESTION 142
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DNS Server server role installed. Server1 is configured to use a DNS server from an Internet Service Provider (ISP) as a forwarder. Corporate management requires that client computers only resolve names of
contoso.com computers.
You need to configure Server1 to resolve names in the contoso.com zone only.
What should you do on Server1?
A. From DNS Manager, modify the root hints of Server1.
B. From Windows PowerShell, run the Remove-DnsServerForwarder cmdlet.
C. From Windows PowerShell, run the Set-NetDnsTransitionConfiguration cmdlet.
D. From DNS Manager, modify the Advanced properties of Server1.
Answer: A
Explanation:
If the DNS server does not know the address of the requested site, then it will forward the request to another DNS server. In order to do so, the DNS server must know of the IP address of another DNS server that it can forward the request to. This is the job of root hints. Root hints provides a list of IP addresses of DNS servers that are considered to be authoritative at the root level of the DNS hierarchy(also known as root name server).
http://technet.microsoft.com/en-us/library/ee649221(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/jj649867.aspx
http://technet.microsoft.com/en-us/library/jj613703.aspx
QUESTION 143
You have a server named Server1 that runs Windows Server 2012 R2.
Each day, Server1 is backed up fully to an external disk.
On Server1, the disk that contains the operating system fails.
You replace the failed disk.
You need to perform a bare-metal recovery of Server1 by using the Windows Recovery
Environment (Windows RE).
What should you use?
A. The Wbadmin.exe command
B. The Repair-bde.exe command
C. The Get-WBBareMetalRecovery cmdlet
D. The Start-WBVolumeRecovery cmdlet
Answer: A
Explanation:
A. Enables you to back up and restore your operating system, volumes, files, folders, and
applications from a command prompt.
B. Accesses encrypted data on a severely damaged hard disk if the drive was encrypted by using BitLocker. Repair-bde can reconstruct critical parts of the drive and salvage recoverable data as long as a valid recovery password or recovery key is used to decrypt the data.
C. Gets the value that indicates whether the ability to perform bare metal recoveries from backups has been added to the backup policy (WBPolicy object).
D. Starts a volume recovery operation.
QUESTION 144
You have a file server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. Server1 has a volume named D that contains user data. Server1 has a volume named E that is empty. Server1 is configured to create a shadow copy of volume D every hour.
You need to configure the shadow copies of volume D to be stored on volume E.
What should you run?
A. The Set-Volume cmdlet with the -driveletter parameter
B. The Set-Volume cmdlet with the -path parameter
C. The vssadmin.exe add shadowstorage command
D. The vssadmin.exe create shadow command
Answer: C
Explanation:
A. Sets or changes the file system label of an existing volume. -DriveLetter Specifies a letter used to identify a drive or volume in the system.
B. Sets or changes the file system label of an existing volume -Path Contains valid path information. C. Displays current volume shadow copy backups and all installed shadow copy writers and providers. AddShadowStroage Adds a shadow copy storage association for a specified volume.
D. Displays current volume shadow copy backups and all installed shadow copy writers and providers. Shadow Creates a new shadow copy of a specified volume.
http://technet.microsoft.com/en-us/library/cc754968(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/hh848673(v=wps.620).aspx
QUESTION 145
Your network contains an Active Directory forest named contoso.com.
All servers run Windows Server 2012 R2.
The domain contains four servers.
The servers are configured as shown in the following table.
You need to deploy IP Address Management (IPAM) to manage DNS and DHCP. On which server should you install IPAM?
A. DC1
B. DC2
C. DC3
D. Server1
Answer: D
Explanation:
D. IPAM cannot be installed on Domain Controllers. All other servers have the DC role
http://technet.microsoft.com/en-us/library/hh831353.aspx
QUESTION 146
You have a server named Server1 that runs Windows Server 2012 R2.
Server1 is backed up by using Windows Server Backup.
The backup configuration is shown in the exhibit.
You discover that only the last copy of the backup is maintained.
You need to ensure that multiple backup copies are maintained.
What should you do?
A. Modify the backup destination.
B. Configure the Optimize Backup Performance settings.
C. Modify the Volume Shadow Copy Service (VSS) settings.
D. Modify the backup times.
Answer: A
Explanation:
A, The destination in the exhibit shows a network share is used.
If a network share is being used only the latest copy will be saved
http://windows.microsoft.com/en-us/windows7/where-should-i-save-my-backup
QUESTION 147
You have a server named Server1 that runs Windows Server 2012 R2. Server1 is located in the perimeter network and has the DNS Server server role installed. Server1 has a zone named contoso.com.
You apply a security template to Server1. After you apply the template, users report that they can no longer resolve names from contoso.com. On Server1, you open DNS Manager as shown in the DNS exhibit. (Click the Exhibit button.)
On Server1, you open Windows Firewall with Advanced Security as shown in the Firewall exhibit. (Click the Exhibit button.)
You need to ensure that users can resolve contoso.com names.
What should you do?
A. From Windows Firewall with Advanced Security, disable the DNS (TCP, Incoming) rule and the
DNS (UDP, Incoming) rule.
B. From DNS Manager, modify the Zone Transfers settings of the contoso.com zone.
C. From DNS Manager, unsign the contoso.com zone.
D. From DNS Manager, modify the Start of Authority (SOA) of the contoso.com zone.
E. From Windows Firewall with Advanced Security, modify the profiles of the DNS (TCP, Incoming) rule
and the DNS (UDP, Incoming) rule.
Answer: E
Explanation:
To configure Windows Firewall on a managed DNS server On the Server Manager menu, click Tools and then click Windows Firewall with Advanced Security.
Right-click Inbound Rules, and then click New Rule. The New Inbound Rule Wizard will launch.
In Rule Type, select Predefined, choose DNS Service from the list, and then click Next.
In Predefined Rules, under Rules, select the checkboxes next to the following rules:
Click Next, choose Allow the connection, and then click Finish. Right-click Inbound Rules, and then click New Rule. The New Inbound Rule Wizard will launch.
etc.
QUESTION 148
Your network contains an Active Directory domain named corp.contoso.com.
You deploy Active Directory Rights Management Services (AD RMS).
You have a rights policy template named Template1. Revocation is disabled for the template.
A user named User1 can open content that is protected by Template1 while the user is connected to the corporate network. When User1 is disconnected from the corporate network, the user cannot open the protected content even
if the user previously opened the content.
You need to ensure that the content protected by Template1 can be opened by users who are disconnected from the corporate network.
What should you modify?
A. The User Rights settings of Template1
B. The templates file location of the AD RMS cluster
C. The Extended Policy settings of Template1
D. The exclusion policies of the AD RMS cluster
Answer: C
Explanation:
You can add trust policies so that AD RMS can process licensing requests for content that was rights protected
http://technet.microsoft.com/en-us/library/ee221071(v=ws.10).aspx
QUESTION 149
Your company recently deployed a new Active Directory forest named contoso.com.
The forest contains two Active Directory sites named Site1 and Site2.
The first domain controller in the forest runs Windows Server 2012 R2.
You need to force the replication of the SYSVOL folder from Site1 to Site2.
Which tool should you use?
A. Active Directory Sites and Services
B. DFS Management
C. Repadmin
D. Dfsrdiag
Answer: D
Explanation:
In Windows Server 2012 R2, Windows Server 2008 R2, or Windows Server 2008, you can force replication immediately by using DFS Management, as described in Edit Replication Schedules. You can also force replication by using the Dfsrdiag SyncNow command.
You can force polling by using the Dfsrdiag PollAD command.
http://technet.microsoft.com/en-us/library/cc773238(v=ws.10).aspx#BKMK_072
QUESTION 150
You have 30 servers that run Windows Server 2012 R2.
All of the servers are backed up daily by using Windows Azure Online Backup.
You need to perform an immediate backup of all the servers to Windows Azure Online Backup. Which Windows PowerShell cmdlets should you run on each server?
A. Get-OBPolicy | StartOBBackup
B. Start-OBRegistration | StartOBBackup
C. Get-WBPolicy | Start-WBBackup
D. Get-WBBackupTarget | Start-WBBackup
Answer: A
Explanation:
A. starts a backup job using a policy
B. Registers the current computer to Windows Azure Backup.
C. Not using Azure
D. Not using Azure
http://technet.microsoft.com/en-us/library/hh770406(v=wps.620).aspx
http://technet.microsoft.com/en-us/library/hh770426.aspx
http://technet.microsoft.com/en-us/library/hh770398.aspx
QUESTION 151
Your network contains an Active Directory domain named contoso.com.
All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers.
The domain controllers are configured as shown in the following table.
The Branch site contains a member server named Server1 that runs Windows Server 2012 R2.
You need to identify which domain controller authenticated the computer account of Server1.
What should you do?
