Configuring AdvancedWindows Server 2012

R2 Services

Version: Demo

[ Total Questions: 10]

Web: www.myexamcollection.com

Email: support@myexamcollection.com

Microsoft

70-412

IMPORTANT NOTICE

Feedback

We have developed quality product and state-of-art service to ensure our customers interest. If you have anysuggestions, please feel free to contact us at feedback@myexamcollection.com

Support

If you have any questions about our product, please provide the following items:

exam codescreenshot of the questionlogin id/email

please contact us at and our technical experts will provide support within 24 hours.support@myexamcollection.com

Copyright

The product of each order has its own encryption code, so you should use it independently. Any unauthorizedchanges will inflict legal punishment. We reserve the right of final explanation for this statement.

Microsoft - 70-412Practice Test

1 of 17Leader in IT Certification

A.

B.

C.

D.

Question #:1

Your company recently deployed a new Active Directory forest named contoso.com. The first domaincontroller in the forest runs Windows Server 2012 R2.

You need to identify the time-to-live (TTL) value for domain referrals to the NETLOGON and SYSVOLshared folders.

Which tool should you use?

Ultrasound

Replmon

Dfsdiag

Frsutil

Answer: C

Explanation

Explanation/Reference:

DFSDIAG can check your configuration in five different ways:

Checking referral responses (DFSDIAG /TestReferral)

Checking domain controller configuration

Checking site associations

Checking namespace server configuration

Checking individual namespace configuration and integrity

Question #:2

Your network contains an Active Directory forest named contoso.com that contains a single domain. Theforest contains three sites named Site1, Site2, and Site3.

Domain controllers run either Windows Server 2008 R2 or Windows Server 2012 R2.

Each site contains two domain controllers. Site1 and Site2 contain a global catalog server.

You need to create a new site link between Site1 and Site2. The solution must ensure that the site link supportsthe replication of all the naming contexts.

From which node should you create the site link?

Microsoft - 70-412Practice Test

2 of 17Leader in IT Certification

To answer, select the appropriate node in the answer area.

Answer:

Microsoft - 70-412Practice Test

3 of 17Leader in IT Certification

Explanation

Microsoft - 70-412Practice Test

4 of 17Leader in IT Certification

Create a Site Link

To create a site link

Open Active Directory Sites and Services. To open Active Directory Sites and Services, click Start,click Administrative Tools, and then click Active Directory Sites and Services.

To open Active Directory Sites and Services in Windows Server® 2012, click Start, type dssite.msc.

In the console tree, right-click the intersite transport protocol that you want the site link to use.

Use the IP intersite transport unless your network has remote sites where network connectivity is intermittentor end-to-end IP connectivity is not available. Simple Mail Transfer Protocol (SMTP) replication hasrestrictions that do not apply to IP replication.

Microsoft - 70-412Practice Test

5 of 17Leader in IT Certification

A.

B.

C.

D.

Question #:3

Your network contains two Active Directory forests named contoso.com and adatum.com.

Contoso.com contains one domain. Adatum.com contains a child domain named child.adatum.com.

Contoso.com has a one-way forest trust to adatum.com. Selective authentication is enabled on the forest trust.

Several user accounts are migrated from child.adatum.com to adatum.com.

Users report that after the migration, they fail to access resources in contoso.com. The users successfullyaccessed the resources in contoso.com before the accounts were migrated.

You need to ensure that the migrated users can access the resources in contoso.com.

What should you do?

Replace the existing forest trust with an external trust.

Run netdom and specify the /quarantine attribute.

Disable SID filtering on the existing forest trust.

Disable selective authentication on the existing forest trust.

Answer: C

Explanation

Security Considerations for Trusts

Microsoft - 70-412Practice Test

6 of 17Leader in IT Certification

Need to gain access to the resources in contoso.com

Disabling SID Filter Quarantining on External Trusts

Although it reduces the security of your forest (and is therefore not recommended), you can disable SID filterquarantining for an external trust by using the Netdom.exe tool. You should consider disabling SID filterquarantining only in the following situations:

* Users have been migrated to the trusted domain with their SID histories preserved, and you want to grantthem access to resources in the trusting domain based on the SID history attribute.

Etc.

Incorrect:

Not B. Enables administrators to manage Active Directory domains and trust relationships from the commandprompt, /quarantine Sets or clears the domain quarantine.

Not D. Selective authentication over a forest trust restricts access to only those users in a trusted forest whohave been explicitly given authentication permissions to computer objects (resource computers) that reside inthe trusting forest.

Question #:4

Your network contains an Active Directory domain named contoso.com. The domain contains domaincontrollers that run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012 R2.

You plan to implement a new Active Directory forest. The new forest will be used for testing and will beisolated from the production network.

In the test network, you deploy a server named Server1 that runs Windows Server 2012 R2.

You need to configure Server1 as a new domain controller in a new forest named contoso.test.

The solution must meet the following requirements:

The functional level of the forest and of the domain must be the same as that of contoso.com.

Server1 must provide name resolution services for contoso.test.

What should you do?

To answer, configure the appropriate options in the answer area.

Microsoft - 70-412Practice Test

7 of 17Leader in IT Certification

Microsoft - 70-412Practice Test

8 of 17Leader in IT Certification

Answer:

Microsoft - 70-412Practice Test

9 of 17Leader in IT Certification

Explanation

Microsoft - 70-412Practice Test

10 of 17Leader in IT Certification

Set the forest function level and the Domain functional level both to Windows Server 2003.

Also check Domain Name (DNS) server.

Note:

* When you deploy AD DS, set the domain and forest functional levels to the highest value that yourenvironment can support. This way, you can use as many AD DS features as possible. For example, if you aresure that you will never add domain controllers that run Windows Server 2003 to the domain or forest, selectthe Windows Server 2008 functional level during the deployment process. However, if you might retain or adddomain controllers that run Windows Server 2003, select the Windows Server 2003 functional level.

* You can set the domain functional level to a value that is higher than the forest functional level. Forexample, if the forest functional level is Windows Server 2003, you can set the domain functional level toWindows Server 2003or higher.

Question #:5

Your network contains an Active Directory forest named adatum.com. The forest contains a single domain.

Microsoft - 70-412Practice Test

11 of 17Leader in IT Certification

A.

B.

C.

D.

The domain contains four servers. The servers are configured as shown in the following table.

You need to update the schema to support a domain controller that will run Windows Server 2012 R2.

On which server should you run adprep.exe?

Server1

DC3

DC2

DC1

Answer: B

Explanation

We must use the Windows Server 2008 R2 Server.

Upgrade Domain Controllers to Windows Server 2012 R2 and Windows Server 2012

You can use adprep.exe on domain controllers that run 64-bit versions of Windows Server 2008 or WindowsServer 2008 R2 to upgrade to Windows Server 2012. You cannot upgrade domain controllers that runWindows Server 2003 or 32-bit versions of Windows Server 2008. To replace them, install domain controllersthat run a later version of Windows Server in the domain, and then remove the domain controllers thatWindows Server 2003.

Question #:6

Your network contains three Active Directory forests. The forests are configured as shown in the followingtable.

Microsoft - 70-412Practice Test

12 of 17Leader in IT Certification

A two-way forest trust exists between contoso.com and divisionl.contoso.com. A two-way forest trust alsoexists between contoso.com and division2.contoso.com.

You plan to create a one-way forest trust from divisionl.contoso.com to division2.contoso.com.

You need to ensure that any cross-forest authentication requests are sent to the domain controllers in theappropriate forest after the trust is created.

How should you configure the existing forest trust settings?

In the table below, identify which configuration must be performed in each forest. Make only one selection ineach column. Each correct selection is worth one point.

Answer:

Microsoft - 70-412Practice Test

13 of 17Leader in IT Certification

Explanation

Explanation/Reference:

There will be a one-way forest trust from division1.contoso.com to division2.contoso.com

Division1 trusts Division2. Division2 must be able to access resources in Division1.

Division1 should not be able to access resources in Division2.

Question #:7

Your network contains an Active Directory forest named contoso.com. The forest contains three domains. Alldomain controllers run Windows Server 2012 R2.

Microsoft - 70-412Practice Test

14 of 17Leader in IT Certification

A.

B.

C.

D.

The forest has a two-way realm trust to a Kerberos realm named adatum.com.

You discover that users in adatum.com can only access resources in the root domain of contoso.com.

You need to ensure that the adatum.com users can access the resources in all of the domains in the forest.

What should you do in the forest?

Delete the realm trust and create a forest trust.

Delete the realm trust and create three external trusts.

Modify the incoming realm trust.

Modify the outgoing realm trust.

Answer: D

Explanation

* A one-way, outgoing realm trust allows resources in your Windows Server domain (the domain that you arelogged on to at the time that you run the New Trust Wizard) to be accessed by users in the Kerberos realm.

