Configuring Advanced Windows Server 2012 R2 Services
Question No: 11 – (Topic 1)
Your network contains an Active Directory forest named contoso.com. The forest contains three domains. All domain controllers run Windows Server 2012 R2.
The forest has a two-way realm trust to a Kerberos realm named adatum.com.
You discover that users in adatum.com can only access resources in the root domain of contoso.com.
You need to ensure that the adatum.com users can access the resources in all of the domains in the forest.
What should you do in the forest?
Delete the realm trust and create a forest trust.
Delete the realm trust and create three external trusts.
Modify the incoming realm trust.
Modify the outgoing realm trust.
Answer: D Explanation:
A one-way, outgoing realm trust allows resources in your Windows Server domain (the domain that you are logged on to at the time that you run the New Trust Wizard) to be accessed by users in the Kerberos realm.
You can establish a realm trust between any non-Windows Kerberos version 5 (V5) realm and an Active Directory domain. This trust relationship allows cross-platform interoperability with security services that are based on other versions of the Kerberos V5 protocol, for example, UNIX and MIT implementations. Realm trusts can switch from nontransitive to transitive and back. Realm trusts can also be either one-way or two-way.
Reference: Create a One-Way, Outgoing, Realm Trust
Question No: 12 – (Topic 1)
Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. The domains contain three domain controllers.
The domain controllers are configured as shown in the following table.
You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring setting is enforced in the child1.contoso.com domain.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
Upgrade DC1 to Windows Server 2012 R2.
Upgrade DC11 to Windows Server 2012 R2.
Raise the domain functional level of childl.contoso.com.
Raise the domain functional level of contoso.com.
Raise the forest functional level of contoso.com.
Answer: A,D Explanation:
The root domain in the forest must be at Windows Server 2012 level. First upgrade DC1 to this level (A), then raise the contoso.com domain functional level to Windows Server 2012
* (A) To support resources that use claims-based access control, the principal’s domains will need to be running one of the following:
/ All Windows Server 2012 domain controllers
/ Sufficient Windows Server 2012 domain controllers to handle all the Windows 8 device authentication requests
/ Sufficient Windows Server 2012 domain controllers to handle all the Windows Server 2012 resource protocol transition requests to support non-Windows 8 devices.
Question No: 13 DRAG DROP – (Topic 1)
You have a server that runs Windows Server 2012 R2. You create a new work folder named Share1.
You need to configure Share1 to meet the following requirements:
->Ensure that all synchronized copies of Share1 are encrypted.
->Ensure that clients synchronize to Share1 every 30 minutes.
->Ensure that Share1 inherits the NTFS permissions of the parent folder.
Which cmdlet should you use to achieve each requirement?
To answer, drag the appropriate cmdlets to the correct requirements. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
* (box 1) Set-SyncShare
The Set-SyncShare cmdlet modifies the settings for a sync share.
/ parameter: -RequireEncryptionlt;Booleangt;
Indicates whether the sync server requests that the contents of Work Folders be encrypted on each PC and device that accesses the sync share.
(box 2) Set-SyncServerSettings
Specifies the time, in minutes, before the Sync Share server detects changes on devices and syncs the client and server.
(box 3): Example: Modify a sync share to enable inherited permissions This command modifies settings on the share named Share01, and sets
KeepParentFolderPermission to enable the share to inherit permissions from the parent folder.
PS C:\gt; Set-SyncShare Share01 -KeepParentFolderPermission
Question No: 14 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server3 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
DHCP is configured as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that only Scope1, Scope3, and Scope5 assign the same DNS servers to DHCP clients. The solution must minimize administrative effort.
What should you do?
Create a superscope and scope-level policies.
Configure the Scope Options.
Create a superscope and a filter.
Configure the Server Options.
Answer: B Explanation:
Any DHCP scope options can be configured for assignment to DHCP clients, such as DNS server.
Question No: 15 HOTSPOT – (Topic 1)
Your network contains two Hyper-V hosts that are configured as shown in the following table.
You create a virtual machine on Server1 named VM1.
You plan to export VM1 from Server1 and import VM1 to Server2.
You need to ensure that you can start the imported copy of VM1 from snapshots. What should you configure on VM1?
To answer, select the appropriate node in the answer area.
* If the CPUs are from the same manufacturer but not from the same type, you may need to use Processor Compatibility.
(Incorrect) The network adapter is already disconnected.
Question No: 16 DRAG DROP – (Topic 1)
Your network contains an Active Directory domain named contoso.com.
You need to ensure that third-party devices can use Workplace Join to access domain resources on the Internet.
Which four actions should you perform in sequence?
To answer, move the appropriate four actions from the list of actions to the answer area and arrange them in the correct order.
