New Updated Microsoft MCSA 70-412 Real Exam Questions and Answers Download 171-180

Ensurepass

QUESTION 171

HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains a

server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory

Certificate Services server role installed and configured. For all users, you are deploying smart

cards for logon. You are using an enrollment agent to enroll the smart card certificates for the

users. You need to configure the Contoso Smartcard Logon certificate template to support the

use of the enrollment agent. Which setting should you modify?

 

To answer, select the appropriate setting in the answer area.

 

Hot Area:

70-412-demo-123

 

Correct Answer:

70-412-demo-124

 

 

QUESTION 172

HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains the

two servers. The servers are configured as shown in the following table.

 

70-412-demo-125

 

You investigate a report about the potential compromise of a private key for a certificate issued

to Server2. You need to revoke the certificate issued to Server2. The solution must ensure that

the revocation can be reverted. Which reason code should you select?

 

To answer, select the appropriate reason code in the answer area.

 

Hot Area:

70-412-demo-126

 

Correct Answer:

70-412-demo-127

QUESTION 173

DRAG DROP

Your network contains two Active Directory forests named contoso.com and adatum.com. All

domain controllers run Windows Server 2012 R2. A federated trust exists between adatum.com

and contoso.com. The trust provides adatum.com users with access to contoso.com resources.

You need to configure Active Directory Federation Services (AD FS) claim rules for the federated

trust. The solution must meet the following requirements:

 

  • In contoso.com, replace an incoming claim type named Group with an outgoing claim type

named Role.

  • In adatum.com, allow users to receive their tokens for the relying party by using their Active

Directory group membership as the claim type.

 

The AD FS claim rules must use predefined templates. Which rule types should you configure on

each side of the federated trust?

 

To answer, drag the appropriate rule types to the correct location or locations. Each rule type may

be used once, more than once, or not at all. You may need to drag the split bar between panes or

scroll to view content.

 

Select and Place:

70-412-demo-128

 

Correct Answer:

70-412-demo-129

 

 

 

QUESTION 174

Your network contains an Active Directory domain named contoso.com. The domain contains a

main office and a branch office. An Active Directory site exists for each office. All domain

controllers run Windows Server 2012 R2. The domain contains two domain controllers.

The domain controllers are configured as shown in the following table.

 

70-412-demo-130

 

DC1 hosts an Active Directory-integrated zone for contoso.com. You add the DNS Server server

role to DC2. You discover that the contoso.com DNS zone fails to replicate to DC2. You verify that

the domain, schema, and configuration naming contexts replicate from DC1 to DC2. You need to

ensure that DC2 replicates the contoso.com zone by using Active Directory replication. Which

tool should you use?

 

  1. Active Directory Domains and Trusts

  2. Active Directory Users and Computers

  3. Repadmin

  4. Ntdsutil

 

Correct Answer: C

 

 

QUESTION 175

Your network contains an Active Directory domain named contoso.com. All servers run Windows

Server 2012 R2. The domain contains a domain controller named DC1 that is configured as an

enterprise root certification authority (CA). All users in the domain are issued a smart card and

are required to log on to their domain-joined client computer by using their smart card. A user

named User1 resigned and started to work for a competing company. You need to prevent User1

immediately from logging on to any computer in the domain. The solution must not prevent

other users from logging on to the domain. Which tool should you use?

 

  1. Active Directory Users and Computers.

  2. Server Manager.

  3. The Certificates snap-in.

  4. The Certification Authority console.

 

Correct Answer: A

 

 

QUESTION 176

DRAG DROP

You plan to deploy a failover cluster that will contain two nodes that run Windows Server 2012

R2. You need to configure a witness disk for the failover cluster. How should you configure the

witness disk?

 

To answer, drag the appropriate configurations to the correct location or locations. Each

configuration may be used once, more than once, or not at all. You may need to drag the split bar

between panes or scroll to view content.

 

Select and Place:

70-412-demo-131

 

Correct Answer:

70-412-demo-132

 

QUESTION 177

Your network contains an Active Directory domain named contoso.com. All domain controllers

run Windows Server 2012 R2. The domain contains two domain controllers. The domain

controllers are configured as shown in the following table.

 

70-412-demo-133

 

You configure a user named User1 as a delegated administrator of DC10. You need to ensure that

User1 can log on to DC10 if the network link between the Main site and the Branch site fails.

What should you do?

 

  1. On DC10, run ntdsutil and configure the settings in the Local Roles context.

  2. Run repadmin and specify /replsingleobject parameter.

  3. Modify the properties of the DC10 computer account.

  4. On DC10, modify the User Rights Assignment in Local Policies.

 

Correct Answer: D

 

 

QUESTION 178

Your network contains an Active Directory forest named contoso.com. The forest contains a

single domain. The domain contains three domain controllers. The domain controllers are

configured as shown in the following table.

 

70-412-demo-134

 

You plan to test an App1ication on a server named Server 1. Server1 is currently located in Site1.

After the test, Server1 will be moved to Site2. You need to ensure that Server1 attempts to

authenticate to DC3 first, while you test the App1ication. What should you do?

 

  1. Modify the priority of site-specific service location (SRV) DNS records for Site2.

  2. Create a new subnet object and associate the subnet object to an existing site.

  3. Create a new site and associate the site to an existing site link object.

  4. Modify the registry on DC3.

 

Correct Answer: A

 

 

QUESTION 179

Your network contains an Active Directory domain named contoso.com. The domain contains a

main office and a branch office. An Active Directory site exists for each office. All domain

controllers run Windows Server 2012 R2. The domain contains two domain controllers. The

domain controllers are configured as shown in the following table.

 

70-412-demo-135

 

DC1 hosts an Active Directory-integrated zone for contoso.com. You add the DNS Server server

role to DC2. You discover that the contoso.com DNS zone fails to replicate to DC2. You verify that

the domain, schema, and configuration naming contexts replicate from DC1 to DC2. You need to

ensure that DC2 replicates the contoso.com zone by using Active Directory replication. Which

tool should you use?

 

  1. Active Directory Users and Computers

  2. Ntdsutil

  3. DNS Manager

  4. Active Directory Domains and Trusts

 

Correct Answer: C

 

 

QUESTION 180

Your network contains an Active Directory forest named contoso.com. The forest contains a

single domain. The forest functional level is Windows Server 2012 R2. You have a domain

controller named DC1. On DC1, you create a new Group Policy object (GPO) named GPO1. You

need to verify that GPO1 was replicated to all of the domain controllers. Which tool should you

use?

 

  1. Group Policy Management

  2. Active Directory Sites and Services

  3. DFS Management

  4. Active Directory Administrative Center

 

Correct Answer: A

 

Instant Access to Download Latest Complete Collection of Microsoft MCSA 70-412 Real Exam

Try Microsoft MCSA 70-412 Free Demo