Our pass rate is high to 98.9% and the similarity percentage between our 70 410 practice exam study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Microsoft 70 410 pdf exam in just one try? I am currently studying for the Microsoft exam 70 410 pdf exam. Latest Microsoft 70 410 exam Test exam practice questions and answers, Try Microsoft exam 70 410 pdf Brain Dumps First.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Microsoft 70-410 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 70-410 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/70-410-exam-dumps.html
P.S. Downloadable 70-410 samples are available on Google Drive, GET MORE: https://drive.google.com/open?id=16ut0voxG5Ce_wyqo4CtkFBe9CQR5t74p
New Microsoft 70-410 Exam Dumps Collection (Question 3 - Question 12)
Q3. Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 are part of a workgroup.
On Server1 and Server2, you create a local user account named Admin1.You add the account to the local Administrators group. On both servers, Admin1 has the same password.
You log on to Server1 as Admin1. You open Computer Management and you.connect to Server2.
When you attempt to create a scheduled task, view the event logs, and manage the shared folders, you receive Access Denied messages.
You need to ensure that you can administer Server2 remotely from Server1 by using Computer Management.
What should you configure on Server2?
A. From Server Manager, modify the Remote Management setting.
B. From Local Users and Groups, modify the membership of the Remote Management Users group.
C. From Windows Firewall, modify the Windows Management Instrumentation (WMI) firewall rule.
D. From Registry Editor, configure the LocalAccountTokenFilterPolicy registry value.
Answer: D
Explanation:
The LocalAccountTokenFilterPolicy setting affects how administrator credentials are applied to remotely administer the computer.
Reference: http://support.microsoft.com/kb/942817
Q4. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. Client computers run either Windows 7 or Windows 8.
All of the computer accounts of the client computers reside in an organizational unit (OU) named Clients. A Group Policy object (GPO) named GPO1 is linked to the Clients OU. All of the client computers use a DNS server named Server1.
You configure a server named Server2 as an ISATAP router. You add a host (A) record for ISATAP to the contoso.com DNS zone.
You need to ensure that the client computers locate the ISATAP router. What should you do?
A. Run the Set-DnsServerGlobalQueryBlockList cmdlet on Server1.
B. Configure the Network Options Group Policy preference of GPO1.
C. Run the Add-DnsServerResourceRecord cmdlet on Server1.
D. Configure the DNS Client Group Policy setting of GPO1.
Answer: A
Explanation:
The Set-DnsServerGlobalQueryBlockList command will change the settings of a global query block list which you can use to ensure that client computers locate the ISATAP router.
Windows Server 2008 introduced a new feature, called u201cGlobal Query Block listu201d, which prevents some arbitrary machine from registering the DNS name of WPAD. This is a good security feature, as it prevents someone from just joining your network, and setting himself up as a proxy. The dynamic update feature of Domain Name System (DNS) makes it possible for DNS client computers to register and dynamically update their resource records with a DNS server whenever a client changes its network address or host name. This reduces the need for manual administration of zone records. This convenience comes at a cost, however, because any authorized client can register any unused host name, even a host name that might have special significance for certain Applications. This can allow a malicious user to take over a special name and divert certain types of network traffic to that useru2021s computer. Two commonly deployed protocols are particularly vulnerable to this type of takeover: the Web Proxy Automatic Discovery Protocol (WPAD) and the Intra-site Automatic Tunnel Addressing Protocol (ISATAP). Even if a network does not deploy these protocols, clients that are configured to use them are vulnerable to the takeover that DNS dynamic update enables. Most commonly, ISATAP hosts construct their PRLs by using DNS to locate a host named isatap on the local domain. For example, if the local domain is corp.contoso.com, an ISATAP-enabled host queries DNS to obtain the IPv4 address of a host named isatap.corp.contoso.com. In its default configuration, the Windows Server 2008 DNS Server service maintains a list of names that, in effect, it ignores when it receives a query to resolve the name in any zone for which the server is authoritative. Consequently, a malicious user can spoof an ISATAP router in much the same way as a malicious user can spoof a WPAD server: A malicious user can use dynamic update to register the useru2021s own computer as a counterfeit ISATAP router and then divert traffic between ISATAP-enabled computers on the network. The initial contents of the blocktypes of resource records. Use different switches for different record types. By using this cmdlet, you can list depend on whether WPAD or ISATAP is already deployed when you add the DNS server role to an existing Windows Server 2008 deployment or when you upgrade an earlier version of Windows Server running the DNS Server service. Add- DnsServerResourceRecord u2013 The Add-DnsServerResourceRecordcmdlet adds a resource record for a Domain Name System (DNS) zone on a DNS server. You can add different change a value for a record, configure whether a record has a time stamp, whether any authenticated user can update a record with the same owner name, and change lookup timeout values, Windows Internet Name Service (WINS) cache settings, and replication settings. Set-DnsServerGlobalQueryBlockList u2013 The Set- DnsServerGlobalQueryBlockListcmdlet changes settings of a global query block list on a Domain Name System (DNS) server. This cmdlet replaces all names in the list of names that the DNS server does not resolve with the names that you specify. If you need the DNS server to resolve names such as ISATAP and WPAD, remove these names from the list. Web Proxy Automatic Discovery Protocol (WPAD) and Intra-site Automatic Tunnel Addressing Protocol (ISATAP) are two commonly deployed protocols that are particularly vulnerable to hijacking.
