Configuring Advanced Windows Server 2012 Services v1.0 (70-412)

Page:    1 / 30   
Total 455 questions

Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run
Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.
You configure File Services and DHCP as clustered resources for Cluster1. Server1 is the active node for both clustered resources.
You need to ensure that if two consecutive heartbeat messages are missed between Server1 and Server2, Server2 will begin responding to DHCP requests. The solution must ensure that Server1 remains the active node for the File Services clustered resource for up to five missed heartbeat messages.
What should you configure?

  • A. Affinity-None
  • B. Affinity-Single
  • C. The cluster quorum settings
  • D. The failover settings
  • E. A file server for general use
  • F. The Handling priority
  • G. The host priority
  • H. Live migration
  • I. The possible owner
  • J. The preferred owner K. Quick migration L. the Scale-Out File Server


Answer : D

Explanation:
The number of heartbeats that can be missed before failover occurs is known as the heartbeat threshold. Heartbeat threshold is failover clustering setting.
References:
https://technet.microsoft.com/en-us/library/dn265972.aspx
https://technet.microsoft.com/en-us/library/dd197562(v=ws.10).aspx http://blogs.msdn.com/b/clustering/archive/2012/11/21/10370765.aspx

Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run
Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.
You add two additional nodes to Cluster1. You need to ensure that Cluster1 stops running if three nodes fail.
What should you configure?

  • A. Affinity-None
  • B. Affinity-Single
  • C. The cluster quorum settings
  • D. The failover settings
  • E. A file server for general use
  • F. The Handling priority
  • G. The host priority
  • H. Live migration
  • I. The possible owner
  • J. The preferred owner K. Quick migration L. the Scale-Out File Server


Answer : C

Explanation:
The quorum configuration in a failover cluster determines the number of failures that the cluster can sustain.
References:
https://technet.microsoft.com/en-us/library/cc731739.aspx

Information and details provided in a question App1y only to that question.
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run
Windows Server 2012 R2. Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured as nodes in an NLB cluster named Cluster1.
Cluster1 hosts a secure web Application named WebApp1. WebApp1 saves user state information locally on each node.
You need to ensure that when users connect to WebApp1, their session state is maintained.
What should you configure?

  • A. Affinity-None
  • B. Affinity-Single
  • C. The cluster quorum settings
  • D. The failover settings
  • E. A file server for general use
  • F. The Handling priority
  • G. The host priority
  • H. Live migration
  • I. The possible owner
  • J. The preferred owner K. Quick migration L. the Scale-Out File Server


Answer : B

Explanation:

Client Affinity -
NLB offers three types of client affinity to minimize response time to clients and provide generic support for preserving session state. Each affinity specifies a different method for distributing client requests.

Affinity Single: Single -
Multiple requests from the same client must access the same member; useful for clusters within an intranet.
This affinity provides the best support for clients that use sessions on an intranet. These clients cannot use No affinity because their sessions could be disrupted.
Incorrect:
Not A. Affinity none: Multiple requests from the same client can access any member; useful for clusters that do not store session state information on individual members.
References:
https://technet.microsoft.com/en-us/library/bb687542.aspx

Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run
Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.
You add two additional nodes in Cluster1.
You have a folder named Folder1 on Server1 that hosts Application data. Folder1 is a folder target in a Distributed File System (DFS) namespace.
You need to provide highly available access to Folder1. The solution must support DFS Replication to Folder1.
What should you configure?

  • A. Affinity-None
  • B. Affinity-Single
  • C. The cluster quorum settings
  • D. The failover settings
  • E. A file server for general use
  • F. The Handling priority
  • G. The host priority
  • H. Live migration
  • I. The possible owner
  • J. The preferred owner K. Quick migration L. The Scale-Out File Server


Answer : E

Explanation:

File Server for general use -


Note: You can deploy and configure a clustered file server by using either of the following methods:
* File Server for general use.
This is the continuation of the clustered file server that has been supported in Windows Server since the introduction of Failover Clustering. This type of clustered file server, and therefore all the shares associated with the clustered file server, is online on one node at a time. This is sometimes referred to as active-passive or dual-active. File shares associated with this type of clustered file server are called clustered file shares. This is the recommended file server type when deploying information worker scenarios.
* Scale-Out File Server for application data
This clustered file server feature was introduced in Windows Server 2012, and it lets you store server application data, such as Hyper-V virtual machine files, on file shares, and obtain a similar level of reliability, availability, manageability, and high performance that you would expect from a storage area network. All file shares are simultaneously online on all nodes. File shares associated with this type of clustered file server are called scale-out file shares. This is sometimes referred to as active- active. This is the recommended file server type when deploying either Hyper-V over Server Message Block (SMB) or Microsoft SQL Server over SMB.
Reference: Scale-Out File Server for Application Data Overview

Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server1, Server2, and Server3 that run
Windows Server 2012 R2. All three servers have the Hyper-V server role installed and the Failover Clustering feature installed.
Server1 and Server2 are nodes in a failover cluster named Cluster1. Several highly available virtual machines run on Cluster1. Cluster1 has the Hyper-V Replica
Broker role installed. The Hyper-V Replica Broker currently runs on Server1.
Server3 currently has no virtual machines.
You need to configure Cluster1 to be a replica server for Server3 and Server3 to be a replica server for Cluster1.
Which two tools should you use? (Each correct answer presents part of the solution. Choose two.)

  • A. The Hyper-V Manager console connected to Server3
  • B. The Failover Cluster Manager console connected to Server3
  • C. The Hyper-V Manager console connected to Server1.
  • D. The Failover Cluster Manager console connected to Cluster1
  • E. The Hyper-V Manager console connected to Server2


Answer : AD

Explanation:
A. To configure the Replica server [on a server that is not part of a cluster which in this case is Server3]
-> 1. In Hyper-V Manager, click Hyper-V Settings in the Actions pane.
-> 2. In the Hyper-V Settings dialog, click Replication Configuration.
-> 3. In the Details pane, select Enable this computer as a Replica server.
Etc.
D. To configure a Replica server that is part of a failover cluster.
1. In Server Manager, open Failover Cluster Manager.
2. In the left pane, connect to the cluster, and while the cluster name is highlighted, click Roles in the Navigate category of the Details pane.
3. Right-click the role and choose Replication Settings.
4. In the Details pane, select Enable this cluster as a Replica server.
Reference:
http://technet.microsoft.com/en-us/library/jj134240.aspx

Your network contains an Active Directory domain named contoso.com. The domain contains a file server named File1 that runs a Server Core Installation of
Windows Server 2012 R2.
File1 has a volume named D that contains home folders. File1 creates a shadow copy of volume D twice a day.
You discover that volume D is almost full.
You add a new volume named H to File1.
You need to ensure that the shadow copies of volume D are stored on volume H.
Which command should you run?

  • A. The Set-Volume cmdlet with the -driveletter parameter
  • B. The vssadmin.exe create shadow command
  • C. The Set-Volume cmdlet with the -path parameter
  • D. The vssadmin.exe add shadowstorage command


Answer : D

Explanation:

Add ShadowStorage -
Adds a shadow copy storage association for a specified volume.
Incorrect Answers:
A. Sets or changes the file system label of an existing volume. -DriveLetter Specifies a letter used to identify a drive or volume in the system.

B. Create Shadow -
Creates a new shadow copy of a specified volume.
C. Sets or changes the file system label of an existing volume -Path Contains valid path information.
References:
https://technet.microsoft.com/en-us/library/cc754968(v=ws.10).aspx https://technet.microsoft.com/en-us/library/hh848673(v=wps.620).aspx

You have a server named Server1 that runs Windows Server 2012 R2.
Server1 has a single volume that is encrypted by using BitLocker Drive Encryption (BitLocker).
BitLocker is configured to save encryption keys to a Trusted Platform Module (TPM). Server1 is configured to perform a daily system image backup.
The motherboard on Server1 is upgraded.
After the upgrade, Windows Server 2012 R2 on Server1 fails to start.
You need to start the operating system on Server1 as soon as possible.
What should you do?

  • A. Start Server1 from the installation media. Run startrec.exe.
  • B. Move the disk to a server that has a model of the old motherboard. Start the server from the installation media. Run bcdboot.exe.
  • C. Move the disk to a server that has a model of the old motherboard. Start the server. Run tpm.msc.
  • D. Start Server1 from the installation media. Perform a system image recovery.


