logo image

70-412 diglet 1-17

When you configure port rules for NLB clusters, you will need to configure all of the options listed here, except for one. Which option in this list will you not configure for a port rule?
The node IP address the rule should apply to
Which of the following statements about Network Load Balancing is incorrect?
Network adapters in the NLB cluster can use both multicast and unicast simultaneously.
From where would you add Network Load Balancing to a Windows Server 2012 computer?
Server Manager
Which of the following technologies transparently distributes traffic across multiple servers by using virtual IP addresses and a shared name?
Network Load Balancing
Which NLB control command would be the correct one to use to gracefully prepare a node for a planned maintenance activity?
Drainstop
To configure an NLB cluster after installing NLB on the Windows Server 2012 computer, you must configure three types of parameters. Which of the following is not one of the three you must configure?
Firewall rules
Which PowerShell cmdlet here will correctly install NLB and the NLB management console?
Add-WindowsFeature NLB,RSAT-NLB
Which PowerShell cmdlet is used to delete an NLB cluster?
Remove-NlbCluster
Which PowerShell cmdlet is used to add a new dedicated IP to an NLB cluster node?
Add-NlbClusterNodeDip
In which NLB cluster operation mode is the MAC address of every node’s network adapter replaced with a single shared MAC address?
Unicast
While logged into a Windows Server 2012 computer that is part of an NLB cluster, which of the following PowerShell one-liners is the correct way to change or set the primary IP address of the cluster?
Get-NlbCluster | Set-NlbCluster -ClusterPrimaryIP IPaddress
Which of the following is a constraint of using NLB clusters in unicast mode that you will need to design for?
You will need separate cluster and management network adapters if you manage the nodes from a different TCP/IP subnet than the cluster network.
Which cluster operation mode is designed to prevent the network switch from flooding with traffic?
IGMP Multicast
In Windows Server 2012, how many virtual machines can be utilized in a cluster?
4000
How are storage devices typically assigned to only a single cluster on the network?
By using LUN masking or zoning
Which storage technology is a low-cost option that typically requires the cluster nodes to be physically close to the drives?
iSCSI
Clusters running on which of the following operating systems are supported for migration to Windows Server 2012? (Choose all that apply)
Windows Server 2008 R2
Windows Server 2008
When failover clusters connect to, and use, a shared storage device using Fibre Channel, what name is given to the Fibre Channel network?
The fabric
There are many requirements that must be met in order to build a failover cluster using Windows Server 2012. Which of the items listed here is not an actual requirement you must meet?
All servers must be joined to an Active Directory domain
Put the following steps into the correct order to install the failover clustering feature on a Windows Server 2012 computer.
a. Open Server Manager
b. Click Manage, then click Add Roles and Features
c. Select Role-based or feature-based installation
d. Select the Failover Clustering option
e. Click to Add Features
f. Click Install
Which PowerShell cmdlet would you need to use to configure the possible nodes that can own a resource in a failover cluster?
Set-ClusterOwnerNode
When configuring shared storage for a cluster, there are several requirements that you must keep in mind. Of the items listed here, which one is not a requirement when configuring the shared storage?
The disks must be only GPT, not MBR
In a cluster with an even number of nodes, what must be used to break ties during node failure?
A witness
Which PowerShell cmdlet would be used to add a new resource group to a failover cluster configuration?
Add-ClusterGroup
What mode of Cluster Aware Updating has an administrator triggering the updates manually from the orchestrator?
Remote-updating mode
A production-ready failover cluster requires what minimum number of nodes?
Two
Cluster Shared Volume, in Windows Server 2012, offers faster throughput when integrated with what?
Server Message Block (SMB) Multichannel
11. When using VM Monitoring for Hyper-V VMs, what event ID will be logged when a monitored service is deemed to be unhealthy?
1250
2. Which of the following statements are true concerning SMB Multichannel in SMB 3.0? (Choose all that apply)
All of the above
20. Server Message Block (SMB) 3.0 provides many changes that add functionality and improve performance. Which of the following features reduces the latency when accessing files over slow WAN links?
Server Message Block (SMB) 3.0 provides many changes that add functionality and improve performance. Which of the following features reduces the latency when accessing files over slow WAN links?
SMB Directory Leasing
12. When using VM Monitoring for Hyper-V VMs, into what event log will events be logged when a monitored service is deemed to be unhealthy?
System
13. Which of the following PowerShell cmdlets correctly configures VM Monitoring for the DHCPClient service on the VM named VM42?
Add-ClusterVMMonitoredItem â VirtualMachine â VM42â â Service DHCPClient
5. How does the Scale-Out File Server provide for multiple nodes to access the same volume at the same time?
CSV and CSV cache
14. If a monitored VM is gracefully restarted on its current Hyper-V host and it subsequently fails again, what will VM Monitoring next attempt?
Move the VM to another cluster node and restart it again
22. Server Message Block (SMB) 3.0 provides many changes that add functionality and improve performance. Which of the following features encrypts traffic?
SMB Encryption
1. The High Availability Wizard allows you to configure several pre-selected high availability roles in a cluster. Which of the following are options that are available to choose from? (Choose all that apply)
Distributed Transaction Coordinator (DTC)

Exchange Server

10. When configuring the failure threshold on the Failover tab, you can opt to leave the cluster in a failed state by configuring what two options? (Choose two answers)
The maximum number of failures that can occur

The length of time in hours

4. Which of the following features are not supported on the Scale-Out File Server? (Choose all that apply)
DFS replication

File Server Resource Manager

NFS

15. Which of the following features of the General Use File Server clustering role is the only change from Windows Server 2008 R2 to Windows Server 2012?
Support for SMB 3.0
8. What does the priority value for the cluster role specify?
The order in which roles are started up
9. How does the selection of the preferred node affect failover of the cluster resources?
Allows you to control which node the resources come online on after a failure
7. How do you change the value of the preferred node in a cluster?
List the servers in the preferred order
18. Which SMB 3.0 feature minimizes processor utilization when performing large file I/O operations?
SMB Direct
16. When creating a new General Use File Server role, which SMB settings are enabled by default, but can be disabled if desired? (Choose all that apply)
Enable continuous availability

Encrypt data access

3.What new management functionality is introduced with SMB 3.0?
PowerShell cmdlets for SMB
21. Server Message Block (SMB) 3.0 provides many changes that add functionality and improve performance. Which of the following features allows users to scale shared bandwidth by adding cluster nodes?
SMB Scale Out
32. What is the process by which you move an entire VM or parts of a VM to another physical server without a cluster?
v
Live Migration
30. What is the process by which you move an entire VM or parts of a VM to another physical server using a cluster?
Quick Migration
29. What is the process by which you move the storage of a VM from one physical server to another without a cluster?
Storage Migration
1. In regard to Live Migration, which of the following prerequisites must be met before attempting the Live Migration? (Choose all that apply)
All hosts must use processors from the same manufacturer

