Microsoft 70-412 Exam Question and Answers
Training Guide Configuring Advanced Windows Server 2012 Services
Training Guide Configuring Advanced Windows Server 2012 Services
Introduction
When Microsoft puts together exam objectives for an exam, it doesn’t randomly select pages from TechNet. Instead, in conjunction with subject matter experts and representatives of the product team, it puts together a list of tasks and areas of knowledge that represents what someone in a specific job role would do and need to know on a day-to-day, a weekly, or even a monthly basis.
Each exam maps to a different job role. The objectives for the 70-412 exam are a list of tasks and areas of knowledge that describe what an advanced administrator of the Windows Server 2012 operating system with several years of on-the-job experience (managing other server operating systems as well as Windows Server 2012) does and understands. These topics include some that experienced administrators may not have encountered before or have limited experience with, such as Active Directory Rights Management Services and Active Directory Federation Services.
This book covers the majority of the topics and skills that are the subject of the Microsoft certification exam 70-412. The idea behind this book is that by reading it and by performing the extensive practice exercises at the end of each chapter in your own lab, you can learn how to perform tasks with the technologies addressed by the exam. By performing the tasks yourself in a test environment, you’ll learn enough about how these technologies work that you’ll be able to leverage that knowledge in your real-world role as a Windows Server 2012 administrator. Reading and performing the lab exercises in this book will assist you in preparing for the exam, but it’s not a complete exam preparation solution. If you are preparing for the exam, you should use additional study materials, such as practice tests and the forthcoming Exam Ref 70-412: Configuring Advanced Windows Server 2012 Services to help bolster your real-world experience.
- By using this training guide, you will learn how to do the following:
- Configure and manage high availability
- Configure file and storage solutions
- Implement business continuity and disaster recovery
- Configure network services
- Configure the Active Directory infrastructure
- Configure identity and access solutions
System requirements
The following are the minimum system requirements your computer needs to meet to complete the practice exercises in this book. This book is designed assuming you will be using Hyper-V—either the client version available with some editions of Windows 8 or the version available in Windows Server 2012. You can use other virtualization software instead, such as VirtualBox or VMWare Workstation, but the practice setup instructions later in this introduction assume that you are using Hyper-V.
Hardware and software requirements
This section presents the hardware requirements for Hyper-V and the software requirements.
Virtualization hardware requirements
If you choose to use virtualization software, you need only one physical computer to perform the exercises in this book, except for in Chapter 8, which requires two identical computers. The physical host computer must meet the following minimum hardware requirements:
- x64-based processor that includes both hardware-assisted virtualization (AMD-V or Intel VT) and hardware data execution protection. (On AMD systems, the data execution protection feature is called the No Execute or NX bit. On Intel systems, this feature is called the Execute Disable or XD bit.) These features must also be enabled in the BIOS.
(Note:) You can run Windows Virtual PC without Intel-VT or AMD-V.) If you want to use Hyper-V on Windows 8, you need a processor that supports Second Layer Address Translation (SLAT).
- 8 gigabytes (GB) of RAM (more is recommended).
- 250 GB of available hard disk space.
- Internet connectivity.
Software requirements
The following software is required to complete the practice exercises:
Windows Server 2012 evaluation. You can download an evaluation edition of Windows Server 2012 in ISO format from the Windows Server and Cloud Platform website at
http://www.microsoft.com/server.
Virtual machine setup instructions
This set of exercises contains abbreviated instructions for setting up the SYD-DC, MEL-DC, ADL-DC, and CBR-DC computers used in the practice exercises in all chapters of this training kit. To perform these exercises, first install Windows Server 2012 Standard edition using the default configuration, setting the administrator password to Pa$$w0rd. EXERCISE 1 SYD-DC to function as a Windows Server 2012 domain controller
1. Log on to the first computer on which you have installed Windows Server 2012 using the Administrator account and the password Pa$$w0rd.