Answer : C

Explanation:
By moving the hard drive to server with that has a model of the old motherboard the system would be able to start. As BitLocker was configured to save encryption keys to a Trusted Platform Module (TPM), we can use tpm.msc to access the TPM settings.
Note: After you replaced the motherboard, you need to repopulate the TPM with new information regarding the encryption of the hard disk.
We use these commands to repopulate the information in the TPM (without PIN): manage-bde ""delete -protectors C: -type TPM manage-bde ""protectors ""add C: -tpm
Incorrect Answers:
D. After the system image recovery you would still have the new motherboard installed. The problem would return.
References: BitLocker - New motherboard replacement

Your network contains two servers that run Windows Server 2012 R2 named Server1 and Server2. Both servers have the File Server role service installed.
On Server2, you create a share named Backups.
From Windows Server Backup on Server1, you schedule a full backup to run every night. You set the backup destination to \\Server2 \Backups.
After several weeks, you discover that \\Server2\Backups only contains the last backup that completed on Server1.
You need to ensure that multiple backups of Server1 are maintained.
What should you do?

  • A. Modify the Volume Shadow Copy Service (VSS) settings.
  • B. Modify the properties of the Windows Store Service (WSService) service.
  • C. Change the backup destination.
  • D. Configure the permission of the Backups share.


Answer : C

The destination in the exhibit shows a network share is used. If a network share is being used only the latest copy will be saved.


References:
http://windows.microsoft.com/en-us/windows7/where-should-i-save-my-backup

Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 have the Hyper-V server role installed.
Server1 and Server2 are configured as Hyper-V replicas of each other.
Server2 hosts a virtual machine named VM5. VM5 is replicated to Server1.
You need to verify whether the replica of VM5 on Server1 is functional. The solution must ensure that VM5 remains accessible to clients.
What should you do from Hyper-V Manager?

  • A. On Server1, execute a Planned Failover.
  • B. On Server1, execute a Test Failover.
  • C. On Server2, execute a Planned Failover.
  • D. On Server2, execute a Test Failover.


Answer : B

Explanation:
Test Failover (TFO) is an operation initiated on your replica virtual machine (in this scenario on Server1) which allows you to test the sanity of the virtualized workload without interrupting your production workload or ongoing replication.
TFO is performed on the replica virtual machine by right-clicking on the VM and choosing the Test Failover operation (either from the Hyper-V Manager or from the
Failover Clustering Manager).
Reference: Types of failover operations in Hyper-V Replica Part I Test Failover.

HOTSPOT -
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server
2012 R2. The servers have the Hyper-V server role installed.
A certification authority (CA) is available on the network.
A virtual machine named vml.contoso.com is replicated from Server1 to Server2. A virtual machine named vm2.contoso.com is replicated from Server2 to Server1.
You need to configure Hyper-V to encrypt the replication of the virtual machines.
Which common name should you use for the certificates on each server?
To answer, configure the appropriate common name for the certificate on each server in the answer area.
Hot Area:




Answer :

Explanation:
Hyper-V Replica Certificate Requirements
If you want to use HTTPS, then you will need to create certificates for the hosts/clusters in both the primary and secondary sites.
Reference: Use Hyper-V Replica over HTTPS/SSL: Configuring Certificates.

DRAG DROP -
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
You plan to install the Active Directory Federation Services server role on Server1 to allow for Workplace Join.
You run nslookup enterprise registration and you receive the following results:


You need to create a certificate request for Server1 to support the Active Directory Federation Services (AD FS) installation.
How should you configure the certificate request?
To answer, drag the appropriate names to the correct locations. Each name may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Select and Place:



Answer :

Explanation:
Obtain a server SSL certificate from either a public certificate authority (CA) or from your organization's PKI subordinate CA that is trusted by a public certificate authority.
The server SSL certificate must have the following certificate attributes to be used with Workplace Join:
- Subject Name (CN): adfs1.contoso.com
- Subject Alternative Name (DNS): adfs1.contoso.com
- Subject Alternative Name (DNS): enterpriseregistration.contoso.com
Reference: Why R2? Step-by-Step: Solve BYOD Challenges with Workplace Join in Windows Server 2012 R2 and Windows 8.1

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
Server1 is an enterprise root certification authority (CA) for contoso.com.
Your user account is assigned the certificate manager role and the auditor role on the contoso.com CA. Your account is a member of the local Administrators group on Server1.
You enable CA role separation on Server1.
You need to ensure that you can manage the certificates on the CA.
What should you do?