All hosts must support hardware virtualization

14. What minimum version of VMware ESX/ESXi must a source VM be running on to allow it to be migrated to Hyper-V using P2V?
3.5 update 5
7. When importing a VM in Windows Server 2012, you have three options available to select from that affect how the import is performed. Which of the following is not one of those options?
Restore the virtual machine (create a new unique ID)
9. You want to use Microsoft System Center Virtual Machine Manager 2012 SP1 in your network to allow you to perform P2V migrations. What operating system must you install on the server to house SCVMM?
Windows Server 2012 only
25. When performing a VM import operation, which option is best selected when you are working from an exported VM template that you will be importing more than once?
Copy the virtual machine (create a new unique ID)
What two factors are the primary items impacting the speed of a Quick Migration? (Choose two answers)
The speed of the network between the source and destination servers

The amount of memory that needs to be written to disk

5. Quick Migration occurs within the confines of what?
A failover cluster
11. Before you can work with OVF files on your SCVMM server, what must you first do?
Apply the OVF Import/Export tool
8. If you want to use an exported VM as a template to create multiple VMs, what should you do on the source VM before performing the export?
Run sysprep
32. What is the process by which you move an entire VM or parts of a VM to another physical server without a cluster?
Live Migration
10. Which of the following VM file formats can be migrated using the V2V method by Microsoft System Center Virtual Machine Manager? (Choose all that apply)
OVF

VMware

Citrix XenServer

3. When performing a Live Migration, there are several options available to choose from that control how the LM will occur. Which of the following is not one of these options?
Move only the snapshot files
2. If you will be performing Live Migration using remote management tools, what must you first do to allow for Kerberos authentication to function?
Configure Kerberos constrained delegation on the source server
13. When performing a P2V migration using SCVMM, there are several limitations that must be observed. Which of the following source operating systems would be disqualified from a P2V migration?
Windows Server 2003 SP1 32-bit
31. What is the process by which you take a partially or completely configured VM and create other VMs without having to perform the installation and configuration from scratch?
Exporting
23. When performing a Live Migration using the â Move the virtual machineâ s data by selecting where to move the itemsâ option, which of the following advanced options would be the best to choose from to ensure that the folder structure remains the same on the destination server after the LM completes?
Move the VMâ s data automatically
15. Offline P2V migrations are the only available migration method for what types of source servers? (Choose all that apply)
Servers that are domain controllers
6. What two factors are the primary items impacting the speed of a Quick Migration? (Choose two answers)
The speed of the network between the source and destination servers

The amount of memory that needs to be written to disk

12. When performing a P2V migration using SCVMM, there are several limitations that must be observed. Which of the following source server specifications would disqualify it from a P2V migration? (Choose all that apply)
256 MB of RAM installed

Uses BitLocker Drive Encryption on the data volume

29. Select the proper PowerShell cmdlet from this list that is used to configure BranchCache in local caching mode.
Enable-BCLocal
6. Which mode of BranchCache configuration uses one or more dedicated servers to provide the cached copy in the branch office?
b. Hosted cache mode
2. What feature of Windows enables you to integrate Windows users into an existing UNIX or Linux environment?
Identity Management for UNIX
While logged into a Windows Server 2012 computer that is part of an NLB cluster, which of the following PowerShell one-liners is the correct way to change or set the primary IP address of the cluster?
Get-NlbCluster | Set-NlbCluster -ClusterPrimaryIP IPaddress
7. Distributed cache mode is designed for branch offices with what number of clients?
Fewer than 50
17. When configuring a cluster to provide highly available Hyper-V services, which of the following hardware requirements must your server hardware meet?
Provide hardware-assisted virtualization
5. Which of the following protocols is not supported by BranchCache?
NFS
14. What can be configured to create targeted audit policies based on resource properties, and expressions, so that you donâ t have to audit every file?
Dynamic Access Control
15. How is Identity Management for UNIX installed?
Using dism.exe
1. Which of the following is a distributed file system protocol used to access files over the network that is used with UNIX and Linux file server clients?
NFS
4. When configuring UNIX Attributes for an Active Directory user account, which of the following attributes is not available for configuration?
Login script
10. What can you use to configure automatic procedures for defining a desired property on a file based on the conditions specified in a rule?
File classification
31. Select the proper PowerShell cmdlet from this list that is used to increase the BranchCache in storage space.
Add-BCDataCacheExtension
12. When configuring file access auditing, which of the following audit types are available to choose from?
Success, Fail, All
In a failover cluster configured on Windows Server 2012, how are heartbeats transmitted?
Using UDP port 3343 unicast
30. Select the proper PowerShell cmdlet from this list that is used to modify BranchCache configuration.
Set-BCCache
19. Server Message Block (SMB) 3.0 provides many changes that add functionality and improve performance. Which of the following features allows SMB 3.0 clients to not lose an SMB session when failover occurs?
SMB Transparent Failover
9. When configuring the BranchCache hash publication options in Group Policy, you have three options available. Which of the options listed here is not available to configure?
Disallow hash publication on shared folders on which BranchCache is not enabled
13. What feature, first available in Windows 7 and Windows Server 2008, enables you to configure object access auditing for every file and folder on the computerâ s file system?
Global Object Access Auditing
25. Which of the following terms is best described as giving access to a user?
Authorization
25. When performing a VM import operation, which option is best selected when you are working from an exported VM template that you will be importing more than once?
Copy the virtual machine (create a new unique ID)
3. What feature or role must you install to extend the Active Directory schema with UNIX attributes?
Server for NFS
29. Select the proper PowerShell cmdlet from this list that is used to configure BranchCache in local caching mode.
Enable-BCLocal
Put the following steps into the correct order to validate a cluster configuration.
a. Open Server Manager
b. Select Tools > Failover Cluster Manager
c. Enter the server name
d. Select to Run all tests (recommended)
e. Click View Reports
23. When a file is accessed using NFS, what attributes are used by the NFS server to determine if the user has the required permissions to access the file?
UID and GID
24. To create an NFS shared folder on a cluster, you need to install which of the following items on each cluster node?
All of the above
8. Before you can use BranchCache, you must perform several tasks. Which of the following tasks is not required to be performed to use BranchCache?
Configure switches to support BranchCache
32. Select the proper PowerShell cmdlet from this list that is used to configure BranchCache in distributed caching mode.
Enable-BCDistributed
11. Before you can audit access to files, what must you first do? (Choose all that apply)
Specify files to be audited

