70-417 Upgrading Your Skills to MCSA Windows Server 2012 exam is a hot Microsoft certification exam, Exam4Training offers you the latest free online 70-417 dumps to practice. You can get online training in the following questions, all these questions are verified by Microsoft experts. If this exam changed, we will share new update questions.
Certification Provider: Microsoft Exam Name: Upgrading Your Skills to MCSA Windows Server 2012 Exam Code: 70-417 Official Exam Time: 120 mins Number of questions in the Official Exam: 40-60 Q&As Latest update time in our database: September 27,2023 70-417 Official Exam Topics:
Topic1 : Plan for a server installation, plan for server roles, plan for a server upgrade, install Server Core, optimize resource utilization by using Features on Demand, migrate roles from previous versions of Windows Server
Topic2 : Configure servers / Configure Server Core, delegate administration, add and remove features in offline images, deploy roles on remote servers, convert Server Core to/from full GUI, configure services, configure NIC teaming, install and configure Windows PowerShell Desired State Configuration (DSC)
Topic7 : Configure DirectAccess / Configure a network policy server infrastructure
Topic8 : Configure Network Access Protection (NAP) / Configure and manage Active Directory
Topic9 : Transfer and seize operations master roles, install and configure a read-only domain controller (RODC), configure domain controller cloning / Maintain Active Directory
Topic10 : Configure file and storage solutions / Implement Dynamic Access Control (DAC)
Topic11 : Configure user and device claim types, implement policy changes and staging, perform access-denied remediation, configure file classification, create and configure Central Access rules and policies, create and configure resource properties and lists / Implement business continuity and disaster recovery
Topic12 : Configure Hyper-V Replica, including Hyper-V Replica Broker and VMs; configure multi-site clustering, including network settings, quorum, and failover settings; configure Hyper-V Replica extended replication; configure Global Update Manager; recover a multi-site failover cluster / Deploy and manage IP address management (IPAM)
Topic13 : Install AD FS; implement claims-based authentication, including Relying Party Trusts; configure authentication policies; configure Workplace Join; configure multi-factor authentication /
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that has the Active Directory Federation Services server role installed. All servers run Windows Server 2012.
You complete the Active Directory Federation Services Configuration Wizard on Server1.
You need to ensure that client devices on the internal network can use Workplace Join.
Which two actions should you perform on Server1? (Each correct answer presents part of the solution. Choose two.) A . Run Enable AdfsDeviceRegistration -PrepareActiveDirectory. B . Edit the multi-factor authentication global authentication policy settings. C . Edit the primary authentication global authentication policy settings. D . Run Set-AdfsProxyPropertiesHttpPort 80. E . Run Enable-AdfsDeviceRegistration.
Answer: C, E
Explanation:
* To enable Device Registration Service
On your federation server, open a Windows PowerShell command window and type:
Enable-AdfsDeviceRegistration
Repeat this step on each federation farm node in your AD FS farm..
Enable seamless second factor authentication
Seamless second factor authentication is an enhancement in AD FS that provides an added level of access protection to corporate resources and applications from external devices that are trying to access them. When a personal device is Workplace Joined, it becomes a ‘known’ device and administrators can use this information to drive conditional access and gate access to resources.
To enable seamless second factor authentication, persistent single sign-on (SSO) and conditional access for Workplace Joined devices
In the AD FS Management console, navigate to Authentication Policies. Select Edit Global Primary Authentication. Select the check box next to Enable Device Authentication, and then click OK.
Your network contains an Active Directory domain named contoso.com. Technicians use Windows Deployment Services {WDS) to deploy Windows Server 2012 R2. The network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. You need to ensure that you can use WDS to deploy Windows Server 2012 R2 to a virtual machine named VM1.
Which settings should you configure? To answer, select the appropriate settings in the answer area.
Answer:
Explanation:
WDS Allows network-based installation of Windows operating systems, which reduces the complexity and cost when compared to manual installations. Thus you should configure the appropriate network settings.
Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2. On Server1, you create a Data Collector Set (DCS) named Data1.
You need to export Data1 to Server2.
What should you do first? A . Right-click Data1 and click Save template… B . Right-click Data1 and click Export list… C . Right-click Data1 and click Data Manager… D . Right-click Data1 and click Properties.
Answer: A
Explanation:
Exporting Templates
To export a Data Collector Set you create as a template for use on other computers, open Windows Performance Monitor, expand Data Collector Sets, right-click the Data Collector Set you want to export, and click Save Template . Select a directory in which to store the XML file and click Save .
Reference: Create a Data Collector Set from a Template
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server3. The network contains a standalone server named Server2. All servers run Windows Server 2012 R2.
The servers are configured as shown in the following table.
Server3 hosts an application named App1. App1 is accessible internally by using the URL https://app1.contoso.com. App1 only supports Integrated Windows authentication. You need to ensure that all users from the Internet are pre-authenticated before they can access App1.
What should you do? To answer, drag the appropriate servers to the correct actions. Each server may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Explanation:
Web application proxy Active Directory Federation Services relaying party trust
Note:
Box 1: add a new relying party trust by using the AD FS Management snap-in and manually configure the settings on a federation server.
Box 2: When publishing applications that use Integrated Windows authentication, the Web Application Proxy server uses Kerberos constrained delegation to authenticate users to the published application.
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2.
All domain user accounts have the Division attribute automatically populated as part of the user provisioning process. The Support for Dynamic Access Control and Kerberos armoring policy is enabled for the domain.
You need to control access to the file shares on Server1 based on the values in the Division attribute and the Division resource property.
Which three actions should you perform in sequence?
Answer:
Explanation:
* First create a claim type for the property, then create a reference resource property that points back to the claim. Finally set the classification value on the folder.
Your network contains an Active Directory domain named contoso.com. The network contains a file server named Server1 that runs Windows Server 2012 R2.
You are configuring a central access policy for temporary employees.
You enable the Department resource property and assign the property a suggested value of Temp.
You need to configure a target resource condition for the central access rule that is scoped to resources assigned to Temp only.
Which condition should you use? A . (Department.Value Equals "Temp") B . (Resource.Department Equals "Temp") C . (Temp.Resource Equals "Department") D . (Resource.Temp Equals "Department")
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 has the DHCP Server server role and the Network Policy Server role service installed.
Server1 contains three non-overlapping scopes named Scope1, Scope2, and Scope3. Server1 currently provides the same Network Access Protection (NAP) settings to the three scopes.
You modify the settings of Scope1 as shown in the exhibit. (Click the Exhibit button.)
You need to configure Server1 to provide unique NAP enforcement settings to the NAP non-compliant DHCP clients from Scope1.
What should you create?
A. A network policy that has the MS-Service Class condition
B. A connection request policy that has the Service Type condition
C. A network policy that has the Identity Type condition
D. A connection request policy that has the Identity Type condition
Answer: A
Explanation:
A. Restricts the policy to clients that have received an IP address from a DHCP scope that matches the specified DHCP profile name. This condition is used only when you are deploying NAP with the DHCP enforcement method. To use the MS-Service Class attribute, in Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile.
Your network contains an Active Directory domain named contoso.com. The network contains a file server named Server1 that runs Windows Server 2012 R2.
You are configuring a central access policy for temporary employees.
You enable the Department resource property and assign the property a suggested value of Temp.
You need to configure a target resource condition for the central access rule that is scoped to resources assigned to Temp only.
Which condition should you use? A . (Department.Value Equals "Temp") B . (Resource.Department Equals "Temp") C . (Temp.Resource Equals "Department") D . (Resource.Temp Equals "Department")
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
In a remote site, a support technician installs a server named DC10 that runs Windows Server 2012 R2. DC10 is currently a member of a workgroup.
You plan to promote DC10 to a read-only domain controller (RODC).
You need to ensure that a user named ContosoUser1 can promote DC10 to a RODC in the contoso.com domain.
The solution must minimize the number of permissions assigned to User1.
What should you do? A . From Active Directory Administrative Center, pre-create an RODC computer account. B . FromDsmgmt, run the local roles command. C . Join DC10 to the domain. Modify the properties of the DC10 computer account. D . Join DC10 to the domain. Run dsmod and specify the /server switch.
Answer: A
Explanation:
A staged read only domain controller (RODC) installation works in two discrete phases:
