Want to know Pass4sure 70-410 Exam practice test features? Want to lear more about Microsoft Installing and Configuring Windows Server 2012 certification experience? Study Verified Microsoft 70-410 answers to Improve 70-410 questions at Pass4sure. Gat a success with an absolute guarantee to pass Microsoft 70-410 (Installing and Configuring Windows Server 2012) test on your first attempt.
2021 Mar 70-410 practice test
Q11. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. You have a Group Policy object (GPO) named GP1 that is linked to the domain. GP1 contains a software restriction policy that blocks an application named App1.
You have a workgroup computer named Computer1 that runs Windows 8. A local Group Policy on Computer1 contains an application control policy that allows App1.
You join Computer1 to the domain.
You need to prevent App1 from running on Computer1.
What should you do?
A. From Computer1, run gpupdate/force.
B. From Group Policy Management, add an application control policy to GP1.
C. From Group Policy Management, enable the Enforced option on GP1.
D. In the local Group Policy of Computer1, configure a software restriction policy.
Answer: B
Explanation:
AppLocker policies take precedence over policies generated by SRP on computers that are
running an operating system that supports AppLocker.
AppLocker policies in the GPO are applied, and they supersede the policies generated by
SRP in the GPO and local AppLocker policies or policies generated by SRP.
Q12. - (Topic 3)
You have a print server named Server1.
You install a printer on Server1. You share the printer as Printer1.
You need to configure Printer1 to be available only from 19:00 to 05:00 every day.
Which settings from the properties of Printer1 should you modify?
A. Sharing
B. Security
C. Advanced
D. Device Settings
E. Ports
Answer: C
Explanation:
When navigating to the printer properties, the Properties tab is divided into several different tabs of which the Advanced tab will give you access to the scheduling where you can configure the availability of the printer.
: http://technet.microsoft.com/en-us/library/cc722526.aspx
Q13. DRAG DROP - (Topic 1)
You have a server named Server1 that runs Windows Server 2012 R2.
You need to create a new volume on Server1.
The new volume must have the following configurations: Be stored on a new virtual hard disk Be assigned the drive letter G Have the NTFS file system In which order should you run the Diskpart commands?
To answer, move all the Diskpart commands from the list of commands to the answer area and arrange them in the correct order.
Answer:
Q14. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Web Server (US) server role installed.
Server1 has a web site named Web1. Web1 is configured to use digest authentication.
You need to ensure that a user named User1 can access Web1.
What should you do from Active Directory Users and Computers?
A. From the properties of User1, select Store password using reversible encryption.
B. From the properties of User1, select Use Kerberos DES encryption types for this account.
C. From the properties of Server1, select Trust this computer for delegation to any service (Kerberos only).
D. From the properties of Server1, assign the Allowed to Authenticate permission to User1.
Answer: A
Explanation:
Challenge Handshake Authentication Protocol (CHAP) is a basic level of iSCSI security that is used to authenticate the peer of a connection and is based upon the peers sharing a secret: that secret being a password. To make sure that User1 can connect to the server, you should use Active Directory Users and Computers to store that password.
Q15. - (Topic 1)
You have a server named Server1 that runs Windows Server 2012 R2. You need to create a script that will create and mount a virtual hard disk. Which tool should you use?
A. diskpart.exe
B. vdsldr.exe
C. fsutil.exe
D. vds.exe
Answer: A
Latest 70-410 exam question:
Q16. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains an Application server named Server1. Server1 runs Windows Server 2012 R2.
Server1 is configured as an FTP server.
Client computers use an FTP Application named App1.exe. App1.exe uses TCP port 21 as
the control port and dynamically requests a data port.
On Server1, you create a firewall rule to allow connections on TCP port 21. You need to configure Server1 to support the client connections from App1.exe. What should you do?
A. Run netshadvfirewall set global statefulftp enable.
B. Create an inbound firewall rule to allow App1.exe.
C. Create a tunnel connection security rule.
D. Run Set-NetFirewallRule -DisplayName DynamicFTP -Profile Domain
Answer: A
Explanation:
The netsh firewall context is supplied only for backward compatibility. We recommend that you do not use this context on a computer that is running Windows Vista or a later version of Windows. In the netsh advfirewall firewall context, the add command only has one variation, the add rule command. Netsh advfirewall set global statefulftp: Configures how Windows Firewall with Advanced Security handles FTP traffic that uses an initial connection on one port to request a data connection on a different port. When statefulftp is enabled, the firewall examines the PORT and PASV requests for these other port numbers and then allows the corresponding data connection to the port number that was requested. Syntax set global statefulftp { enable | disable | notconfigured } Parameters statefulftp can be set to one of the following values: enable The firewall tracks the port numbers specified in PORT command requests and in the responses to PASV requests, and then allows the incoming FTP data traffic entering on the requested port number. disable This is the default value. The firewall does not track outgoing PORT commands or PASV responses, and so incoming data connections on the PORT or PASV requested port is blocked as an unsolicited incoming connection. notconfigured Valid only when netsh is configuring a GPO by using the set store command.
Q17. - (Topic 3)
You have a server that runs Windows Server 2012 R2. The server contains the disks configured as shown in the following table.
You need to create a volume that can store up to 3 TB of user files. The solution must ensure that the user files are available if one of the disks in the volume fails. What should you create?
A. A mirrored volume on Disk 1 and Disk 4
B. A storage pool on Disk 2 and Disk 3
C. A storage pool on Disk 1 and Disk 3
D. A mirrored volume on Disk 2 and Disk 3
Answer: D
Q18. - (Topic 3)
Your network contains a domain controller that is configured as a DNS server. The server hosts an Active Directory-integrated zone for the domain.
You need to reduce how long it takes until stale records are deleted from the zone. What should you do?
A. From the configuration directory partition of the forest, modify the tombstone lifetime.
B. From the configuration directory partition of the forest, modify the garbage collection interval.
C. From the aging properties of the zone, modify the no-refresh interval and the refresh interval.
D. From the start of authority (SOA) record of the zone, modify the refresh interval and the expire interval.
Answer: C
Explanation:
Scavenging automates the deletion of old records. When scavenging is enabled, then you should also change the no-refresh and refresh intervals of the aging properties of the zone else it may take too long for stale records to be deleted and the size of the DNS database can become large and have an adverse effect on performance.
Q19. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The network contains a member server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed and has a primary zone for contoso.com. The Active Directory domain contains 500 client computers. There are an additional 20 computers in a workgroup. You discover that every client computer on the network can add its record to the contoso.com zone.
You need to ensure that only the client computers in the Active Directory domain can register records in the contoso.com zone.
What should you do first?
A. Move the contoso.com zone to a domain controller that is configured as a DNS server
B. Configure the Dynamic updates settings of the contoso.com zone
C. Sign the contoso.com zone by using DNSSEC
D. Configure the Security settings of the contoso.com zone.
Answer: A
Explanation:
If you install DNS server on a non-DC, then you are not able to create AD-integrated zones. DNS update security is available only for zones that are integrated into AD DS. When you directory- integrate a zone, access control list (ACL) editing features are available in DNS Managerso that you can add or remove users or groups from the ACL for a specified zone or resource record.
1. Active Directory’s DNS Domain Name is NOT a single label name (“DOMAIN” vs. the minimal requirement of”domain.com.” “domain.local”, etc.).
2. The Primary DNS Suffix MUST match the zone name that is allowing updates. Otherwise the client doesn’t know what zone name to register in. You can also have a different Conneciton Specific Suffix in addition to the Primary DNS Suffix to register into that zone as well.
3. AD/DNS zone MUST be configured to allow dynamic updates, whether Secure or Secure and Non-Secure. For client machines, if a client is not joined to the domain, and the zone is set to Secure, it will not register either.
4. You must ONLY use the DNS servers that host a copy of the AD zone name or have a reference to get to them. Do not use your ISP’s, an external DNS address, your router as a DNS address, or any other DNS that does not have a copy of the AD zone. Internet resolution for your machines will be accomplished by the Rootservers (Root Hints), however it’s recommended to configure a forwarder for efficient Internet resolution.
5. The domain controller is multihomed (which means it has more than one unteamed, active NIC, more than one IP address, and/or RRAS is installed on the DC).
6. The DNS addresses configured in the client’s IP properties must ONLY reference the DNS server(s) hosting the AD zone you want to update in. This means that you must NOT use an external DNS in any machine’s IP property in an AD environment. You can’t mix them either. That’s because of the way the DNS Client side resolver service works. Even if you mix up internal DNS and ISP’s DNS addresses, the resolver algorithm can still have trouble asking the correct DNS server. It will ask the first one first. If it doesn’t get a response, it removes the first one from the eligible resolvers list and goes to the next in the list. It will not go back to the first one unless you restart the machine, restart the DNS Client service, or set a registry entry to cut the query TTL to 0. The rule is to ONLY use your internal DNS server(s) and configure a forwarder to your ISP’s DNS for efficient Internet resolution. This is the reg entry to cut the query to 0 TTL: The DNS Client service does not revert to using the first server. The Windows 2000 Domain Name System (DNS) Client service (DNS cache) follows a certain algorithm when it decides the order in which to use the DNS servers. http://support.microsoft.com/kb/286834 For more info, please read the following on the client side resolver service: DNS, WINS NetBIOS & the Client Side Resolver, Browser Service, Disabling NetBIOS, Direct Hosted SMB (Direct SMB), If One DC is Down Does a Client logon to Another DC, and DNS Forwarders Algorithm if you have multiple forwarders.
http://msmvps.com/blogs/acefekay/archive/2009/11/29/dns-wins-netbios-amp-the-clientside- resolverbrowserservice-disabling-netbios-direct-hosted-smb-directsmb-if-one-dc-isdown-does-a- client-logon-toanother-dcand-dns-forwarders-algorithm.aspx
7. For DHCP clients, DHCP Option 006 for the clients are set to the same DNS server.
8. If using DHCP, DHCP server must only be referencing the same exact DNS server(s) in
its own IP properties in order for it to ‘force’ (if you set that setting) registration into DNS.
Otherwise, how would it know which DNS to send the reg data to?
9. If the AD DNS Domain name is a single label name, such as “EXAMPLE”, and not the
proper format of ”example.com” and/or any child of that format, such as
“child1.example.com”, then we have a real big problem.
DNS will not allow registration into a single label domain name.
This is for two reasons:
1. It’s not the proper hierarchal format. DNS is hierarchal, but a single label name has no
hierarchy. It’s just a single name.
2. Registration attempts cause major Internet queries to the Root servers. Why? Because it
thinks the single label name, such as “EXAMPLE”, is a TLD (Top Level Domain), such as
“com”, “net”, etc. It will now try to find what Root name server out there handles that TLD.
In the end it comes back to itself and then attempts to register. Unfortunately it does NOT
ask itself first for the mere reason it thinks it’s a TLD. (Quoted from Alan Woods, Microsoft,
2004):
“Due to this excessive Root query traffic, which ISC found from a study that discovered
Microsoft DNS servers are causing excessive traffic because of single label names,
Microsoft, being an internet friendly neighbor and wanting to stop this problem for their
neighbors, stopped the ability to register into DNS with Windows 2000SP4, XP SP1,
(especially XP, which cause lookup problems too), and Windows 2003. After all, DNS is
hierarchal, so therefore why even allow single label DNS domain names?” The above also
*especially* applies to Windows Vista, 7, 2008, 2008 R2, and newer.
10. ‘Register this connection’s address” on the client is not enabled under the NIC’s IP
properties, DNS tab.
11. Maybe there’s a GPO set to force Secure updates and the machine isn’t a joined
member of the domain.
12. ON 2000, 2003 and XP, the “DHCP client” Service not running. In 2008/Vista and
newer, it’s the DNS Client Service. This is a requirement for DNS registration and DNS
resolution even if the client is not actually using DHCP.
13. You can also configure DHCP to force register clients for you, as well as keep the DNS
zone clean of old or duplicate entries. See the link I posted in my previous post.
Q20. - (Topic 3)
You have a server named Server1 that has a Server Core installation of Windows Server 2008 R2.
Server1 has the DHCP Server server role and the File Server server role installed.
You need to upgrade Server1 to Windows Server 2012 R2 with the graphical user interface (GUI).
The solution must meet the following requirements:
. Preserve the server roles and their configurations.
. Minimize administrative effort.
What should you do?
A. On Server1, run setup.exe from the Windows Server 2012 R2 installation media and
select Server with a GUI.
B. Start Server1 from the Windows Server 2012 R2 installation media and select Server
Core Installation.
When the installation is complete, add the Server Graphical Shell feature.
C. Start Server1 from the Windows Server 2012 R2 installation media and select Server
with a GUI.
D. On Server1, run setup.exe from the Windows Server 2012 R2 installation media and
select Server Core Installation.
When the installation is complete, add the Server Graphical Shell feature
Answer: D
Explanation:
A. Server is on 2008 R2 core, must install 2012 R2 core and then GUI
B. Not least effort
C. Not least effort
D. Upgrade to 2012 R2 and install GUI shell http://technet.microsoft.com/en-us/library/jj574204.aspx Upgrades that switch from a Server Core installation to the Server with a GUI mode of Windows Server 2012 R2 in one step (and vice versa) are not supported. However, after upgrade is complete, Windows Server 2012 R2 allows you to switch freely between Server Core and Server with a GUI modes.
see more 70-410 dumps
