Microsoft 70-412 Exam Practice Questions (P. 3)
- Full Access (448 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #22
You have a server named Server1 that runs Windows Server 2012 R2.
From Server Manager, you install the Active Directory Certificate Services server role on Server1.
A domain administrator named Admin1 logs on to Server1.
When Admin1 runs the Certification Authority console, Admin1 receive the following error message.
You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error message does not appear.
What should you do?
From Server Manager, you install the Active Directory Certificate Services server role on Server1.
A domain administrator named Admin1 logs on to Server1.
When Admin1 runs the Certification Authority console, Admin1 receive the following error message.
You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error message does not appear.
What should you do?
Question #23
Your network contains an Active Directory domain named contoso.com.
A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS).
After the proof of concept was complete, the Active Directory Rights Management Services server role was removed.
You attempt to deploy AD RMS.
During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service Connection Point (SCP) was found.
You need to remove the existing AD RMS SCP.
Which tool should you use?
A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS).
After the proof of concept was complete, the Active Directory Rights Management Services server role was removed.
You attempt to deploy AD RMS.
During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service Connection Point (SCP) was found.
You need to remove the existing AD RMS SCP.
Which tool should you use?
- AActive Directory Users and Computers
- BAuthorization Manager
- CActive Directory Domains and Trusts
- DActive Directory Sites and Services
- EActive Directory Rights Management Services
Correct Answer:
E
ADRMS will registered the Service Connection Point (SCP) in Active Directory and you will need to unregister first before you remove the ADRMS server role.
If your ADRMS server is still alive, you can easily manually remove the SCP by below:
Reference: How to manually remove or reinstall ADRMS
E
ADRMS will registered the Service Connection Point (SCP) in Active Directory and you will need to unregister first before you remove the ADRMS server role.
If your ADRMS server is still alive, you can easily manually remove the SCP by below:
Reference: How to manually remove or reinstall ADRMS
Question #25
DRAG DROP -
Your network contains an Active Directory domain named contoso.com.
You need to ensure that third-party devices can use Workplace Join to access domain resources on the Internet.
Which four actions should you perform in sequence?
To answer, move the appropriate four actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Your network contains an Active Directory domain named contoso.com.
You need to ensure that third-party devices can use Workplace Join to access domain resources on the Internet.
Which four actions should you perform in sequence?
To answer, move the appropriate four actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
Note:
* Checklist: Deploying a Federation Server Farm include:
(Box 1) Enroll a Secure Socket Layer (SSL) certificate for AD FS.
(Box 2) Install the AD FS role service.
(Box 3, box 4) Optional step: Configure a federation server with Device Registration Service (DRS).
Box 3: To enable Device Registration Service.
On your federation server, open a Windows PowerShell command window and type:
Enable-AdfsDeviceRegistration -
Repeat this step on each federation farm node in your AD FS farm.
Box 4: Update the Web Application Proxy configuration
The Device Registration Service will be available through the Web Application Proxy once it is enabled on a federation server. You may need to complete this procedure to update the Web Application Proxy configuration if it was deployed prior to enabling the Device Registration Service.
* Workplace Join is made possible by the Device Registration Service (DRS) that is included with the Active Directory Federation Role in Windows Server 2012
R2. When a device is Workplace Joined, the DRS provisions a device object in Active Directory and sets a certificate on the consumer device that is used to represent the device identity. The DRS is meant to be both internal and external facing. Companies that deploy both DRS and the Web Application Proxy will be able to Workplace Join devices from any internet connected location.
Reference: Deploying a Federation Server Farm.
Note:
* Checklist: Deploying a Federation Server Farm include:
(Box 1) Enroll a Secure Socket Layer (SSL) certificate for AD FS.
(Box 2) Install the AD FS role service.
(Box 3, box 4) Optional step: Configure a federation server with Device Registration Service (DRS).
Box 3: To enable Device Registration Service.
On your federation server, open a Windows PowerShell command window and type:
Enable-AdfsDeviceRegistration -
Repeat this step on each federation farm node in your AD FS farm.
Box 4: Update the Web Application Proxy configuration
The Device Registration Service will be available through the Web Application Proxy once it is enabled on a federation server. You may need to complete this procedure to update the Web Application Proxy configuration if it was deployed prior to enabling the Device Registration Service.
* Workplace Join is made possible by the Device Registration Service (DRS) that is included with the Active Directory Federation Role in Windows Server 2012
R2. When a device is Workplace Joined, the DRS provisions a device object in Active Directory and sets a certificate on the consumer device that is used to represent the device identity. The DRS is meant to be both internal and external facing. Companies that deploy both DRS and the Web Application Proxy will be able to Workplace Join devices from any internet connected location.
Reference: Deploying a Federation Server Farm.
Question #26
HOTSPOT -
Your company has a primary data center and a disaster recovery data center.
The network contains an Active Directory domain named contoso.com. The domain contains a server named that runs Windows Server 2012 R2. Server1 is located in the primary data center.
Server1 has an enterprise root certification authority (CA) for contoso.com.
You deploy another server named Server2 to the disaster recovery data center.
You plan to configure Server2 as a secondary certificate revocation list (CRL) distribution point.