Enable object access auditing

Many components can be configured redundantly within a server system. Of the components listed, which one is typically not available in a redundant arrangement in a single server system?
Mainboards (motherboards)
14. What can be configured to create targeted audit policies based on resource properties, and expressions, so that you donâ t have to audit every file?
Dynamic Access Control
6. When adding nodes to a cluster, what permission must be granted to the account used to add the nodes to the cluster if that account is not a member of the Domain Administrators security group?
Create Computer Objects
9. You want to use Microsoft System Center Virtual Machine Manager 2012 SP1 in your network to allow you to perform P2V migrations. What operating system must you install on the server to house SCVMM?
Windows Server 2012 only
What type of quorum configuration can sustain the loss of one-half of the cluster nodes (rounded up), minus one?
Node Majority
Put the following steps in the correct order to install the NLB feature on a computer running Windows Server 2012.
Open Server Manager

Click Manage

Click Add Roles and Features

Click Next on the Before you begin page of the Add roles and Features Wizard

Select Role-based or Feature-based installation

Click Next two more times

Select the Network Load Balancing option

Click to Add features when prompted

Which of these represents the largest benefit realized from classifying files and folders? Choose the best answer.
Tasks for files and folders can be automated
To use claims-based authorization in a domain, which of the following items must you have?
Domain Controllers running Windows Server 2012 in the domain
d.
Kerberos
From what locations in Windows Server 2012 can you set classifications on files and folders? (Choose all that apply)
On the folder Properties dialog box

In the File Server Resource Manager console

On the folder Properties dialog box

What Windows Server 2012 feature allows you to define computer-wide auditing of the file system or the registry?
Global Object Access Auditing
Before you attempt to implement a Central Access Policy, which of the following tasks should you first complete?
All of the above
Which of the listed PowerShell cmdlets would be correctly used to modify a Central Access Policy in Active Directory?
Set-ADCentralAccessPolicy
Put the following steps in the correct order to create a claim type based on a user’s department.
a. Open Active Directory Administrative Center

b. Select the Claim Types container

c. Click New > Claim Type

d. Select user

e. Select department

What should you configure if you want to limit access to files with certain classifications within a folder to a specific security group’s members?
A Central Access Policy
What is created so that files are automatically scanned and classified based on their content?
Classification rules
What does Windows Server 2012 provide that allows you to verify that proposed Dynamic Access Control changes accomplish what you intend them to do before actually deploying the changes?
Staging
Before you attempt to implement file classification, which of the following tasks should you not first determine?
The schedule of disk defragmentation
After you create claim types, what is the next step you must perform to allow the claim to function properly?
Configure resource properties
Which of the following would you skip in your planning for deploying Access-Denied Assistance?
The share size where Access-Denied Assistance will be used
Put the following steps in the correct order to create a file classification rule.
a. Open File Server Resource Manager

b. Click Classification Properties

c. Select Create Classification Rule

d. Enter the rule name

e. Set the scope of the rule

f. Set the classification for the files and folders

g. Configure evaluation properties

h. Run the classification process

Claims authorization relies on what?
The Kerberos KDC
What Windows Server 2012 feature helps users determine why they cannot access a folder or a file?
Access-Denied Assistance
What is the best way to allow Dynamic Access Control staging for your Active Directory environment?
Edit a domain Group Policy object to enable Audit Central Access Policy Staging
Which of the following statements are true concerning Kerberos armoring? (Choose all that apply)
Increases Kerberos processing time

Fully encrypts Kerberos messages

What must you specify to create a claim type?
A specific attribute in Active Directory
10. Which Hyper-V disk management command would you need to use to reduce the file size of a virtual hard disk?
Compact
17. You have just attached an iSCSI device to a server running Windows Server 2012. The disk does not show up in Windows Explorer. What is the best way to make the disk available to the server for usage?
Rescan disks in Disk Management
9. What protocol is used to automatically discover, manage, and configure iSCSI devices on a TCP/IP network?
iSNS
5. What role can you install in Windows Server 2012 to provide iSCSI storage to other clients?
iSCSI Target Server role
14. Which component of the iSCSI Target Server role can also be installed to enable applications connected to an iSCSI target to perform volume shadow copies of data on iSCSI virtual disks?
iSCSI Target Storage Provider
20. Which term corresponds to a portion of a storage subsystem?
Logical Unit Number
2. SANs typically use what protocol for communication between servers and storage arrays?
SCSI
15. How are SAN devices typically accessed over the network? (Choose all that apply)
Using Fibre Channel

Using iSCSI

1. How are NAS devices typically accessed over the network? (Choose all that apply)
Using SMB

Using NFS

22. Which term corresponds to an entity that receives iSCSI commands?
iSCSI Target
13. After you have removed the binaries for a feature from your Windows Server 2012 computer, what status will be displayed for that feature if you run the dism /online /get-features command?
Disabled with Payload Removed
3. What is the underlying network protocol used by iSCSI storage network?
BGP
4. Which of the following methods can be used to restrict which servers can connect to an iSCSI target? (Choose all that apply)
. IQN
. DNS name
. MAC address
. IP address
12. Which of the following PowerShell cmdlets correctly removes the BitLocker feature and all of its binaries from the disk?
uninstall-WindowsFeature Bitlocker -Remove
21. Which term corresponds to unique identifiers in an iSCSI network?
iSCSI Qualified Name
8. What is the name of the high-availability technology that establishes multiple sessions or connections to the Fibre Channel storage array by using redundant path components such as switches, adapters, and cables?
Multipath I/O
11. What is the name given to the new Windows Server 2012 capability that allows an administrator to completely remove binaries from the disk for an unneeded role or feature?
Features on Demand
7. What is the name of the high-availability technology that enables multiple TCP/IP connections from the initiator to the target for the same iSCSI session?
Multiple Connection Session
6. Which Windows versions support querying of the iSCSI Initiator computer for the iSCSI Initiator ID? (Choose all that apply)
Windows Server 2012
19. Which term corresponds to an entity that sends SCSI commands to iSCSI storage devices?
iSCSI Initiator
16. Fibre Channel of Ethernet (FCoE) is capable of _________ per second or more.
10 gigabits
How can you manage the Windows Server Backup feature that has been installed on a server that only has the Server Core installation? (Choose all that apply)
. Use the command-line backup tool

Use RSAT from another computer

. Use the Windows Server Backup MMC from another computer

Use PowerShell cmdlets

What type of backup allows you to recover all of the files needed to recover Active Directory?
System state
What is the minimum forest functional level your Active Directory forest must meet to enable the Active Directory Recycle Bin?
Windows Server 2008 R2
What is the best way to back up the Certificate Services database without backing up any extra files? (Choose all that apply)
Perform a full backup

Perform a backup using the certutil.exe command

When you select the “Faster backup performance” option for your backups, what is the net result of this configuration? (Choose all that apply)
Incremental backups are performed

Windows keeps a shadow copy of the source volume

What command-line tool is installed when you install the Windows Server Backup feature?
wbadmin.exe
What type of backup allows you to recover the server to a Windows Recovery Environment?
System reserved
What is contained within the Backup folder created by Windows Server Backup? (Choose all that apply)
Virtual hard disk (VHD) files that are basically duplicates of your volumes

