Your network contains an Active Directory domain named Contoso .com. The domain contains a server named Server1 that 70-412 exam runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as an enterprise certification authority (CA).
You need to ensure that all of the users in the domain are issued a certificate that can be used for the following purposes:
Email security Client authentication Encrypting File System (EFS)
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. From a Group Policy, configure the Certificate Services Client Auto-Enrollment settings.
B. From a Group Policy, configure the Certificate Services Client Certificate Enrollment Policy settings.
C. Modify the properties of the User certificate template, and then publish the template.
D. Duplicate the User certificate template, and then publish the template.
E. From a Group Policy, configure the Automatic Certificate Request Settings settings.
Correct Answer: AD
The default user template supports all of the requirements EXCEPT auto enroll as shown below:
However, a duplicated template from users has the ability to autoenroll:
The Automatic Certificate Request Settings GPO setting is only available to Computer, not user.
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server3 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
DHCP is configured as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that only Scope1, Scope3, and Scope5 assign the same DNS servers to DHCP clients. The solution must minimize administrative effort. 70-412 exam
What should you do?
A. Create a superscope and scope-level policies.
B. Configure the Scope Options.
C. Create a superscope and a filter.
D. Configure the Server Options.
Correct Answer: B
Any DHCP scope options can be configured for assignment to DHCP clients, such as DNS server.
Your network contains an Active Directory domain named contoso .com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
An administrator installs the IP Address Management (IPAM) Server feature on a server named Server2.
The administrator configures IPAM by using Group Policy based provisioning and starts server discovery.
You plan to create Group Policies for IPAM provisioning.
You need to identify which Group Policy object (GPO) name prefix must be used for IPAM Group Policies.
What should you do on Server2?
A. From Server Manager, review the IPAM overview.
B. Run the ipamgc.exe tool.
C. From Task Scheduler, review the IPAM tasks.
D. Run the Get-IpamConfiguration cmdlet.
Correct Answer: D
Your network contains two DNS servers named DN51 and DNS2 that run Windows Server 2012 R2.
DNS1 has a primary zone named contoso .com. DNS2 has a secondary copy of the contoso .com zone.
You need to log the zone transfer packets sent between DNS1 and DNS2.
What should you configure?
A. Monitoring from DNS Manager
B. Logging from Windows Firewall with Advanced Security
C. A Data Collector Set (DCS) from Performance Monitor
D. Debug logging from DNS Manager
Correct Answer: D
Debug logging allows you to log the packets sent and received by a DNS server. Debug logging is disabled by default, and 70-412 exam because it is resource-intensive, you should only activate it temporarily when you need more specific detailed information about server performance.
Watch the video to learn more: