Important Info: These new valid 70-414 exam questions were updated in recent days by PassLeader, visit passleader.com to get the full version of new 70-414 exam dumps with free version of new VCE Player software, help you passing exam easily!
QUESTION 1
Your network contains two clusters. The clusters are configured as shown in the following table.
All of the servers in both of the clusters run Windows Server 2012. You need to plan the application of Windows updates to the nodes in the cluster. What should you include in the plan? More than one answer choice may achieve the goal. Select the BEST answer.
A. Cluster-Aware Updating (CAU) self-updating and downloaded updates from Windows Server Update Services (WSUS)
B. Microsoft System Center 2012 Service Manager integrated with Windows Server Update Service (WSUS)
C. A manual application of Windows updates on all of the cluster node
D. Microsoft System Center 2012 Configuration Manager integrated with Windows Server Update Service (WSUS)
Answer: A
QUESTION 2
Your network contains an Active Directory domain named contoso.com. The network contains a server named Server1 that has the Hyper-V server role installed. Server1 hosts a virtual machine named VM1. You deploy a new standalone server named Server2. You install the Hyper-V server role on Server2. Another administrator named Admin1 plans to create a replica of VM1 on Server2. You need to ensure that Admin1 can configure Server2 to receive a replica of VM1. To which group should you add Admin1?
A. Server Operators
B. Domain Admins
C. Hyper-V Administrators
D. Replicator
Answer: C
QUESTION 3
Your network contains an Active Directory domain named contoso.com. The domain contains 20 servers that run Windows Server 2012. The domain contains a Microsoft System Center 2012 infrastructure. A web application named WebApp1 is installed on the 20 servers. You plan to deploy a custom registry key for WebApp1 on the 20 servers. You need to deploy the registry key to the 20 servers. The solution must ensure that you can verify whether the registry key was applied successfully to the servers. What should you do? More than one answer choice may achieve the goal. Select the BEST answer.
A. From Operations Manager, create a monitor.
B. From the Group Policy Management console, create a Group Policy object (GPO).
C. From Configuration Manager, create a Compliance Settings.
D. From Orchestrator Runbook Designer, create a runbook.
Answer: C
QUESTION 4
Your network contains servers that run Windows Server 2012. The network contains two servers named Server1 and Server2 that are connected to a SAS storage device. The device only supports two connected computers. Server1 has the iSCSI Target Server role service installed. Ten application servers use their iSCSI Initiator to connect to virtual disks in the SAS storage device via iSCSI targets on Server1. Currently, Server2 is used only to run backup software. You install the iSCSI Target Server role service on Server2. You need to ensure that the iSCSI targets are available if Server1 fails. Which five actions should you perform? To answer, move the five appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
http://blogs.msdn.com/b/clustering/archive/2012/05/01/10299698.aspx
QUESTION 5
Your network contains multiple servers that run Windows Server 2012. You plan to implement three virtual disks. The virtual disks will be configured as shown in the following table.
You need to identify the minimum number of physical disks required for each virtual disk. How many disks should you identify? To answer, drag the appropriate number of disks to the correct virtual disk in the answer area. Each number of disks may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content.
QUESTION 6
Your network contains an Active Directory domain named contoso.com. You currently have an intranet web site that is hosted by two Web servers named Web1 and Web2. Web1 and Web2 run Windows Server 2012. Users use the name intranet.contoso.com to request the web site and use DNS round robin. You plan to implement the Network Load Balancing (NLB) feature on Web1 and Web2. You need to recommend changes to the DNS records for the planned implementation. What should you recommend?
A. Create one alias (CNAME) record named Intranet. Map the CNAME record to Intranet.
B. Delete both host (A) records named Intranet. Create a pointer (PTR) record for each Web server.
C. Create a new host (A) record named Intranet. Remove both host (A) records for Web1 and Web2.
D. Delete one of the host (A) records named Intranet. Modify the remaining host (A) record named Intranet.
Answer: C
QUESTION 7
Your network contains five servers that run Windows Server 2012. You install the Hyper-V server role on the servers. You create an external virtual network switch on each server. You plan to deploy five virtual machines to each Hyper-V server. Each virtual machine will have a virtual network adapter that is connected to the external virtual network switch and that has a VLAN identifier of 1. Each virtual machine will run Windows Server 2012. All of the virtual machines will run the identical web application. You plan to install the Network Load Balancing (NLB) feature on each virtual machine and join each virtual machine to an NLB cluster. The cluster will be configured to use unicast only. You need to ensure that the NLB feature can distribute connections across all of the virtual machines. What should you do?
A. From the properties of each virtual machine, add a second virtual network adapter. Connect the new virtual network adapters to the external virtual network switch. Configure the new virtual network adapters to use a VLAN identifier of 2.
B. On each Hyper-V server, create a new private virtual network switch. From the properties of each virtual machine, add a second virtual network adapter. Connect the new virtual network adapters to the new private virtual network switches.
C. On each Hyper-V server, create a new external virtual network switch. From the properties of each virtual machine, add a second virtual network adapter. Connect the new virtual network adapters to the new external virtual network switches.
D. From the properties of each virtual machine, enable MAC address spoofing for the existing virtual network adapter.
Answer: D
QUESTION 8
Your network contains a server named Server1 that runs Windows Server 2012. Server1 is configured as a Hyper-V host. Server1 hosts a virtual machine named VM1. VM1 is configured as a file server that runs Windows Server 2012. VM1 connects to a shared storage device by using the iSCSI Initiator. You need to back up the files and the folders in the shared storage used by VM1. The solution must ensure that open files are included in the backup. What should you do?
A. From Hyper-V Manager, create a snapshot of VM1.
B. From Server1, perform a backup by using Windows Server Backup.
C. From VM1, perform a backup by using Windows Server Backup.
D. From Microsoft System Center 2012 Virtual Machine Manager (VMM), create a copy of VM1.
Answer: C
QUESTION 9
Your network contains three networks named LAN1, LAN2, and LAN3. You have a Hyper-V host named Hyper1 that has Windows Server 2012 installed. Hyper1 has three network adapters. The network adapters are configured as shown in the following table.
Hyper1 hosts 10 virtual machines. A virtual machine named VM1 runs a line-of-business application that is used by all of the users of LAN1. All of the other virtual machines are connected to LAN2. You need to implement a solution to ensure that users can access VM1 if either NIC1 or NIC2 fails. What should you do?
A. From the properties of each virtual network adapter, enable network adapter teaming, and then modify the bandwidth management settings.
B. From the properties of each virtual network adapter, enable network adapter teaming, and then enable virtual LAN identification.
C. From the properties of each physical network adapter, enable network adapter teaming, and then add a second legacy network adapter to VM1.
D. From the properties of each physical network adapter, enable network adapter teaming, and then create a virtual switch.
Answer: D
QUESTION 10
Your network contains an Active Directory domain named contoso.com. You deploy Microsoft System Center 2012 Virtual Machine Manager (VMM). The network contains five physical servers. The servers are configured as shown in the following table.
You plan to use VMM to convert the existing physical servers to virtual machines. You need to identify which physical servers can be converted to virtual machines. Which servers should you identify? (Each correct answer presents part of the solution. Choose all that apply.)
A. Server1
B. Server2
C. Server3
D. Server4
E. Server5
Answer: ADE
Explanation:
http://technet.microsoft.com/en-us/systemcenter/hh278293.aspx
http://www.passleader.com/70-414.html
QUESTION 11
Your network contains an Active Directory Rights Management Services (AD RMS) cluster named Cluster1. You plan to change Cluster1 to a new AD RMS cluster named Cluster2. You need to ensure that all users retrieve the location of the AD RMS templates from Cluster2. What should you do?
A. Create an alias (CNAME) record named clusterl.contoso.com that points to Cluster2.
B. Modify the Service Connection Point (SCP).
C. Modify the templates file location of the rights policy templates.
D. Modify the exclusion policies.
Answer: B
QUESTION 12
Your network contains an Active Directory domain named contoso.com. You deploy Active Directory Certificate Services (AD CS). Your company, which is named Contoso, Ltd., has a partner company named Fabrikam, Inc. Fabrikam also deploys AD CS. Contoso and Fabrikam plan to exchange signed and encrypted email messages. You need to ensure that the client computers in both Contoso and Fabrikam trust each other’s email certificates. The solution must prevent other certificates from being trusted. What should you do? More than one answer choice may achieve the goal. Select the BEST answer.
A. Implement an online responder in each company.
B. Exchange the root certification authority (CA) certificates of both companies, and then deploy the certificates to the Trusted Root Certification Authorities store by using Group Policy objects (GPOs).
C. Exchange the root certification authority (CA) certificates of both companies, and then deploy the certificates to the Enterprise Trust store by using Group Policy objects (GPOs).
D. Implement cross-certification in each company.
Answer: D
QUESTION 13
Your network contains an Active Directory domain named contoso.com. Your company has an enterprise root certification authority (CA) named CA1. You plan to deploy Active Directory Federation Services (AD FS) to a server named Serverl. The company purchases a Microsoft Office 365 subscription. You plan register the company’s SMTP domain for Office 365 and to configure single sign-on for all users. You need to identify which certificate or certificates are required for the planned deployment. Which certificate or certificates should you identify? (Each correct answer presents a complete solution. Choose all that apply.)
A. a server authentication certificate that is issued by a trusted third-party root CA and that contains the subject name serverl.contoso.com
B. a server authentication certificate that is issued by CA1 and that contains the subject name Server1
C. a server authentication certificate that is issued by a trusted third-party root CA and that contains the subject name Server1
D. a server authentication certificate that is issued by CA1 and that contains the subject name serverl.contoso.com
E. self-signed server authentication certificates for serverl.contoso.com
Answer: AE
QUESTION 14
Your network contains an Active Directory domain named contoso.com. The network contains two servers named Server1 and Server2. You deploy Active Directory Certificate Services (AD CS). The certification authority (CA) is configured as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can issue certificates based on certificate templates. What should you do?
A. On Server1, install the Network Device Enrollment Service role service.
B. Configure Server1 as a standalone root CA.
C. Configure Server2 as an Enterprise CA
D. On Server1, run the Add-CertificateEnrollmentPolicyServer cmdlet.
Answer: C
Explanation:
In a typical CA infrastructure the Stand-alone CAs are primarily intended to be used as Trusted Offline RootCAs in a CA hierarchy or when extranets and the Internet are involved. In a stand-alone CA Certificatetemplates are not used. An enterprise CA uses certificate types, which are based on a certificate template
QUESTION 15
Your network contains an Active Directory domain named contoso.com. You plan to deploy an Active Directory Federation Services (AD FS) farm that will contain eight federation servers. You need to identify which technology or technologies must be deployed on the network before you install the federation servers. Which technology or technologies should you identify? (Each correct answer presents part of the solution. Choose all that apply.)
A. Network Load Balancing (NLB)
B. Microsoft Forefront Identity Manager (FIM) 2010
C. The Windows Internal Database feature
D. Microsoft SQL Server 2012
E. The Windows Identity Foundation 3.5 feature
Answer: AD
Explanation:
Best practices for deploying a federation server farm We recommend the following best practices for deploying a federation server in a production environment:
* (A) Use NLB or some other form of clustering to allocate a single IP address for many federation server computers.
* (D) If the AD FS configuration database will be stored in a SQL database, avoid editing the SQL database from multiple federation servers at the same time.
* If you will be deploying multiple federation servers at the same time or you know that you will be adding more servers to the farm over time, consider creating a server image of an existing federation server in the farm and then installing from that image when you need to create additional federation servers quickly.
* Reserve a static IP address for each federation server in the farm and, depending on your Domain Name System (DNS) configuration, insert an exclusion for each IP address in Dynamic Host Configuration Protocol (DHCP). Microsoft NLB technology requires that each server that participates in the NLB cluster be assigned a static IP address.
QUESTION 16
Your network contains an Active Directory domain named contoso.com. The network contains a server named Server1 that runs Windows Server 2012. Server1 has the Active Directory Certificate Services server role installed. Serve1l is configured as an offline standalone root certification authority (CA). You install the Active Directory Certificate Services server role on Server2 and configure the server as an enterprise subordinate CA. You need to ensure that the certificate issued to Server2 is valid for 10 years. What should you do first?
A. Modify the registry on Server1.
B. Modify the registry on Server2.
C. Modify the CAPolicy.inf file on Server2.
D. Modify the subordinate CA certificate template.
E. Modify the CAPolicy.inf file on Server1.
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/hh831348.aspx
http://marckean.wordpress.com/2010/07/28/build-an-offline-root-ca-with-a-subordinate-ca/
Point 4. Setup the root CA to issue certificates with an expiry date of 10 years (will issue to the Sub CA for 10 years)
Change the following registry path on the Root CA -HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration\Root-CA\ValidityPeriodUnits
Change the REG_DWORD decimal value to 10.
This changes it to 10 years, so when the Sub CA gets a certificate, it won’t expire for another 10 years.
QUESTION 17
Your company has an office in New York. Many users connect to the office from home by using the Internet. You deploy an Active Directory Certificate Services (AD CS) infrastructure that contains an enterprise certification authority (CA) named CA1. CA1 is only available from hosts on the internal network. You need to ensure that the certificate revocation list (CRL) is available to all of the users. What should you do? (Each correct answer presents part of the solution. Choose all that apply.)
A. Create a scheduled task that copies the CRL files to a Web server.
B. Run the Install-ADCSWebEnrollment cmdlet.
C. Run the Install-EnrollmentPolicyWebService cmdlet.
D. Deploy a Web server that is accessible from the Internet and the internal network.
E. Modify the location of the Authority Information Access (AIA).
F. Modify the location of the CRL distribution point (CDP).
Answer: ADF
Explanation:
D: access to CRLs for the ‘Internet scenario’ is fully supported and includes the following features:
CRLs will be located on Web servers which are Internet facing. CRLs will be accessed using the HTTP retrieval protocol. CRLs will be accessed using an external URL of http://dp1.pki.contoso.com/pki
F: To successfully authenticate an Internet Protocol over Secure Hypertext Transfer Protocol (IP- HTTPS)-based connection, DirectAccess clients must be able to check for certificate revocation of the secure sockets layer (SSL) certificate submitted by the DirectAccess server. To successfully perform intranet detection, DirectAccess clients must be able to check for certificate revocation of the SSL certificate submitted by the network location server. This procedure describes how to do the following:
Create a Web-based certificate revocation list (CRL) distribution point using Internet Information Services (IIS)
Configure permissions on the CRL distribution shared folder Publish the CRL in the CRL distribution shared folder Reference: Configure a CRL Distribution Point for Certificates
QUESTION 18
Your network contains five Active Directory forests. You plan to protect the resources in one of the forests by using Active Directory Rights Management Services (AD RMS) Users in all of the forests will access the protected resources. You need to identify the minimum number of AD RMS clusters required for the planned deployment. What should you identify?
A. One root cluster and five licensing clusters
B. One licensing cluster and five root clusters
C. Five root clusters
D. Five licensing clusters
Answer: C
QUESTION 19
Your network contains a Hyper-V host named Host1. Host1 hosts 25 virtual machines. All of the virtual machines are configured to start automatically when Host1 restarts. You discover that some of the virtual machines fail to start automatically when Host1 restarts and require an administrator to start them manually. You need to modify the settings of the virtual machines to ensure that they automatically restart when Host1 restarts. Which settings should you modify?
A. Memory weight
B. Maximum RAM
C. Startup RAM
D. Minimum RAM
Answer: C
QUESTION 20
Your network contains multiple servers that run Windows Server 2012. The network contains a Storage Area Network (SAN) that only supports Fibre Channel connections. You have two failover clusters. The failover clusters are configured as shown in the following table.
You plan to implement 15 highly available virtual machines on Cluster2. All of the virtual machines will be stored in a single shared folder. You need to ensure that the VHD files of the virtual machines can be stored on the SAN. What should you do? (Each correct answer presents a complete solution.Choose all that apply.)
A. From a node in Cluster2, create a Virtual Fibre Channel SAN.
B. From a node in Cluster1, create a Virtual Fibre Channel SAN.
C. From Cluster1, add the iSCSI Target Server cluster role.
D. From Cluster1, configure the clustered File Server role of the File Server for scale-out application data type.
Answer: AD