XML files that provide backup history details

What Windows feature captures and stores copies of folders and files at specific points in time, allowing users or administrators to recover accidentally deleted or overwritten files as well as compare different versions of the same file?
Shadow Copies for Shared Volumes
Which VSS component is responsible for ensuring that the data to be backed up is ready for the shadow copy to be created?
VSS writer
What type of backup allows you to recover the server to a Windows Recovery Environment?
System reserved
The maximum amount of time you have to bring a system back online before it has a significant impact on your organization is known as what?
Recovery Time Objective
Which of the following statements is true concerning incremental backups in Windows Server Backup?
You can restore from a single backup
What advantage is offered by using block-level backup in Windows Server Backup?
The blocks are read in the order they appear on the disk
What type of backup allows you to recover all volumes of the failed server including critical data required for recovery?
Full server
What happens if you are using a remote share as the backup location and you change the UNC path after backups have been executed?
. You will not be able to recover the backup data without performing a full restore and creating a new UNC path or resetting the share back to the original configuration
By default, where will backups of DHCP be sent when you configure backups to occur?
%systemroot%WindowsSystem32DhcpBackup
Which of the following would not be a good usage of manual backups?
Making normal backups without a schedule
Which of the following items is not a limitation to keep in mind when deciding to use Windows Online Backups?
Files and folders (data) cannot be backed up
Which of the following commands correctly demonstrates how to back up the forward lookup zone contoso.com to a backup folder location?
DNSCMD /zoneexport contoso.com c:backupcontoso.com.dns.bak
What is the limitation you must be aware of when configuring Windows Server Backup to backup to a shared network folder?
Only one backup at a time can exist
What is the limitation of backing up system state using Windows Server Backup?
It cannot be backed up to a DVD drive
When is the best time to consider performing an authoritative restoration of Active Directory?
When someone accidentally deletes one or more objects and the change is replicated to other domain controllers.
Which of the following can only be recovered using WinRE and the Windows installation media?
System volumes
Regarding Shadow Copies for Shared Volumes, how many copies per volume can be retained before the oldest shadow copy is permanently deleted?
64 copies
Which Advanced Boot option would be most appropriate if you wanted to roll back to a previous state following a server problem?
Last Known Good Configuration
Which of the following system state items will only be found on a domain controller?
SYSVOL
When a Hyper-V VM is reverted back to the state of the last snapshot, what happens to the hierarchy tree of snapshots for that VM?
Nothing
The Boot Configuration Data (BCD) store contains information that controls how your server boots and replaces what file previously used for this function?
boot.ini
Which Advanced Boot option would be most appropriate if your company was a hardware manufacturer and needed to troubleshoot drivers being developed?
Disable Driver Signature Enforcement
From within a Windows session, what methods are available to reboot a domain controller into DSRM? (Choose all that apply)
Use the bcdedit /set safeboot dsrepair command

Use msconfig to configure the server to reboot into DSRM

Which Advanced Boot option would be most appropriate if you wanted to troubleshoot a problematic server that you suspected might be infected with malware?
Safe Mode
What is the functional difference between a non-authoritative restoration of Active Directory versus an authoritative restoration?
. The objects that are restored in the non-authoritative restoration could be overwritten during the next replication cycle.
Which of the following backup configurations does not include the system state data?
Incremental backups
If you see the â Boot Configuration Data for your PC is missing or contains errorsâ message or a similar error during the boot process, what is usually the best first step to take in your corrective actions?
Use the Bootrec /rebuildbcd command
When using the shutdown /r command, what happens when you add /o to the command?
The server will reboot and open the Advanced Boot options menu
When performing a copy or a restore of a file from a volume protected by Shadow Copies for Shared Volumes, what is the difference between a copy and a restore? (Choose all that apply)
A restore will delete the current version of the file that exists
Which Advanced Boot option would be most appropriate if you needed to boot a problematic server and needed to download a new video card driver?
Safe Mode with Networking
Which of the following represents the correct command to use to set the boot timeout value that controls the length of time the computer waits to load the default operating system?
Bcdedit /timeout
Which of the following is the most likely problem if your server can boot and log in to Safe Mode successfully, but cannot boot and log in normally?
Malware infection
Which of the following WinRE Command Prompt tools would be most appropriately used to cause the computer to boot to a different partition at the next startup?
Bcdedit
Which of the following presents a possible method to access the Windows Recovery Environment (WinRE)?
All of the above
Which of the following represents what an operating system GUID would look like in the BCD store?
. 849ab759-2b7d-11e2-9a4d-10bf4879ebe3
Which of the following items should you keep in mind when performing a restoration of a system volume using WinRE? (Choose all that apply)
If there are any data volumes on the same disk that contain the system volumes, they will be erased as part of the restore process.

The serverâ s current system volume will be erased and replaced with the restored system volume.

The serverâ s hardware must not have changed and your data volumes must still be operational.

Which of the following quorum configurations would not be acceptable for a multi-site cluster configuration? (Choose all that apply)
Node Majority

No Majority

When configuring the subject common name (CN) on an X.509 digital certificate to be used for Hyper-V replication, what value should be used for the subject CN if a failover cluster hosts the VM?
The FQDN of the Hyper-V Replica Broker
Which component of the Hyper-V replica feature tracks changes on the primary copy of a VM?
Change tracking
Which component of the Hyper-V replica feature redirects all VM-specific events to the appropriate node in the replica cluster?
Broker server
What is the default heartbeat interval in a Windows Server 2012 failover cluster?
1 second
What network services will you require in the remote site used to host a multi-site cluster? (Choose all that apply)
DNS
When configuring a multi-site cluster using Windows Server 2012, how can you configure data replication to occur? (Choose all that apply)
. Block level hardware-based replication
. Software-based file replication
. Application-based replication
What must you use to apply encryption to replication traffic for Hyper-V replica?
X.509
What is the primary security implication of choosing the Kerberos authentication option over the certificate-based authentication option when configuring Hyper-V replication?
. The data will not be encrypted while in transit on the network
Which of the following initial replication methods might be best for organizations that wish to configure Hyper-V replication across a slow network connection?
Send initial copy using external media
In order for a digital certificate to be considered valid, what conditions must it generally meet? (Choose all that apply)
The certificate must terminate at a valid root certificate.

The certificate must not be expired or revoked.

