Microsoft.Actualtests.70-412.v2014-04-07.by.MELANIE.257q.vce

han

Thursday, November 27, 2014 4:59 AM UT

Also, KDC support and DAC requirements are two different things.
DAC requires 2003 forest level and at least one 2012 DC in a domain to save resource properties and Central Access Rules.

So, I would be careful to read questions what they ask.

han

Thursday, November 27, 2014 4:55 AM UT

I was browsing internet for 'KDC support for claims, compound authentication, and Kerberos armoring'.

First of all, this KDC support requires 2008 or higher.
Second, to support 'Always provide Claims' and 'Fail unarmored authentication requests'(these two are new in 2012), you need 2012 domain functional level.

The question asks ''KDC support for claims, compound authentication, and Kerberos armoring' only, but didn't mention about the two 2012 features. So, the answer is do nothing.

I saw some says here that the question appeared in the real exam, I doubt the question was exactly the same as the wrong question in the dump.

ref. http://technet.microsoft.com/en-us/library/d7d7f393-6ca8-4ade-88a9-802d51717952#BKMK_Sup4ClaimsCAarmoring

Flippy

Wednesday, April 30, 2014 3:26 PM UT

Well, I didn't`t pass today 394/700.I Study only this dump. It is still valid with 3 new questions. And some questions where ask differently. MS gave me 61 questions to play with. I seems obvious that I underestimate learning the questions & answers and study not enough. This give the thrill to start all over again.

PouSs

Tuesday, April 29, 2014 11:44 AM UT

Passed today with 8xx.
Dump Not perfect but enough to get it.

One new question about NIC/storage load balancing.

Studied WENDY and MELANIE.

Good luck!

mcse

Saturday, April 26, 2014 9:08 AM UT

Valid in pakistan ......?

Christian

Thursday, April 24, 2014 1:43 PM UT

70-412 exam passed with 911. For preparation, I studied only melanie. Unfortunately, many of the answers are wrong, but enough to go with 700, only through technet I proceeded to correct many. Not all questions were from Melanie, at least two or three never seen before. It 'still need to study very hard.

whatevermyname

Wednesday, April 23, 2014 3:26 PM UT

Btw, this website haven't uploaded my other comments but i have changed the answers of few questions. Here they are :
Configure and manage high availability
Q16 C&D
Configure file and storage solutions
Q5 A&C
Q12 B only
Q13 B&D
Q32 B

Charlielalicorne

Tuesday, April 22, 2014 10:15 PM UT

I passed the exam with 823 ! pretty happy about it. Finally mcsa! @Mark indeed the famous question Q22 for the compound and KDC was there! i answered to upgrade both DC2008 to 2012 since it was asked to enforce the entire domain (child + root).

Here are the 61 questions that ive got in my exam. Yes, i have good memory.
Configure and manage high availability
Q2, Q5, Q15, Q18, Q23, Q25, Q26, Q28, Q29, Q33 (Diff Answer : i answered suspend-NLBClusterNode), Q36
Configure file and storage solutions
Q4, Q9, Q10, Q19, Q26, Q31, Q32, Q37, Q41
Implement business continuity and disaster recovery
Q2, Q4, Q5, Q6 (Diff question concerning VM5 i answered : Server1 - test failover), Q12, Q13, Q14, Q23, Q25
Configure Network Services
Q3, Q4, Q6, Q10, Q22, Q30, Q31, Q34 (a little differently asked - same answer), Q36, Q40, Q44 (different answers : set-dnsacheaging etc i answered set-dnsservercache), Q45
Configure the AD infrastructure
Q1, Q5, Q18, Q20 (2003, 2003 + select DNS), Q22 (I answered Upgrade DC1, DC11 to enforce the entire domain), Q23, Q30, Q35, Q36, Q37
Configure Identity and Access solutions
Q5, Q11, Q13 (I answered Active Directory Users and Computers since ADAC wasn't there), Q17 (diff answer : i answered Install-AdcsCertificationAuthority) Q19, Q24, Q28, Q34, Q38, Q42

Q6 look up priscilla dump, ive seen it there
Q22 look up priscilla dump for info

Good luck!

Jess

Monday, April 21, 2014 8:06 PM UT

The first requirement is a Windows Server 2012 domain controller. This new authorization and auditing mechanism requires extensions to Active Directory. These new extensions build Windows claim types, which is where Windows stores claims for an Active Directory forest.

Another dependency upon which claims authorization relies in the Kerberos Key Distribution Center (KDC). The Windows Server 2012 KDC contains Kerberos enhancements required to transport claims within a Kerberos ticket and compound authentication. Windows Server 2012 KDC also includes an enhancement to support Kerberos armoring.

Note:

Your environment only requires a Windows Server 2012 KDC when you base authorization decisions on claims that are sourced from Active Directory attributes or certificates. Authorization decisions based on group memberships, including conditional expressions that use the memberOf operator do not require a Windows Server 2012 KDC.

Lastly, the Security Accounts Manager (SAM) portion of the Windows Server 2012 domain controller understands claim types, where they are stored, and claims transformation. The KDC relies on the SAM to retrieve claim information that it uses in Kerberos tickets.

Claim-based authorization and auditing does not have a forest functional or domain functional requirement. You can implement and configure claims with a mixture of Windows Server 2008 and 2008 R2 domain controllers provided the domain has an adequate number Windows Server 2012 domain controllers to support authentication requests that include claim information.

Charlielalicone

Monday, April 21, 2014 8:05 PM UT

@Mark Yeah you definitely got all the shitty questions ! :\ sorry about that.
In fact this question is a little bit crappy since on some website it says that you will all get the new features if you have and only need one DC 2012 even tho the rest of the DCs are 2008R2. Obviously this question require an answer...

The infrastructure required to implement claims-based authorization in Active Directory includes at least one Windows Server 2012 DC in the domain where the user resides that will use this feature, one or more Windows Server 2012 DCs in each domain that will implement claims to another forest, and a Windows 8 client (for device claims). There's no requirement for forest functional level -- that is, no need to raise the forest functional level to Windows Server 2012.

http://redmondmag.com/Articles/2013/08/01/Implement-the-New-Windows-Server-2012-DAC.aspx?Page=2

Prerequisites

Claims-based authorization and auditing requires:

• Windows Server 2012

• At least one Windows Server 2012 domain controller accessible by the Windows client in the user's domain

• At least one Windows Server 2012 domain controller in each domain when using claims across a forest trust

Windows 8 client (required when using device claims)

In that case, we already have the DC2012 in the child domain so nothing should needed...

Oh well, exam is tomorrow! i will see !

Btw, i changed one question answer. This is in configure file and storage solutions Q12 : There is only one answer to that question and this is : Set the Customize message for Access Denied errors policy setting to Not Configured for GPO1. i tested it yesterday in lab.

mark

Monday, April 21, 2014 10:13 AM UT

@Charlielalicorne I had that question in the real exam and it was reworded so that claims were available in both domains. I think the answer is then to upgrade both 2008 DCs as you need domain functional level of 2012 to support claims and compound auth. If you get the only in child1.contoso.com domain question I would say first upgrade DC11 and then raise domain functional level as claims work on domain functional level and not forest.

Hurb

Friday, April 18, 2014 2:12 PM UT

Just did the exam for the second time, and I passed this one with 7XX.
I learned from 2 dumps. Wendy for the mixed questions, and Whitney for the Hotspot and drag & drop questions.
All questions came from these dumps, but there are still some wrong answers in these dumps. Luckily enough gooed answers to pass his exam!!! Thanks Whitney and Wendy. Guys, good luck with this exam, it's a tough one.

Jack

Thursday, April 17, 2014 10:02 PM UT

CBT nuggets explain it very well in the videos the stuff about the quorum... and how it works

akrisz1975

Thursday, April 17, 2014 6:45 PM UT

You create a new work folder named Share1.

You need to configure Share1 to meet the following requirements:

Ensure that all synchronized copies of Share1 are encrypted. Ensure that clients synchronize to Share1 every 30 minutes. Ensure that Share1 inherits the NTFS permissions of the parent folder.

Ensure that all synhronized copies of Share1 are encrypted. In this dump the answer is Set-SyncDevicePolicy. This commandlet is not exists. Neither New-SyncDevicePolicy. IMO correct answer is Enable-SyncShare. What do you think of it ?

akrisz1975

Thursday, April 17, 2014 6:39 PM UT

TonUS

That you read is right for WIndows 2008 (R2).
In case of Win2012:

Depending on the number of nodes in your cluster (an even number or an odd number) you had a veritable plethora of quorum models to choose from including Node Majority, Node and Disk Majority or Node and File Share Majority amongst others.

Now, that choice has been made much simpler: you need only decide whether to use a Disk Witness or a File Share Witness? Unlike previous versions of Windows Server, using a Witness for our failover clusters is now recommended. Gone are the days when a failed Disk Witness could bring down a cluster.

Charlielalicorne

Thursday, April 17, 2014 3:38 PM UT

@Mark i dont think MS will give answerless question.
I honestly have no good answer to this question. For me A would be the best one even though it wont change much to the situation and adprep has been done already.

I agree for the work folders one. This is one question that i have been looking into and the answers given for this question are terrible : i would as well answer new-synshare as defined here : http://blogs.technet.com/b/canitpro/archive/2013/11/13/step-by-step-creating-a-work-folders-test-lab-deployment-in-windows-server-2012-r2.aspx

The other question i couldn't answer anything was the Q22 in Configure the AD infrastructure. "You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring setting is enforced in the child1.contoso.com domain"
There is nothing to be done here, the explanation is wrong, the Forest functional doesn't need to be raise to 2012 and we already have a DC 2012 to get all the KDC support for claims etc.

I will look into that this weekend.. my exam is next Tuesday so if i find anything else ill post it here.

akrisz1975

Thursday, April 17, 2014 3:24 PM UT

ToNus

I think Node and disk majority & Node and File Share

No majority Disk Only not recommended

Tie Break for 50% Node Split

Let’s look at a more complex example with a cluster that has four members, each having a vote along with a Witness that also has a vote.

If the Witness goes offline then one of the cluster members will be chosen and their vote will be removed. This leaves us with a cluster that has three votes’, and we attain the odd number of votes necessary to maintain our cluster. This dynamic functionality is particularly useful for a geographically dispersed cluster.

Where a four node cluster is split across two sites and the File Share Witness goes offline, one node is chosen and its vote is removed. Again, we are left with three votes and the cluster is maintained. If the two sites were then loose connectivity, the side of the cluster that has two votes would remain up and keep the cluster running.

Although this behaviour is automatic, we can influence the choice of which cluster member loses its vote my using the new LowerQuorumPriorityNodeID Property. Assigning this property to a node at the disaster recovery (DR) site, we can make sure our primary site stays up.

Jay

Thursday, April 17, 2014 2:36 PM UT

T0nus i think the answer is :
Node and File Share Majority
Node and Disk Majority

It is recommended to have an odd number of total votes in the cluster since quorum requires more than half of the votes to be online. If I have a 4-node cluster, and only give each node a vote for 4 total votes, I need 3 nodes to stay running to maintain quorum with more than half of the votes. This means I can only sustain a single node failure. However, by assigning a disk or FSW a 5th vote, I still need 3 votes to maintain quorum, however I can now sustain two node failures, instead of one. So by adding these extra votes by using a disk or file share, instead of requiring the purchase of an additional node, Failover Clustering can offer higher availability at a much lower cost.

T0nus

Wednesday, April 16, 2014 12:49 PM UT

According to technet :
http://technet.microsoft.com/fr-fr/library/dd197496(v=ws.10).aspx

Table in section "Choosing the quorum mode for a particular cluster" says that : Node and disk majority is recommended when you have an even number of nodes BUT not in a multi-site cluster

So, what do you think the answer is ?
Node and disk majority & Node and File Share"
or
Node and File Share & No majority: disk only ?

akrisz1975

Wednesday, April 16, 2014 10:30 AM UT

T0nus

IMO
Node and File Share Majority
Node and Disk Majority

http://www.techworld.com.au/article/539543/windows_server_2012_r2_failover_clustering_understanding_quorum_improvements/

Now, that choice has been made much simpler: you need only decide whether to use a Disk Witness or a File Share Witness? Unlike previous versions of Windows Server, using a Witness for our failover clusters is now recommended. Gone are the days when a failed Disk Witness could bring down a cluster.

Jumping

Tuesday, April 15, 2014 6:59 PM UT

I understand this all is getting a big scam

Jay

Tuesday, April 15, 2014 4:19 PM UT

Hello T0nus! you are right, It cannot be Node Majority or No Majority : Disk only since when it fails we need to have 2 nodes up and with that setting we will only have 1 up.

thanks a lot i will change the dump
http://blogs.msdn.com/b/clustering/archive/2010/05/14/10012930.aspx

mark

Tuesday, April 15, 2014 12:50 PM UT

@Charlielalicorne Thanks for confirming. This question was in the actual exam and was worded the same! As I failed I was looking at where I potentially went wrong. But would Microsoft really give you an answerless question? I thought their exam policy was that there is always a 100% correct answer and the rest are 100% wrong. If I see it again in my resit, I am going to comment it and raise a challenge with Microsoft. There are a couple of others as well I believe are wrong especially the work folders question where it says you need to ensure user1 from all domains have a unique folder under sync1. which powershell command would you run and the answer seems to be Set-SyncShare BUt you need to modify the -UserFolderName from username to alias@domain and this switch is only available in New-SyncShare commandlet. It seems this is another question whereby the answer is none?

