← Back to exam page

70-412 Configuring Advanced Windows Server 2012 R2 Services

Loading demo links...

Showing 7–9 of 20 questions

Question 7 (Volume C)

You are about to promote a server running the Windows Server 2012 R2 operating system to domain controller. The domain is currently running at the Windows Server 2008 domain functional level. Your account is a member of the Domain Admins group.

Which additional groups should your account be a member of to ensure that the environment is appropriately configured for this domain controller running

Windows Server 2012 R2? (Choose two. Each answer forms part of a complete solution.)

Select all that apply, then click Submit answer.

  • Schema Admins

  • Enterprise Admins

  • Account Operators

  • Server Operators
Question 8 (Volume B)

Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2.

You install the DHCP Server server role on Server1 and Server2. You install the IP Address Management (IPAM) Server feature on Server1.

You notice that you cannot discover Server1 or Server2 in IPAM.

You need to ensure that you can use IPAM to discover the DHCP infrastructure.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

Select all that apply, then click Submit answer.

  • On Server2, create an IPv4 scope.

  • On Server1, run the Add-IpamServerInventory cmdlet.

  • On Server2, run the Add-DhcpServerInDc cmdlet

  • On both Server1 and Server2, run the Add-DhcpServerv4Policy cmdlet.

  • On Server1, uninstall the DHCP Server server role.
Question 9 (Volume C)

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has an enterprise root certification authority (CA) for contoso.com.

You deploy another member server named Server2 that runs Windows Server 2012 R2 and has the Web Server (IIS) server role installed.

You need to designate a website on Server1 as the certificate revocation list (CRL) distribution point for the CA. The solution must ensure that CRLs are published automatically to Server2.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

Select all that apply, then click Submit answer.

  • Create an http:// CRL distribution point (CDP) entry.
    To specify CRL distribution points in issued certificates Open the Certification Authority snap-in.
    In the console tree, click the name of the CA.
    On the Action menu, click Properties, and then click the Extensions tab. Confirm that Select extension is set to CRL Distribution Point (CDP).
    Do one or more of the following. (The list of CRL distribution points is in the Specify locations from which users can obtain a certificate revocation list (CRL) box.)
    To indicate that you want to use a URL as a CRL distribution point
    Click the CRL distribution point, select the Include in the CDP extension of issued certificates check box, and then click OK. Click Yes to stop and restart Active Directory Certificate Services (AD CS).

  • Configure a CA exit module.

  • Create a file:// CRL distribution point (CDP) entry.

  • Configure a CA policy module.
    You can specify CRL Distribution Points (CDPs) in CAPolicy.inf. Note that any CDP in CAPolicy.inf will take precedence for certificate verifiers over the CDP's specified in the CA policy module.
    Note:
    CRLDistributionPoint
    You can specify CRL Distribution Points (CDPs) for a root CA certificate in the CAPolicy.inf. This section does not configure the CDP for the CA itself. After the CA has been installed you can configure the CDP URLs that the CA will include in each certificate that it issues. The URLs specified in this section of the CAPolicy.inf file are included in the root CA certificate itself.
    Example:
    [CRLDistributionPoint]
    URL=http://pki.wingtiptoys.com/cdp/WingtipToysRootCA.crl

  • Configure an enrollment agent.