★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 70-410 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/70-410-dumps.html
It is impossible to pass Microsoft 70-410 exam without any help in the short term. Come to Examcollection soon and find the most advanced, correct and guaranteed Microsoft 70-410 practice questions. You will get a surprising result by our Updated Installing and Configuring Windows Server 2012 practice guides.
2021 Mar 70-410 free download
Q31. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have Windows Server 2012 R2 installed.
Contoso.com has a domain controller, named ENSUREPASS-DC01.
You have been instructed to make sure that the Group Policy Administrative Templates are available centrally.
Which of the following actions should you take?
A. You should consider copying the policies folder to the PolicyDefinitions folder in the Contoso.com domain’s SYSVOL folder.
B. You should consider copying the PolicyDefinitions folder to the policies folder in the Contoso.com domain’s SYSVOL folder.
C. You should consider copying the PolicyDefinitions folder to the policies folder in the Contoso.com domain’s systemroot folder.
D. You should consider copying the PolicyDefinitions folder to the policies folder in the Contoso.com domain’s logonserver folder.
Answer: B
Explanation:
PolicyDefinitions folder within the SYSVOL folder hierarchy. By placing the ADMX files in this directory, they are replicated to every DC in the domain; by extension, the ADMX-aware Group Policy Management Console in Windows Vista, Windows 7, Windows Server 2008 and R2 can check this folder as an additional source of ADMX files, and will report them accordingly when setting your policies. By default, the folder is not created. Whether you are a single DC or several thousand, I would strongly recommend you create a Central Store and start using it for all your ADMX file storage. It really does work well. The Central Store To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain. To create a Central Store for .admx and .adml files, create a folder that is named PolicyDefinitions in the following location: \\FQDN\SYSVOL\FQDN\policies. Note: FQDN is a fully qualified domain name.
Q32. - (Topic 2)
You have a server named Server1 that runs Windows Server 2012 R2. You add an additional disk to Server1 as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that users can access the additional disk from drive C.
What should you do?
A. Convert Disk 0 to a dynamic disk and add a mirror.
B. Create a simple volume on Disk 1 and mount the volume to a folder.
C. Convert Disk 0 and Disk 1 to dynamic disks and extend a volume.
D. Convert Disk 1 to a dynamic disk and create a spanned volume.
Answer: B
Q33. DRAG DROP - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain
contains a domain controller named DC1 that has the DNS Server server role installed. DC1 hosts an Active Directory-integrated zone for the domain. The domain contains a member server named Server1.
You install the DNS Server server role on Server1.
You need to ensure that Server1 can respond authoritatively to queries for the existing contoso.com namespace.
Which cmdlets should you run on each server? (To answer, drag the appropriate cmdlets to the correct servers. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Answer:
Q34. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed.
Contoso.com has a server, named ENSUREPASS-SR07, which has the ADDS, DHCP, and DNS server roles installed. Contoso.com also has a server, named ENSUREPASS-SR08, which has the DHCP, and Remote Access server roles installed. You have configured a server, which has the File and Storage Services server role installed, to automatically acquire an IP address. The server is named ENSUREPASSSR09.
You then create reservation on ENSUREPASS-SR07, and a filter on ENSUREPASS-SR08.
Which of the following is a reason for this configuration?
A. It allows ENSUREPASS-SR09 to acquire a constant IP address from ENSUREPASS-SR08 only.
B. It configures ENSUREPASS-SR09 with a static IP address.
C. It allows ENSUREPASS-SR09 to acquire a constant IP address from ENSUREPASS-SR07 and ENSUREPASSSR08.
D. It allows ENSUREPASS-SR09 to acquire a constant IP address from ENSUREPASS-SR07 only.
Answer: D
Explanation:
To configure the Deny filter In the DHCP console tree of DHCP Server 1, under IPv4, click Filters, right-click Deny under Filters, and then click New Filter. In the New Deny Filter dialog box, in MAC Address, enter a six hexadecimal number representing the MAC or physical address of DHCP Client 2, click Add, and then click Close. Under Filters right-click the Deny node, and then click the Enable pop-up menu item.
Q35. - (Topic 3)
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. Server1 has 8 GB of RAM.
Server1 hosts five virtual machines that run Windows Server 2012 R2.
The settings of a virtual machine named Server3 are configured as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that when Server1 restarts, Server3 automatically resumes without intervention. The solution must prevent data loss.
Which settings should you modify?
A. BIOS
B. Automatic Start Action
C. Automatic Stop Action
D. Integration Services
Answer: C
Explanation:
The Automatic Stop Action setting should be modified because it will allow you to configure: “Save the virtual machine state” option instructs Hyper-V Virtual Machine Management Service to save the virtual machine state on the local disk when the Hyper-V Server shuts down. OR “Turn Off the virtual machine” is used by the Hyper-V Management Service (VMMS.exe) to gracefully turn off the virtual machine. OR “Shut down the guest operating system” is successful only if the “Hyper-V Shutdown” guest service is running in the virtual machine. The guest service is required to be running in the virtual machine as the Hyper-V VMMS.EXE process will trigger Windows Exit message which is received by the service. Once the message is received by the guest service, it takes the necessary actions to shut down the virtual machine.
: http://www.altaro.com/hyper-v/hyper-v-automatic-start-and-stop-action/
Update 70-410 free practice questions:
Q36. - (Topic 2)
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2.
The domain contains a user named User1 and a global security group named Group1.
You need to ensure that User1 can manage the group membership of Group1. The solution must minimize the number of permissions assigned to User1.
Which cmdlet should you run?
A. Add-AdPrincipalGroupMembership
B. Install-AddsDomainController
C. Install-WindowsFeature
D. Install-AddsDomain
E. Rename-AdObject
F. Set-AdAccountControl
G. Set-AdGroup
H. Set-User
Answer: G
Explanation:
The Set-ADGroup cmdlet modifies the properties of an Active Directory group. You can modify commonly used property values by using the cmdlet parameters. For example, the –ManagedBy parameter allows you to specify a user or group of users who can manage the specified AD group.
Q37. - (Topic 3)
Your network contains multiple subnets.
On one of the subnets, you deploy a server named Server1 that runs Windows Server 2012 R2.
You install the DNS Server server role on Server1, and then you create a standard primary zone named contoso.com.
You need to ensure that client computers can resolve IP addresses to host names.
What should you do first?
A. Create a GlobalNames zone.
B. Convert the contoso.com zone to an Active Directory-integrated zone.
C. Configure dynamic updates for contoso.com.
D. Create a reverse lookup zone.
Answer: D
Explanation:
Use a reverse lookup zone to be able to resolve IP addresses to host names.
Q38. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that runs Windows Server 2012 R2 and a server named Server2 that runs Windows Server 2008 R2 Service Pack 1 (SP1).Both servers are member servers.
On Server2, you install all of the software required to ensure that Server2 can be managed remotely from Server Manager.
You need to ensure that you can manage Server2 from Server1 by using Server Manager.
Which two tasks should you perform on Server2? (Each correct answer presents part of the solution.Choose two.)
A. Run the systempropertiesremote. execommand.
B. Run the Fnable-PsRemoting cmdlet.
C. Run the Enable-PsSessionConfigurationcmdlet.
D. Run the Confiqure-SMRemoting.ps1script.
E. Run the Set-ExecutionPolicycmdlet.
Answer: D,E
Explanation:
The output of this command indicates whether Server Manager Remoting is enabled or disabled on the server. To configure Server Manager remote management by using Windows PowerShell On the computer that you want to manage remotely, open a Windows PowerShell session with elevated user rights.To do this, click Start, click All Programs, click Accessories, click Windows PowerShell, right-click the Windows PowerShell shortcut, and then click Run as administrator. In the Windows PowerShell session, type the following, and then press Enter. Set-ExecutionPolicy -ExecutionPolicyRemoteSigned Type the following, and then press Enter to enable all required firewall rule exceptions. Configure-SMRemoting.ps1 -force –enable.
Q39. - (Topic 3)
Your network contains two subnets. The subnets are configured as shown in the following table.
You have a server named Server2 that runs Windows Server 2012 R2. Server2 is connected to LAN1. You run the route print command as shown in the exhibit.
You need to ensure that Server2 can communicate with the client computers on LAN2.
What should you do?
A. Change the metric of the 10.10.1.0 route.
B. Set the state of the Teredo interface to disable.
C. Set the state of the Microsoft ISATAP Adapter #2 interface to disable.
D. Run route delete 172.23.2.0.
Answer: D
Explanation:
You should delete the route 172.23.2.0 to allow communication between the client computers and Server2. The route is used to identify PIv6 /IPv4 packets that are being sent.
Q40. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.Client computers run either Windows 7 or Windows 8.
All of the computer accounts of the client computers reside in an organizational unit (OU) named Clients. A Group Policy object (GPO) named GPO1 is linked to the Clients OU. All of the client computers use a DNS server named Server1.
You configure a server named Server2 as an ISATAP router. You add a host (A) record for ISATAP to the contoso.com DNS zone.
You need to ensure that the client computers locate the ISATAP router.
What should you do?
A. Run the Set-DnsServerGlobalQueryBlockList cmdlet on Server1.
B. Configure the Network Options Group Policy preference of GPO1.
C. Run the Add-DnsServerResourceRecord cmdlet on Server1.
D. Configure the DNS Client Group Policy setting of GPO1.
Answer: A
Explanation:
The Set-DnsServerGlobalQueryBlockList command will change the settings of a global query block list which you can use to ensure that client computers locate the ISATAP router.
Windows Server 2008 introduced a new feature, called “Global Query Block list”, which prevents some arbitrary machine from registering the DNS name of WPAD. This is a good security feature, as it prevents someone from just joining your network, and setting himself up as a proxy. The dynamic update feature of Domain Name System (DNS) makes it possible for DNS client computers to register and dynamically update their resource records with a DNS server whenever a client changes its network address or host name. This reduces the need for manual administration of zone records. This convenience comes at a cost, however, because any authorized client can register any unused host name, even a host name that might have special significance for certain Applications. This can allow a malicious user to take over a special name and divert certain types of network traffic to that user’s computer. Two commonly deployed protocols are particularly vulnerable to this type of takeover: the Web Proxy Automatic Discovery Protocol (WPAD) and the Intra-site Automatic Tunnel Addressing Protocol (ISATAP). Even if a network does not deploy these protocols, clients that are configured to use them are vulnerable to the takeover that DNS dynamic update enables. Most commonly, ISATAP hosts construct their PRLs by using DNS to locate a host named isatap on the local domain. For example, if the local domain is corp.contoso.com, an ISATAP-enabled host queries DNS to obtain the IPv4 address of a host named isatap.corp.contoso.com. In its default configuration, the Windows Server 2008 DNS Server service maintains a list of names that, in effect, it ignores when it receives a query to resolve the name in any zone for which the server is authoritative. Consequently, a malicious user can spoof an ISATAP router in much the same way as a malicious user can spoof a WPAD server: A malicious user can use dynamic update to register the user’s own computer as a counterfeit ISATAP router and then divert traffic between ISATAP-enabled computers on the network. The initial contents of the block list depend on whether WPAD or ISATAP is already deployed when you add the DNS server role to an existing Windows Server 2008 deployment or when you upgrade an earlier version of Windows Server running the DNS Server service. Add-DnsServerResourceRecord – The Add-DnsServerResourceRecordcmdlet adds a resource record for a Domain Name System (DNS) zone on a DNS server. You can add different types of resource records. Use different switches for different record types. By using this cmdlet, you can change a value for a record, configure whether a record has a time stamp, whether any authenticated user can update a record with the same owner name, and change lookup timeout values, Windows Internet Name Service (WINS) cache settings, and replication settings. Set-DnsServerGlobalQueryBlockList – The Set-DnsServerGlobalQueryBlockListcmdlet changes settings of a global query block list on a Domain Name System (DNS) server. This cmdlet replaces all names in the list of names that the DNS server does not resolve with the names that you specify. If you need the DNS server to resolve names such as ISATAP and WPAD, remove these names from the list. Web Proxy Automatic Discovery Protocol (WPAD) and Intra-site Automatic Tunnel Addressing Protocol (ISATAP) are two commonly deployed protocols that are particularly vulnerable to hijacking.
References: Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 4: Deploying domain controllers, Lesson 4: Configuring IPv6/IPv4 Interoperability, p. 254-256 http://technet.microsoft.com/en-us/library/jj649942(v=wps.620).aspx http://technet.microsoft.com/en-us/library/jj649876(v=wps.620).aspx http://technet.microsoft.com/en-us/library/jj649874.aspx http://technet.microsoft.com/en-us/library/jj649909.aspx