Which component of the Hyper-V replica feature provides a secure and efficient way to transfer VM replicas between hosts?
Network module
What extensions must be present in the enhanced key usage (EKU) section of the digital certificate to be used for Hyper-V replica? (Choose all correct answers)
Client Authentication

Server Authentication

Which component of the Hyper-V replica feature manages replication configuration details?
Replication engine
When configuring the subject common name (CN) on an X.509 digital certificate to be used for Hyper-V replication, what value should be used for the subject CN if a standalone server hosts the VM?
The FQDN of the Hyper-V host
What advantage does asynchronous replication offer over synchronous replication?
Application performance is typically improved
IPv6 addresses are written using what number system?
. Hexadecimal
Which of the following represents the best usage of a superscope in DHCP?
To add more IP addresses in a new subnet
Which DHCP client option is used to provide a list of domain names to use in name resolution queries?
Option 15
What term describes the network transmissions method where packets are sent from one host to all other hosts?
Broadcast
When configuring Split Scopes for DHCP, what is the traditional percentage split of the scope range?
80% to the primary server, 20% to the secondary server
By default, after how much time has elapsed in an active DHCP lease will a Windows client computer attempt to renew the lease?
50% of the lease time
Which of the following criteria listed can be used to create conditions in a DHCP policy? (Choose all that apply)
. User Class
. Vendor Class
. MAC address
. Client identifier
Which of the following networks represents the multicast network space, as defined?
224.0.0.0 to 239.255.255.255
Which of the following DHCP high-availability options in Windows Server 2012 allows you to configure two servers to provide DHCP with a load sharing arrangement?
DHCP failover
What is the name of the configurable objects in DHCP that contain the range of IP addresses that can be allocated to clients?
DHCP scopes
IPv4 addresses use an address space that is _____ bits long, as compared to IPv6 addresses, which use an address space that is _____ bits long.
32, 128
When creating a multicast scope in Windows Server 2012, what is the default lease time set to?
30 days
When configuring DHCP failover partners, the time synchronization between the partners is critical. What is the maximum allowable time skew between DHCP failover partners?
60 seconds
Which of the following criteria listed can be used to create conditions in a DHCP policy? (Choose all that apply)
. User Class
.Vendor Class
. MAC address
. Client identifier
IPv6 addresses are written using what number system?
Hexadecimal
What database engine is used for the DHCP database in Windows Server 2012?
Jet
Which of these IPv6 address types is best used for hosts that are reachable from the Internet?
Global unicast addresses
On what port does DHCP failover listen for failover traffic?
TCP port 647
What is the name of the special resource record that Windows Server 2012 DHCP will create to track which machine originally requested a specific name in DNS?
Dynamic Host Configuration Identifier
Which DHCP client option is used to provide a list of IP addresses for the default gateway to the client?
Option 3
What term describes the network transmissions method where packets are sent from one to a specific group of other hosts?
Multicast
Which of the following represents the correct default subnet mask used with Class A networks?
255.0.0.0
Which DHCP client option is used to provide a list of IP addresses for DNS servers?
Option 6
Which DHCP client option is used to provide a list of IP addresses for WINS servers?
Option 44
In a Windows Server 2012 failover cluster, after how many missed heartbeats in a row will a node become failed?
5
3. What is the underlying network protocol used by iSCSI storage network?
BGP
18. Which of the following Hyper-V disk types is characterized as only allocating the amount of physical disk space that is required at that point in time, while still being able to grow to a fixed limit?
Dynamically expanding disk
Regarding DNSSEC, what are the new records created once a zone is signed?
DNSSEC Resource Records
How can you best go about delegating administrative access to those employees who need to be able to manage DNS?
Add the userâ s Active Directory accounts to a special global security group created for this purpose (e.g., DNS Service Managers) and then add that group to the DNS Admins local group.
DNSSEC uses public key infrastructure (PKI) encryption to provide what assurances to DNS clients? (Choose all that apply)
Proof of identity of DNS records

Verified denial of existence

What Windows Server 2012 DNS feature prioritizes DNS responses based on the subnet of the requesting client?
Netmask ordering
On which of the following DNS zone types can DNSSEC be enabled? (Choose all that apply)
A standard primary forward lookup zone

An Active Directory integrated reverse lookup zone

What is the default size of the DNS socket pool?
2,500
By default, where are the DNS debug logs written to?
The %SYSTEMROOT%System32Dns folder
After a DNS zone has been secured with DNSSEC, what additional data will be returned to a client as a result of a query?
Digital signatures for the returned records
Which options should you configure for DNS debug logging to ensure you can later review the full contents of queries performed against the DNS server? (Choose two answers)
Packet contents: Queries/Transfers

Packet type: Request

What feature of Windows Server 2012 DNS is intended to eliminate the need for WINS by providing support for single label names?
GlobalNames zone
What is the purpose of DNS Cache Locking?
It prevents an attacker from replacing records in the resolver cache while the Time to Live (TTL) is still in force.
What DNS security feature in Windows Server 2012 can be configured to allow source port randomization for DNS queries?
Socket pool
Regarding DNSSEC, what is used to sign the zone data?
Zone Signing Key
Which of the following commands would correctly set the DNS socket pool to a value of 7,000?
dnscmd /Config /SocketPoolSize 7000
Regarding DNSSEC, what is used to sign the DNSKEY records at the root of the zone?
Key Signing Key
How are values for DNS Cache Locking expressed?
As a percentage of the TTL
The main page of your companyâ s Intranet portal is accessible by the FQDN home.na.adatum.corp. How would you configure an entry in the GlobalNames zone for this?
Add a single CNAME record pointing to the A record in another zone
What is the function of the RRSIG record?
Used to sign the zone
What is the function of the NSEC record?
Returned to positively deny that the requested A record exists in the zone
Once all IPAM server setup tasks are complete, several scheduled tasks run on the IPAM server. How often does the process run that collects zone status events from DNS servers?
Every 30 minutes
As it pertains to IPAM, what is the name of the process of retrieving a list of all domain controllers, DNS servers, and DHCP servers?
IPAM discovery
Which of the following tasks can you perform when you right-click on a DHCP-issued IP address in the IP Address Inventory section of the IPAM console? (Choose all that apply)
. Delete DHCP reservation