You need to configure Server2 as a CRL distribution point (CDP).
Which tab should you use to configure the required CDP entry? To answer, select the appropriate tab in the answer area.
Hot Area:
Your company has a primary data center and a disaster recovery data center.
The network contains an Active Directory domain named contoso.com. The domain contains a server named that runs Windows Server 2012 R2. Server1 is located in the primary data center.
Server1 has an enterprise root certification authority (CA) for contoso.com.
You deploy another server named Server2 to the disaster recovery data center.
You plan to configure Server2 as a secondary certificate revocation list (CRL) distribution point.
You need to configure Server2 as a CRL distribution point (CDP).
Which tab should you use to configure the required CDP entry? To answer, select the appropriate tab in the answer area.
Hot Area:
Correct Answer:
To configure the CDP and AIA extensions on CA1
✑ In Server Manager, click Tools and then click Certification Authority.
✑ In the Certification Authority console tree, right-click corp-CA1-CA, and then click Properties.
✑ Click the Extensions tab. Ensure that Select extension is set to CRL Distribution Point (CDP), and in the Specify locations from which users can obtain a certificate revocation list (CRL), do the following:
Etc.
Reference: Configure the CDP and AIA Extensions on CA1
http://technet.microsoft.com/zh-cn/library/jj125369.aspx
To configure the CDP and AIA extensions on CA1
✑ In Server Manager, click Tools and then click Certification Authority.
✑ In the Certification Authority console tree, right-click corp-CA1-CA, and then click Properties.
✑ Click the Extensions tab. Ensure that Select extension is set to CRL Distribution Point (CDP), and in the Specify locations from which users can obtain a certificate revocation list (CRL), do the following:
Etc.
Reference: Configure the CDP and AIA Extensions on CA1
http://technet.microsoft.com/zh-cn/library/jj125369.aspx
Question #27
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
Server1 has the Active Directory Certificate Services server role installed and is configured as an enterprise certification authority (CA).
You need to ensure that all of the users in the domain are issued a certificate that can be used for the following purposes:
✑ Email security
✑ Client authentication
✑ Encrypting File System (EFS)
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
Server1 has the Active Directory Certificate Services server role installed and is configured as an enterprise certification authority (CA).
You need to ensure that all of the users in the domain are issued a certificate that can be used for the following purposes:
✑ Email security
✑ Client authentication
✑ Encrypting File System (EFS)
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
- AFrom a Group Policy, configure the Certificate Services Client Auto-Enrollment settings.
- BFrom a Group Policy, configure the Certificate Services Client Certificate Enrollment Policy settings.
- CModify the properties of the User certificate template, and then publish the template.
- DDuplicate the User certificate template, and then publish the template.
- EFrom a Group Policy, configure the Automatic Certificate Request Settings settings.
Correct Answer:
AD
The default user template supports all of the requirements EXCEPT auto enroll as shown below:
However a duplicated template from users has the ability to autoenroll:
The Automatic Certificate Request Settings GPO setting is only available to Computer, not user.
Reference: Manage Certificate Enrollment Policy by Using Group Policy. http://technet.microsoft.com/en-us/library/dd851772.aspx
AD
The default user template supports all of the requirements EXCEPT auto enroll as shown below:
However a duplicated template from users has the ability to autoenroll:
The Automatic Certificate Request Settings GPO setting is only available to Computer, not user.
Reference: Manage Certificate Enrollment Policy by Using Group Policy. http://technet.microsoft.com/en-us/library/dd851772.aspx
Question #28
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server3 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
DHCP is configured as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that only Scope1, Scope3, and Scope5 assign the same DNS servers to DHCP clients. The solution must minimize administrative effort.
What should you do?
DHCP is configured as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that only Scope1, Scope3, and Scope5 assign the same DNS servers to DHCP clients. The solution must minimize administrative effort.
What should you do?
Question #29
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DNS Server server role installed.
Server1 has a zone named contoso.com. The zone is configured as shown in the exhibit. (Click the Exhibit button.)
You need to assign a user named User1 permission to add and delete records from the contoso.com zone only.
What should you do first?
Server1 has a zone named contoso.com. The zone is configured as shown in the exhibit. (Click the Exhibit button.)
You need to assign a user named User1 permission to add and delete records from the contoso.com zone only.
What should you do first?
Question #30
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
An administrator installs the IP Address Management (IPAM) Server feature on a server named Server2. The administrator configures IPAM by using Group Policy based provisioning and starts server discovery.
You plan to create Group Policies for IPAM provisioning.
You need to identify which Group Policy object (GPO) name prefix must be used for IPAM Group Policies.
What should you do on Server2?
An administrator installs the IP Address Management (IPAM) Server feature on a server named Server2. The administrator configures IPAM by using Group Policy based provisioning and starts server discovery.
You plan to create Group Policies for IPAM provisioning.
You need to identify which Group Policy object (GPO) name prefix must be used for IPAM Group Policies.
What should you do on Server2?
- AFrom Server Manager, review the IPAM overview.
- BRun the ipamgc.exe tool.
- CFrom Task Scheduler, review the IPAM tasks.
- DRun the Get-IpamConfiguration cmdlet.
Correct Answer:
D
Example:
D
Example:
All Pages