Exam Code: 70 417 dumps (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Upgrading Your Skills to MCSA Windows Server 2012
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass exam 70 417 Exam.
Q181. Your network contains an Active Directory domain named contoso.com. The domain
contains two domain controllers named DC1 and DC2.
You install Windows Server 2012 R2 on a new computer named DC3.
You need to manually configure DC3 as a domain controller.
Which tool should you use?
B. Server Manager
D. Active Directory Domains and Trusts
When you try to DCpromo a Server 2012, you get this message:
Q182. Your network contains an Active Directory forest that contains two domains. The forest contains five domain controllers.
The domain controllers are configured as shown in the following table.
You need to configure DC5 as a global catalog server.
Which tool should you use?
A. Active Directory Administrative Center
B. Active Directory Users and Computers
C. Active Directory Sites and Services
D. Active Directory Domains and Trusts
Active Directory Sites and Services can be used to Add or remove the global catalog read-only directory partitions from a domain controller in the site. Confirm that all read-only directory partitions have been replicated to the new global catalog server. As well as verify that the global catalog server is being advertised in Domain Name System (DNS).
References: http://technet.microsoft.com/en-us/library/cc730868.aspx http://technet.microsoft.com/en-us/library/cc770674.aspx
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 have the Hyper-V server role installed.
Server1 and Server2 have different processor models from the same manufacturer.
On Server1, you plan to create a virtual machine named VM1. Eventually, VM1 will be exported to Server2. You need to ensure that when you import VM1 to Server2, you can start VM1 from saved
What should you configure on VM1?
To answer, select the appropriate node in the answer area.
Q184. Sometimes its important to remove an RODC from your forest or domain. However, its important that you follow a simple rule whilst removing RODC's. What is this rule?
A. All RODC's must be detached before removing a final writable domain controller
B. All writable domain controllers must be removed before RODC's can be detached
C. Your forest must only consist of RODC's if you want to remove them
D. There are no rules for removing RODC's
After researching this and using logic, we need a writable DC for a RODC to exist, therefore we have to remove all RODC's before removing the last writable DC.
Q185. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains two servers. The servers are configured as shown in the following table.
All client computers run Windows 8 Enterprise.
You plan to deploy Network Access Protection (NAP) by using IPSec enforcement.
A Group Policy object (GPO) named GPO1 is configured to deploy a trusted server group to all of the client computers.
You need to ensure that the client computers can discover HRA servers automatically.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. On Server2, configure the EnableDiscovery registry key.
B. On DC1, create an alias (CNAME) record.
C. On DC1, create a service location (SRV) record.
D. In a GPO, modify the Request Policy setting for the NAP Client Configuration.
E. On all of the client computers, configure the EnableDiscovery registry key.
Q186. Your network contains an Active Directory forest named contoso.com. The forest contains two sites named Main and Branch. The Main site contains 400 desktop computers and the Branch site contains 150 desktop computers. All of the desktop computers run Windows 8.
In Main, the network contains a member server named Server1 that runs Windows Server 2012.
You install the Windows Server Update Services server role on Server1.
You need to ensure that Windows updates obtained from Windows Server Update Services (WSUS) are the same for the computers in each site.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. From the Update Services console, create computer groups
B. From the Update Services console, configure the Computers options
C. From the Group Policy Management console, configure the Windows Update settings
D. From the Group Policy Management console, configure the Windows Anytime Upgrade settings
E. From the Update Services console, configure the Synchronization Schedule options
Q187. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server 1. Server1 runs Windows Server 2012 R2. You need to create a 3-TB virtual hard disk (VHD) on Server1. Which tool should you use?
C. File Server Resource Manager (FSRM)
Explanation You can create a VHD from either the Disk Management snap-in or the command line (diskpart). From the DiskPart command-line tool at an elevated command prompt, run the create vdisk command and specify the file (to name the file) and maximum (to set the maximum size in megabytes) parameters. The following code demonstrates how to create a VHD file at C:\\vdisks\\disk1.vdh with a maximum file size of 16 GB (or 16,000 MB).
Q188. Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1. Server1 runs Windows Server 2012.
You create a group Managed Service Account named gservice1.
You need to configure a service named Service1 to run as the gservice1 account.
How should you configure Service1?
A. From a command prompt, run sc.exe and specify the config parameter.
B. From a command prompt, run sc.exe and specify the sdset parameter.
C. From the Services console, configure the General settings.
D. From Windows PowerShell, run Set-Service and specify the -PassThrough parameter.
Explanation: To specify a binary path for the NEWSERVICE service, type: sc config NewService binpath= "ntsd -d c:\\windows\\system32\\NewServ.exe" Reference: Sc config https://technet.microsoft.com/en-us/library/cc990290.aspx
Q189. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. On DC1, you add a new volume and you stop the Active Directory Domain Services (AD DS) service.
You run ntdsutil.exe and you set NTDS as the active instance.
You need to move the Active Directory database to the new volume.
Which Ntdsutil context should you use?
C. Configurable Settings
D. Partition management
Q190. Your network contains an Active Directory domain named contoso.com. The domain contains four servers. The servers are configured as shown in the following table.
You plan to deploy an enterprise certification authority (CA) on a server named Servers. Server5 will be used to issue certificates to domain-joined computers and workgroup computers.
You need to identify which server you must use as the certificate revocation list (CRL) distribution point for Server5.
Which server should you identify?
CDP (and AD CS) always uses a Web Server NB: this CDP must be accessible from outside the AD, but here we don't have to wonder about that as there's only one web server.
Selecting a CRL Distribution Point Because CRLs are valid only for a limited time, PKI clients need to retrieve a new CRL periodically. Windows Server 2003 PKI Applications look in the CRL distribution point extension for a URL that points to a network location from which the CRL object can be retrieved. Because CRLs for enterprise CAs are stored in Active Directory, they can be accessed by means of LDAP. In comparison, because CRLs for stand-alone CAs are stored in a directory on the server, they can be accessed by means of HTTP, FTP, and so on as long as the CA is online. Therefore, you should set the CRL distribution point after the CA has been installed.
The system account writes the CRL to its distribution point, whether the CRL is published manually or is published according to an established schedule. Therefore you must ensure that the system accounts for CAs have permission to write to the CRL distribution point. Because the CRL path is also included in every certificate, you must define the CRL location and its access path before deploying certificates. If an Application performs revocation checking and a valid CRL is not available on the local computer, it rejects the certificate.
You can modify the CRL distribution point by using the Certification Authority MMC snap-in. In this way, you can change the location where the CRL is published to meet the needs of users in your organization. You must move the CRL distribution point from the CA configuration folder to a Web server to change the location of the CRL, and you must move each new CRL to the new distribution point, or else the chain will break when the previous CRL expires.
Note On root CAs, you must also modify the CRL distribution point in the CAPolicy.inf file so that the root CA certificate references the correct CDP and AIA paths, if specified. If you are using certificates on the Internet, you must have at least one HTTPs-accessible location for all certificates that are not limited to internal use.
http://technet.microsoft.com/en-us/library/cc771079.aspx Configuring Certificate Revocation It is not always possible to contact a CA or other trusted server for information about the validity of a certificate. To effectively support certificate status checking, a client must be able to access revocation data to determine whether the certificate is valid or has been revoked. To support a variety of scenarios, Active Directory Certificate Services (AD CS) supports industry-standard methods of certificate revocation. These include publication of certificate revocation lists (CRLs) and delta CRLs, which can be made available to clients from a variety of locations, including Active Directory Domain Services (AD DS), Web servers, and network file shares.