You have an enterprise certification authority (CA) named CA1.
You have a certificate template named UserAutoEnroll that is based on the User certificate template. Domain users are configured to autoenroll for UserAutoEnroll.
A user named User1 has an email address defined in Active Directory. A user named User2 does not have an email address defined in Active Directory.
You discover that User1 was issued a certificate based on UserAutoEnroll template automatically. A request by user2 for a certificate based on the UserAutoEnroll template fails.
You need to ensure that all users can autoenroll for certificated based on the UserAutoEnroll template.
Which setting should you configure from the properties on the UserAutoEnroll certificate template?
A.
Issuance Requirements
B.
Request Handling
C.
Cryptography
D.
Subject Name
I believe the answer is D.
I believe answer is A.
Answer is D.
https://technet.microsoft.com/en-us/library/Cc725621(v=WS.10).aspx
Look for “Subject Name Tab” on the link i post, you’ll find this note below “E-mail name” explanation:
“The e-mail name is required for user certificates. If the e-mail name is not populated for a user in AD DS, the certificate request by that user will fail.”
Agreed is D: Subject Name
Fuck you fred
Answer is D
Subject Name Format:
Include e-mail name in subject name If the E-mail name field is populated in the Active Directory user object, this e-mail name will be included with either the common name or fully distinguished name as part of the subject name.
The “Subject Name” tab of the properties of the template contains a section named “Build from this Active Directory information”. Here you can specify what is required.
https://technet.microsoft.com/en-us/library/Cc753994.aspx
Answer is D
please help to solve this questions.
1 question : you have a cluster named cluster1 that contains two nodes.
both nodes run windows server 2012 r2.
cluster1 hosts a virtual machine named vm1 that runs windows server 2012 r2.
you configure a custom service on vm1 named service1.
you need to ensure that vm1 will be moved to a different node3 if service1 fails.
which comdlet should you run on cluster1?
options:
a. set-clusterresiurcedependency
b.add-clustergenericservicerole
c.enable-vmresourcemetering
d.add-clustervmmonitoreditem
Ans. B
2 question: you have the following microsoft azure backup policy
backup schedule : 9:00am, 12:00 pm,11:00 pm
every day
every 1 week(s)
dslist : {datasource
datasourceid:1576400609127590137
name:c:\
filespec:filespec
filespec:c:\
isexclude:false
isrecursive:true
}
policyname : f77828d2-69b6-4c4b-b98a-e5e20d9ab7e9
retentionpolicy : retention days : 30
week1yltrsschedule :
days: monday
times: 12:00:00,
retentention weeks: 60
month1yltrschedule :
days of month : [last,monday]
times: 23:00:00
retentention weeks: 90
year1yltrschedule :
yearly schedule is not set
state : existing
policystate : valid
options:
—-of the backups that are created daily at 9:00, a maximum of recovery points will be available for restore:
30
60
90
122
366
512
—-ifa backup is perfgormed on monday,january 31, at 9:00,the backup will be retained for:
30 days
60 weeks
90 month
3 qouestion:
Your network contains one Active Directory forest named contoso.com. the forest contains two child domains and six domain controllers. The domain controllers are configured as shown in the following table.
Name Domain Site
DC1 Contoso.com Main Office
DC2 Contoso.com Main Office
DC3 Contoso.com Europe Office
DC4 Contoso.com Asia Office
DC5 Sales.contoso.com Main Office
DC6 Manufacturiung.contoso.com Main Office
for the contoso.com doamin, a company policy states that administrators must be able to retrive a list of all the users who have not logged on to the network in the last seven days from any domain controllers
What should you use?
A. Set-ADSite
B. Set-ADReplicationSite
C. Set-ADDomain
D. Set-ADReplicationSiteLink
E. Set-ADGroup
F. Set-ADForest
G. Netdom
Ans. C Set-ADDomain -LastLogonReplicationInterval “7”
4 question:
you havea dns server named server1 that runs windows server 2012 r2.
you need to disable recursion on server1
whatare three possible ways to achive the goal?each correct answer presents a complete solution
a: create a reverse lookup zone named 0.in-addr.arpa.