. Delete DNS host record

. Create DHCP reservation

Which of the following can be imported into IPAM using the IPAM console?
All of the above
Which of the following database types can be used with Windows IPAM? (Choose all that apply)
Windows Internal Database
How do you configure multiple IPAM servers to communicate with each other?
You canâ t configure multiple IPAM servers to communicate with each other
Members of which IPAM security group have the privileges to view IP address tracking information?
IPAM IP Audit Administrators
When you opt to use automatic Group Policyâ based provisioning of an IPAM server, several Group Policy Objects are created. How many Group Policy Objects are created?
Three
Once all IPAM server setup tasks are complete, several scheduled tasks run on the IPAM server. How often does the process run that collects IP address space usage data from DHCP servers?
Every 1 day
Members of which IPAM security group have the ability to view information in IPAM and can perform server management tasks?
IPAM MSM Administrators
Which PowerShell cmdlet is the correct one to use to create the IPAM provisioning GPOs?
Invoke-IpamGpoProvisioning
Select the best answer regarding the management capabilities of Windows Server 2012 IPAM.
IPAM cannot manage DNS servers other than those running on Windows Server 2008 and above.
In Window Server 2012 IPAM, what is the second-highest-level entity within the IP address space?
IP address range
In Window Server 2012 IPAM, what is the highest-level entity within the IP address space?
IP address block
Which of the followings statements regarding requirements for an IPAM server is false?
An IPAM server can be a domain controller
Members of which IPAM security group have the privileges to view all IPAM data and perform all IPAM tasks?
IPAM Administrators
Which of the following categories will you not find in the Monitor and Manage section of the IPAM console?
DNS Zone Records
Which domain functional level is no longer supported by Windows Server 2012 domain controllers?
Windows 2000 native
You are the administrator of a multi-domain Active Directory forest. All of your domain controllers are running Windows Server 2008 R2 and your domain and forest functional levels are set to Windows Server 2008. What is the first step you must perform to introduce new servers running Windows Server 2012 as domain controllers?
Upgrade the forest schema
Which of the following items would not be considered a logical component of Active Directory?
Domain Controllers
Which of the following desirable features first became available with the Windows Server 2003 domain functional level?
LastLogonTimestamp attribute
What are the requirements to perform an in-place upgrade of a domain controller to Windows Server 2012? (Choose all that apply)
The domain controller must be running Windows Server 2008 or Windows Server 2008 R2

The forest functional level will need to be at Windows Server 2008 or higher

Which of the following desirable features first became available with the Windows Server 2008 domain functional level?
SYSVOL replication using DFSR instead of NTFRS
Which default security group is created to allow designated users to manage the Active Directory schema of the forest?
Schema Admins
Your forest functional level is currently set to Windows Server 2008. What operating systems can you have domain controllers running on? (Choose all that apply)
.
Windows Server 2012

Windows Server 2008
.
Windows Server 2008 R2

What data is found on a Global Catalog server? (Choose two parts)
A partial copy of all objects for all other domains in the forest

A full copy of all Active Directory objects in the directory for its host domain

In an organization that has three Active Directory forests with a total of six Active Directory domains, how many schemas will exist in the organization?
Three
Which of the following accurately represents a User Principal Name?
What console will you use to configure additional UPN suffixes for your domain?
Active Directory Domains and Trusts
Which of the following desirable features first became available with the Windows Server 2008 R2 forest functional level?
Active Directory recycle bin
You want to use the new features of Key Distribution Center (KDC) support for claims, compound authentication, and Kerberos armoring in your domain. What must you do first? (Choose two answers)
Raise the domain functional level to Windows Server 2012

Install at least one Windows Server 2012 domain controller

Members of which IPAM security group have the privileges to view all IPAM data and perform all IPAM tasks?
. IPAM Administrators
Which of the following statements regarding the server requirements for an IPAM server is false?
Correct b. The server must be running Windows Server 2008 R2 or Windows Server 2012
What will happen to a client that needs to authenticate against Active Directory, but has no site defined for its subnet?
The client will authenticate to a domain controller in another site, over the WAN link
Why is it generally not recommended to configure bridgehead servers manually?
You could disrupt the flow of replication traffic between sites
When examining the netlogon.log file, what will be your indicator that you have a problem with your Active Directory sites or subnets configuration?
A NO_CLIENT_SITE entry
When configuring site link costs in Active Directory, which of the listed WAN links might be considered the most â costlyâ ?
A demand-dial analog link
Which of the following represents the best reason why you need to take care when creating site links within your organization?
So you can optimize replication traffic between sites by using the highest quality, or lowest cost, routes
You have several sites in your Active Directory, some of which have Windows Server 2008 R2 RODCs and others still have Windows Server 2003 DCs. What is the simplest solution to fix the problem of Windows Server 2003 DCs performing automatic site coverage in sites where the Windows Server 2008 R2 RODCs exist?
Download the RODC compatibility pack for the Windows Server 2003 domain controllers.
What default value are all site links costs configured with in Active Directory?
100
Which PowerShell cmdlet is the correct one to use to create a new Active Directory site?
New-ADReplicationSite
What management console is used to manage Active Directory Sites?
Active Directory Sites and Services
What Active Directory component is a domain controller that is used to monitor and make connections with domain controllers in other sites to domain controllers in its site?
Intersite Topology Generator
What value for DNS Cache Locking is considered to be the optimal setting?
100
You have just created a two-way trust in your domain to an external domain used by a partner company to allow your domainâ s users to access a resource in the partnerâ s domain. What is the next step that will need to be performed to complete the trust?
The partner will need to create a two-way trust in the external domain
What type of trust can be used to improve performance when accessing resources in an internal forest?
Shortcut trusts
What type of trust allows users to authenticate and access resources in a non-Windows Kerberos v5 realm, or allows users in a non-Windows Kerberos v5 realm access to resources in an AD DS domain?
Realm trusts
Which of the following is not a scope of trust authentication?
Server authentication
Which of the following is not a type of trust that could be created manually?
Internal trusts
What is the disadvantage of configuring selective authentication for a trust?
The administrative overhead involved to configure and maintain user access to resources
Which of the following attributes are true of the automatically generated trusts created when a domain is added to the forest? (Choose all that apply)
The trust is two-way between the child domain and the root domain

The trust is always transitive

What type of trust allows users of an internal forest to authenticate to and/or gain access to all resources of an external forest?
Forest trusts
To enable foreign security principals to access the shared folder with the UNC path of \SERVER1DocsShare, what permission(s) will you need to configure on the ACL of SERVER1 for the foreign security principals?
Read and Allowed to Authenticate
Which of the following attributes are true when discussing manually created trusts?
The trust can be configured to be one-way or two-way

The trust can be configured to be incoming or outgoing, or both

Members of which IPAM security group have the ability to view information in IPAM and can perform IP address space management tasks?
IPAM ASM Administrators
In which scenario would you want to disable SID filtering?
User accounts have been involved in a domain migration
The creation of a trust between external forests or domains depends on both sides of the trust (domains or forests, as applicable) being able to resolve the forest or domain names on each side of the trust. Which DNS configuration is most commonly used in the real world?
The partner will need to create a two-way trust in the external domain
When disabling SID filtering on a forest trust, what netdom switch should be used?
/enablesidhistory:No
You are attempting to create a one-way outgoing trust to an external domain that has resources in it that your domainâ s users will need to access. The authorized users will be able to access the resources without entering any additional credentials once they have successfully logged in to your domain. When you attempt to create the trust, it fails. You have verified that the domain controllers in the external domain are online. What is most likely the cause of this problem?
Your domain controllers cannot resolve the information for the external domain in DNS
When using the netdom command to validate a trust, what specific switch will you need to use to ensure validation is performed?
/verify
Which of the following scenarios represents the best reason for creating a forest trust between two Active Directory forests?
Company A has purchased Company B
When do you want to enable domain-wide authentication for a trust?
When all users in the trusted domain need to authenticate against the trusting domain
You have just created a one-way incoming trust in your domain for an external domain used by a partner company to allow your domainâ s users to access a resource in the partnerâ s domain. What is the next step that will need to be performed to complete the trust?
The partner will need to create a one-way outgoing trust in the external domain
What type of trust is a one-way or two-way nontransitive trust between domains that are not in the same forest, and that are not already included in a forest trust?
External trusts
To create a forest trust, which of the following requirements must be met? (Choose all that apply)
Both domains involved in the trust must be the forest root domain

