IT認証試験問題集
毎月、ITshikenは1500人以上の受験者が試験準備を助けて、試験に合格するために受験者にご協力します
 ホームページ / 70-412 問題集  / 70-412 問題練習

Microsoft 70-412 問題練習

Configuring Advanced Windows Server 2012 Services 試験

最新更新時間: 2019/07/10,合計707問。

平成から令和へ:70-412 最新真題を買う時、日本語版と英語版両方を同時に獲得できます。

実際の問題集を練習し、試験のポイントを了解し、テストに申し込むするかどうかを決めることができます。

さらに試験準備時間の35%を節約するには、70-412 問題集を使用してください。

 / 48

Question No : 1
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
Server1 is an enterprise root certification authority (CA) for contoso.com.
You need to ensure that the members of a group named Group1 can request code signing certificates. The certificates must be issued automatically to the members.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

正解:
Explanation:
Best Practices include: Duplicate new templates from existing templates closest in function to the intended template.
New certificate templates are duplicated from existing templates. Many settings are copied from the original template. Because of this, duplicating one template to another of a totally different type may carry over some unintended settings. When duplicating a template, examine the subject type of the original template and ensure that you duplicate one that has a similar function to that of the intended template. Although most settings for certificate templates can be edited once the template is duplicated, the subject type cannot be changed.
Reference: Deploying Certificate Templates https://technet.microsoft.com/en-us/library/cc770794%28v=ws.10%29.aspx

Question No : 2
Your network contains an Active Directory domain named adatum.com. The domain contains a server named CA1 that runs Windows Server 2012 R2. CA1 has the Active Directory Certificate Services server role installed and is configured to support key archival and recovery.
You need to ensure that a user named User1 can decrypt private keys archived in the Active Directory Certificate Services (AD CS) database. The solution must prevent User1 from retrieving the private keys from the AD CS database.
What should you do?

正解:
Explanation:
Understanding the Key Recovery Agent Role
KRAs are Information Technology (IT) administrators who can decrypt users' archived private keys. An organization can assign KRAs by issuing KRA certificates to designated administrators and configure them on the CA. The KRA role is not one of the default roles defined by the Common Criteria specifications but a virtual role that can provide separation between Certificate Managers and the KRAs. This allows the separation between the Certificate Manager, who can retrieve the encrypted key from the CA database but not decrypt it, and the KRA, who can decrypt private keys but not retrieve them from the CA database.
Reference: Understanding User Key Recovery

Question No : 3
Your network contains an Active Directory domain named contoso.com. The domain contains a certification authority (CA).
You suspect that a certificate issued to a Web server is compromised.
You need to minimize the likelihood that users will trust the compromised certificate.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

正解:
Explanation:
First revoke the certificate, then publish the CRL.

Question No : 4
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Rights Management Services server role installed.
Your company works with a partner organization that does not have its own Active Directory Rights Management Services (AD RMS) implementation.
You need to create a trust policy for the partner organization.
The solution must meet the following requirements:
• Grant users in the partner organization access to protected content.
• Provide users in the partner organization with the ability to create protected content.
Which type of trust policy should you create?

正解:
Explanation:
In AD RMS rights can be assigned to users who have a federated trust with Active Directory Federation Services (AD FS). This enables an organization to share access to rights-protected content with another organization without having to establish a separate Active Directory trust or Active Directory Rights Management Services (AD RMS) infrastructure.
Incorrect:
Not C. Trusted publishing domains allow one AD RMS server to issue use licenses that correspond with a publishing license issued by another AD RMS server, but in this scenario the partner organization does not have any Active Directory.
Not D. A trusted user domain, often referred as a TUD, is a trust between AD RMS clusters, but in this scenario the partner organization does not have any Active Directory.
Reference: AD RMS and AD FS Considerations
http://technet.microsoft.com/en-us/library/dd772651(v=WS.10).aspx

Question No : 5
Your network contains an Active Directory domain named contoso.com. The domain contains an IP Address Management (IPAM) server that uses a Windows Internal Database. You install a Microsoft SQL Server 2012 instance on a new server. You need to migrate the IPAM database to the SQL Server instance.
Which cmdlet should you run?

正解:
Explanation:
The Move-IpamDatabase cmdlet migrates the IP Address Management (IPAM) database to a Microsoft SQL Server database. You can migrate from Windows Internal Database (WID) or from a SQL Server database. The cmdlet creates a new IPAM schema and copies all data from the existing IPAM database. After the cmdlet completes copying data, it changes IPAM configuration settings to refer to the new database as the IPAM database.
Reference: Move-IpamDatabase

Question No : 6
HOTSPOT
Your network contains an Active Directory domain named contoso.com.
You install the IP Address Management (IPAM) Server feature on a server named Server1 and select Manual as the provisioning method.
The IPAM database is located on a server named SQL1.
You need to configure IPAM to use Group Policy Based provisioning.
What command should you run first? To answer, select the appropriate options in the answer area.






正解:


Explanation:
The choice of a provisioning method is permanent for the current installation of IPAM Server. To change the provisioning method, you must uninstall and reinstall IPAM Server.
Reference: Choose an IPAM Provisioning Method

Question No : 7
You have a failover cluster named Cluster1 that contains four nodes. All of the nodes run Windows Server 2012 R2.
You need to force every node in Cluster1 to contact immediately the Windows Server Update Services (WSUS) server on your network for updates.
Which tool should you use?