2. Open an elevated PowerShell prompt and issue the following command: cmd
3. Enter the following command: Netsh interface ipv4 set address “Ethernet” static 10.10.10.10
4. Enter the following command: netdom renamecomputer %computername% /newname:SYD-DC
5. Restart the computer and log back on using the Administrator account.
6. Open an elevated PowerShell prompt and issue the following command: Add-WindowsFeature AD-Domain-Services -IncludeManagementTools
7. Open the Server Manager console. Click the Refresh icon.
8. Click on the Notifications icon and then click Promote This Server to Domain Controller.
9. On the Deployment Configuration page, choose Add a New Forest. Enter Contoso. com as the root domain name and then click Next.
10. On the Domain Controller Options page, configure the following settings and then click Next:
- Forest Functional Level: Windows Server 2012
- Domain Functional Level: Windows Server 2012
- Specify Domain Controller Capabilities:
- Domain Name System (DNS) Server
- Global Catalog
- DSRM Password: Pa$$w0rd
11. On the DNS Options page, click Next.
12. On the Additional Options page, click Next.
13. Accept the default settings for the Database, Log Files, and SYSVOL locations and click Next.
14. On the Review Options page, click Next.
15. On the Prerequisites Check page, click Install.
16. The computer will restart automatically
Updated 70-412 Preparation Question 18
Updated 70-412 Preparation Question 18
You have a server named Server1 that has the Active Directory Certificate Services server role installed. Server1 uses a hardware security module (HSM) to protect the private key of Server1. You need to ensure that the Active Directory Certificate Services (AD CS) database, log files, and private key are backed up. You perform regular backups of the HSM module by using a backup utility provided by the HSM manufacturer. What else should you do?
You have a server named Server1 that has the Active Directory Certificate Services server role installed. Server1 uses a hardware security module (HSM) to protect the private key of Server1. You need to ensure that the Active Directory Certificate Services (AD CS) database, log files, and private key are backed up. You perform regular backups of the HSM module by using a backup utility provided by the HSM manufacturer. What else should you do?
A. Run the certutil.exe command and specify the -backupkey parameter.
B. Run the certutil.exe command and specify the -backupdb parameter.
C. Run the certutil.exe command and specify the -backup parameter.
D. Run the certutil.exe command and specify the -dump parameter.
Answer: B
Explanation:
A. Backup the Active Directory Certificate Services certificate and private key
B. Backup the Active Directory Certificate Services database
C. Backup Active Directory Certificate Services
D. Dump configuration information or files
Answer: B
Explanation:
A. Backup the Active Directory Certificate Services certificate and private key
B. Backup the Active Directory Certificate Services database
C. Backup Active Directory Certificate Services
D. Dump configuration information or files
Updated 70-412 Preparation Question 17
Updated 70-412 Preparation Question 17
Your network contains an Active Directory domain named adatum.com. The domain contains four servers. The servers are configured as shown in the following table.
You plan to deploy an enterprise certification authority (CA) on a server named Server5. Server5 will be used to issue certificates to domain-joined computers and workgroup computers. You need to identify which server you must use as the certificate revocation list (CRL) distribution point for Server5. Which server should you identify?
A. Server3
B. Server2
C. Server4
D. Server1
Answer: A
Explanation:
A. We cannot use AD DS because workgroup computers must access CRL distribution point
Explanation:
A. We cannot use AD DS because workgroup computers must access CRL distribution point
B. We cannot use File Share because workgroup computers must access CRL distribution point
C. Public facing web server can be used
D. AD DS, Web & File Share only
Updated 70-412 Preparation Question 16
Updated 70-412 Preparation Question 16
Your network contains two Active Directory forests named contoso.com and adatum.com. A two-way forest trust exists between the forests. The contoso.com forest contains an enterprise certification authority (CA) named Server1. You implement cross-forest certificate enrollment between the contoso.com forest and the adatum.com forest. On Server1, you create a new certificate template named Template1. You need to ensure that users in the adatum.com forest can request certificates that are based on Template1. Which tool should you use?
A. DumpADO.ps1
B. Repadmin
C. Add-CATemplate
D. Certutil
E. PKISync.ps1
Answer: E
Explanation:
A. B. Repadmin.exe helps administrators diagnose Active Directory replication problems between domain controllers running Microsoft Windows operating systems.
C. Adds a certificate template to the CA.
D. use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains. E. PKISync.ps1 copies objects in the source forest to the target forest.
Your network contains two Active Directory forests named contoso.com and adatum.com. A two-way forest trust exists between the forests. The contoso.com forest contains an enterprise certification authority (CA) named Server1. You implement cross-forest certificate enrollment between the contoso.com forest and the adatum.com forest. On Server1, you create a new certificate template named Template1. You need to ensure that users in the adatum.com forest can request certificates that are based on Template1. Which tool should you use?
A. DumpADO.ps1
B. Repadmin
C. Add-CATemplate
D. Certutil
E. PKISync.ps1
Answer: E
Explanation:
A. B. Repadmin.exe helps administrators diagnose Active Directory replication problems between domain controllers running Microsoft Windows operating systems.
C. Adds a certificate template to the CA.
D. use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains. E. PKISync.ps1 copies objects in the source forest to the target forest.
Updated 70-412 Preparation Question 15
Updated 70-412 Preparation Question 15
Your company has offices in Montreal, New York, and Amsterdam. The network contains an Active Directory forest named contoso.com. An Active Directory site exists for each office. All of the sites connect to each other by using the DEFAULTIPSITELINK site link. You need to ensure that only between 20:00 and 08:00, the domain controllers in the Montreal office replicate the Active Directory changes to the domain controllers in the Amsterdam office. The solution must ensure that the domain controllers in the Montreal and the New York offices can replicate the Active Directory changes any time of day. What should you do?
A. Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam from DEFAULTIPSITELINK. Modify the schedule of DEFAULTIPSITELINK.
B. Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge. Modify the schedule of DEFAU LTIPSITELINK.
C. Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam from DEFAULTIPSITELINK. Modify the schedule of the new site link.
D. Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge. Modify the schedule of the new site link.
Answer: C
Explanation: Very Smartly reworded with same 3 offices. In the exam correct answer is "Create a new site link that contains Newyork to Montreal. Remove Montreal from DEFAULTIPSITELINK.Modify the schedule of the new site link".
Your company has offices in Montreal, New York, and Amsterdam. The network contains an Active Directory forest named contoso.com. An Active Directory site exists for each office. All of the sites connect to each other by using the DEFAULTIPSITELINK site link. You need to ensure that only between 20:00 and 08:00, the domain controllers in the Montreal office replicate the Active Directory changes to the domain controllers in the Amsterdam office. The solution must ensure that the domain controllers in the Montreal and the New York offices can replicate the Active Directory changes any time of day. What should you do?
A. Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam from DEFAULTIPSITELINK. Modify the schedule of DEFAULTIPSITELINK.
B. Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge. Modify the schedule of DEFAU LTIPSITELINK.
C. Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam from DEFAULTIPSITELINK. Modify the schedule of the new site link.
D. Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge. Modify the schedule of the new site link.
Answer: C
Explanation: Very Smartly reworded with same 3 offices. In the exam correct answer is "Create a new site link that contains Newyork to Montreal. Remove Montreal from DEFAULTIPSITELINK.Modify the schedule of the new site link".
Updated 70-412 Preparation Question 14
Updated 70-412 Preparation Question 14
Your network contains an Active Directory domain named adatum.com. The domain contains two domain controllers that run Windows Server 2012. The domain controllers are configured as shown in the following table.
You log on to DC1 by using a user account that is a member of the Domain Admins group, and then you create a new user account named User1. You need to prepopulate the password for User1 on DC2. What should you do first?
A. Connect to DC2 from Active Directory Users and Computers.
B. Add DC2 to the Allowed RODC Password Replication Policy group.
C. Add the User1 account to the Allowed RODC Password Replication Policy group.
D. Run Active Directory Users and Computers as a member of the Enterprise Admins group.
Answer: C
Explanation:
Explanation:
Subscribe to:
Posts (Atom)