♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Microsoft 70-410 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 70-410 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/70-410-exam-dumps.html
Q1. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains 500 servers that run Windows Server 2012 R2.
You have a written security policy that states the following:
Only required ports must be open on the servers.
All of the servers must have Windows Firewall enabled.
Client computers used by administrators must be allowed to access all of the ports
on all of the servers.
Client computers used by the administrators must be authenticated before the
client computers can access the servers.
You have a client computer named Computer1 that runs Windows 8.
... .
You need to ensure that you can use Computer1 to access all of the ports on all of the servers successfully. The solution must adhere to the security policy.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. On Computer1, create a connection security rule.
B. On all of the servers, create an outbound rule and select the Allow the connection if it is secure option.
C. On all of the servers, create an inbound rule and select the Allow the connection if it is secure option.
D. On Computer1, create an inbound rule and select the Allow the connection if it is secure option.
E. On Computer1, create an outbound rule and select the Allow the connection if it is secure option.
F. On all of the servers, create a connection security rule.
Answer: A,C,F
Explanation:
Unlike firewall rules, which operate unilaterally, connection security rules require that both
communicating computers have a policy with connection security rules or another
compatible IPsec policy.
Traffic that matches a firewall rule that uses the Allow connection if it is secure setting
bypasses Windows Firewall. The rule can filter the traffic by IP address, port, or protocol.
This method is supported on Windows Vista or Windows Server 2008.
References:
http://technet.microsoft.com/en-us/library/cc772021.aspx
http://technet.microsoft.com/en-us/library/cc753463.aspx
Q2. - (Topic 2)
Your network contains an Active Directory domain named adatum.com. The domain contains a member server named L0N-DC1. L0N-DC1 runs Windows Server 2012 R2 and has the DHCP Server server role installed.
The network contains 100 client computers and 50 IP phones. The computers and the phones are from the same vendor.
You create an IPv4 scope that contains addresses from 172.16.0.1 to 172.16.1.254.
You need to ensure that the IP phones receive IP addresses in the range of 172.16.1.100 to 172.16.1.200. The solution must minimize administrative effort.
What should you create?
A. Server level policies
B. Reservations
C. Filters
D. Scope level policies
Answer: D
Explanation:
The scope is already in place.
Scope level policies are typically settings that only apply to that scope. They can also
overwrite a setting that was set at the server level.
When a client matches the conditions of a policy, the DHCP server responds to the clients
based on the settings of a policy.
Settings associated to a policy can be an IP address range and/or options.
An administrator could configure the policy to provide an IP address from a specified sub-range within the overall IP address range of the scope.
You can also provide different option values for clients satisfying this policy.
Policies can be defined server wide or for a specific scope.
A server wide policy – on the same lines as server wide option values – is applicable to all
scopes on the DHCP server.
A server wide policy however cannot have an IP address range associated with it.
There a couple of ways to segregate clients based on the type of device. One way to do
this is by using vendor class/identifier.
This string sent in option 60 by most DHCP clients identify the vendor and thereby the type
of the device.
Another way to segregate clients based on device type is by using the MAC address prefix.
The first three bytes of a MAC address is called OUI and identify the vendor or
manufacturer of the device.
By creating DHCP policies with conditions based on Vendor Class or MAC address prefix,
you can now segregate the clients in your subnet in such a way, that devices of a specific
type get an IP address only from a specified IP address range within the scope. You can
also give different set of options to these clients.
In conclusion, DHCP policies in Windows Server 2012 R2 enables grouping of
clients/devices using the different criteria and delivering targeted network configuration to
them.
Policy based assignment in Windows Server 2012 R2 DHCP allows you to create simple
yet powerful rules to administer DHCP on your network.
References: Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 6: Network Administration, p.253
Q3. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Server1 runs Windows Server 2012 R2. Server2 runs Windows Server 2008 R2 Service Pack 1 (SP1) and has the DHCP Server server role installed.
