Microsoft 70-412 Exam Questions

Question 6 of 448

HOTSPOT -
Your network contains three Active Directory forests. The forests are configured as shown in the following table.
Exam 70-412: Question 6 - Image 1

A two-way forest trust exists between contoso.com and divisionl.contoso.com. A two-way forest trust also exists between contoso.com and division2.contoso.com.
You plan to create a one-way forest trust from divisionl.contoso.com to division2.contoso.com.
You need to ensure that any cross-forest authentication requests are sent to the domain controllers in the appropriate forest after the trust is created.
How should you configure the existing forest trust settings?
In the table below, identify which configuration must be performed in each forest. Make only one selection in each column. Each correct selection is worth one point.
Hot Area:
Exam 70-412: Question 6 - Image 2

Correct Answer:

There will be a one-way forest trust from division1.contoso.com to division2.contoso.com
Division1 trusts Division2. Division2 must be able to access resources in Division1.
Division1 should not be able to access resources in Division2. Exam 70-412: Question 6 - Image 3

Question 7 of 448

Your network contains an Active Directory forest named contoso.com. The forest contains three domains. All domain controllers run Windows Server 2012 R2.
The forest has a two-way realm trust to a Kerberos realm named adatum.com.
You discover that users in adatum.com can only access resources in the root domain of contoso.com.
You need to ensure that the adatum.com users can access the resources in all of the domains in the forest.
What should you do in the forest?

Delete the realm trust and create a forest trust.

Delete the realm trust and create three external trusts.

Modify the incoming realm trust.

Modify the outgoing realm trust.

Correct Answer: D

Question 8 of 448

Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. The domains contain three domain controllers.
The domain controllers are configured as shown in the following table.
Exam 70-412: Question 8 - Image 1

You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring setting is enforced in the child1.contoso.com domain.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

Upgrade DC1 to Windows Server 2012 R2.

Upgrade DC11 to Windows Server 2012 R2.

Raise the domain functional level of childl.contoso.com.

Raise the domain functional level of contoso.com.

Raise the forest functional level of contoso.com.

Correct Answer: B, C

To ensure that KDC support for claims, compound authentication, and Kerberos armoring is enforced in the child1.contoso.com domain, you need to upgrade the domain controllers in that specific domain to at least Windows Server 2012 R2 and raise the domain functional level of childl.contoso.com to Windows Server 2012 R2. Upgrading DC11 to Windows Server 2012 R2 will fulfill the part of ensuring the domain controllers are of the required version. Then, raising the domain functional level of the child domain (child1.contoso.com) will establish the necessary environment to support these features. There is no direct requirement to upgrade the root domain's functional level or its domain controllers for enforcing these features in the child domain.

Question 9 of 448

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers.
The domain controllers are configured as shown in the following table.
Exam 70-412: Question 9 - Image 1

You configure a user named User1 as a delegated administrator of DC10.
You need to ensure that User1 can log on to DC10 if the network link between the Main site and the Branch site fails.
What should you do?

Add User1 to the Domain Admins group.

On DC10, modify the User Rights Assignment in Local Policies.

Run repadmin and specify the /prp parameter.

On DC10, run ntdsutil and configure the settings in the Roles context.

Correct Answer: C

Question 10 of 448

Your company has offices in Montreal, New York, and Amsterdam.
The network contains an Active Directory forest named contoso.com. An Active Directory site exists for each office. All of the sites connect to each other by using the DEFAULTIPSITELINK site link.
You need to ensure that only between 20:00 and 08:00, the domain controllers in the Montreal office replicate the Active Directory changes to the domain controllers in the Amsterdam office.
The solution must ensure that the domain controllers in the Montreal and the New York offices can replicate the Active Directory changes any time of day.
What should you do?

Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam from DEFAULTIPSITE1INK. Modify the schedule of DEFAULTIPSITELINK.

Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge. Modify the schedule of DEFAULTIPSITELINK.

Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam from DEFAULTIPSITELINK. Modify the schedule of the new site link.

Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge. Modify the schedule of the new site link.

Correct Answer: C