* You can establish a realm trust between any non-Windows Kerberos version 5 (V5) realm and an ActiveDirectory domain. This trust relationship allows cross-platform interoperability with security services that arebased on other versions of the Kerberos V5 protocol, for example, UNIX and MIT implementations. Realmtrusts can switch from nontransitive to transitive and back. Realm trusts can also be either one-way ortwo-way.

Question #:8

Your network contains an Active Directory forest named contoso.com. The forest contains two domainsnamed contoso.com and childl.contoso.com. The domains contain three domain controllers.

The domain controllers are configured as shown in the following table.

You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring settingis enforced in the child1.contoso.com domain.

Microsoft - 70-412Practice Test

15 of 17Leader in IT Certification

A.

B.

C.

D.

E.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

Upgrade DC1 to Windows Server 2012 R2.

Upgrade DC11 to Windows Server 2012 R2.

Raise the domain functional level of childl.contoso.com.

Raise the domain functional level of contoso.com.

Raise the forest functional level of contoso.com.

Answer: A D

Explanation

The root domain in the forest must be at Windows Server 2012 level. First upgrade DC1 to this level (A), thenraise the contoso.com domain functional level to Windows Server 2012 (D).

* (A) To support resources that use claims-based access control, the principal’s domains will need to berunning one of the following:

/ All Windows Server 2012 domain controllers

/ Sufficient Windows Server 2012 domain controllers to handle all the Windows 8 device authenticationrequests

/ Sufficient Windows Server 2012 domain controllers to handle all the Windows Server 2012 resourceprotocol transition requests to support non-Windows 8 devices.

Question #:9

Your network contains an Active Directory domain named contoso.com. All domain controllers run WindowsServer 2012 R2. The domain contains two domain controllers.

The domain controllers are configured as shown in the following table.

You configure a user named User1 as a delegated administrator of DC10.

You need to ensure that User1 can log on to DC10 if the network link between the Main site and the Branchsite fails.

What should you do?

Microsoft - 70-412Practice Test

16 of 17Leader in IT Certification

A.

B.

C.

D.

A.

B.

C.

D.

Add User1 to the Domain Admins group.

On DC10, modify the User Rights Assignment in Local Policies.

Run repadmin and specify the /prp parameter.

On DC10, run ntdsutil and configure the settings in the Roles context.

Answer: C

Explanation

repadmin /prp will allow the password caching of the local administrator to the RODC.

This command lists and modifies the Password Replication Policy (PRP) for read-only domain controllers(RODCs).

Question #:10

Your company has offices in Montreal, New York, and Amsterdam.

The network contains an Active Directory forest named contoso.com. An Active Directory site exists for eachoffice. All of the sites connect to each other by using the DEFAULTIPSITELINK site link.

You need to ensure that only between 20:00 and 08:00, the domain controllers in the Montreal office replicatethe Active Directory changes to the domain controllers in the Amsterdam office.

The solution must ensure that the domain controllers in the Montreal and the New York offices can replicatethe Active Directory changes any time of day.

What should you do?

Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam fromDEFAULTIPSITE1INK. Modify the schedule of DEFAULTIPSITELINK.

Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge. Modify theschedule of DEFAULTIPSITELINK.

Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam fromDEFAULTIPSITELINK. Modify the schedule of the new site link.

Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge. Modify theschedule of the new site link.

Answer: C

Explanation

We create a new site link between Montreal and Amsterdam and schedule it only between 20:00 and 08:00. To

Microsoft - 70-412Practice Test

17 of 17Leader in IT Certification

ensure that traffic between Montreal and Amsterdam only occurs at this time we also remove Amsterdam fromthe DEFAULTIPSITELINK.

About Myexamcollection.comMyexamcollection.com was founded in 2007. We provide latest & high quality IT / Business Certification TrainingExam Questions, Study Guides, Practice Tests.

We help you pass any IT / Business Certification Exams with 100% Pass Guaranteed or Full Refund. EspeciallyCisco, CompTIA, Citrix, EMC, HP, Oracle, VMware, Juniper, Check Point, LPI, Nortel, EXIN and so on.

View list of all certification exams: All vendors

We prepare state-of-the art practice tests for certification exams. You can reach us at any of the email addresses listedbelow.

Sales: sales@myexamcollection.comFeedback: feedback@myexamcollection.comSupport: support@myexamcollection.com

Any problems about IT certification or our products, You can write us back and we will get back to you within 24hours.