70-410 Exam
Abreast of the times Microsoft 70-410 - An Overview 61 to 70
Exam Code: 70-410 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Installing and Configuring Windows Server 2012
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass 70-410 Exam.
2021 Mar 70-410 practice question
Q61. - (Topic 3)
Your network contains an Active Directory domain named contoso.com.
You create a software restriction policy to allow an application named App1 by using a certificate rule.
You need to prevent the software restriction policy from applying to users that are members of the local Administrators group.
What should you do?
A. Modify the rule for App1
B. Modify the Enforcement Properties
C. Modify the Security Levels.
D. Modify the Trusted Publishers Properties
Answer: B
Q62. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.Server1 contains a virtual machine named VM1 that runs Windows Server 2012 R2.
You need to ensure that a user named User1 can install Windows features on VM1. The solution must minimize the number of permissions assigned to User1.
To which group should you add User1?
A. Hyper-V Administrators on Server1
B. Administrators on VM1
C. Server Operators on Server1
D. Power Users on VM1
Answer: B
Explanation:
The user has to be an administrator on VM1 to be able to install features.
In Windows Server 2012 R2, the Server Manager console and Windows PowerShell-cmdlets for
Server Manager allow installation of roles and features to local or remote servers, or offline
virtual hard disks (VHDs).
You can install multiple roles and features on a single remote server or offline VHD in a
single Add Roles and Features Wizard or Windows PowerShell session. You must be
logged on to a server as an administrator to install or uninstall roles, role services, and
features. If you are logged on to the local computer with an account that does not have
administrator rights on your target server, right-click the target server in the Servers tile,
and then click Manage As to provide an account that has administrator rights. The server
on which you want to mount an offline VHD must be added to Server Manager, and you
must have Administrator rights on that server.
References:
Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 10:
Implementing Group Policy, p.539
Q63. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed. You need to log the amount of system resources used by each virtual machine. What should you do?
A. From Windows PowerShell, run the Enable-VMResourceMetering cmdlet.
B. From Windows System Resource Manager, enable Accounting.
C. From Windows System Resource Manager, add a resource allocation policy.
D. From Windows PowerShell, run the Measure-VM cmdlet.
Answer: A
Explanation:
Enable-VMResourceMetering – The Enable-VMResourceMeteringcmdlet starts collecting
resourceutilization data for a virtual machine or resource pool.
Measure-VM – The Measure-VM cmdlet reports data on processor usage, memory usage,
network traffic, and disk capacity for one or more virtual machines.
Q64. HOTSPOT - (Topic 1)
Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008 R2 or Windows Server 2012 R2. All client computers run Windows 8.
All computer accounts are located in an organizational unit (OU) named OU1.
You create a Group Policy object (GPO) that contains several AppLocker rules. You link
the GPO to OU1.
You need to ensure that the AppLocker rules apply to all of the client computers.
What should you configure in the GPO?
To answer, select the appropriate service in the answer area.
Answer:
Q65. DRAG DROP - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2 and has the File and Storage Services server role installed.
On Server1, you create a share named Documents. The Share permission for the Documents share is configured as shown in the following table.
The NTFS permission for the Documents share is configured as shown in the following table.
You need to configure the Share and NTFS permissions for the Documents share.
The permissions must meet the following requirements:
. Ensure that the members of a group named Group1 can read files and run programs in Documents. . Ensure that the members of Group1 can modify the permissions on only their own
files in Documents. . Ensure that the members of Group1 can create folders and files in Documents. . Minimize the number of permissions assigned to users and groups.
How should you configure the permissions?
To answer, drag the appropriate permission to the correct location. Each permission may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Improved 70-410 vce:
Q66. - (Topic 3)
Your network contains two Active Directory forests named contoso.com and adatum.com. All servers run Windows Server 2012 R2. A one-way external trust exists between contoso.com and adatum.com.
Adatum.com contains a universal group named Group1. You need to prevent Group1 from being used to provide access to the resources in contoso.com.
What should you do?
A. Change the scope of Group1 to domain local.
B. Modify the Allowed to Authenticate permissions in adatum.com.
C. Enable SID quarantine on the trust between contoso.com and adatum.com.
D. Modify the Allowed to Authenticate permissions in contoso.com.
Answer: D
Explanation:
* Accounts that require access to the customer Active Directory will be granted a special right called Allowed to Authenticate. This right is then applied to computer objects (Active Directory domain controllers and AD RMS servers) within the customer Active Directory to which the account needs access.
* For users in a trusted Windows Server 2008 or Windows Server 2003 domain or forest to be able to access resources in a trusting Windows Server 2008 or Windows Server 2003 domain or forest where the trust authentication setting has been set to selective authentication, each user must be explicitly granted the Allowed to Authenticate permission on the security descriptor of the computer objects (resource computers) that reside in the trusting domain or forest.
Q67. - (Topic 2)
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 is a member of a workgroup.
You need to configure a local Group Policy on Server1 that will apply only to non-administrators.
Which tool should you use?
A. Group Policy Object Editor
B. Group Policy Management
C. Group Policy Management Editor
D. Server Manager
Answer: A
Explanation:
Once you create a GPO, you can open it in the Group Policy Management Editor and
configure the GPO’s policies, specifically those settings that target the non-administrators.
In this scenario however, you still need to configure the Group Policy thus you would need
the GPO Editor.
References:
Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 10:
Implementing Group Policy, Lesson 1: Planning, implementing and managing group policy,
p. 475
Q68. - (Topic 3)
You work as a senior administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have Windows Server 2012 R2 installed.
You are running a training exercise for junior administrators. You are currently discussing the Virtual Fibre Channel SAN feature.
Which of the following is TRUE with regards to the Virtual Fibre Channel SAN feature? (Choose all that apply.)
A. It prevents virtual machines from connecting directly to Fibre Channel storage.
B. It allows for virtual machines to connect to Fibre Channel storage directly.
C. It includes support for virtual SANs, live migration, and multipath I/O.
D. It includes support for virtual SANs, and live migration, but not multipath I/O.
Answer: B,C
Explanation:
To gain the full benefits of server virtualization and cloud architectures, virtualized workloads need to connect easily and reliably to existing SANs. For many enterprise organizations, Hyper-V deployments were limited in scale and scope because they lacked the ability to directly connect VMs to Fibre Channel SAN storage from inside a VM. Hyper-V in Windows Server 2012 R2 now provides virtual Fibre Channel Host Bus Adapter (HBA) ports within the guest operating system that runs the virtual machine, connecting virtual machines directly to FibreChannel SAN Logical Unit Numbers (LUNs). Virtual Fibre Channel for Hyper-V provides several important advantages for Hyper-V environments: Simplifies storage connectivity for virtualized workloads to ultra-reliable, high-performance Fibre Channel SAN storage. Enables new solutions that require shared storage, such as failover clustering, live migration, andmultipath I/O. Leverages and protects existing investments in Fibre Channel storage? Enables advanced FC SAN storage functionality for VMs. Facilitates migration of FC workloads into the cloud. Enables improved monitoring and troubleshooting, with visibility from the VM to the FC SAN storage. Enables centralized management of Ethernet and FC-based virtualized workloads. Combining Virtual Fibre Channel for Hyper-V and the Brocade Fibre Channel SAN infrastructure greatly simplifies connectivity between Fibre Channel SAN storage and virtualized applications, enabling enterprise IT and hosting providers to achieve new levels of availability, reliability, and scalability for cloud-based services. You need your virtualized workloads to connect easily and reliably to your existing storage arrays. Windows Server 2012 R2 provides Fibre Channel ports within the guest operating system, which allows you to connect to Fibre Channel directly from within virtual machines. This feature protects your investments in Fibre Channel, enables you to virtualize workloads that use direct access to Fibre Channel storage, allows you to cluster guest operating systems over Fibre Channel, and provides an important new storage option for servers hosted in your virtualization infrastructure. With this Hyper-V virtual Fibre Channel feature, you can connect to Fibre Channel storage from within a virtual machine. This allows you to use your existing Fibre Channel investments to support virtualized workloads. Support for Fibre Channel in Hyper-V guests also includes support for many related features, such as virtual SANs, live migration, and MPIO.
Q69. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Server1 runs Windows Server 2012 R2. Server2 runs Windows Server 2008 R2 Service Pack 1 (SP1) and has the DHCP Server server role installed.
You need to manage DHCP on Server2 by using the DHCP console on Server1.
What should you do first?
A. From Windows PowerShell on Server1, run Install-Windows Feature.
B. From Windows Firewall with Advanced Security on Server2, create an inbound rule.
C. From Internet Explorer on Server2, download and install Windows Management Framework 3.0.
Answer: B
Explanation:
When the DHCP role is installed, it appears that the firewall rules are automatically added,
so C is not valid (not only that, but either way it is an existing rule that one would need only
enable nonetheless, not create a new rule). This means you only need to add the DHCP
Manager MMC snap-in which is a Role Administration Tool feature.
So the correct answer must be B.
References:
Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 6 Network
Administration, p.228
Q70. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server 1. Server1 runs Windows Server 2012 R2 and has the DHCP Server server role installed.
You create two IPv4 scopes on Server1. The scopes are configured as shown in the following table.
The DHCP clients in Subnet1 can connect to the client computers in Subnet2 by using an IP address or a FQDN.
You discover that the DHCP clients in Subnet2 can connect to client computers in Subnet1 by using an IP address only.
You need to ensure that the DHCP clients in both subnets can connect to any other DHCP client by using a FQDN.
What should you add?
A. The 015 DNS Domain Name option to Subnet1
B. The 015 DNS Domain Name option to Subnet2
C. The 006 DNS Servers option to Subnet2
D. The 006 DNS Servers option to Subnet1
Answer: C
Explanation:
References: http://technet.microsoft.com/en-us/library/ee941136%28v=WS.10%29.aspx Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 6: Network Administration, p.253