Charlielalicorne

Monday, April 14, 2014 6:30 PM UT

Sorry just figured out that the DC2012 was a PDC emulator which means it has already been promoted to the domain. in this case something in this question is def missing!

Charlielalicorne

Monday, April 14, 2014 6:25 PM UT

@Mark, you are right. The question is badly asked and in this case there's nothing to do. I think a part of the questions is missing and in the "real" MS question the part that needed to be added is " DC2012 hasnt been introduced yet to the domain" what should you do ?! :) well adprep it ! so A.

Same thing with the question 22 in "configure the AD infra" section. Nothing needs to be done there. Question is not well transferred.
good luck!

Jay

Monday, April 14, 2014 3:07 PM UT

Janice before giving unnecessary comments yourself you should read better what i wrote :) ..... and for your information my job is already done :) this is my dump! i hope you will pass your exam! lol

T0nus

Monday, April 14, 2014 8:53 AM UT

Configure and manage high availability, Q9

I think answers in dumps are wrong.
It's not "Node majority" and "No majority:disk only".

Correct answers should be :
"No majority:disk only" and "Node and File Share majority".

http://technet.microsoft.com/fr-fr/library/dd197496(v=ws.10).aspx

"If I have a 4-node cluster, and only give each node a vote for 4 total votes, I need 3 nodes to stay running to maintain quorum with more than half of the votes."

It can't be "Node majority"

Are you ok with that ?

Janice

Friday, April 11, 2014 9:08 PM UT

Jay, If you are studying all the questions through the heart.. then what are you doing here.. dont give unnecessary comments.. go and do your job...

HP

Friday, April 11, 2014 4:45 PM UT

I've passed, score 788. I've learned dumps of snowden (old but good), Andy and Angela. Don't know which answers were wrong, but Microsoft has changed the possible answers for some questions. The change of the answers was not really a problem, i think the change made it a little bit easier.

SkyTheLimit

Friday, April 11, 2014 11:34 AM UT

I believe Jay is right... U dt just learn the questions by heart whch many people are doing and failing. Know what u are answering, do research from technet... put the right answers there...

mark

Friday, April 11, 2014 11:05 AM UT

Looking through these dumps one question is bugging me - any advice

Question:
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.
DC1 Server 2003 RID Master
DC2 Server 2003 Infrastructure Master
DC3 Server 2012 PDC emulator

You discover that when you run Group Policy Results from Group Policy Management, the settings from site-linked Group Policy objects (GPOs) fail to appear in the results.

You need to ensure that the settings from site-linked GPOs appear in the results.

What should you do first?

I believe the answer to be nothing in this case because
Adprep would have already run as part of the wizard when DC3 was added as a domain controller
Infrastructure Master transfer would do nothing as it handles all replication of AD objects and PDC handles all GPOs
Upgrading DC2 to 2012 R2 brings nothing to the table in respect to this
Run adprep on DC1 using 2003 media - why - wouldn't do a thing since the schema has already been extended beyond 2003 as result from adding 2012 DC
I have labbed this up and needed to do nothing to show site linked gpo settings in gpresult
Can anyone confirm this?
thanks

Jay

Thursday, April 10, 2014 3:59 PM UT

People are complaining that they dont pass but they dont do their homework! its not only a matter of knowing all by heart all the questions and answer ! you have to understand the technology!

David

Wednesday, April 09, 2014 6:52 PM UT

is this Valid?

mark

Wednesday, April 09, 2014 12:55 PM UT

Failed for the second time 690/700 using these and the exam collection premium dump. The questions in these dumps are valid but Microsoft have sometimes changed the answer options into either a different order or added in a new answer option and removed some. Unfortunately this is setting the tone moving forward that you really need to lab it up and learn and not to rely on these. yes the questions are accurate, but my advice learn and look up your own answers. going to take 3 in couple of weeks