正解:
Explanation:
The Add-CauClusterRole cmdlet adds the Cluster-Aware Updating (CAU) clustered role that provides the self-updating functionality to the specified cluster. When the CAU clustered role has been added to a cluster, the failover cluster can update itself on the schedule that is specified by the user, without requiring an external computer to coordinate the cluster updating process.
Incorrect:
Not B. The wuauclt utility allows you some control over the functioning of the Windows Update Agent. It is updated as part of Windows Update.
The following are the command line for wuauclt.
Option Description
/a /ResetAuthorization
Initiates an asynchronous background search for applicable updates. If Automatic Updates is disabled, this option has no effect.
/r /ReportNow
Sends all queued reporting events to the server asynchronously.
/? /h /help
Shows this help information.
Not D.
The Invoke-CauScan cmdlet performs a scan of cluster nodes for applicable updates and returns a list of the initial set of updates that would be applied to each node in a specified cluster.
Note: The Invoke-CauRun cmdlet performs a scan of cluster nodes for applicable updates and installs those updates via an Updating Run on the specified cluster.
Reference: Add-CauClusterRole
http://technet.microsoft.com/en-us/library/hh847235(v=wps.620).aspx

Question No : 8
HOTSPOT
Your network contains two Web servers named Server1 and Server2. Both servers run Windows Server 2012 R2.
Server1 and Server2 are nodes in a Network Load Balancing (NLB) cluster. The NLB cluster contains an application named App1 that is accessed by using the name appl.contoso.com.
The NLB cluster has the port rules configured as shown in the exhibit. (Click the Exhibit button.)



To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.






正解:


Explanation:
* Port 80 is in Single mode.
* An HTTP session is a sequence of network request-response transactions. An HTTP client initiates a request by establishing a Transmission Control Protocol (TCP) connection to a particular port on a server (typically port 80, occasionally port 8080.

Question No : 9
Your network contains three servers named HV1, HV2, and Server1 that run Windows Server 2012 R2. HV1 and HV2 have the Hyper-V server role installed. Server1 is a file server that contains 3 TB of free disk space. HV1 hosts a virtual machine named VM1. The virtual machine configuration file for VM1 is stored in D:\VM and the virtual hard disk file is stored in E:\VHD.
You plan to replace drive E with a larger volume.
You need to ensure that VM1 remains available from HV1 while drive E is being replaced. You want to achieve this goal by using the minimum amount of administrative effort.
What should you do?

正解:
Explanation:
One of the great new features coming in Windows Server 2012 is Storage Migration for Hyper-V. Storage Migration allows an administrator to relocate the source files that make up a virtual machine to another location without any downtime.
Storage Migration creates a copy of the file or files at the new location. Once that is finished, Server 2012 does a final replication of changes and then the virtual machine uses the files in the new location.
Reference: Windows Server 2012 Hyper-V Part 3: Storage Migration

Question No : 10
You have a server named Server1 that runs Windows Server 2012 R2.
Server1 fails.
You identify that the master boot record (MBR) is corrupt.
You need to repair the MBR.
Which tool should you use?

正解:
Explanation:
Repairing an unbootable Windows installation with bootrec.exe
If the boot/recovery partition is corrupted or lost, you can modify your Windows OS partition to boot.

Question No : 11
You have a server named Server1 that runs Windows Server 2012 R2.
Windows Server 2012 R2 is installed on volume C.
You need to ensure that Safe Mode with Command Prompt loads the next time Server1 restarts.
Which tool should you use?

正解:
Explanation:
How To Force Windows To Restart in Safe Mode

Question No : 12
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server role installed.
You need to store the contents of all the DNS queries received by Server1.
What should you configure?

正解:
Explanation:
Debug logging allows you to log the packets sent and received by a DNS server. Debug logging is disabled by default, and because it is resource intensive, you should only activate it temporarily when you need more specific detailed information about server performance.
References: Active Directory 2008: DNS Debug Logging Facts...

Question No : 13
You have a server named DNS1 that runs Windows Server 2012 R2. You discover that the DNS resolution is slow when users try to access the company intranet home page by using the URL http://companyhome. You need to provide single-label name resolution for Company Home that is not dependent on the suffix search order.
Which three cmdlets should you run? (Each correct answer presents part of the solution. Choose three.)

正解:
Explanation:
You can use this task to create a GlobalNames zone to maintain a set of single-label, Domain Name System (DNS) names that Windows Server 2008 DNS servers can resolve on behalf of DNS clients throughout a single forest in Active Directory Domain Services (AD DS).
Deploying a GlobalNames zone in a single forest requires that you perform the following steps:

Question No : 14
You have a server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. Shadow copies are enabled on all volumes.
You need to delete a specific shadow copy. The solution must minimize server downtime.
Which tool should you use?

正解:
Explanation:
References: https://technet.microsoft.com/en-us/library/cc754968(v=ws.11).aspx

Question No : 15
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 and a member server named Server1. All servers run Windows Server 2012 R2.
You install the IP Address Management (IPAM) Server feature on Server1.
From the Provision IPAM wizard, you select the Group Policy Based provisioning method and enter a GPO name prefix of IPAM1.
You need to provision IPAM by using Group Policy.
What command should you run on Server1 to complete the process? To answer, select the appropriate options in the answer area.






正解:


Explanation:
The Invoke-IpamGpoProvisioning cmdlet creates and links three group policies specified in the Domain parameter for provisioning required access settings on the server roles managed by the computer running the IP Address Management (IPAM) server.
Reference: Invoke-IpamGpoProvisioning

 / 48