70-412 Configuring Advanced Windows Server 2012 R2 Services


  • Passing Score: 800
  • Time Limit: 120 min
  • File Version: 41.0
  • Q&A: 448
  • Updated December 2022
Recommend this page


Advance your career in Cloud Computing and get $50 off on a Udacity Nanodegrees Program

Exam Demo

Your company recently deployed a new Active Directory forest named The first domain controller in the forest runs Windows Server 2012
You need to identify the time-to-live (TTL) value for domain referrals to the NETLOGON and SYSVOL shared folders.
Which tool should you use?
A. Ultrasound
B. Replmon
C. Dfsdiag
D. Frsutil

Correct Answer: C

Section: Volume A

DFSDIAG can check your configuration in five different ways:
Checking referral responses (DFSDIAG /TestReferral)
Checking domain controller configuration
Checking site associations
Checking namespace server configuration
Checking individual namespace configuration and integrity

Your network contains an Active Directory forest named that contains a single domain. The forest contains three sites named Site1, Site2,
and Site3.
Domain controllers run either Windows Server 2008 R2 or Windows Server 2012 R2.
Each site contains two domain controllers. Site1 and Site2 contain a global catalog server.
You need to create a new site link between Site1 and Site2. The solution must ensure that the site link supports the replication of all the naming contexts.
From which node should you create the site link?
To answer, select the appropriate node in the answer area.
Hot Area:


Correct Answer:


Section: Volume A

Create a Site Link
To create a site link
Open Active Directory Sites and Services. To open Active Directory Sites and Services, click Start, click Administrative Tools, and then click Active
Directory Sites and Services.
To open Active Directory Sites and Services in Windows ServerĀ® 2012, click Start, type dssite.msc.
In the console tree, right-click the intersite transport protocol that you want the site link to use.
Use the IP intersite transport unless your network has remote sites where network connectivity is intermittent or end-to-end IP connectivity is not
available. Simple Mail Transfer Protocol (SMTP) replication has restrictions that do not apply to IP replication.


References: Create a Site Link

Your network contains two Active Directory forests named and contains one domain. contains a
child domain named has a one-way forest trust to Selective authentication is enabled on the forest trust.
Several user accounts are migrated from to Users report that after the migration, they fail to access resources in The users successfully accessed the resources in before the accounts were migrated.
You need to ensure that the migrated users can access the resources in
What should you do?
A. Replace the existing forest trust with an external trust.
B. Run netdom and specify the /quarantine attribute.
C. Disable SID filtering on the existing forest trust.
D. Disable selective authentication on the existing forest trust.

Correct Answer: C

Section: Volume A

Security Considerations for Trusts
Need to gain access to the resources in
Disabling SID Filter Quarantining on External Trusts
Although it reduces the security of your forest (and is therefore not recommended), you can disable SID filter quarantining for an external trust by using
the Netdom.exe tool. You should consider disabling SID filter quarantining only in the following situations:
* Users have been migrated to the trusted domain with their SID histories preserved, and you want to grant them access to resources in the trusting
domain based on the SID history attribute.

Incorrect Answers:
B. Enables administrators to manage Active Directory domains and trust relationships from the command prompt, /quarantine Sets or clears the domain
D. Selective authentication over a forest trust restricts access to only those users in a trusted forest who have been explicitly given authentication
permissions to computer objects (resource computers) that reside in the trusting forest.
References: Security Considerations for Trusts

Your network contains an Active Directory domain named The domain contains domain controllers that run either Windows Server 2003,
Windows Server 2008 R2, or Windows Server 2012 R2.
You plan to implement a new Active Directory forest. The new forest will be used for testing and will be isolated from the production network.
In the test network, you deploy a server named Server1 that runs Windows Server 2012 R2.
You need to configure Server1 as a new domain controller in a new forest named contoso.test.
The solution must meet the following requirements:
The functional level of the forest and of the domain must be the same as that of
Server1 must provide name resolution services for contoso.test.
What should you do?
To answer, configure the appropriate options in the answer area.
Hot Area:


Correct Answer:


Section: Volume A

Set the forest function level and the Domain functional level both to Windows Server 2003.
Also check Domain Name (DNS) server.
* When you deploy AD DS, set the domain and forest functional levels to the highest value that your environment can support. This way, you can use as
many AD DS features as possible. For example, if you are sure that you will never add domain controllers that run Windows Server 2003 to the domain
or forest, select the Windows Server 2008 functional level during the deployment process. However, if you might retain or add domain controllers that run
Windows Server 2003, select the Windows Server 2003 functional level.
* You can set the domain functional level to a value that is higher than the forest functional level. For example, if the forest functional level is Windows
Server 2003, you can set the domain functional level to Windows Server 2003 or higher.


Understanding Active Directory Domain Services (AD DS) Functional Levels

Your network contains an Active Directory forest named The forest contains a single domain. The domain contains four servers. The
servers are configured as shown in the following table.


You need to update the schema to support a domain controller that will run Windows Server 2012 R2.
On which server should you run adprep.exe?
A. Server1
B. DC3
C. DC2
D. DC1

Correct Answer: B

Section: Volume A


We must use the Windows Server 2008 R2 Server.
Upgrade Domain Controllers to Windows Server 2012 R2 and Windows Server 2012
You can use adprep.exe on domain controllers that run 64-bit versions of Windows Server 2008 or Windows Server 2008 R2 to upgrade to Windows
Server 2012. You cannot upgrade domain controllers that run Windows Server 2003 or 32-bit versions of Windows Server 2008. To replace them, install
domain controllers that run a later version of Windows Server in the domain, and then remove the domain controllers that Windows Server 2003.

Certification: MCSA Windows Server 2012


The launchpad to a career in IT. This program is designed to take beginner learners to job readiness in about eight months.

0/5 (0 Reviews)