b: create a forward lookup zone named globalnames
c : from dns manager,modify the advanced properties of server1
d: from dns manager,modify the forwarders properties of server1
e: create a forward lookup zones named “”
f: run dnscmd.exe and specify the /config parameter
Ans. C, F, E dnscmd /Config /NoRecursion {1|0}
5 question:
your network uses the 192.168.2.0/23 address space.
you are configuring video conferencving infrastructure.
you need to configure the dhcp server to lease ip address for multicast address for video conferencing.
what command should you run on the dhcp server?to answer,select the apprperiate options in the answer area
add-dhcpserverv4multicastscope -name “vc scope”
-startscope —————-
192.168.2.10
225.0.0.10
239.0.0.1
fd80::
ff00::
-endrange ———————
192.168.2.255
225.0.0.250
240.0.0.0
fe80:
ff02:
6 QUESTION:
your network contans one active directory domain named contoso.com.the domain contains two servers named server1` and server2 that run windows server 2012 r2 .
you perform daily backups of the data on server1 to microsoft azure.
you need to restore the data from the lst backup of server1 to server2.
what should you do first?
a:on server2,install the azure backup agent.
b:in the domain, add server1 to the backup operators group.
c:from the azure management portal, modify the configuration of the backup vault.
d:on server2,install the windows server backup feature.
7 question:
Your network contains one Active Directory forest named contoso.com. the forest contains two child domains and six domain controllers. The domain controllers are configured as shown in the following table.
Name Domain Site
DC1 Contoso.com Main Office
DC2 Contoso.com Main Office
DC3 Contoso.com Europe Office
DC4 Contoso.com Asia Office
DC5 Sales.contoso.com Main Office
DC6 Manufacturiung.contoso.com Main Office
you need to enable universal group membership caching for the europe office and asia office sites.
What should you use?
A. Set-ADSite
B. Set-ADReplicationSite
C. Set-ADDomain
D. Set-ADReplicationSiteLink
E. Set-ADGroup
F. Set-ADForest
G. Netdom
Ans. B set-adreplicationsite or setadobject if you see it as an option.
8 question:
you have dhcp server named server1 that runs windows server 2012r2.
server1 has two scope production and development.
currebntly,all dhcp clients register their host name in a dns zone named contoso.com.
you need to ensure that only the clients that obtain an ip address from the development scope,register their host name in a dns zone named dev.contoso.com.
what should you do?
a. modify the advanced settings of the dhcp server.
b. run the set-dhcpserver4scope cmdlet.
c. modify the dns settings of the development scope.
d. run the add-dhcpserver4policy cmdlet.
9 question:
your network contains one active directory domain.the domain contains the servers configured as shown in the following table.
server1 domain controllers
dns server
server2 domain controllers
dns server
server3 dns server
server1 hasthe zones shown in the following table:
zone name zone type Isautocreated Isdsintegrated Isreverselookupzone Issigned
adatum.com primary false false false false
contoso.com primary false true false false
litwareinc.com secondary false true false false
server3 has the following output:
zone name zone type Isautocreated Isdsintegrated Isreverselookupzone Issigned
contoso.com secondary false true false false
litwareinc.com primary false true false false
use the drop down list must select trhe answer choice that completes each assignment.
—you can protect [answer choice] by using dnssec:
only adatum.com
only contoso.com
only litwareinc.com
only contoso.com and adatum.com
contoso.com,adatum.com and litwareinc.com
—on server1,you configure permissions for the contoso.com zone.the permission will be efficitive on [answer choice]:
server1 only
server1 and server2 only
server1 and server3 only
server1,server2 and server3.
10 question:
your network contains an active directory domain anmed contoso.com.
the domain contains the server named server1 that runs windows server 2012r2.
server1 has the active directory rights management services server role installed.
the domain contains a domain local group named group1
you create a rights policy template named template1.
you need to ensure that all the members of group1 can use template1.
wht should you do?
a: convert the scope of group1 to universal and assign group1 the rights to template1
b: convert the scope of group1 to global and configure the email address attribute of group1.
c:configure the email address attribute of group1 and configure the email address attribute of all the users are members of group1.
d: configure the email address of all the users who are members of group1 and assign group1 the rights to template1.
ans. D
11 questions:
you have a server that runs windows server 2012r2.
you create a new work folder named share1.
you need to configure share1 to meet the follwoing requirements:
*ensure that all synchronized copies of share1 are encrypted.
*ensure that clients synchronize to share1 every 30 minutes.
*ensure that share1 inherits the ntfs permissions of the parent folder.
which command should you use to achive each requirements?
to answer,drag the appropriate cmdlets to the correct requirements.each cmdlet may be used once.more than once,or not at all.
you may need to drag ther splitbacr between panes or scroll to view cmdlet?
cmdlets:
enable-synshare
new-syncdevicepolicy
new-syncshare
set-syncdevicepolicy
set-syncserversetting
set-synshare
answer area:
ensure that all synchronized copies of share1 area encrypted ——-set-syncshare
ensure that clients synchronize to share1 every 30 minutes —–set-syncserversetting
ensure that share1 inherits the ntfs permissions of the percentage —set-syncshare
Yea, I wrote this test yesterday and a lot of the new questions like these ones were on there and more as well that aren’t mentioned. I’d say almost half the test’s questions was completely different from what I studied which means they updated it good. I failed with a 600, so hopefully we can find all the latest.
Abdul!
Have u found answers for the questions u asked? Plz let me know as I have exam day after tomorrow.
Thanx in advance.
Hi Imran,
Please give us some feedback after exam and good luck.
The questions described are not valid to pass.
There are new questions about: iSCSI, Azure, Replications Backups (Powershell related)
Good Luck, just wait.
This isnt enough material to pass….
not even close…
I have now failed twice this month with 631 and 646 respectively, the cross over of questions between my 2 exams was very small. The number of questions available online is very small, some of the questions i got wrong i took a good 20 minutes trying to find out what the answer is using technet
I passed exam on 22 September 2015, I’ve seen all my questions before, I passed with 860.
This question was on exam and I chose D- Subject name
I studied these new questions plus http://www.scribd.com/doc/256116550/Microsoft-Certkey-70-412-v2014-09-12-by-ROD-pdf#scribd
Hi, but your if pass this exam studying ROD?
and this one http://yoigoiphone.blogspot.co.uk/2014_11_05_archive.html
Hi,
Your network contans one active directory domain named contoso.com.
The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2.
You perform daily backups of the data on Server1 to microsoft azure.
You need to restore the data from the 1st backup of Server1 to Server2.
What should you do first?
A. On Server2, install the azure backup agent.
B. In the domain, add server1 to the backup operators group.
C. From the azure management portal, modify the configuration of the backup vault.
D. On Server2, install the windows server backup feature.
—
Your network contains one active directory domain.the domain contains the servers configured as
shown in the following table.
server1 domain controllers
dns server
server2 domain controllers
dns server
server3 dns server
server1 hasthe zones shown in the following table:
zone name zone type Isautocreated Isdsintegrated Isreverselookupzone Issigned
adatum.com primary false false false false
contoso.com primary false true false false
litwareinc.com secondary false true false false
server3 has the following output:
zone name zone type Isautocreated Isdsintegrated Isreverselookupzone Issigned
contoso.com secondary false true false false
litwareinc.com primary false true false false
use the drop down list must select trhe answer choice that completes each assignment.
—you can protect [answer choice] by using dnssec:
only adatum.com
only contoso.com
only litwareinc.com
only contoso.com and adatum.com
contoso.com,adatum.com and litwareinc.com
—on server1,you configure permissions for the contoso.com zone.the permission will be efficitive
on [answer choice]:
server1 only
server1 and server2 only
server1 and server3 only
server1,server2 and server3.
Answers?
QUESTION 353
Your network contains one Active Directory forest named contoso.com.
The forest contains a single domain.
The domain contains the domain controllers is configured as shown in the following table.
Name Site
DC1 Site1
DC2 Site2
DC3 Site3
DC4 Site4
The replication topology is configured as shown in the following output.
Cost : 100
DistinguishedName : CN=SiteLink1, CN=IP, CN=Inter-Site Transports, CN=Sites, CN=Configuration, Dc=Adatum, DC=com
Name : SiteLink1
ObjectClass : SiteLink
ObjectGUID : e1c8c335-b75f-4612-8a9e-58a0edead21f
ReplInterval : 60
SiteList : {CN=Site4, CN=Sites, CN=Configuration, DC=Adatum, DC=Adatum, DC=com,
CN=Site2, CN=Sites, CN=Configuration, DC=Adatum, DC=Adatum, DC=com}
Cost : 100
DistinguishedName : CN=SiteLink1, CN=IP, CN=Inter-Site Transports, CN=Sites, CN=Configuration, Dc=Adatum, DC=com
Name : SiteLink2
ObjectClass :SiteLink
ObjectGUID : 9516948e-cd56-4a9b-b6ba-cdf3dd7fe0d1
ReplInterval : 60
SiteList : {CN=Site4, CN=Sites, CN=Configuration, DC=Adatum, DC=Adatum, DC=com,
CN=Site2, CN=Sites, CN=Configuration, DC=Adatum, DC=Adatum, DC=com}
Cost : 100
DistinguishedName : CN=SiteLink3, CN=IP, CN=Inter-Site Transports, CN=Sites, CN=Configuration, Dc=Adatum, DC=com
Name : SiteLink3
ObjectClass : SiteLink
ObjectGUID : 07a7a37e-a12c-40c4-8042-f5d2e737b8a9
ReplInterval : 60
SiteList : {CN=Site4, CN=Sites, CN=Configuration, DC=Adatum, DC=Adatum, DC=com,
CN=Site3, CN=Sites, CN=Configuration, DC=Adatum, DC=Adatum, DC=com}
Cost : 400
DistinguishedName : CN=SiteLink4, CN=IP, CN=Inter-Site Transports, CN=Sites, CN=Configuration, Dc=Adatum, DC=com
Name : SiteLink4
ObjectClass : SiteLink
ObjectGUID : 508810dc-30fd-4845-982a-d4552fba2e04 ReplInterval : 45
SiteList : {CN=Site4, CN=Sites, CN=Configuration, DC=Adatum, DC=Adatum, DC=com,
CN=Site2, CN=Sites, CN=Configuration, DC=Adatum, DC=Adatum, DC=com}
You discover that replication between Dc1 and DC3 takes a few hours.
You need to reduce the amount of time it takes to replicate Active Directory changes between DC1 and DC3.
What should you do?
A. Create a site link that connects Site1 and Site3, has a cost of 350, and replicates every 15 minutes.
B. Modify SiteLink4 to replicate every 15 minute.
C. Delete Site Link3.
D. Set the cost of SiteLink3 to 30
new question i got today help pls?
You need to configure Stateless DHCP IPv6, which cmdlet should you use?
Add-DhcpServerv6Scope
Set-DhcpServerv6OptionValue
Set-DhcpServerv6Class
Add-DhcpServerv6OptionDefinition
Answer seems to be Set-DhcpServerv6OptionValue
Explanation:
https://technet.microsoft.com/en-us/…/cc753493.aspx
https://technet.microsoft.com/en-us/…=wps.630).aspx
another new question Any thoughts?
Set-DHCPv6OptionValue –InfoRefreshTime specifies the value for the information refresh option. This parameter is used with stateless DHCPv6 as there are no addresses or other entities with lifetimes that can tell the client when to contact the DHCPv6 server to refresh its configuration.
Very big thank You to this community for the discussion and help in preparation for the exams.
New questions – at least I saw them first time(I did not. read entire dumps from this site – I am using it the verify answers I cant agree with 🙂 Maybe they are included). I cannot recall them better – didn’t have much sleep lately.
You need to ensure that VM1 will boot on host 2.
Test-VHD
——————————–
You have 4 forests.
adatum.com
marketing.adatum.com
sales.adatum.com
contosot.com
two-way trust marketing. –> adatum.com, sales. –> adatum.com, adatum.com –> contoso.com
You need to create one-way external trust from marketing. to sales.
You need to ensure that authentication will work. Each column one answer.
Two colums: marketing.adatum.com sales.adatum.com
4 rows:
Add forest routing suffix
marketing.adatum.com
Add forest routing suffix
sales.adatum.com
Mask forest routing suffix
marketing.adatum.com
Mask forest routing suffix
sales.adatum.com
———————–
NT AUTHORITY\SYSTEM
Account is —> service/user/virtual account
When it is used to connect in network it will be visible on the second comupter as —-> computer account.
———————-
5 sites. Briding is disable.
S2——–S3
|
|
S1——–S4——-S5
You need to ensure that S1 and S5 can be replicated in one replication cycle.
A.
B.
C. Site bridge.
D. Site link.
It’s C.