getcertified4sure.com

Printable 70-412 courses Reviews & Tips




Youd better have a test prior to buying the 70-412 products. This kind of step can make you mindful of your weak and strong elements of the 70-412 exam preparation. Invest more moment on the weak items. We present free downloadable Pdf files and Test Motor software. You can download all of them on your PC and make total preparation for the Microsoft 70-412 real exam.

2021 Mar 70-412 exam engine

Q21. Your network contains one Active Directory domain named contoso.com. The domain contains an IP Address Management (IPAM) server named Server1. Server1 manages several DHCP and DNS servers. 

From Server Manager on Server1, you create a custom role for IPAM. 

You need to assign the role to a group named IP_Admins. 

What should you do? 

A. From Windows PowerShell, run the Add-Member cmdlet. 

B. From Server Manager, create an access policy. 

C. From Windows PowerShell, run the Set-IpamConfiguration cmdlet. 

D. From Server Manager, create an access scope. 

Answer:

Explanation: A role is a collection of IPAM operations. You can associate a role with a user or group in Windows using an access policy. Several built-in roles are provided, but you can also create customized roles to meet your business requirements. 

Reference: Manage IPAM, Access Control 

https://technet.microsoft.com/en-us/library/dn741281.aspx 


Q22. Your network contains two Active Directory forests named contoso.com and adatum.com. Each forest contains one domain. Contoso.com has a two-way forest trust to adatum.com. Selective authentication is enabled on the forest trust. 

Contoso contains 10 servers that have the File Server role service installed. Users successfully access shared folders on the file servers by using permissions granted to the Authenticated Users group. 

You migrate the file servers to adatum.com. 

Contoso users report that after the migration, they are unable to access shared folders on the file servers. 

You need to ensure that the Contoso users can access the shared folders on the file servers. 

What should you do? 

A. Disable selective authentication on the existing forest trust. 

B. Disable SID filtering on the existing forest trust. 

C. Run netdom and specify the /quarantine attribute. 

D. Replace the existing forest trust with an external trust. 

Answer:

Explanation: 

Although it is not recommended, you can use this procedure to disable security identifier (SID) filter quarantining for an external trust with the Netdom.exe tool. You should consider disabling SID filter quarantining only in the following situations: 

* Users have been migrated to the trusted domain with their SID histories preserved, and you want to grant those users access to resources in the trusting domain (the former domain of the migrated users) based on the sIDHistory attribute. 

Etc. 

Reference: Disabling SID filter quarantining 

http://technet.microsoft.com/en-us/library/cc794713(v=ws.10).aspx 


Q23. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. Server1 is a BranchCache hosted cache server that is located in a branch office. 

The network contains client computers that run either Windows 7 or Windows 8. 

For the branch office, all of the user accounts and the client computer accounts are located in an organizational unit (OU) named Branch1. A Group Policy object (GPO) named GPO1 is linked to Branch 1. GPO1 contains the BranchCache settings. 

You discover that users in the branch office who have client computers that run Windows 7 do not access cached content from Server1. Users in the branch office who have Windows 8 computers access cached content from Server1. 

You need to configure the Windows 7 computers to use BranchCache on Server1. Which setting should you configure in GPO1? 

To answer, select the appropriate setting in the answer area. 

Answer: 


Q24. Your network contains an Active Directory domain named contoso.com. The domain 

contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Rights Management Services server role installed. 

Your company works with a partner organization that does not have its own Active Directory Rights Management Services (AD RMS) implementation. 

You need to create a trust policy for the partner organization. 

The solution must meet the following requirements: 

. Grant users in the partner organization access to protected content. . Provide users in the partner organization with the ability to create protected content. 

Which type of trust policy should you create? 

A. A federated trust 

B. Windows Live ID 

C. A trusted publishing domain 

D. A trusted user domain 

Answer:

Explanation: 

In AD RMS rights can be assigned to users who have a federated trust with Active 

Directory Federation Services (AD FS). This enables an organization to share access to 

rights-protected content with another organization without having to establish a separate 

Active Directory trust or Active Directory Rights Management Services (AD RMS) 

infrastructure. 

Incorrect: 

Not C. Trusted publishing domains allow one AD RMS server to issue use licenses that 

correspond with a publishing license issued by another AD RMS server, but in this scenario 

the partner organization does not have any Active Directory. 

