Want to know Ucertify exam 70 417 Exam practice test features? Want to lear more about Microsoft Upgrading Your Skills to MCSA Windows Server 2012 certification experience? Study Real Microsoft 70 417 exam answers to Down to date 70 417 pdf questions at Ucertify. Gat a success with an absolute guarantee to pass Microsoft microsoft 70 417 (Upgrading Your Skills to MCSA Windows Server 2012) test on your first attempt.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Microsoft 70-417 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 70-417 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/70-417-exam-dumps.html
Q181. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as an enterprise certification authority (CA).
You need to ensure that all of the users in the domain are issued a certificate that can be used for the following purposes:
Email security
Client authentication
Encrypting File System (EFS)
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Modify the properties of the User certificate template, and then publish the template.
B. From a Group Policy, configure the Certificate Services Client Certificate Enrollment Policy settings.
C. From a Group Policy, configure the Automatic Certificate Request Settings settings.
D. Duplicate the User certificate template, and then publish the template.
E. From a Group Policy, configure the Certificate Services Client Auto-Enrollment settings.
Answer: D,E
Explanation:
The default user template supports all of the requirements EXCEPT autoenroll as shown below:
However a duplicated template from users has the ability to autoenroll:
The Automatic Certificate Request Settings GPO setting is only available to Computer, not user.
Q182. A global catalog server is available to directory clients when Domain Name System (DNS) servers can locate it as a global catalog server. In which order do the following events need to occur before the catalog server is ready?
A) The Net Logon service on the domain controller has updated DNS with global-catalogspecific service (SRV) resource records.
B) The isGlobalCatalogReadyrootDSE attribute is set to TRUE.
C) The global catalog receives replication of read-only replicas to the required occupancy level.
A. C then A, then B
B. B then C, then A
C. A then C, then B
D. C then B, then A
Answer: A
Explanation:
http://technet.microsoft.com/fr-fr/library/cc739901%28v=ws.10%29.aspx Verify global catalog readiness When a global catalog server has satisfied replication requirements, the isGlobalCatalogReady Root DSE attribute is set to TRUE and the global catalog is ready to serve clients.http://technet.microsoft.com/de-de/library/howglobal-catalog-serverswork%28v=ws.10%29.aspx How the Global Catalog Works Global Catalog Server Creation and Advertisement By default, before a domain controller advertises itself as a global catalog server in DNS, the global catalog contents must be replicated to the server. This process involves replication of a partial, read-only replica of every domain in the forest except for the domain for which the new global catalog server is authoritative. The duration of this process depends on how many domains the forest contains, the size of the domains, and the relative locations of source and destination domain controllers. If multiple domains are in the forest and if source domain controllers are located only in distant sites, the process takes longer than if all domains are in the same site or in only a few sites. When replication must occur between sites to create the global catalog, replication occurs according to the site link schedule. Requirements for Global Catalog Readiness By default, a global catalog server is not considered "ready" (the server advertises itself in DNS as a global catalog server) until all read-only directory partitions have been fully replicated to the new global catalog server. The Global Catalog Partition Occupancy registry entry under HKEY_Local_Machine\System \CurrentControlSet \Services \NTDS\Parameters determines the requirements for how many read- only directory partitions must be present on a domain controller for it to be considered a global catalog server, from no partitions (0) to all partitions (6). For domain controllers that run Windows Server 2003 or later, the default occupancy value requires that all read-only directory partitions be replicated to the global catalog server before the Net Logon service registers SRV resource records in DNS. For most conditions, this default provides the best option for ensuring that a global catalog server provides a consistent view of the directory. In less common circumstances, however, it might be useful to make the global catalog server available with an incomplete set of partial domain directory partitions for example, when delay of replication of a domain that is not required by users is jeopardizing their ability to log on.
Q183. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
On all of the domain controllers, Windows is installed in C:\Windows and the Active Directory database is located in D:\Windows\NTDS\.
All of the domain controllers have a third-party application installed.
The operating system fails to recognize that the application is compatible with domain controller cloning.
You verify with the application vendor that the application supports domain controller cloning.
You need to prepare a domain controller for cloning.
What should you do?
A. In C:\Windows\, create an XML file named DCCIoneConfig.xml and add the application information to the file.
B. In the root of a USB flash drive, add the application information to an XML file named DefaultDCCIoneAllowList.xml.
C. In D:\Windows\NTDS\, create an XML file named DCCIoneConfig.xml and add the application information to the file.
D. In D:\Windows\NTDS\, create an XML file named CustomDCCIoneAllowList.xml and add the application information to the file.
Answer: D
Explanation:
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in-active-directory-domainservices-in-windows-server-2012-part-13-domain-controller-cloning.aspx Place the CustomDCCloneAllowList.xml file in the same folder as the Active Directory database (ntds.dit) on the source Domain Controller.
Q184. Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Server1 runs Windows Server 2012 R2. 5erver2 runs Windows Server 2008 R2 Service Pack 1 (SP1) and has the DHCP Server server role installed.
You need to manage DHCP on Server2 by using the DHCP console on Server1.
What should you do first?
A. From the Microsoft Management Console on Server1, add a snap-in.
B. From Server Manager on Server2, enable Windows Remote Management.
C. From Windows PowerShell on Server2, run Enable-PSRemoting.
D. From Server Manager on Server1, install a feature.
Answer: B
Q185. RAG DROP
You have a server named Server2 that runs Windows Server 2012 R2. You have storage provisioned on Server2 as shown in the exhibit. (Click the Exhibit button.)
You need to configure the storage so that it appears in Windows Explorer as a drive letter on Server1.
Which three actions should you perform in sequence? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q186. Your network contains three Active Directory forests. Each forest contains an Active Directory Rights Management Services (AD RMS) root cluster.
All of the users in all of the forests must be able to access protected content from any of the forests.
You need to identify the minimum number of AD RMS trusts required.
How many trusts should you identify?
A. 2
B. 3
C. 4
D. 6
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/dd772648%28v=ws.10%29.aspx AD RMS Multi-forest Considerations
Q187. RAG DROP
Your network contains four servers that run Windows Server 2012 R2.
Each server has the Failover Clustering feature installed. Each server has three network
adapters installed. An iSCSI SAN is available on the network.
You create a failover cluster named Cluster1. You add the servers to the cluster.
You plan to configure the network settings of each server node as shown in the following
table.
You need to configure the network settings for Cluster1.
What should you do?
To answer, drag the appropriate network communication setting to the correct cluster network or networks. Each network communication setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q188. Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2.
You have a Password Settings object (PSOs) named PSO1. You need to view the settings of PSO1. Which tool should you use?
A. Get-ADDomainControllerPasswordReplicationPolicy
B. Get-ADDefaultDomainPasswordPolicy
C. Server Manager
D. Get-ADFineGrainedPasswordPolicy
Answer: D
Explanation:
Explanation http://technet.microsoft.com/en-us/library/ee617231.aspx
Q189. Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1.
You create a global group named RODC_Admins.
You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on RODC1.
The solution must not provide RODC_Admins with the ability to manage Active Directory objects.
What should you do?
A. From a command prompt, run the dsadd computer command.
B. From Active Directory Users and Computers, run the Delegation of Control Wizard.
C. From Active Directory Users and Computers, configure the Member Of settings of the RODC1 account.
D. From a command prompt, run the dsmgmt local roles command.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc731885.aspx http://technet.microsoft.com/en-us/library/cc732473.aspx Manages Administrator Role Separation for a read-only domain controller (RODC). Administrator role separation provides a nonadministrative user with the permissions to install and administer an RODC, without granting that user permissions to do any other type of domain administration.
Q190. OCSetup is available as part of the Windows Vista and Windows Server 2008 operating system. This tool replaces Sysocmgr.exe, which is included in the Windows XP and Windows Server 2003 operating systems.
This new tool can be used to perform which one of the following operations?
A. All of these
B. Microsoft System Installer (MSI) files that are passed to the Windows Installer service (MSIExec.exe)
C. Component-Based Servicing (CBS) components that are passed to Package Manager
D. CBS or MSI packages that have an associated custom installer .exe file
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/dd799247%28v=ws.10%29.aspx OCSetup Command-Line Options The Windows?Optional Component Setup (OCSetup.exe) tool is a command-line tool that can be used to add system components to an online Windows image. It installs or removes Component-Based Servicing (CBS) packages online by passing packages to the Deployment Image Servicing and Management (DISM) tool for installation or removal. OCSetup can also be used to install Microsoft System Installer (MSI) packages by calling the Windows Installer service (MSIExec.exe) and passing Windows Installer components to it for installation or removal. The MSI file must be signed by Microsoft to be able to be installed by using OCSetup. In addition, OCSetup can be used to install CBS or MSI system component packages that have associated custom installers (.exe files). The OCSetup tool is available as part of the Windows?7 and Windows Server?2008 R2 operating systems. You can use OCSetup.exe on a computer running Windows 7 or Windows Server 2008 R2.
