15 tips on How to 70-410 Test Like a Badass [271 to 285]

Question No. 271

- (Topic 3) 

You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have Windows Server 2012 installed. 

You have been instructed to modify the name of the local Administrator account on all Contoso.com workstations. You want to achieve this using as little administrative effort as possible. 

Which of the following actions should you take? 

A. You should consider configuring the Security Options settings via the Group Policy Management Console (GPMC). 

B. You should consider navigating to Local Users and Groups via Computer 

C. You should consider configuring the replication settings. 

D. You should consider navigating to Local Users and Groups via Computer Management on each workstation. 

Answer:

Explanation: 

Rename administrator account policy setting determines whether a different account name is associated with the security identifier (SID) for the Administrator account. Because the Administrator account exists on all Windows server versions, renaming the account makes it slightly more difficult for attackers to guess this user name and password combination. By default, the built-in Administrator account cannot be locked out no matter how many times a malicious user might use a bad password. This makes the Administrator account a popular target for brute-force password-guessing attacks. The value of this countermeasure is lessened because this account has a well-known SID and there are non-Microsoft tools that allow you to initiate a brute-force attack over the network by specifying the SID rather than the account name. This means that even if you have renamed the Administrator account, a malicious user could start a brute-force attack by using the SID. Rename the Administrator account by specifying a value for the Accounts: Rename administrator account policy setting. Location: GPO_name\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options 


Question No. 272

- (Topic 1) 

Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows Server 2012 R2. 

You log on to Server1. 

You need to retrieve a list of the active TCP connections on Server2. 

Which command should you run from Server1? 

A. winrm get server2 

B. netstat> server2 

C. dsquery * -scope base -attrip, server2 

D. winrs -r:server2 netstat 

Answer:

Explanation: 

This command line tool enables administrators to remotely execute most Cmd.exe commands using the WSManagement protocol. 



Question No. 273

- (Topic 1) 

Your network contains an Active Directory forest named contoso.com. 

The forest contains two domains named contoso.com and child.contoso.com and two sites named Site1 and Site2. The domains and the sites are configured as shown in following table. 


When the link between Site1 and Site2 fails, users fail to log on to Site2. 

You need to identify what prevents the users in Site2 from logging on to the child.contoso.com domain. 

What should you identify? 

A. The placement of the global catalog server 

B. The placement of the infrastructure master 

C. The placement of the domain naming master 

D. The placement of the PDC emulator 

Answer:

Explanation: 

The exhibit shows that Site2 does not have a PDC emulator. This is important because of the close interaction between the RID operations master role and the PDC emulator role. The PDC emulator processes password changes from earlier-version clients and other domain controllers on a best-effort basis; handles password authentication requests involving passwords that have recently changed and not yet been replicated throughout the domain; and, by default, synchronizes time. If this domain controller cannot connect to the PDC emulator, this domain controller cannot process authentication requests, it may not be able to synchronize time, and password updates cannot be replicated to it. The PDC emulator master processes password changes from client computers and replicates these updates to all domain controllers throughout the domain. At any time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest. 


Question No. 274

DRAG DROP - (Topic 1) 

You have a server named Server1 that runs Windows Server 2012 R2. 

You need to create a new volume on Server1. 

The new volume must have the following configurations: Be stored on a new virtual hard disk Be assigned the drive letter G Have the NTFS file system In which order should you run the Diskpart commands? 

To answer, move all the Diskpart commands from the list of commands to the answer area and arrange them in the correct order. 


Answer: 



Question No. 275

- (Topic 1) 

In an isolated test environment, you deploy a server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. The test environment does not have Active Directory Domain Services (AD DS) installed. 

You install the Active Directory Domain Services server role on Server1. 

You need to configure Server1 as a domain controller. 

Which cmdlet should you run? 

A. Install-ADDSDomainController 

B. Install-ADDSDomain 

C. Install-ADDSForest 

D. Install-WindowsFeature 

Answer:

Explanation: 

Install-ADDSDomainController – Installs a domain controller in Active Directory. Install-ADDSDomain – Installs a new Active Directory domain configuration. Install-ADDSForest – Installs a new Active Directory forest configuration. Install-WindowsFeature – Installs one or more Windows Server roles, role services, or features on either the local or a specified remote server that is running Windows Server 2012 R2. This cmdlet is equivalent to and replaces Add-WindowsFeature, the cmdlet that was used to install roles, role services, and features. 

C:\PS>Install-ADDSForest -DomainName corp.contoso.com -CreateDNSDelegation DomainMode Win2008 - ForestMode Win 2008 R2 -DatabasePath “d:\NTDS” -SysvolPath “d:\SYSVOL” –LogPath “e:\Logs”Installs a new forest named corp.contoso.com, creates a DNS delegation in the contoso.com domain, sets domain functional level to Windows Server 2008 R2 and sets forest functional level to Windows Server 2008,installs the Active Directory database and SYSVOL on the D:\ drive, installs the log files on the E:\ drive and has the server automatically restart after AD DS installation is complete and prompts the user to provide and confirm the Directory Services Restore Mode (DSRM) password. 


Question No. 276

- (Topic 3) 

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Web Server (US) server role installed. 

Server1 has a web site named Web1. Web1 is configured to use digest authentication. 

You need to ensure that a user named User1 can access Web1. 

What should you do from Active Directory Users and Computers? 

A. From the properties of User1, select Store password using reversible encryption. 

B. From the properties of User1, select Use Kerberos DES encryption types for this account. 

C. From the properties of Server1, select Trust this computer for delegation to any service (Kerberos only). 

D. From the properties of Server1, assign the Allowed to Authenticate permission to User1. 

Answer:

Explanation: 

Challenge Handshake Authentication Protocol (CHAP) is a basic level of iSCSI security that is used to authenticate the peer of a connection and is based upon the peers sharing a secret: that secret being a password. To make sure that User1 can connect to the server, you should use Active Directory Users and Computers to store that password. 


Question No. 277

- (Topic 3) 

Your network contains an Active Directory domain named contoso.com. The domain contains a print server named Server1 that runs Windows Server 2012 R2. Server1 contains a local group named Group1. 

You share a printer named Printer1 on Server1. 

You need to configure Printer1 to meet the following requirements: 

. Ensure that the members of Group1, the Server Operators group, the Administrators group, and the Print Operators group can send print jobs to Printer1. 

. Prevent other users from sending print jobs to Printer1. 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. Remove the permissions for the Creator Owner group. 

B. Assign the Print permission to the Administrators group. 

C. Remove the permissions for the Everyone group. 

D. Assign the Print permission to the Server Operators group. 

E. Assign the Print permission to Group1. 

Answer: C,E 

Explanation: 

C. To prevent other users from sending print jobs to Printer1 

E. To enable Group1 to send print jobs. 

Note: The Server Operators group, the Administrators group, and the Print Operators group 

are all built-in and already have permissions to send print jobs. 


Question No. 278

- (Topic 3) 

Server1 runs Windows Server 2012 R2 and is installed as an FTP server. Client uses App1 to connect to Server1 for FTP. App1 uses TCP port 21 for control and a dynamic port for data. You have allowed port 21 in firewall. What should you do next in order to allow clients to use App1 to connect to server1 using ftp. 

A. At Server1 allow firewall rule of outbound 

B. At Server1 allow firewall rule of inbound 

C. Netsh advfirewall domainprofile state off 

D. Netsh advfirewall set global StatefulFtp enable 

Answer:

Explanation: 

Set global statefulftp Configures how Windows Firewall with Advanced Security handles FTP traffic that uses an initial connection on one port to request a data connection on a different port. This affects both active and passive FTP. 


Question No. 279

- (Topic 1) 

Your network contains an Active Directory domain named contoso.com. The domain contains 100 servers. The servers are contained in an organizational unit (OU) named Servers OU. 

You need to create a group named Group1 on all of the servers in the domain. You must ensure that Group1 is added only to the servers. 

What should you configure? 

A. a Local Users and Groups preferences setting in a Group Policy linked to the Domain Controllers OU 

B. a Restricted Groups setting in a Group Policy linked to the domain 

C. a Local Users and Groups preferences setting in a Group Policy linked to ServersOU 

D. a Restricted Groups setting in a Group Policy linked to Servers OU 

Answer:

Explanation: 

A. This would add the group to the wrong OU 

B. This would affect the whole domain and would effect member of the group 

C. allows you to centrally manage local users and groups on domain member computers and is this is the correct OU for the GPO change 

D. Restricted Groups defines what member or groups should exist as part of a group Why use Group Policy preferences? Unlike Group Policy settings, which App1y to both local computer policy and Active Directory policy, Group Policy preferences only App1y to Active Directory policy. You use preferences to configure many areas of the OS, including: System devices, such as USB ports, floppy drives and removable media Network shares and mapping network shares to drive letters System and user environment variables User and group accounts for the local computer VPN and dial-up networking connections Printer configuration and mapping Registry settings, schedule tasks and system services Settings for Folder Options, Internet Options and Regional and Language Options Settings for power schemes and power management Start Menu properties and menu items 


Question No. 280

HOTSPOT - (Topic 1) 

Your network contains an Active Directory domain named contoso.com. 

The domain contains an organizational unit (OU) named OU1 as shown in the OU1 exhibit. (Click the Exhibit button.) 


The membership of Group1 is shown in the Group1 exhibit. (Click the Exhibit button.) 


You configure GPO1 to prohibit access to Control Panel. GPO1 is linked to OU1 as shown in the GPO1 exhibit. (Click the Exhibit button.) 


Select Yes if the statement can be shown to be true based on the available information; otherwise select No. Each correct selection is worth one point. 


Answer: 



Question No. 281

- (Topic 3) 

RODC comes with a number of features that focus on heightened security with limited functionality to remote office users. Which of the following are features of RODC? 

A. Filtered Attribute Sets 

B. Read-Only DNS 

C. Unidirectional Replication 

D. All of these 

Answer:


Question No. 282

- (Topic 2) 

You have a server named Server1 that runs Windows Server 2012 R2.Server1 has the Print and Document Services server role installed. 

Server1 is connected to two identical print devices. 

The solution must ensure that if one print device fails, the print jobs will print automatically on the other print device. 

What should you do on Server1? 

A. Add two printers and configure the priority of each printer. 

B. Add one printer and configure printer pooling. 

C. Install the Network Load Balancing (NLB) feature, and then add one printer. 

D. Install the Failover Clustering feature, and then add one printer 

Answer:

Explanation: 

A. expedite documents that need to be printed immediately 

B. A printing pool is one logical printer connected to multiple printers through multiple ports of the print server. The printer that is idle receives the next document sent to the logical printer. When printing to a printer pool, the spooler will send waiting jobs to alternate ports. If the original or alternate ports are not available 

C. NLB for printing is not supported D. Would need 2 nodes A printing pool is one logical printer connected to multiple printers through multiple ports of the print server. The printer that is idle receives the next document sent to the logical printer. This is useful in a network with a high volume of printing because it decreases the time users wait for their documents. A printing pool also simplifies administration because multiple printers can be managed from the same logical printer on a server. If one device within a pool stops printing, the current document is held at that device. The succeeding documents print to other devices in the pool, while the delayed document waits until the nonfunctioning printer is fixed. Efficient printer pools have the following characteristics: All printers in the pool are the same model. Printer ports can be of the same type or mixed (parallel, serial, and network). It is recommended that all printers be in one location. Because it is impossible to predict which printer will receive the document, keep all printers in a pool in a single location. Otherwise, users might have a hard time finding their printed document. http://technet.microsoft.com/en-us/library/cc757086(v=ws.10).aspx http://technet.microsoft.com/en-us/library/ cc784619(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc958172.aspx You can create a printing pool to automatically distribute print jobs to the next available printer. A printing pool is one logical printer connected to multiple printers through multiple ports of the print server. The printer that isidle receives the next document sent to the logical printer. 


Question No. 283

- (Topic 2) 

Your network contains an Active Directory domain named contoso.com. The domain 

contains a server named Server1 that runs Windows Server 2012 R2 and a server named Server2 that runs Windows Server 2008 R2 Service Pack 1 (SP1).Both servers are member servers. 

On Server2, you install all of the software required to ensure that Server2 can be managed remotely from Server Manager. 

You need to ensure that you can manage Server2 from Server1 by using Server Manager. 

Which two tasks should you perform on Server2? (Each correct answer presents part of the solution.Choose two.) 

A. Run the systempropertiesremote. execommand. 

B. Run the Fnable-PsRemoting cmdlet. 

C. Run the Enable-PsSessionConfigurationcmdlet. 

D. Run the Confiqure-SMRemoting.ps1script. 

E. Run the Set-ExecutionPolicycmdlet. 

Answer: D,E 

Explanation: 

The output of this command indicates whether Server Manager Remoting is enabled or disabled on the server. To configure Server Manager remote management by using Windows PowerShell On the computer that you want to manage remotely, open a Windows PowerShell session with elevated user rights.To do this, click Start, click All Programs, click Accessories, click Windows PowerShell, right-click the Windows PowerShell shortcut, and then click Run as administrator. In the Windows PowerShell session, type the following, and then press Enter. Set-ExecutionPolicy -ExecutionPolicyRemoteSigned Type the following, and then press Enter to enable all required firewall rule exceptions. Configure-SMRemoting.ps1 -force –enable. 


Question No. 284

DRAG DROP - (Topic 1) 

Your network contains three servers. The servers are configured as shown in the following tablE. 


Your company plans to standardize all of the servers on Windows Server 2012 R2. 

You need to recommend an upgrade path for each server. 

The solution must meet the following requirements: . Upgrade the existing operating system whenever possible. . Minimize hardware purchases. Which upgrade path should you recommend for each server? 

To answer, drag the appropriate upgrade path to each server in the answer area. Each upgrade path may be used once, more than once, or not at all. 


Answer: 



Question No. 285

- (Topic 3) 

You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have Windows Server 2012 R2 installed. 

Contoso.com has a Hyper-V server, named ENSUREPASS-SR13, which hosts multiple virtual machines. 

You have enabled the use of Single-root I/O virtualization. 

Which of the following is TRUE with regards to using Single-root I/O virtualization? (Choose all that apply.) 

A. It maximizes network throughput, while minimizing network latency. 

B. It maximizes network throughput, as well as network latency. 

C. It avoids the virtual switch stack and allows the virtual machine direct access to the actual network switch. 

D. It prevents the virtual machine from accessing the network switch directly. 

Answer: A,C 

Explanation: 

SR-IOV enables network traffic to bypass the software switch layer of the Hyper-V virtualizationstack. Because the VF is assigned to a child partition, the network traffic flows directly between the VF and child partition. As a result, the I/O overhead in the software emulation layer is diminished and achieves network performance that is nearly the same performance as in nonvirtualized environments.