* Checklist: Deploying a Federation Server Farm include:
(Box 1) Enroll a Secure Socket Layer (SSL) certificate for AD FS. (Box 2) Install the AD FS role service.
(Box 3, box 4) Optional step: Configure a federation server with Device Registration Service (DRS).
Box 3: To enable Device Registration Service.
On your federation server, open a Windows PowerShell command window and type: Enable-AdfsDeviceRegistration
Repeat this step on each federation farm node in your AD FS farm.. Box 4: Update the Web Application Proxy configuration
The Device Registration Service will be available through the Web Application Proxy once it is enabled on a federation server. You may need to complete this procedure to update the Web Application Proxy configuration if it was deployed prior to enabling the Device Registration Service.
Workplace Join is made possible by the Device Registration Service (DRS) that is included with the Active Directory Federation Role in Windows Server 2012 R2. When a device is Workplace Joined, the DRS provisions a device object in Active Directory and sets a certificate on the consumer device that is used to represent the device identity. The DRS is meant to be both internal and external facing. Companies that deploy both DRS and the Web Application Proxy will be able to Workplace Join devices from any internet connected location.
Question No: 17 HOTSPOT – (Topic 1)
You have a file server named Server1 that runs Windows Server 2012 R2.
You need to ensure that you can use the NFS Share – Advanced option from the New Share Wizard in Server Manager.
Which two role services should you install?
To answer, select the appropriate two role services in the answer area.
*File Server Resource Manager Role
File Server Resource Manager is a set of features that allow you to manage and classify data that is stored on file servers.
Note: NFS Share – Advanced
This advanced profile offers additional options to configure a NFS file share.
Set the folder owners for access-denied assistance
Configure default classification of data in the folder for management and access policies Enable quotas
Question No: 18 – (Topic 1)
You have a server named Server1 that runs Windows Server 2012 R2. The storage on Server1 is configured as shown in the following table.
You plan to implement Data Deduplication on Server1.
You need to identify on which drives you can enable Data Deduplication.
Which three drives should you identify? (Each correct answer presents part of the solution. Choose three.)
Answer: B,D,E Explanation:
Volumes that are candidates for deduplication must conform to the following requirements:
Must not be a system or boot volume. (not A)
Can be partitioned as a master boot record (MBR) or a GUID Partition Table (GPT), and must be formatted using the NTFS file system. (not C)
Can reside on shared storage, such as storage that uses a Fibre Channel or an SAS array, or when an iSCSI SAN and Windows Failover Clustering is fully supported.
Do not rely on Cluster Shared Volumes (CSVs). You can access data if a deduplication- enabled volume is converted to a CSV, but you cannot continue to process files for deduplication.
Do not rely on the Microsoft Resilient File System (ReFS).
Must be exposed to the operating system as non-removable drives. Remotely-mapped drives are not supported.
Question No: 19 – (Topic 1)
You have a server named LON-DC1 that runs Windows Server 2012 R2. An iSCSI virtual disk named VirtualiSCSI1.vhd exists on LON-DC1 as shown in the exhibit. (Click the Exhibit button.)
You create a new iSCSI virtual disk named VirtualiSCSI2.vhd by using the existing itgt iSCSI target.
VirtualiSCSIl.vhd is removed from LON-DC1.
You need to assign VirtualiSCSI2.vhd a logical unit value of 0. What should you do?
Modify the properties of the itgt ISCSI target.
Modify the properties of the VirtualiSCSI2.vhd iSCSI virtual disk.
Run the Set-VirtualDisk cmdlet and specify the -Uniqueld parameter.
Run the iscsicli command and specify the reportluns parameter.
Answer: B Explanation:
The virtual disk has the option to change the lun ID, no other option available in the answers appear to allow this change.
Note: Logical unit numbers (LUNs) created on an iSCSI disk storage subsystem are not directly assigned to aserver. For iSCSI, LUNs are assigned to logical entities called targets.
Question No: 20 HOTSPOT – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. All servers run Windows Server 2012 R2.
You install the DHCP Server server role on both servers.
On Server1, you have the DHCP scope configured as shown in the exhibit. (Click the Exhibit button.)
You need to configure the scope to be load-balanced across Server1 and Server2.
What Windows PowerShell cmdlet should you run on Server1? To answer, select the appropriate options in the answer area.
The Add-DhcpServerv4Failover cmdlet adds a new IPv4 failover relationship to a Dynamic Host Configuration Protocol (DHCP) server service.
Specifies the IPv4 address, or host name, of the partner DHCP server service with which the failover relationship is created.
Specifies the scope identifiers, in IPv4 address format, which are to be added to the failover relationship.
100% Ensurepass Free Download!
–Download Free Demo:70-412 Demo PDF
100% Ensurepass Free Guaranteed!
–Download 2018 EnsurePass 70-412 Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|