A. Verify the value of the %LOGONSERVER% environment variable.
B. Run nltest /sc_query.
C. Verify the value of the %SESSIONNAME% environment variable.
D. Run nltest /dsgetsite.
Answer: A
Explanation:
A. %LOGONSERVER% is the domain controller that authenticated the current user.
B. Reports on the state of the secure channel the last time that you used it. (The secure channel is the one that the NetLogon service established.)
This parameter lists the name of the domain controller that you queried on the secure channel, also.
D. Returns the name of the site in which the domain controller resides.
http://technet.microsoft.com/en-us/library/cc753915(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc731935(v=ws.10).aspx
QUESTION 152
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 is a file server that has the Hyper-V server role installed. Server1 hosts several virtual machines. The virtual machine configuration files are stored on drive D and the VHD files are stored on drive E.
You plan to replace drive E with a larger volume.
You need to ensure that the virtual machines on Server1 remain available while drive E is being replaced.
What should you do?
A. Perform a quick migration.
B. Add Server1 and Server2 as nodes in a failover cluster.
C. Perform a live migration.
D. Perform a storage migration.
Answer: D
Explanation:
Hyper-V in Windows Server 2012 R2 introduces support for moving virtual machine storage without downtime by making it possible to move the storage while the virtual machine remains running.
http://technet.microsoft.com/en-us/library/hh831656.aspx
QUESTION 153
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named File1 that runs a Server Core Installation of Windows Server 2012 R2. File1 has a volume named D that contains home folders. File1 creates a shadow copy of volume D twice a day.
You discover that volume D is almost full.
You add a new volume named H to File1.
You need to ensure that the shadow copies of volume D are stored on volume H.
Which command should you run?
A. The Set-Volume cmdlet with the -driveletter parameter
B. The vssadmin.exe create shadow command
C. The Set-Volume cmdlet with the -path parameter
D. The vssadmin.exe add shadowstorage command
Answer: D
Explanation:
A. Sets or changes the file system label of an existing volume. -DriveLetter Specifies a letter used to identify a drive or volume in the system.
B. Displays current volume shadow copy backups and all installed shadow copy writers and providers. Shadow Creates a new shadow copy of a specified volume.
C. Sets or changes the file system label of an existing volume -Path Contains valid path information.
D. Displays current volume shadow copy backups and all installed shadow copy writers and providers.
AddShadowStroage Adds a shadow copy storage association for a specified volume.
http://technet.microsoft.com/en-us/library/cc754968(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/hh848673(v=wps.620).aspx
QUESTION 154
Your network contains a perimeter network and an internal network.
The internal network contains an Active Directory Federation Services (AD FS) 2.1 infrastructure.
The infrastructure uses Active Directory as the attribute store.
You plan to deploy a federation server proxy to a server named Server2 in the perimeter network. You need to identify which value must be included in the certificate that is deployed to Server2. What should you identify?
A. The FQDN of the AD FS server
B. The name of the Federation Service
C. The name of the Active Directory domain
D. The public IP address of Server2
Answer: B
Explanation:
Checklist: Setting Up a Federation Server Proxy
(https://technet.microsoft.com/en-us/library/dd807100.aspx)
Certificate Requirements for Federation Server Proxies
“It is important to verify that the subject name in the server authentication certificate matches the Federation Service name value that is specified in the AD FS Management snap-in. To locate this value, open the snap-in, right-click Service, click Edit Federation Service Properties, and then find the value in Federation Service name text box.”
https://technet.microsoft.com/en-us/library/dd807054.aspx
QUESTION 155
You have a server named Server1 that runs Windows Server 2012 R2.
Server1 has the File Server Resource Manager role service installed.
You are creating a file management task as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that the Include all folders that store the following kinds of data list displays an entry named Corporate Data.
What should you do?
A. Modify the properties of the System Files file group.
B. Create a new classification property.
C. Create a new file group.
D. Modify the Folder Usage classification property.
Answer: D
Explanation:
Creating a new classification property is how you would get new properties to be available on individual folders. This question is asking how you get new items to appear in the “Include all folders that store the following kinds of data” list. To do that, you edit the Folder Usage property.
QUESTION 156
Your network contains an Active Directory forest named adatum.com.
The forest contains an Active Directory Rights Management Services (AD RMS) cluster.
A partner company has an Active Directory forest named litwareinc.com.
The partner company does not have AD RMS deployed.
You need to ensure that users in litwareinc.com can consume rights-protected content from adatum.com.
Which type of trust policy should you create?
