Download Configuring Advanced Windows Server 2012 Services.70-412.SelfTestEngine.2019-04-02.270q.tqb

Vendor: Microsoft
Exam Code: 70-412
Exam Name: Configuring Advanced Windows Server 2012 Services
Date: Apr 02, 2019
File Size: 18 MB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAM_HUB

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
Your company recently deployed a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2. 
You need to identify the time-to-live (TTL) value for domain referrals to the NETLOGON and SYSVOL shared folders. 
Which tool should you use?
  1. Ultrasound
  2. Replmon
  3. Dfsdiag
  4. Frsutil
Correct answer: C
Explanation:
DFSDIAG can check your configuration in five different ways:Checking referral responses (DFSDIAG /TestReferral) Checking domain controller configuration Checking site associations Checking namespace server configuration Checking individual namespace configuration and integrity References: https://blogs.technet.microsoft.com/josebda/2009/07/15/five-ways-to-check-your-dfs-namespaces-dfs-n-configuration-with-the-dfsdiag-exe-tool/
DFSDIAG can check your configuration in five different ways:
  • Checking referral responses (DFSDIAG /TestReferral) 
  • Checking domain controller configuration 
  • Checking site associations 
  • Checking namespace server configuration 
  • Checking individual namespace configuration and integrity 
References: https://blogs.technet.microsoft.com/josebda/2009/07/15/five-ways-to-check-your-dfs-namespaces-dfs-n-configuration-with-the-dfsdiag-exe-tool/
Question 2
Your network contains two Active Directory forests named contoso.com and adatum.com. Contoso.com contains one domain. Adatum.com contains a child domain named child.adatum.com. 
Contoso.com has a one-way forest trust to adatum.com. Selective authentication is enabled on the forest trust. 
Several user accounts are migrated from child.adatum.com to adatum.com. Users report that after the migration, they fail to access resources in contoso.com. The users successfully accessed the resources in contoso.com before the accounts were migrated. 
You need to ensure that the migrated users can access the resources in contoso.com. 
What should you do?
  1. Replace the existing forest trust with an external trust.
  2. Run netdom and specify the /quarantine attribute.
  3. Disable SID filtering on the existing forest trust.
  4. Disable selective authentication on the existing forest trust.
Correct answer: C
Explanation:
Security Considerations for Trusts Need to gain access to the resources in contoso.com Disabling SID Filter Quarantining on External Trusts Although it reduces the security of your forest (and is therefore not recommended), you can disable SID filter quarantining for an external trust by using the Netdom.exe tool. You should consider disabling SID filter quarantining only in the following situations:* Users have been migrated to the trusted domain with their SID histories preserved, and you want to grant them access to resources in the trusting domain based on the SID history attribute. Etc. Incorrect Answers:B. Enables administrators to manage Active Directory domains and trust relationships from the command prompt, /quarantine Sets or clears the domain quarantine. D. Selective authentication over a forest trust restricts access to only those users in a trusted forest who have been explicitly given authentication permissions to computer objects (resource computers) that reside in the trusting forest. References: Security Considerations for Trustshttps://technet.microsoft.com/en-us/library/cc755321(v=ws.10).aspx
Security Considerations for Trusts 
Need to gain access to the resources in contoso.com 
Disabling SID Filter Quarantining on External Trusts 
Although it reduces the security of your forest (and is therefore not recommended), you can disable SID filter quarantining for an external trust by using the Netdom.exe tool. You should consider disabling SID filter quarantining only in the following situations:
* Users have been migrated to the trusted domain with their SID histories preserved, and you want to grant them access to resources in the trusting domain based on the SID history attribute. 
Etc. 
Incorrect Answers:
B. Enables administrators to manage Active Directory domains and trust relationships from the command prompt, /quarantine Sets or clears the domain quarantine. 
D. Selective authentication over a forest trust restricts access to only those users in a trusted forest who have been explicitly given authentication permissions to computer objects (resource computers) that reside in the trusting forest. 
References: Security Considerations for Trusts
https://technet.microsoft.com/en-us/library/cc755321(v=ws.10).aspx
Question 3
Your network contains an Active Directory forest named contoso.com. The forest contains three domains. All domain controllers run Windows Server 2012 R2. 
The forest has a two-way realm trust to a Kerberos realm named adatum.com. 
You discover that users in adatum.com can only access resources in the root domain of contoso.com. 
You need to ensure that the adatum.com users can access the resources in all of the domains in the forest. 
What should you do in the forest?
  1. Delete the realm trust and create a forest trust.
  2. Delete the realm trust and create three external trusts.
  3. Modify the incoming realm trust.
  4. Modify the outgoing realm trust.
Correct answer: D
Explanation:
A one-way, outgoing realm trust allows resources in your Windows Server domain (the domain that you are logged on to at the time that you run the New Trust Wizard) to be accessed by users in the Kerberos realm. You can establish a realm trust between any non-Windows Kerberos version 5 (V5) realm and an Active Directory domain. This trust relationship allows cross-platform interoperability with security services that are based on other versions of the Kerberos V5 protocol, for example, UNIX and MIT implementations. Realm trusts can switch from nontransitive to transitive and back. Realm trusts can also be either one-way or two-way. Reference: Create a One-Way, Outgoing, Realm Trust
  • A one-way, outgoing realm trust allows resources in your Windows Server domain (the domain that you are logged on to at the time that you run the New Trust Wizard) to be accessed by users in the Kerberos realm. 
  • You can establish a realm trust between any non-Windows Kerberos version 5 (V5) realm and an Active Directory domain. This trust relationship allows cross-platform interoperability with security services that are based on other versions of the Kerberos V5 protocol, for example, UNIX and MIT implementations. Realm trusts can switch from nontransitive to transitive and back. Realm trusts can also be either one-way or two-way. 
Reference: Create a One-Way, Outgoing, Realm Trust
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!