Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. The domains contain three domain controllers.
The domain controllers are configured as shown in the following table.
You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring setting is enforced in the child1.contoso.com domain.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Upgrade DC1 to Windows Server 2012 R2.
B. Upgrade DC11 to Windows Server 2012 R2.
C. Raise the domain functional level ofchildl.contoso.com,
D. Raise the domain functional level of contoso.com.
E. Raise the forest functional level of contoso.com.
You have a server named Server1 that runs Windows Server 2012 R2. The storage on Server1 is configured as shown in the following table.
You plan to implement Data Deduplication on Server1. You need to identify on which drives you can enable Data Deduplication. Which three drives should you identify? (Each correct answer presents part of the solution. Choose three.)
Volumes that are candidates for deduplication must conform to the following requirements:
* (not A) Must not be a system or boot volume. Deduplication is not supported on operating system volumes.
* Can be partitioned as a master boot record (MBR) or a GUID Partition Table (GPT), and must be formatted using the NTFS file system.
* Can reside on shared storage, such as storage that uses a Fibre Channel or an SAS array, or when an iSCSI SAN and Windows Failover Clustering is fully supported.
* Do not rely on Cluster Shared Volumes (CSVs). You can access data if a deduplicationenabled volume is converted to a CSV, but you cannot continue to process files for deduplication.
* (not C) Do not rely on the Microsoft Resilient File System (ReFS).
* Must be exposed to the operating system as non-removable drives. Remotely-mapped drives are not supported.
You have 20 servers that run Windows Server 2012 R2.
You need to create a Windows PowerShell script that registers each server in Windows Azure Online Backup and sets an encryption passphrase. Which two PowerShell cmdlets should you run in the script? (Each correct answer presents part of the solution. Choose two.)
E. Set OBMachineSetting
Registers the current computer with Windows Azure Online Backup using the credentials (username and password) created during enrollment.
E: The Set-OBMachineSetting cmdlet sets a OBMachineSetting object for the server that includes proxy server settings for accessing the internet, network bandwidth throttling settings, and the encryption passphrase that is required to decrypt the files during recovery to another server.
Not C: The Add-OBFileSpec cmdlet adds the OBFileSpec object, which specifies the items to include or exclude from a backup, to the backup policy (OBPolicy object). The OBFileSpec object can include or exclude multiple files, folders, or volumes. T http://technet.microsoft.com/en-us/library/hh770416(v=wps.620).aspx
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
You need to ensure that a WIM file that is located on a network share is used as the installation source when installing server roles and features on Server1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Run the dism.exe command and specify the /remove-package parameter.
B. Run the Remove-WindowsFeature cmdlet.
C. Enable and configure the Specify settings for optional component installation and component repair
policy setting by using a Group Policy object (GPO).
D. Enable the Enforce upgrade component rules policy setting by using a Group Policy object (GPO).
E. Run the Remove-WindowsPackage cmdlet.
A: To remove packages from an offline image by using DISM Example:
At a command prompt, specify the package identity to remove it from the image. You can remove multiple packages on one command line.
DISM /Image:C:\test\offline /Remove-Package
* You can use Group Policy to specify a Windows image repair source to use within your network. The repair source can be used to restore Windows features or to repair a corrupted Windows image.
* Set Group Policy
You can use Group Policy to specify when to use Windows Update, or a network location as a repair source for features on demand and automatic corruption repair. To configure Group Policy for Feature on Demand
Open the group policy editor. For example, on a computer that is running Windows?8, click Search, click Settings, type Edit Group Policy, and then select the Edit Group Policy setting.
Click Computer Configuration, click Administrative Templates, click System, and then double-click the Specify settings for optional component uninstallation and component repair setting. Select the settings that you want to use for Features on Demand.
* The Windows Imaging Format (WIM) is a file-based disk image format. It was developed by Microsoft to help deploy Windows Vista and subsequent versions of Windows operating system family, as well as Windows Fundamentals for Legacy PCs.
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. The functional level of the forest is Windows Server 2003. You have a domain outside the forest named litwareinc.com. You need to configure an access solution to meet the following requirements:
– Users in litwareinc.com must be able to access resources on a server named Server1 in contoso.com.