Both domains involved in the trust must be at the Windows Server 2003 forest functional level or higher

Which of the following commands correctly illustrates how to create a one-way external trust from the adatum.local domain to the contoso.local domain?
netdom trust adatum.local /Domain:contoso.local /add
What undesirable side effect may result from having the â Bridge All Site Linksâ option disabled?
Replication time and traffic between spokes will increase due to needing to go through the hub location
What Active Directory component can be used to resolve the problem of costly bandwidth and timing restrictions of physical connections?
Site links
Your organization is arranged in a Hub-and-Spoke topology with the main office as the hub and all branch offices as spokes. What two methods can be used to allow the branch offices (remote sites) to replicate directly with each other, not requiring replication via the main office? (Choose two answers)
Enable the â Bridge All Site Linksâ option, with no further actions taken

Create Site Link Bridges between the remote sites

__________ define the logical replication path between sites to perform _________ replication, allowing for faster and optimized replication between sites based on configured costs and frequencies.
Site links, Intersite
It is possible to configure Intersite replication using SMTP transport. When this transport protocol is selected, which partition of the Active Directory database is not replicated?
Domain
What is defined by the replication schedule?
When replication is allowed to occur
Active Directory sites are a logical component of Active Directory that are intended to represent what physical item of an organization?
Geographic locations
What is the lowest possible value that can be configured as a replication interval for site links?
15 minutes
What Active Directory component dynamically creates connection objects between domain controllers that are used for replication?
. Knowledge Consistency Checker
Your organization has six offices spread over three cities in North America. At a minimum, how many Active Directory sites should you plan to have?
Three
By default, how often does Intersite replication occur in Active Directory?
Every 180 minutes
What will happen if the SYSVOL or NETLOGON shares are open (being viewed) anywhere during the DFSR SYSVOL migration?
. The migration will succeed, but the folders in the file system that correspond to the old share locations will not be deleted
Which SYSVOL replication migration state is the first state in which DFSR replication is used as the primary replication mechanism?
Redirected (State 2)
Which SYSVOL replication migration state is done entirely using FRS?
. Start (State 0)
On what domain controller should the DFSR SYSVOL migration process be performed from?
The PDC Emulator of the domain
When a user changes his or her password, to what domain controller is the password change notification sent?
The PDC Emulator
Which SYSVOL replication migration state is done entirely using DFSR?
Eliminated (State 3)
Which of the following scenarios best represents an urgent replication-inducing event?
. A change in the domain account lockout policies
When you initiate the deletion of an RODC, you are given several options to choose from with actions you can take for the passwords that were cached on the RODC. Which of these options is the default configuration when you receive the prompt?
Reset all passwords for user accounts that were cached on this Read-Only Domain Controller

Export the list of accounts that were cached on this Read-Only Domain Controller to this file

How does the KCC go about creating a replication topology for each partition of the Active Directory database?
It will create a separate replication topology for each partition
What is maximum number of hops for replication traffic that the KCC will allow before creating shortcut connections?
Three
What minimum domain functional level will you need to be at before attempting to migrate to DFSR SYSVOL replication?
Windows Server 2008
Why must an RODC be able to connect to at least one Windows Server 2008 or higher domain controller? (Choose all that apply)
a. To replicate the domain partition

So that the Password Replication Policy (PRP) applied to the RODC can be configured and enforced

What happens if a domain controller cannot contact the PDC emulator after processing a user account password change?
The change is non-urgently replicated
Which of the following represents the best reason why you might want to prepopulate passwords on an RODC?
o speed up the initial login for the user at that site
Regarding Intersite and Intrasite replication, which of the following statements is untrue?
Replication data within a site is compressed and encrypted
In which SYSVOL replication migration state is DFSR replication performed in the background?
Prepared (State 1)
When you mark an attribute as â Confidentialâ in the schema, what are you effectively doing?
Marking that attribute to not be replicated to an RODC
What requirements must be met in order to perform the configuration of the Filtered Attribute Set? (Choose all that apply)
The Schema Master must be on a domain controller running Windows Server 2008 or Windows Server 2012

You must perform the change directly on the Schema Master

What is the net result of deleting an RODC and leaving the â Reset all passwords for user accounts that were cached on this Read-Only Domain Controllerâ option selected?
Users will be forced to request a password reset before they can log in the next time
Which of the following scenarios best represents an urgent replication-inducing event?
A change in the domain account lockout policies
To most effectively configure and use a Filtered Attribute Set, what should your domain and forest functional levels be, at a minimum?
Windows Server 2008 or higher in the domain, Windows Server 2008 or higher in the forest
Which of the following repadmin commands would cause updates outward to replication partners and trigger replication across the enterprise as a whole?
REPADMIN /SyncAll /APed
The creation of a trust between external forests or domains depends on both sides of the trust (domains or forests, as applicable) being able to resolve the forest or domain names on each side of the trust. Which DNS configuration is most commonly used in the real world?
Configure conditional forwarders
What will happen if the SYSVOL or NETLOGON shares are open (being viewed) anywhere during the DFSR SYSVOL migration?
Correct d. The migration will succeed, but the folders in the file system that correspond to the old share locations will not be deleted
What benefit does Single Sign-On provide for application users?
Prevents users from needing to remember multiple usernames and passwords.
While testing AD FS claims-based authentication with a sample application, you encounter an error due to the self-signed certificate you opted to use. What can you do to eliminate this error? (Choose all that apply)
Add the self-signed certificate to your computerâ s Trusted Root Certification Authorities store

Issue a valid certificate from your internal CA

Which of the following are supported as attribute stores for AD FS?
All of the above
Which of the following components of Active Directory Federation Services is responsible for forwarding packets from external hosts to internal federation servers?
Federation server proxy
In order to utilize AD FS, what is the oldest version of Windows Server that any domain controller can be using?
Windows Server 2003 SP1
What add-on component can you download from the Microsoft.com website to create a test Windows Identity Foundation (WIF) application that you can use to test AD FS claims-based authentication?
Windows Identity Foundation SDK 4.0
AD FS makes extensive use of HTTPS communications to provide data security. Which certificate is used by the claims provider to identify itself?
Token-signing certificate
Which of the following components of Active Directory Federation Services is a statement made by a trusted entity and includes information identifying the entity?
Claim
Which of the following components of Active Directory Federaation Services is the server that issues claims and authenticates users?
Claims provider
Which of the following components of Active Directory Federaation Services is the application or web service that accepts claims?
Relying party
By default, the AD FS server is configured with a claims provider trust named Active Directory. If you are communicating with other organizations, you need to create additional claims provider trusts for each federated organization. What options are available to get the data you need for the creation of these claims provider trusts? (Choose all that apply)
Import data about the claims provider through the federation metadata