You need to manage DHCP on Server2 by using the DHCP console on Server1.
What should you do first?
A. From Windows PowerShell on Server1, run Install-Windows Feature.
B. From Windows Firewall with Advanced Security on Server2, create an inbound rule.
C. From Internet Explorer on Server2, download and install Windows Management Framework 3.0.
Answer: B
Explanation:
When the DHCP role is installed, it appears that the firewall rules are automatically added,
so C is not valid (not only that, but either way it is an existing rule that one would need only
enable nonetheless, not create a new rule). This means you only need to add the DHCP
Manager MMC snap-in which is a Role Administration Tool feature.
So the correct answer must be B.
References:
Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 6 Network
Administration, p.228
Q4. - (Topic 2)
You have a server named Server1 that runs Windows Server 2012 R2.
You try to install the Microsoft .NET Framework 3.5 Features feature on Server1, but the
installation fails repeatedly.
You need to ensure that the feature can be installed on Server1.
What should you do?
A. Install Windows Identity Foundation (WIF) 3.5.
B. Install the Web Server (IIS) server role.
C. Connect Server1 to the Internet.
D. Run the Add-AppxProvisionedPackage cmdlet.
Answer: C
Explanation:
The files needed are no longer available on the local Hard drive. We need to connect the server to the Internet. Important to note that when starting with Windows Server 2012 R2 and Windows 8, the feature files for .NET Framework 3.5 (which includes .NET Framework 2.0 and .NET Framework 3.0) are not available on the local computer by default. The files have been removed. Files for features that have been removed in a Features on Demand configuration, along with feature files for .NET Framework 3.5, are available through Windows Update. By default, if feature files are not available on the destination server that is running Windows Server 2012 R2 Preview or Windows Server 2012 R2, the installation process searches for the missing files by connecting to Windows Update. You can override the default behavior by configuring a Group Policy setting or specifying an alternate source path during installation, whether you are installing by using the Add Roles and Features Wizard GUI or a command line.
Q5. - (Topic 3)
You perform a Server Core Installation of Windows Server 2012 R2 on a server named Server1.
You need to add a graphical user interface (GUI) to Server1.
Which tool should you use?
A. The Install-WindowsFeature cmdlet
B. The Install-Module cmdlet
C. The Install-RoleService cmdlet
D. The setup.exe command
Answer: A
Explanation:
The DISM command is called by the Add-WindowsFeature commanD. Here is the syntax for DISM:
Dism /online /enable-feature /featurename:ServerCore-FullServer /featurename:Server-Gui-Shell /featurename:Server-Gui-Mgmt
Q6. HOTSPOT - (Topic 2)
You have a server named DHCP1 that runs Windows Server 2012 R2. DHCP1 does not
have access to the Internet.
All roles are removed completely from DHCP1.
You mount a Windows Server 2012 R2 installation image to the C:Mount folder.
You need to install the DHCP Server server role on DHCP1 by using Server Manager.
Which folder should you specify as the alternate path for the source files?
To answer, select the appropriate folder in the answer area.
Answer:
Q7. - (Topic 1)
Your network contains a server named Server1 that runs Windows Server 2012
R2.Server1 has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.
You need to ensure that VM1 can use more CPU time than the other virtual machines when the CPUs on Server1 are under a heavy load.
What should you configure?
A. NUMA topology
B. Resource control
C. resource metering
D. virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Answer: B
Explanation:
B. Resource controls provide you with several ways to control the way that Hyper-V allocates resources to virtual machine. Resource control in used in the event where you need to adjust the computing resources of a virtual machine, you can reconfigure the resources to meet the changing needs. You can also specify resource controls to automate how resources are allocated to virtual machines.
References:
http://technet.microsoft.com/en-us/library/cc766320(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh831410.aspx http://technet.microsoft.com/en-us/library/cc742470.aspx Exam Ref 70-410, Installing and Configuring Windows Server 2012 R2, Chapter 3: Configure Hyper-V, Objective 3.1: Create and Configure virtual machine settings, p.144 Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter 7: Hyper-V Virtualization, Lesson 2: Deploying and configuring virtual machines, p.335
Q8. - (Topic 1)
Your network contains an Active Directory domain named adatum.com.
You discover that when users join computers to the domain, the computer accounts are created in the Computers container.
You need to ensure that when users join computers to the domain, the computer accounts are automatically created in an organizational unit (OU) named All_Computers.
What should you do?
A. From a command prompt, run the redircmp.exe command.
B. From ADSI Edit, configure the properties of the OU1 object.
C. From Ldp, configure the properties of the Computers container.
D. From Windows PowerShell, run the Move-ADObject cmdlet.
Answer: A
Explanation:
This command redirects the default container for newly created computers to a specified, target organizational unit (OU) so that newly created computer objects are created in the specific target OU instead of in All_Computers.
: http://technet.microsoft.com/en-us/library/cc770619.aspx
Q9. - (Topic 1)
Your network contains an Active Directory domain named contoso.com.
All client computers run Windows 8.
You deploy a server named Server1 that runs Windows Server 2012 R2.
You install a new client-server application named App1 on Server1 and on the client
computers. The client computers must use TCP port 6444 to connect to App1 on Server1.Server1 publishes the information of App1 to an intranet server named Server2 by using TCP port 3080.
You need to ensure that all of the client computers can connect to App1. The solution must
ensure that the application can connect to Server2.
Which Windows Firewall rule should you create on Server1?
A. an inbound rule to allow a connection to TCP port 3080
B. an outbound rule to allow a connection to TCP port 3080
C. an outbound rule to allow a connection to TCP port 6444
D. an inbound rule to allow a connection to TCP port 6444
Answer: D
Explanation:
A. Server2 needs inbound on 3080.
B. All ports outbound allowed by default.
D. Server1 gets request from Client PC’s it needs an inbound rule for 6444. By default, Windows Firewall with Advanced Security blocks all unsolicited inbound network traffic, and allows all outbound network traffic. For unsolicited inbound network traffic to reach your computer, you must create an allow rule to permit that type of network traffic. If a network program cannot get access, verify that in the Windows Firewall with Advanced Security snap-in there is an active allow rule for the current profile. To verify that there is an active allow rule, double-click Monitoring and then click Firewall. If there is no active allow rule for the program, go to the Inbound Rules node and create a new rule for that program. Create either a program rule, or a service rule, or search for a group that applies to the feature and make sure all the rules in the group are enabled. To permit the traffic, you must create a rule for the program that needs to listen for that traffic. If you know the TCP or UDP port numbers required by the program, you can additionally restrict the rule to only those ports, reducing the vulnerability of opening up all ports for the program.
Q10. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have Windows Server 2012 R2 installed.
You have been instructed to make sure that Contoso.com users are not able to install a Windows Store application. You then create a rule for packaged apps.
Which of the following is the rule based on? (Choose all that apply.)
A. The publisher of the package.
B. The publisher of the application.
C. The name of the package
D. The name of the application
E. The package version.
F. The application version.
Answer: A,C,E
Explanation:
Packaged apps (also known as Windows 8 apps) are new to Windows Server 2012 R2 and Windows 8. They are based on the new app model that ensures that all the files within an app package share the same identity. Therefore, it is possible to control the entire application using a single AppLocker rule as opposed to the non-packaged apps where each file within the app could have a unique identity. Windows does not support unsigned packaged apps which implies all packaged apps must be signed. AppLocker supports only publisher rules for Packaged apps. A publisher rule for a Packaged app is based on the following information: Publisher of the package Package name Package version All the files within a package as well as the package installer share these attributes. Therefore, an AppLocker rule for a Packaged app controls both the installation as well as the running of the app. Otherwise, the publisher rules for Packaged apps are no different than the rest of the rule collections; they support exceptions, can be increased or decreased in scope, and can be assigned to users and groups.