It is impossible to pass Microsoft 70-410 exam without any help in the short term. Come to Examcollection soon and find the most advanced, correct and guaranteed Microsoft 70-410 practice questions. You will get a surprising result by our Most up-to-date Installing and Configuring Windows Server 2012 practice guides.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Microsoft 70-410 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 70-410 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/70-410-exam-dumps.html
2021 Apr 70-410 test engine
Q131. - (Topic 3)
You have a Hyper-V host named Server1 that runs Windows Server 2012 R2. Server1 hosts 50 virtual machines that run Windows Server 2012 R2.
Your company uses smart cards for authentication.
You need to ensure that you can use smart card authentication when you connect to the virtual machine by using Virtual Machine Connection.
What should you configure?
A. The RemoteFX settings
B. The Enhanced Session Mode Policy
C. The NUMA Spanning settings
D. The Integration Services settings
Answer: B
Q132. - (Topic 3)
A company’s network administrator needs to ensure a specific IP address is never assigned by a Windows Server 2012 R2 DHCP server to any device connecting to the network.
Which of the following should the administrator configure on the Windows Server 2012 R2 DHCP server?
A. Reservation
B. Scope options
C. NAP
D. Scope properties
Answer: B
Explanation:
Configuring an IP address as a reservation will restrict a DHCP server’s assignment of that address unless a specific MAC address makes a request for the address. Exclusion is for not use the IP Address or range inside the Scope Pool, Filter is for not use theMAC Address or range. Quick Tip: Policies can also be defined per scope or server. Policy based assignment (PBA) allows an administrator to group DHCP clients by specific attributes based on fields contained in the DHCP client request packet. This feature allows for targeted administration and greater control of configuration parameters delivered to network devices.
Q133. - (Topic 3)
Your network contains two Active Directory forests named contoso.com and adatum.com. All servers run Windows Server 2012 R2. A one-way external trust exists between contoso.com and adatum.com.
Adatum.com contains a universal group named Group1. You need to prevent Group1 from being used to provide access to the resources in contoso.com.
What should you do?
A. Change the scope of Group1 to domain local.
B. Modify the Allowed to Authenticate permissions in adatum.com.
C. Enable SID quarantine on the trust between contoso.com and adatum.com.
D. Modify the Allowed to Authenticate permissions in contoso.com.
Answer: D
Explanation:
* Accounts that require access to the customer Active Directory will be granted a special right called Allowed to Authenticate. This right is then applied to computer objects (Active Directory domain controllers and AD RMS servers) within the customer Active Directory to which the account needs access.
* For users in a trusted Windows Server 2008 or Windows Server 2003 domain or forest to be able to access resources in a trusting Windows Server 2008 or Windows Server 2003 domain or forest where the trust authentication setting has been set to selective authentication, each user must be explicitly granted the Allowed to Authenticate permission on the security descriptor of the computer objects (resource computers) that reside in the trusting domain or forest.
Q134. - (Topic 3)
You have a server named Server1 that runs a Server Core installation of Windows Server 2012 R2. Server1 is configured to obtain an IPv4 address by using DHCP. You need to configure the IPv4 settings of the network connection on Server1 as follows:
IP address: 10.1.1.1
Subnet mask: 255.255.240.0
Default gateway: 10.1.1.254
What should you run?
A. Set-NetlPInterface
B. netcfg.exe
C. New-NetlPAddress
D. msconfig.exe
Answer: C
Q135. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
You create and enforce the default AppLocker executable rules.
Users report that they can no longer execute a legacy application installed in the root of drive C.
You need to ensure that the users can execute the legacy application.
What should you do?
A. Create a new rule.
B. Delete an existing rule.
C. Modify the action of the existing rules.
D. Add an exception to the existing rules.
Answer: A
Explanation:
AppLocker is a feature that advances the functionality of the Software Restriction Policies
feature. AppLocker contains new capabilities and extensions that reduce administrative
overhead and help administrators control how users can access and use files, such as
executable files, scripts, Windows Installer files, and DLLs. By using AppLocker, you can:
Define rules based on file attributes that persist across application updates, such as the
publisher name (derived from the digital signature), product name, file name, and file
version. You can also create rules based on the file path and hash.
Assign a rule to a security group or an individual user.
Create exceptions to rules. For example, you can create a rule that allows all users to run
all Windows binaries except the Registry Editor (Regedit.exe).
Use audit-only mode to deploy the policy and understand its impact before enforcing it. .
Create rules on a staging server, test them, export them to your production environment,
and then import them into a Group Policy Object.
Simplify creating and managing AppLocker rules by using Windows PowerShell cmdlets for
AppLocker.
AppLocker default rules
AppLocker allows you to generate default rules for each of the rule types.
Executable default rule types:
Allow members of the local Administrators group to run all applications. Allow members of the Everyone group to run applications that are located in the Windows folder. Allow members of the Everyone group to run applications that are located in the Program Filesfolder. Windows Installer default rule types: Allow members of the local Administrators group to run all Windows Installer files. Allow members of the Everyone group to run digitally signed Windows Installer files. Allow members of the Everyone group to run all Windows Installer files located in the WindowsInstaller folder. Script default rule types: Allow members of the local Administrators group to run all scripts. Allow members of the Everyone group to run scripts located in the Program Files folder. Allow members of the Everyone group to run scripts located in the Windows folder. DLL default rule types: (this on can affect system performance ) Allow members of the local Administrators group to run all DLLs. Allow members of the Everyone group to run DLLs located in the Program Files folder. Allow members of the Everyone group to run DLLs located in the Windows folder. You can apply AppLocker rules to individual users or to a group of users. If you apply a rule to a group of users, all users in that group are affected by that rule. If you need to allow a subset of a user group to use an application, you can create a special rule for that subset. For example, the rule “Allow Everyone to run Windows except Registry Editor” allows everyone in the organization to run the Windows operating system, but it does not allow anyone to run Registry Editor. The effect of this rule would prevent users such as Help Desk personnel from running a program that is necessary for their support tasks. To resolve this problem, create a second rule that applies to the Help Desk user group: “Allow Help Desk to run Registry Editor.” If you create a deny rule that does not allow any users to run Registry Editor, the deny rule will override the second rule that allows the Help Desk user group to run Registry Editor.
Renew 70-410 free practice questions:
Q136. - (Topic 2)
You have a Hyper-V host named Server1 that runs Windows Server 2012 R2.
Server1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2.
VM1 has several snapshots.
You need to modify the snapshot file location of VM1.
What should you do?
A. Delete the existing snapshots, and then modify the settings of VM1.
B. Right-click VM1, and then click Move. ..
C. Right-click VM1, and then click Export...
D. PauseVM1, and then modify the settings of VM1.
Answer: A
Explanation:
You will need to navigate to the Hyper-V Management
snap-in (C:ProgramDataMicrosoftWindowsHyper-V) and from there access the Snapshot file Location tab where you can change the settings for the VM1 snapshot file location. However, since there are already several snapshots in existence, you will need to delete them first because you will not be able to change the location of the snapshot file while there is an existing snapshot.
You need to modify the snapshot file location of VM1.
Q137. DRAG DROP - (Topic 2)
You are configuring a test network. The test network contains a subnet named LAN1. LAN1 uses the network ID of 10.10.1.0/27.
You plan to add a new subnet named LAN2 to the test network.
LAN1 and LAN2 will be connected by a router.
You need to identify a valid network ID for LAN2 that meets the following requirements: Ensures that hosts on LAN2 can communicate with hosts on LAN1. Supports at least 100 IPv4 hosts. Uses only private IP addresses. Which network ID should you use?
To answer, drag the appropriate network ID and subnet mask to the correct location in the answer area.
Answer:
Q138. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2 and a client computer named Computer1 that runs windows 8.
DC1 is configured as a DHCP server as shown in the exhibit. (Click the Exhibit button.)
Computer1 is configured to obtain an IP address automatically.
You notice that Computer1 is unable to obtain an IP address from DC1.
You need to ensure that Computer1 can receive an IP address from DC1.
What should you do?
A. Disable the Allow filters.
B. Disable the Deny filters.
C. Authorize DC1.contoso.com.
D. Activate Scope [10.1.1.0] Contoso.com.
Answer: A
Explanation:
A red down arrow indicates an unauthorized DHCP server. A DHCP server that is a domain controller or a member of an Active Directory domain queries Active Directory for the list of authorized servers (identified by IP address). If its own IP address is not in the list of authorized DHCP servers, the DHCP Server service does not complete its startup sequence and automatically shuts down.
Q139. HOTSPOT - (Topic 3)
You have a server named Server1. Server1 runs Windows Server 2012 R2.
A user named Admin1 is a member of the local Administrators group.
You need to ensure that Admin1 receives a User Account Control (UAC) prompt when
attempting to open Windows PowerShell as an administrator.
Which setting should you modify from the Local Group Policy Editor?
To answer, select the appropriate setting in the answer area.
Answer:
Q140. - (Topic 1)
Your network contains multiple subnets.
On one of the subnets, you deploy a server named Server1 that runs Windows Server 2012 R2.
You install the DNS Server server role on Server1, and then you create a standard primary zone named contoso.com.
You need to ensure that client computers can resolve single-label names to IP addresses.
What should you do first?
A. Create a reverse lookup zone.
B. Convert the contoso.com zone to an Active Directory-integrated zone.
C. Configure dynamic updates for contoso.com.
D. Create a GlobalNames zone.
Answer: B
Explanation:
Although a GlobalNames zone is required in order to resolve single-label names, GNZs
must be AD-integrated.
Since this is a standard primary zone (as opposed to an ADDS primary zone), we must first
integrate the zone into Active Directory.
References:
Exam Ref: 70-410: Installing and Configuring Windows Server 2012 R2, Chapter4:
Deploying and configuring core network services, Objective 4.3: Deploy and Configure the
DNS service, p.233
http://technet.microsoft.com/en-us/library/cc731744.aspx