Manually configure the claims provider trust

Import data about the claims provider from a file

Which of the following statements is untrue regarding configuration of attribute stores for AD FS?
When using AD LDS as the attribute store, no connection string is required
What options are available for the storage of the AD FS configuration settings? (Choose all that apply)
SQL Server

Windows Internal Database

Which PKI role in AD CS issues certificates and manages certificate validity?
CA
What is the benefit of using asymmetric encryption instead of symmetric encryption?
Asymmetric encryption does not require a complex infrastructure to manage private keys
The benefits of PKI include all of the following except one item. What item listed is not a benefit of PKI?
Availability
In Windows Server 2012 AD CS, how many Root CAs can you install in a single certificate hierarchy?
One
What is the function of the AIA?
It specifies where to find up-to-date certificates for the CA
What is another name for Asymmetric encryption?
Public key cryptography
Which of the following is not a choice when installing a new CA?
Bridged CA
Why would you want to consider making the Root CA an offline CA?
This improves security of the root CA and its private keys
You have built a two-tier PKI with an offline Root CA and an online Enterprise Subordinate CA. What must you do so that Active Directory clients will trust certificates issued from the Subordinate CA?
Manually import the Root CA certificate into Active Directory one time
By default, if you install a CA server on January 1, 2014, when will the CA certificate expire?
January 1, 2019
What should be done as soon as possible once you have been notified that a user has lost control of the private keys for their certificates?
. Revoke the userâ s issued certificates
What is the best way to fully back up the CA without backing up more than necessary?
System state backup
Which PKI role in AD CS can be used to issue certificates to routers and switches?
Network Device Enrollment Service
How is an Online Responder different than a certificate revocation list (CRL)?
The Online Responder provides a validation response for a single certificate, whereas the CRL provides revocation information about all revoked certificates
Which PKI role in AD CS is used to validate certificates?
Online Responder
What two values would be required in a CAPolicy.inf file to set the CRL period to 4 hours?
CRLPeriod=Hours

CRLPeriodUnits=4

Which Windows client operating systems are capable of using the Online Responder to check certificate revocation status? (Choose all that apply)
Windows 7

Windows 8

To grant a junior administrator the ability to issue and revoke all certificate templates on your CA, what permission would you grant his or her AD account?
Manually import the Root CA certificate into Active Directory one time
What is the name of the role in the PKI that is responsible for the distribution of keys and the validation of identities?
Registration authority
What file can you deploy to CAs so they have predefined values or parameters during installation?
CAPolicy.inf
To recover a key from the CA database using the certutil utility, what information will you need to know about the certificate?
Correct b. The certificate serial number
Which certificate format supports storage of a single certificate, does not support storage of the private key or certification path, has contents that are of a binary format, and is not used for importing into applications that require a â text blobâ ?
Correct b. DER-encoded binary X.509
Which of the following options can be used to most easily ensure the currently logged-in user has all applicable autoenrollment certificates and that any roaming certificates have been downloaded locally?
Correct d. Have the user issue the gpupdate /force command
Which certificate format supports storage of a single certificate, does not support storage of the private key or certification path, has contents that are of an ASCII format, and is generally used for importing into applications that require a â text blobâ ?
Correct a. Base64-encoded X.509
What are the contents of the certificate chain?
Correct d. It is a list of certificates that can be used to authenticate an entity certificate
Your organization issues certificates for code signing and user authentication to employees from a Windows Server 2012â based certificate authority. In what folders of the Certificates MMC snap-in would a user find the certificates that have been issued to him or her? (Choose all that apply)
Correct a. Personal

Correct d. Active Directory User Object

What is the advantage of configuring credential roaming?
Correct b. The userâ s certificates follow the user to each computer he or she logs in to
Which of the following URLs would be the correct one to visit to get to the Web Enrollment pages?
Correct b. https:///ca
What usages does the User certificate allow by default? (Choose all that apply)
Correct a. Secure Email

Correct b. Encrypting File System

Correct c. Client Authentication

What must you do immediately after issuing the first KRA certificate to a trusted user to enable key archival and recovery on the CA? (Choose all that apply)
b. Configure key archival on the CA properties

c. Archive the keys for the issued KRA certificate

You work at a government agency and have been tasked to implement a PKI built on Windows Server 2012. What certificate template version will you need to use to meet the requirements imposed on your agency?
Correct c. Version 3
Which of the following permissions must be configured on the ACL of a certificate template in order for a user to be able to automatically enroll for the certificate via Group Policy? (Choose all that apply)
Correct a. Read

Correct c. Enroll
Correct d. Autoenroll

As a security precaution, what should you do immediately after you have configured a CA to issue a KRA certificate?
a. Configure the ACL on the template with the specific security principals who will be designated KRAs
Which certificate format supports the export of a certificate and its private key?
Correct c. Personal Information Exchange (PKCS #12)
In addition to the permissions required on the certificate templates used for autoenrollment, what other requirements must be met to support autoenrollment in your organization? (Choose all that apply)
Correct d. Group Policy must be configured to support autoenrollment
Which certificate format supports storage of certificates and all certificates in a certification path and usually has a .p7b or .p7c filename extension?
Correct d. Cryptographic Message Syntax Standard (PKCS #7)
When performing key recovery as a KRA, in what format will you retrieve the key from the database?
Correct d. Cryptographic Message Syntax Standard (PKCS #7)
What minimum certificate version is required to enable key archival and recovery?
Correct b. Version 2
Which of the following represents the correctly formatted command to recover the keys from the CA database?
a. certutil â getkey 2BD06947947609FEF46B8D2E40A6F7474D7F085E c:outfile

Need essay sample on "70-412 diglet 1-17"? We will write a custom essay sample specifically for you for only $ 13.90/page

Can’t wait to take that assignment burden offyour shoulders?

Let us know what it is and we will show you how it can be done!
×
Sorry, but copying text is forbidden on this website. If you need this or any other sample, please register

Already on Businessays? Login here

No, thanks. I prefer suffering on my own
Sorry, but copying text is forbidden on this website. If you need this or any other sample register now and get a free access to all papers, carefully proofread and edited by our experts.
Sign in / Sign up
No, thanks. I prefer suffering on my own
Not quite the topic you need?
We would be happy to write it
Join and witness the magic
Service Open At All Times
|
Complete Buyer Protection
|
Plagiarism-Free Writing

Emily from Businessays

Hi there, would you like to get such a paper? How about receiving a customized one? Check it out https://goo.gl/chNgQy

We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy