Configuring Advanced Windows Server 2012 R2 Services
Question No: 161 – (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain
contains two servers named Server1 and Server2. Both servers have the IP Address Management (IPAM) Server feature installed.
You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1 and Server2.
You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2.
To which group on Server2 should you add Tech1?
IPAM MSM Administrators
Remote Management Users
Answer: C Explanation:
If you are accessing the IPAM server remotely using Server Manager IPAM client RSAT, then you must be a member of the WinRMRemoteWMIUsers group on the IPAM server, in addition to being a member of the appropriate IPAM security group (or local Administrators group).
Reference: IPAM Deployment Planning, IPAM specifications
Question No: 162 – (Topic 3)
Your network contains an Active Directory domain named contoso.com. You deploy a server named Server1 that runs Windows Server 2012 R2.
A local administrator installs the Active Directory Rights Management Services server role on Server1.
You need to ensure that AD RMS clients can discover the AD RMS cluster automatically.
What should you do?
Run the Active Directory Rights Management Services console by using an account that is a member of the Schema Admins group, and then configure the proxy settings.
Run the Active Directory Rights Management Services console by using an account that is a member of the Schema Admins group, and then register the Service Connection Point (SCP).
Run the Active Directory Rights Management Services console by using an account that is a member of the Enterprise Admins group, and then register the Service Connection Point (SCP).
Run the Active Directory Rights Management Services console by using an account that is a member of the Enterprise Admins group, and then configure the proxy settings.
Answer: C Explanation:
The Active Directory Rights Management Services (AD RMS) Service Connection Point (SCP) is an object in Active Directory that holds the web address of the AD RMS certification cluster. AD RMS-enabled applications use the SCP to discover the AD RMS service; it is the first connection point for users to discover the AD RMS web services.
To register the SCP you must be a member of the local AD RMS Enterprise Administrators group and the Active Directory Domain Services (AD DS) Enterprise Admins group, or you must have been given the appropriate authority.
Reference: The AD RMS Service Connection Point
Question No: 163 – (Topic 3)
Your network contains an Active Directory forest named adatum.com. All servers run Windows Server 2012 R2. The domain contains four servers. The servers are configured as shown in the following table.
You need to deploy IP Address Management (IPAM) to manage DNS and DHCP. On which server should you install IPAM?
Answer: D Explanation:
An IPAM server is intended as a single-purpose server. It is not recommended to collocate other network infrastructure roles such as DNS or DHCP on the same server. IPAM installation is not supported on a domain controller, and discovery of DHCP servers will be disabled if you install IPAM on a server that is also running the DHCP Server service. The following features and tools are automatically installed when you install IPAM Server.
Reference: IPAM Deployment Planning
Question No: 164 – (Topic 3)
You have a server named Server1 that runs Windows Server 2012 R2. You modify the properties of a system driver and you restart Server1.
You discover that Server1 continuously restarts without starting Windows Server 2012 R2.
You need to start Windows Server 2012 R2 on Server1 in the least amount of time. The solution must minimize the amount of data loss.
Which Advanced Boot Option should you select?
Repair Your Computer
Last Known Good Configuration (advanced)
Disable Driver Signature Enforcement
Disable automatic restart on system failure
Answer: B Explanation:
Try using Last Known Good Configuration if you can#39;t start Windows, but it started correctly the last time you turned on the computer.
Reference: Using Last Known Good Configuration
Question No: 165 – (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the Hyper-V server role installed.
You plan to replicate virtual machines between Server1 and Server2. The replication will be encrypted by using Secure Sockets Layer (SSL).
You need to request a certificate on Server1 to ensure that the virtual machine replication is encrypted.
Which two intended purposes should the certificate for Server1 contain? (Each correct answer presents part of the solution. Choose two.)
Kernel Mode Code Signing
IP Security end system
Answer: A,C Explanation:
You need to use certificate-based authentication if you want transmitted data to be encrypted.
Replica Server Certificate Requirements
To enable a server to receive replication traffic, the certificate in the replica server must meet the following conditions
* Enhanced Key Usage must support both Client and Server authentication Etc.
Reference: Hyper-V Replica – Prerequisites for certificate based deployments
Question No: 166 – (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Rights Management Services server role installed.
Your company works with a partner organization that does not have its own Active Directory Rights Management Services (AD RMS) implementation.
You need to create a trust policy for the partner organization. The solution must meet the following requirements:
->Grant users in the partner organization access to protected content.
->Provide users in the partner organization with the ability to create protected content.
Which type of trust policy should you create?
A federated trust
Windows Live ID
A trusted publishing domain
A trusted user domain
Answer: A Explanation:
In AD RMS rights can be assigned to users who have a federated trust with Active Directory Federation Services (AD FS). This enables an organization to share access to rights-protected content with another organization without having to establish a separate Active Directory trust or Active Directory Rights Management Services (AD RMS) infrastructure.
Not C. Trusted publishing domains allow one AD RMS server to issue use licenses that correspond with a publishing license issued by another AD RMS server, but in this scenario the partner organization does not have any Active Directory.
Not D. A trusted user domain, often referred as a TUD, is a trust between AD RMS clusters, but in this scenario the partner organization does not have any Active Directory.
Question No: 167 DRAG DROP – (Topic 3)
You have a server named Server2 that runs Windows Server 2012 R2. You have storage provisioned on Server2 as shown in the exhibit. (Click the Exhibit button.)
You need to configure the storage so that it appears in Windows Explorer as a drive letter on Server1.
Which three actions should you perform in sequence? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Step 1 (on Server2): Target: It is an object which allows the iSCSI initiator to make a connection. The Target keeps track of the initiators which are allowed to be connected to it. The Target also keeps track of the iSCSI virtual disks which are associated with it. Once the initiator establishes the connection to the Target, all the iSCSI virtual disks associated with the Target will be accessible by the initiator.
Step 2 (on server 1): Configure iSCSI initiator to logon the Target
Once the iSCSI Virtual disk is created and assigned, it is ready for the initiator to logon.
Note: Typically, the iSCSI initiator and iSCSI Target are on different machines (physical or virtual). You will need to provide the iSCSI Target server IP or host name to the initiator, and the initiator will be able to do a discovery of the iSCSI Target.
Step 3 (on server1): Create new volume
Once the connection is established, the iSCSI virtual disk will be presented to the initiator as a disk. By default, this disk will be offline. For typical usage, you want to create a volume, format the volume and assign with a drive letter so it can be used just like a local hard disk.
Question No: 168 HOTSPOT – (Topic 3)
Your network contains an Active Directory forest. You implement Dynamic Access Control in the forest.
You have the claim types shown in the Claim Types exhibit. (Click the Exhibit button.)
The properties of a user named User1 are configured as shown in the User1 exhibit. (Click the Exhibit button.)
The output of Whoami /claims for a user named User2 is shown in the Whoami exhibit. (Click the Exhibit button.)
Select Yes if the statement can be shown to be true based on the available information; otherwise select No. Each correct selection is worth one point.
Question No: 169 – (Topic 3)
You have a server named Server1 that runs Windows Server 2012 R2. Server1 fails.
You identify that the master boot record (MBR) is corrupt. You need to repair the MBR.
Which tool should you use?
Answer: C Explanation:
Repairing an unbootable Windows installation with bootrec.exe
If the boot/recovery partition is corrupted or lost, you can modify your Windows OS partition to boot.
->Boot from your Windows Vista/7/Server2008/R2/2012 media and choose the quot;Repair Windowsquot; option.
->Open the command prompt.
->Using diskpart, mark your Windows partition as bootable.
->If your windows partition does not have it, copy the quot;bootquot; folder from the installation media.
->Run the following commands:
gt;attrib bcd -s -h -r
gt;ren c:\boot\bcd bcd.old
Reboot and Windowsshouldboot normally. If not, return to the command prompt and run:
Not A. BCDEdit is a command-line tool for managing BCD stores. It can be used for a variety of purposes, including creating new stores, modifying existing stores, adding boot menu options, and so on. BCDEdit serves essentially the same purpose as Bootcfg.exe on earlier versions of Windows
Not B. The BCDboot tool is a command-line tool that enables you to manage system partition files
Not D. Fixmbr is not a tool. Fixmbr is an option when using the bootrec tool.
Question No: 170 HOTSPOT – (Topic 3)
Your network contains an Active Directory domain named contoso.com.
You install the IP Address Management (IPAM) Server feature on a server named Server1 and select Manual as the provisioning method.
The IPAM database is located on a server named SQL1.
You need to configure IPAM to use Group Policy Based provisioning. What command should you run first?
To answer, select the appropriate options in the answer area.
The choice of a provisioning method is permanent for the current installation of IPAM Server. To change the provisioning method, you must uninstall and reinstall IPAM Server.
100% Ensurepass Free Download!
–Download Free Demo:70-412 Demo PDF
100% Ensurepass Free Guaranteed!
–Download 2018 EnsurePass 70-412 Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|