References:
Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 4: Deploying domain controllers, Lesson 4: Configuring IPv6/IPv4 Interoperability, p. 254-256 http://technet.microsoft.com/en-us/library/jj649942(v=wps.620).aspx http://technet.microsoft.com/en-us/library/jj649876(v=wps.620).aspx http://technet.microsoft.com/en-us/library/jj649874.aspx
http://technet.microsoft.com/en-us/library/jj649909.aspx
Q5. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. Server1 is connected to two Fibre Channel SANs and is configured as shown in the following table.
You have a virtual machine named VM1.
You need to configure VM1 to connect to SAN1. What should you do first?
A. Add one HBA
B. Create a Virtual Fibre Channel SAN.
C. Create a Hyper-V virtual switch.
D. Configure network adapter teaming.
Answer: B
Explanation:
You need your virtualized workloads to connect easily and reliably to your existing storage arrays.
Windows Server 2012 provides Fibre Channel ports within the guest operating system, which allows you to connect to Fibre Channel directly from within virtual machines. This
feature protects your investments in Fibre Channel, enables you to virtualize workloads that use direct access to Fibre Channel storage, allows you to cluster guest operating systems over Fibre Channel, and provides an important new storage option for servers hosted in your virtualization infrastructure.
With this Hyper-V virtual Fibre Channel feature, you can connect to Fibre Channel storage from within a virtual machine. This allows you to use your existing Fibre Channel investments to support virtualized workloads.
Support for Fibre Channel in Hyper-V guests also includes support for many related features, such as virtual SANs, live migration, and MPIO.
Q6. Your network contains an Active Directory domain named contoso.com. All client computers run Windows You deploy a server named Server1 that runs Windows Server 2012 R2.
You install a new client-server application named App1 on Server1 and on the client computers. The client computers must use TCP port 6444 to connect to App1 on Server1.Server1 publishes the information of App1 to an intranet server named Server2 by using TCP port 3080.
You need to ensure that all of the client computers can connect to App1. The solution must ensure that the application can connect to Server2.
Which Windows Firewall rule should you create on Server1?
A. an inbound rule to allow a connection to TCP port 3080
B. an outbound rule to allow a connection to TCP port 3080
C. an outbound rule to allow a connection to TCP port 6444
D. an inbound rule to allow a connection to TCP port 6444
Answer: D
Explanation:
:A. Server2 needs inbound on 3080.
:B. All ports outbound allowed by default.
:D. Server1 gets request from Client PCu2021s it needs an inbound rule for 6444.
By default, Windows Firewall with Advanced Security blocks all unsolicited inbound network traffic, and allows all outbound network traffic. For unsolicited inbound network traffic to reach your computer, you must create an allow rule to permit that type of network traffic. If a network program cannot get access, verify that in the Windows Firewall with Advanced Security snap-in there is an active allow rule for the current profile. To verify that there is an active allow rule, double-click Monitoring and then click Firewall.
If there is no active allow rule for the program, go to the Inbound Rules node and create a new rule for that program. Create either a program rule, or a service rule, or search for a group that applies to the feature and make sure all the rules in the group are enabled. To permit the traffic, you must create a rule for the program that needs to listen for that traffic. If you know the TCP or UDP port numbers required by the program, you can additionally
restrict the rule to only those ports, reducing the vulnerability of opening up all ports for the program.
Q7. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed.
An iSCSI SAN is available on the network.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
You create a LUN on the SAN to host the virtual hard drive files for the virtual machines. You need to create a 3-TB virtual hard disk for VM1 on the LUN. The solution must prevent
VM1 from being paused if the LUN runs out of disk space. Which type of virtual hard disk should you create on the LUN?
A. Dynamically expanding VHDX
B. Fixed-size VHDX
C. Fixed-size VHD
D. Dynamically expanding VHD
Answer: B
Explanation:
The virtual disk needs to be a VHDX file since it is going to be over 2TB in size and it must be fixed-size so that the space is already taken on the server (that way the server does not
run out of space as the volume grows) even if the actual virtual disk does not yet hold that amount of data.
Q8. Your network contains an Active Directory domain named contoso.com.
All of the AppLocker policy settings for the member servers are configured in a Group Policy object (GPO) named GPO1.
A member server named Server1 runs Windows Server 2012 R2.
On Server1, you test a new set of AppLocker policy settings by using a local computer policy.
You need to merge the local AppLocker policy settings from Server1 into the AppLocker policy settings of GPO1.
What should you do?
A. From Local Group Policy Editor on Server1, export an .inf file. Import the .inf file by using Group Policy Management Editor.
B. From Server1, run the Set-ApplockerPolicy cmdlet.
C. From Local Group Policy Editor on Server1, export an .xml file. Import the .xml file by using Group Policy Management Editor.
D. From Server1, run the New-ApplockerPolicy cmdlet.
Answer: : B
Explanation:
The Set-AppLockerPolicy cmdlet sets the specified Group Policy Object (GPO) to contain the specified AppLocker policy. If no Lightweight Directory Access Protocol (LDAP) is specified, the local GPO is the default.
When the Merge parameter is used, rules in the specified AppLocker policy will be merged with the AppLocker rules in the target GPO specified in the LDAP path. The merging of policies will remove rules with duplicate rule IDs, and the enforcement setting specified by the AppLocker policy in the target GPO will be preserved. If the Merge parameter is not specified, then the new policy will overwrite the existing policy.
References:
http://technet.microsoft.com/en-us/library/ee791816(v=ws.10).aspx
Exam Ref 70-410: Installing and configuring Windows Server 2012 R2, Chapter 10: Implementing Group Policy, Lesson1: Planning, Implementing and managing Group Policy, p. 479
Q9. Your network contains a Windows Server 2012 R2 image named Server12.wim.Server12.wim contains the images shown in the following table.
You need to enable the Windows Server Migration Tools feature in the Windows Server 2012 R2 Datacenter image.
You want to achieve this goal by using the minimum amount of administrative effort. Which command should you run first?
A. dism.exe /image:c:\Server12.wim /enable-feature /featurename:servermigration
B. dism.exe /mount-wim /wimfile:c:\Server12.wim /index:4 /mountdir:c:\mount
C. imagex.exe /capture c: c:\Server12.wim "windows server 2012 r2 datacenter"
D. imagex.exe /apply c:\Server12.wim 4 c:\
Answer: B
Explanation:
This command will mount the image before making any changes. References:
http://technet.microsoft.com/en-us/library/cc749447(v=ws.10).aspx http://technet.microsoft.com/en-us/library/dd744382(v=ws.10).aspx
Q10. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named Server1 that has the DNS Server server role installed. Server1 hosts a primary zone for contoso.com.
The domain contains a member server named Server2 that is configured to use Server1 as its primary DNS server.
From Server2, you run nslookup.exe as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that when you run Nslookup, the correct name of the default server is displayed.
What should you do?
A. On Server1, create a reverse lookup zone.
B. On Server1, modify the Security settings of the contoso.com zone.
C. From Advanced TCP/IP Settings on Server1, add contoso.com to the DNS suffix list.
D. From Advanced TCP/IP Settings on Server2, add contoso.com to the DNS suffix list.
Answer: A
Explanation:
Make sure that a reverse lookup zone that is authoritative for the PTR resource record exists.
PTR records contain the information that is required for the server to perform reverse name lookups.
References:
http://technet.microsoft.com/en-us/library/cc961417.aspx
Exam Ref: 70-410: Installing and Configuring Windows Server 2012 R2, Chapter4: Deploying and configuring core network services, Objective 4.1: Configure IPv4 and IPv6 addressing, p.246
Q11. Your network contains an Active Directory domain named adatum.com. The domain contains several thousand member servers that run Windows Server 2012 R2. All of the computer accounts for the member servers are in an organizational unit (OU) named ServersAccounts.
Servers are restarted only occasionally.
You need to identify which servers were restarted during the last two days. What should you do?
A. Run dsquery computer and specify the u2013staiepwd parameter.
B. Run Get-ADComputer and specify the SearchScope parameter.
C. Run Get-ADComputer and specify the IastLogon property.
D. Run dsquery server and specify the u2013o parameter
Answer: C
Q12. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2.
On Server1, you create a printer named Printer1. You share Printer1 and publish Printer1 in Active Directory.
You need to provide a group named Group1 with the ability to manage Printer1.
What should you do?
A. From Print Management, configure the Sharing settings of Printer1.
B. From Active Directory Users and Computers, configure the Security settings of Server1- Printer1.
C. From Print Management, configure the Security settings of Printer1.
D. From Print Management, configure the Advanced settings of Printer1.
Answer: C
Explanation:
If you navigate to the Security tab of the Print Server Properties you will find the Permissions that you can set to Allow which will provide Group1 with the ability to manage Printer1.
Set permissions for print servers
u2711 Open Print Management.
u2711 In the left pane, click Print Servers, right-click the applicable print server and then click Properties.
u2711 On the Security tab, under Group or users names, click a user or group for which you want to set permissions.
u2711 Under Permissions for <user or group name>, select the Allow or Deny check boxes for the permissions listed as needeD.
u2711 To edit Special permissions, click Advanced.
u2711 On the Permissions tab, click a user group, and then click Edit.
u2711 In the Permission Entry dialog box, select the Allow or Deny check boxes for the permissions that you want to edit.
P.S. Easily pass 70-410 Exam with Allfreedumps Downloadable Dumps & pdf vce, Try Free: https://www.allfreedumps.com/70-410-dumps.html (496 New Questions)