Not D. A trusted user domain, often referred as a TUD, is a trust between AD RMS 

clusters, but in this scenario the partner organization does not have any Active Directory. 

Reference: AD RMS and AD FS Considerations 

http://technet.microsoft.com/en-us/library/dd772651(v=WS.10).aspx 


Q25. Your network contains one Active Directory forest named contoso.com. The forest contains two child domains and six domain controllers. The domain controllers are configured as shown in the following table. 

For the contoso.com domain, a company policy states that administrators must be able to retrieve a list of all the users who have not logged on to the network in the last seven days from any domain controller. 

You need to ensure that the users’ last logon information from the last seven days is replicated to all of the domain controllers. 

What should you use? 

A. Set-ADSite 

B. Set-ADReplicationSite 

C. Set-ADDomain 

D. Set-ADReplicationSiteLink 

E. Set-ADGroup 

F. Set-ADForest 

G. Netdom 

Answer:

Reference: Technet, Set-ADDomain 

https://technet.microsoft.com/en-us/library/ee617212.aspx 


Renewal 70-412 exam topics:

Q26. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and configured. 

For all users, you are deploying smart cards for logon. You are using an enrollment agent to enroll the smart card certificates for the users. 

You need to configure the Contoso Smartcard Logon certificate template to support the use of the enrollment agent. 

Which setting should you modify? To answer, select the appropriate setting in the answer area. 

Answer: 


Q27. DRAG DROP 

Your network contains an Active Directory domain named adatum.com. The domain contains three servers. The servers are configured as shown in the following table. 

Server1 is configured as shown in the exhibit. (Click the Exhibit button.) 

Template1 contains custom cryptography settings that are required by the corporate security team. 

On Server2, an administrator successfully installs a certificate based on Template1. 

The administrator reports that Template1 is not listed in the Certificate Enrollment wizard on Server3, even after selecting the Show all templates check box. 

You need to ensure that you can install a server authentication certificate on Server3. The certificate must comply with the cryptography requirements. 

Which three actions should you perform in sequence? 

To answer, move the appropriate three actions from the list of actions to the answer area 

and arrange them in the correct order. 

Answer: 


Q28. Your company has two offices. The offices are located in Seattle and Montreal. 

The network contains an Active Directory domain named contoso.com. The domain contains two DHCP servers named Server1 and Server2. Server1 is located in the Seattle office. Server2 is located in the Montreal office. All servers run Windows Server 2012 R2. 

You need to create a DHCP scope for video conferencing in the Montreal office. The scope must be configured as shown in the following table. 

Which Windows PowerShell cmdlet should you run? 

A. Add-DhcpServerv4SuperScope 

B. Add-DhcpServerv4MulticastScope 

C. Add-DHCPServerv4Policy 

D. Add-DchpServerv4Scope 

Answer:

Explanation: 

The Add-DhcpServerv4MulticastScope cmdlet adds a multicast scope on the Dynamic Host Configuration Protocol (DHCP) server. 

Note: IPv4 multicast addresses are defined by the leading address bits of 1110, originating from the classful network design of the early Internet when this group of addresses was designated as Class D. The Classless Inter-Domain Routing (CIDR) prefix of this group is 224.0.0.0/4. The group includes the addresses from 224.0.0.0 to 239.255.255.255. 

Reference: Add-DhcpServerv4MulticastScope 


Q29. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. All client 

computers run Windows 8 Enterprise. 

You have a remote site that only contains client computers. All of the client computer 

accounts are located in an organizational unit (OU) named Remote1. A Group Policy object 

(GPO) named GPO1 is linked to the Remote1 OU. 

You need to configure BranchCache for the remote site. 

Which two settings should you configure in GPO1? 

To answer, select the two appropriate settings in the answer area. 

Answer: 


Q30. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains two DHCP servers named Server1 and Server2. Both servers have multiple IPv4 scopes. 

Server1 and Server2 are used to assign IP addresses for the network IDs of 172.20.0.0/16 and 131.107.0.0/16. 

You install the IP Address Management (IPAM) Server feature on a server named IPAM1 and configure IPAM1 to manage Server1 and Server2. 

Some users from the 172.20.0.0 network report that they occasionally receive an IP address conflict error message. 

You need to identify whether any scopes in the 172.20.0.0 network ID conflict with one another. 

What Windows PowerShell cmdlet should you run? 

To answer, select the appropriate options in the answer area. 

Answer: