Ucertify vce 70 410 Questions are updated and all mcsa 70 410 answers are verified by experts. Once you have completely prepared with our 70 410 installing and configuring windows server 2012 exam prep kits you will be ready for the real 70 410 exam exam without a problem. We have Renewal Microsoft 70 410 dumps pdf dumps study guide. PASSED mcp 70 410 First attempt! Here What I Did.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Microsoft 70-410 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 70-410 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/70-410-exam-dumps.html
Q51. - (Topic 3)
Your company has an Active Directory domain. You log on to the domain controller. The Active Directory Schema snap-in is not available in the Microsoft Management Console (MMC).
You need to access the Active Directory Schema snap-in. What should you do?
A. Register Schmmgmt.dll.
B. Log off and log on again by using an account that is a member of the Schema Admins group.
C. Use the Ntdsutil.exe command to connect to the schema master operations master and open the schema for writing.
D. Add the Active Directory Lightweight Directory Services (AD/LDS) role to the domain controller by using Server Manager.
Answer: A
Explanation:
Install the Active Directory Schema Snap-In You can use this procedure to first register the dynamic-link library (DLL) that is required for the Active Directory Schema snap-in. You can then add the snap-in to Microsoft Management Console (MMC).
To install the Active Directory Schema snap-in:
1. To open an elevated command prompt, click Start, type command prompt and then right-click Command Prompt when it appears in the Start menu. Next, click Run as administrator
and then click OK.
To open an elevated command prompt in Windows Server 2012 R2, click Start, type cmd,
right-click cmd and then click Run as administrator.
2. Type the following command, and then press ENTER: regsvr32 schmmgmt.dll
3. Click Start, click Run, type mmc and then click OK.
4. On the File menu, click Add/Remove Snap-in.
5. Under Available snap-ins, click Active Directory Schema, click Add and then click OK.
6. To save this console, on the File menu, click Save.
7. In the Save As dialog box, do one of the following:
* To place the snap-in in the Administrative Tools folder, in File name, type a name for the snap-in, and then click Save.
* To save the snap-in to a location other than the Administrative Tools folder, in Save in , navigate to a location for the snap-in. In File name, type a name for the snap-in, and then click Save.
Q52. - (Topic 1)
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2.
The domain contains a user named User1 and a global security group named Group1.
You need to prevent User1 from changing his password. The solution must minimize administrative effort.
Which cmdlet should you run?
A. Add-AdPrincipalGroupMembership
B. Install-AddsDomainController
C. Install-WindowsFeature
D. Install-AddsDomain
E. Rename-AdObject
F. Set-AdAccountControl
G. Set-AdGroup
H. Set-User
Answer: F
Explanation:
The Set-ADAccountControlcmdlet modifies the user account control (UAC) values for an Active Directory user or computer account. UAC values are represented by cmdlet parameters. CannotChangePassword Modifies the ability of an account to change its password. To disallow password change by the account set this to $true. This parameter changes the Boolean value of the CannotChangePassword property of an account. The following example shows how to specify the PasswordCannotChange parameter. -CannotChangePassword $false
References:
http://technet.microsoft.com/en-us/library/ee617249.aspx http://technet.microsoft.com/en-us/library/hh974723.aspx http://technet.microsoft.com/en-us/library/hh974722.aspx
Q53. DRAG DROP - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain
contains a domain controller named DC1 that has the DNS Server server role installed. DC1 hosts an Active Directory-integrated zone for the domain. The domain contains a member server named Server1.
You install the DNS Server server role on Server1.
You need to ensure that Server1 can respond authoritatively to queries for the existing contoso.com namespace.
Which cmdlets should you run on each server? (To answer, drag the appropriate cmdlets to the correct servers. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Answer:
Q54. - (Topic 2)
Your network contains an Active Directory domain named contoso.com.
Your company hires 500 temporary employees for the summer.
The human resources department gives you a Microsoft Excel document that contains a list of the temporary employees.
You need to automate the creation of user accounts for the 500 temporary employees.
Which tool should you use?
A. ADSI Edit
B. The csvde.exe command
C. Active Directory Users and Computers
D. The Add-Member cmdlet
Answer: B
Explanation:
Csvde.exe is the best option to add multiple users. As you just need to export the excel
spreadsheet as a csv file and make sure the parameters are correct.
You can use Csvde to import and export Active Directory data that uses the comma-
separated value format.
Use a spreadsheet program such as Microsoft Excel to open this .csv file and view the
header and value information.
The CSVDE is a command-line utility that can create new AD DS objects by importing
information from a comma-separated value (.csv) file. This would be the least amount of
administrative effort in this case especially considering that these would be temporary
employees.
Q55. - (Topic 2)
You have a Hyper-V host named Server1 that runs Windows Server 2012 R2. Server1 has the virtual switches listed in the following table.
You create a virtual machine named VM1. VM1 has two network adapters. One network adapter connects to vSwitch1. The other network adapter connects to vSwitch2. You configure NIC teaming on VM1.
You need to ensure that if a physical NIC fails on Server1, VM1 remains connected to the network.
What should you do on Server1?
A. Run the Set-VmNetworkAdapter cmdlet.
B. Create a new virtual switch on Server1.
C. Modify the properties of vSwitch1 and vSwitch2.
D. Add a new network adapter to VM1.
Answer: A
Q56. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2 and has the File and Storage Services server role installed.
On Server1, you create a share named Documents.
You need to ensure that users can recover files that they accidently delete from Documents.
What should you do?
A. Enable shadow copies by using Computer Management.
B. Create a storage pool that contains a two-way mirrored volume by using Server Manager.
C. Modify the Startup type of the Volume Shadow Copy Service (VSS) by using the Services console.
D. Create a recovery partition by using Windows Assessment and Deployment Kit (Windows ADK).
Answer: A
Explanation:
If you enable Shadow Copies of Shared Folders on a volume using the default values, a task will be scheduled to create shadow copies at 7:00 A.M of next business day. The default storage area will be on the same volume, and its size will be 10 percent of the available space. You can only enable Shadow Copies of Shared Folders on a per-volume basis–that is, you cannot select specific shared folders and files on a volume to be copied or not copied.
To enable and configure Shadow Copies of Shared Folders:
1. Click Start, point to Administrative Tools, and then click Computer Management.
2. In the console tree, right-click Shared Folders, click All Tasks, and then click Configure Shadow Copies.
3. In Select a volume, click the volume that you want to enable Shadow Copies of Shared Folders for, and then click Enable.
4. You will see an alert that Windows will create a shadow copy now with the current settings and that the settings might not be appropriate for servers with high I/O loads. Click Yes if you want to continue or No if you want to select a different volume or settings.
5. To make changes to the default schedule and storage area, click Settings.
Shadow copies - a feature that provides point-in-time copies of files stored on file shares on file servers. Shadow Copies of Shared Folders allows users to view and access shadow copies, which are shared files and folders as they existed at different points of time in the past. By accessing previous versions of files and folders, users can compare versions of a file while working and recover files that were accidentally deleted or overwritten.
References: Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter
7: Hyper-V virtualization, Lesson 1: Deploying and configuring Hyper-V- hosts, p. 302
Q57. HOTSPOT - (Topic 1)
You have a DHCP server named Server1 that runs Windows Server 2012 R2. On Server1, you run the commands as shown in the exhibit. (Click the Exhibit button.)
To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.
Answer:
Q58. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.Client computers run either Windows 7 or Windows 8.
All of the computer accounts of the client computers reside in an organizational unit (OU) named Clients. A Group Policy object (GPO) named GPO1 is linked to the Clients OU. All of the client computers use a DNS server named Server1.
You configure a server named Server2 as an ISATAP router. You add a host (A) record for ISATAP to the contoso.com DNS zone.
You need to ensure that the client computers locate the ISATAP router.
What should you do?
A. Run the Set-DnsServerGlobalQueryBlockList cmdlet on Server1.
B. Configure the Network Options Group Policy preference of GPO1.
C. Run the Add-DnsServerResourceRecord cmdlet on Server1.
D. Configure the DNS Client Group Policy setting of GPO1.
Answer: A
Explanation:
The Set-DnsServerGlobalQueryBlockList command will change the settings of a global query block list which you can use to ensure that client computers locate the ISATAP router.
Windows Server 2008 introduced a new feature, called “Global Query Block list”, which prevents some arbitrary machine from registering the DNS name of WPAD. This is a good security feature, as it prevents someone from just joining your network, and setting himself up as a proxy. The dynamic update feature of Domain Name System (DNS) makes it possible for DNS client computers to register and dynamically update their resource records with a DNS server whenever a client changes its network address or host name. This reduces the need for manual administration of zone records. This convenience comes at a cost, however, because any authorized client can register any unused host name, even a host name that might have special significance for certain Applications. This can allow a malicious user to take over a special name and divert certain types of network traffic to that user’s computer. Two commonly deployed protocols are particularly vulnerable to this type of takeover: the Web Proxy Automatic Discovery Protocol (WPAD) and the Intra-site Automatic Tunnel Addressing Protocol (ISATAP). Even if a network does not deploy these protocols, clients that are configured to use them are vulnerable to the takeover that DNS dynamic update enables. Most commonly, ISATAP hosts construct their PRLs by using DNS to locate a host named isatap on the local domain. For example, if the local domain is corp.contoso.com, an ISATAP-enabled host queries DNS to obtain the IPv4 address of a host named isatap.corp.contoso.com. In its default configuration, the Windows Server 2008 DNS Server service maintains a list of names that, in effect, it ignores when it receives a query to resolve the name in any zone for which the server is authoritative. Consequently, a malicious user can spoof an ISATAP router in much the same way as a malicious user can spoof a WPAD server: A malicious user can use dynamic update to register the user’s own computer as a counterfeit ISATAP router and then divert traffic between ISATAP-enabled computers on the network. The initial contents of the block list depend on whether WPAD or ISATAP is already deployed when you add the DNS server role to an existing Windows Server 2008 deployment or when you upgrade an earlier version of Windows Server running the DNS Server service. Add-DnsServerResourceRecord – The Add-DnsServerResourceRecordcmdlet adds a resource record for a Domain Name System (DNS) zone on a DNS server. You can add different types of resource records. Use different switches for different record types. By using this cmdlet, you can change a value for a record, configure whether a record has a time stamp, whether any authenticated user can update a record with the same owner name, and change lookup timeout values, Windows Internet Name Service (WINS) cache settings, and replication settings. Set-DnsServerGlobalQueryBlockList – The Set-DnsServerGlobalQueryBlockListcmdlet changes settings of a global query block list on a Domain Name System (DNS) server. This cmdlet replaces all names in the list of names that the DNS server does not resolve with the names that you specify. If you need the DNS server to resolve names such as ISATAP and WPAD, remove these names from the list. Web Proxy Automatic Discovery Protocol (WPAD) and Intra-site Automatic Tunnel Addressing Protocol (ISATAP) are two commonly deployed protocols that are particularly vulnerable to hijacking.
References: Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 4: Deploying domain controllers, Lesson 4: Configuring IPv6/IPv4 Interoperability, p. 254-256 http://technet.microsoft.com/en-us/library/jj649942(v=wps.620).aspx http://technet.microsoft.com/en-us/library/jj649876(v=wps.620).aspx http://technet.microsoft.com/en-us/library/jj649874.aspx http://technet.microsoft.com/en-us/library/jj649909.aspx
Q59. HOTSPOT - (Topic 3)
Your network contains a server named Server1 that runs Windows Server 2012 R2. App1
has the Print and Document Services server role installed.
All client computers run Windows 8.
The network contains a network-attached print device named Printer1.
From App1, you share Printer1.
You need to ensure that users who have connected to Printer1 previously can print to
Printer1 if App1 fails.
What should you configure? To answer, select the appropriate option in the answer area.
Answer:
Q60. - (Topic 3)
Your network contains one Active Directory domain named contoso.com. The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01.
You need to ensure that when administrators create users in contoso.com, the default user principal name (UPN) suffix is litwareinc.com.
Which cmdlet should you use?
A. the ntdsutil command
B. the Set-ADDomain cmdlet
C. the Install-ADDSDomain cmdlet
D. the dsadd command
E. the dsamain command
F. the dsmgmt command
G. the net user command
H. the Set-ADForest cmdlet
Answer: G
Explanation:
The following example demonstrates how to create a new UPN suffix for the
users in the Fabrikam.com forest:
Set-ADForest -UPNSuffixes @{Add="headquarters.fabrikam.com"}
Reference: Creating a UPN Suffix for a Forest
https://technet.microsoft.com/sv-se/library/Dd391925(v=WS.10).aspx