– Users in the contoso.com forest must be prevented from accessing any resources in litwareinc.com.
– Users in litwareinc.com must be prevented from accessing any other resources in the contoso.com forest.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. Configure SID filtering on the trust.
B. Configure forest-wide authentication on the trust.
C. Create a one-way forest trust.
D. Create a one-way external trust
E. Modify the permission on the Server1 object.
F. Configure selective authentication on the trust.
D (not C): litwareinc.com is outside the forest so we need an external trust (not a forest trust).
E: Must grant the required permissions on Server1.
F(not B): For external trust we must either select Domain-Wide or Selective Authentication (forst- wide authentication is not an option)
* You can create an external trust to form a one-way or two-way, nontransitive trust with domains that are outside your forest. External trusts are sometimes necessary when users need access to resources in a Windows NT 4.0 domain or in a domain that is located in a separate forest that is not joined by a forest trust.
/ To select the scope of authentication for users that are authenticating through a forest trust, click the forest trust that you want to administer, and then click Properties . On the Authentication tab, click either Forest-wide authentication or Selective authentication .
/ To select the scope of authentication for users that are authenticating through an external trust, click the external trust that you want to administer, and then click Properties . On the Authentication tab, click either Domain-wide authentication or Selective authentication .
* The forest-wide authentication setting permits unrestricted access by any users in the trusted forest to all available shared resources in any of the domains in the trusting forest.
* Forest-wide authentication is generally recommended for users within the same organization. Reference: Select the Scope of Authentication for Users
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. All client computers run Windows 8. You need to configure a custom Access Denied message that will be displayed to users when they are denied access to folders or files on Server1.
What should you configure?
A. A classification property
B. The File Server Resource Manager Options
C. A file management task
D. A file screen template
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains three Active Directory sites named SiteA, SiteB, and SiteC. The sites contain four domain controllers. The domain controllers are configured as shown in the following table.
You discover that the users in SiteC are authenticated by the domain controllers in SiteA and SiteB. You need to ensure that the SiteC users are authenticated by the domain controllers in SiteB, unless all of the domain controllers in SiteB are unavailable. What should you do?
A. Create additional connection objects for DC3 and DC4.
B. Decrease the cost of the site link between SiteB and SiteC.
C. Create a site link bridge.
D. Disable site link bridging.
By decreasing the cost between SiteB and SiteC, the SiteC users will be authenticated by SiteB domain controllers.
* A site link bridge connects two or more site links and enables transitivity between site links. Each site link in a bridge must have a site in common with another site link in the bridge.
* By default, all site links are transitive.
Your network contains an Active Directory domain named contoso.com. The domain contains a. DC2 has the DHCP Server server role installed. DHCP is configured as shown in the exhibit. (Click the Exhibit button.)
You discover that client computers cannot obtain IPv4 addresses from DC2. You need to ensure that the client computers can obtain IPv4 addresses from DC2. What should you do?
A. Disable the Deny filters.
B. Enable the Allow filters.
C. Authorize DC2.
D. Restart the DHCP Server service
Your network contains an Active Directory forest named adatum.com. All servers run Windows Server 2012 R2. The domain contains four servers. The servers are configured as shown in the following table.
You need to deploy IP Address Management (IPAM) to manage DNS and DHCP. On which server should you install IPAM?
D. IPAM cannot be installed on Domain Controllers. All other servers have the DC role http://technet.microsoft.com/en-us/library/hh831353.aspx
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA). All users in the domain are issued a smart card and are required to log on to their domain-joined client computer by using their smart card. A user named User1 resigned and started to work for a competing company. You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not prevent other users from logging on to the domain. Which tool should you use?
A. Active Directory Users and Computers
B. Server Manager
C. The Certificates snap-in
D. The Certification Authority console
You can use the Certification Authority console to configure CAs. This includes the following tasks:
(D) Scheduling certificate revocation list publication. Installing the CA certificate when necessary. Configuring exit module settings.
Configuring policy module settings.
Modifying security permissions and delegate control of CAs. Enabling optional Netscape-compatible Web-based revocation checking.
Reference: Configure Certification Authorities
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html