A. At federated trust
B. A trusted user domain
C. A trusted publishing domain
D. Windows Live ID
Answer: A
Explanation:
A. In AD RMS rights can be assigned to users who have a federated trust with Active Directory Federation Services (AD FS). This enables an organization to share access to rights-protected content with another organization without having to establish a separate Active Directory trust or Active Directory Rights Management Services (AD RMS) infrastructure.
http://technet.microsoft.com/en-us/library/dd772651(v=WS.10).aspx
http://technet.microsoft.com/en-us/library/cc738707(v=WS.10).aspx
http://technet.microsoft.com/en-us/library/cc757344(v=ws.10).aspx
QUESTION 157
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers.
The domain controllers are configured as shown in the following table.
The Branch site contains a perimeter network.
For security reasons, client computers in the perimeter network can communicate with client computers in the Branch site only.
You plan to deploy a new RODC to the perimeter network in the Branch site.
You need to ensure that the new RODC will be able to replicate from DC10.
What should you do first on DC10?
A. Run the Add-ADDSReadOnlyDomainControllerAccount cmdlet.
B. Create an Active Directory site.
C. Run the Active Directory Domain Services Configuration Wizard.
D. Create an Active Directory subnet.
Answer: A
Explanation:
Add-ADDSReadOnlyDomainControllerAccount Creates a read-only domain controller (RODC) account that can be used to install an RODC in Active Directory.
Note:
* Notes
Once you have added the RODC account, you can add an RODC to a server computer by using the Install-ADDSDomainController cmdlet with the -ReadOnlyReplica switch parameter.
* Example
Adds a new read-only domain controller (RODC) account to the corp.contoso.com domain using the North America site as the source site for the replication source domain controller.
C:\PS>Add-ADDSReadOnlyDomainControllerAccount -DomainControllerAccountName RODC1 -DomainName corp.contoso.com -SiteName NorthAmerica Incorrect:
Not B: There already is a branch site.
Reference: Add-ADDSReadOnlyDomainControllerAccount
QUESTION 158
Your network contains one Active Directory domain named contoso.com.
The domain contains an IP Address Management (IPAM) server named Server1.
Server1 manages several DHCP and DNS servers.
From Server Manager on Server1, you create a custom role for IPAM.
You need to assign the role to a group named IP_Admins.
What should you do?
A. From Windows PowerShell, run the Add-Member cmdlet.
B. From Server Manager, create an access policy.
C. From Windows PowerShell, run the Set-IpamConfiguration cmdlet.
D. From Server Manager, create an access scope.
Answer: B
Explanation:
A role is a collection of IPAM operations. You can associate a role with a user or group in Windows using an access policy. Several built-in roles are provided, but you can also create customized roles to meet your business requirements.
https://technet.microsoft.com/en-us/library/dn741281.aspx
QUESTION 159
Your network contains an Active Directory forest named contoso.com.
The forest contains a single domain. The forest functional level is Windows Server 2012 R2.
You have a domain controller named DC1. On DC1, you create a new Group Policy object (GPO) named GPO1.
You need to verify that GPO1 was replicated to all of the domain controllers.
Which tool should you use?
A. Group Policy Management
B. Active Directory Sites and Services
C. DFS Management
D. Active Directory Administrative Center
Answer: A
Explanation:
http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/3e580e00-d6194d25-b22d-18f0170279c4
http://technet.microsoft.com/en-us/library/jj134176.aspx
QUESTION 160
Your network contains two DNS servers named DNS1 and DNS2 that run Windows Server 2012 R2. DNS1 has a primary zone named contoso.com. DNS2 has a secondary copy of the
contoso.com zone.
You need to log the zone transfer packets sent between DNS1 and DNS2.
What should you configure?
A. Monitoring from DNS Manager
B. Logging from Windows Firewall with Advanced Security
C. A Data Collector Set (DCS) from Performance Monitor
D. Debug logging from DNS Manager
Answer: D
Explanation:
Debug logging allows you to log the packets sent and received by a DNS server. Debug logging is disabled by default, and because it is resource intensive, you should only activate it temporarily when you need more specific detailed information about server performance.
http://technet.microsoft.com/en-us/library/cc776361(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc749337.aspx
More free Lead2pass 70-412 exam new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDcDUzczlzc2N6RkU
Pass 70-412 is not difficult! But you need more practice tests, I spent 1 month prepared for this exam! Here is full version of the exam dump, I want to share with you, maybe it can help you a little bit:
2017 Microsoft 70-412 (All 391 Q&As) exam dumps (PDF&VCE) from Lead2pass:
https://www.lead2pass.com/70-412.html [100% Exam Pass Guaranteed]