  • A. Remove your user account from the local Administrators group.
  • B. Assign the CA administrator role to your user account.
  • C. Assign your user account the Bypass traverse checking user right.
  • D. Remove your user account from the Manage auditing and security log user right.


Answer : D

Explanation:
The separation of CA roles can be enforced using role separation. Once enforced, role separation only allows a user to be assigned a single role. If a user is assigned to more than one role and attempts to perform an operation on the CA, the operation is denied. For this reason, before role separation is enabled, a user should be assigned only one CA role.

Reference: Role Separation -

Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2 that run Windows Server 2012
R2. Server1 has the Active Directory Federation Services server role installed. Server2 is a file server.
Your company introduces a Bring Your Own Device (BYOD) policy.
You need to ensure that users can use a personal device to access domain resources by using Single Sign-On (SSO) while they are connected to the internal network.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  • A. Enable the Device Registration Service in Active Directory.
  • B. Publish the Device Registration Service by using a Web Application Proxy.
  • C. Configure Active Directory Federation Services (AD FS) for the Device Registration Service.
  • D. Create and configure a sync share on Server2.
  • E. Install the Work Folders role service on Server2.


Answer : AC

Explanation:
* Workplace Join leverages a feature included in the Active Directory Federation Services (AD FS) Role in Windows Server 2012 R2, called Device Registration
Service (DRS). DRS provisions a device object in Active Directory when a device is Workplace Joined. Once the device object is in Active Directory, attributes of that object can be retrieved and used to provide conditional access to resources and applications. The device identity is represented by a certificate which is set on the personal device by DRS when the device is Workplace Joined.
* In Windows Server 2012 R2, AD FS and Active Directory Domain Services have been extended to comprehend the most popular mobile devices and provide conditional access to enterprise resources based on user+device combinations and access policies. With these policies in place, you can control access based on users, devices, locations, and access times.
Reference: BYOD Basics: Enabling the use of Consumer Devices using Active Directory in Windows Server 2012 R2

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA).
All users in the domain are issued a smart card and are required to log on to their domain-joined client computer by using their smart card.
A user named User1 resigned and started to work for a competing company.
You need to prevent User1 immediately from logging on to any computer in the domain.
The solution must not prevent other users from logging on to the domain.
Which tool should you use?

  • A. Active Directory Administrative Center
  • B. Certificate Templates
  • C. The Security Configuration Wizard
  • D. The Certificates snap-in


Answer : A

Explanation:
To disable or enable a user account using Active Directory Administrative Center
-> To open Active Directory Administrative Center, click Start, click Administrative Tools, and then click Active Directory Administrative Center.
To open Active Directory Users and Computers in Windows Server 2012, click Start, typedsac.exe.


-> In the navigation pane, select the node that contains the user account whose status you want to change.
-> In the management list, right-click the user whose status you want to change.
-> Depending on the status of the user account, do one of the following:
-> To disable the user account, click Disable.
-> To enable the user account, click Enable.
References:
https://www.pcwdld.com/active-directory-users-computers-not-showing-administrative-tools

DRAG DROP -
Your network contains two Active Directory forests named contoso.com and adatum.com. All domain controllers run Windows Server 2012 R2.
A federated trust exists between adatum.com and contoso.com. The trust provides adatum.com users with access to contoso.com resources.
You need to configure Active Directory Federation Services (AD FS) claim rules for the federated trust.
The solution must meet the following requirements:
-> In contoso.com, replace an incoming claim type named Group with an outgoing claim type named Role.
-> In adatum.com, allow users to receive their tokens for the relying party by using their Active Directory group membership as the claim type.
The AD FS claim rules must use predefined templates.
Which rule types should you configure on each side of the federated trust?
To answer, drag the appropriate rule types to the correct location or locations. Each rule type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Select and Place:




Answer :

Explanation:
* Acceptance transform rule set
A set of claim rules that you use on a particular claims provider trust to specify the incoming claims that will be accepted from the claims provider organization and the outgoing claims that will be sent to the relying party trust.

Used on: Claims provider trusts -
* Issuance Authorization Rule Set
A set of claim rules that you use on a relying party trust to specify the claims that will be issued to the relying party.

Used on: Relying party trusts -
References:
https://technet.microsoft.com/zh-cn/library/ee913586(v=WS.10).aspx

Page:    1 / 30   
Total 455 questions