70-410 Exam
All About 70-410 test questions Mar 2021
Acquiring Microsoft Microsoft certification is often a hard activity by yourself. The Microsoft 70-410 exam actual exam will have got some alterations, and each of our Microsoft 70-410 practice questions and answers will certainly make some modifications accordingly. The Microsoft 70-410 test is an important portion of Microsoft Microsoft certification exam. Exambible offers abundant resources in your case to get ready the Microsoft 70-410 exam. The Microsoft 70-410 certificate is a threshold to the IT area.
2021 Mar 70-410 simulations
Q231. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
When a domain user named User3 attempts to log on to a client computer named Client10, User3 receives the message shown in the following exhibit. (Click the Exhibit button.)
You need to ensure that User3 can log on to Client10.
What should you do?
A. From Active Directory Users and Computers, configure the Logon Workstations setting of User3.
B. On Client10, modify the Allow log on locally User Rights Assignment.
C. From Active Directory Users and Computers, configure the Personal Virtual Desktop property of User3.
D. On Client10, modify the Deny log on locally User Rights Assignment.
Answer: A
Q232. HOTSPOT - (Topic 1)
You have a Hyper-V host named Server1 that runs Windows Server 2012 R2. Server1 hosts 40 virtual machines that run Windows Server 2008 R2. The virtual machines connect to a private virtual switch.
You have a file that you want to copy to all of the virtual machines.
You need to identify to which servers you can copy files by using the Copy-VmFile cmdlet.
What command should you run? To answer, select the appropriate options in the answer area.
Answer:
Q233. - (Topic 3)
Your network contains one Active Directory domain named contoso.com. The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01.
You need to add an RODC to the domain by using the Install From Media (IFM) option.
Which tool should you use to create the media?
A. the ntdsutil command
B. the Set-ADDomain cmdlet
C. the Install-ADDSDomain cmdlet
D. the dsadd command
E. the dsamain command
F. the dsmgmt command
G. the net user command
H. the Set-ADForest cmdlet
Answer: A
Explanation: You can use the Ntdsutil.exe tool to create installation media for additional domain controllers that you are creating in a domain. By using the Install from Media (IFM) option, you can minimize the replication of directory data over the network. This helps you install additional domain controllers in remote sites more efficiently.
Reference: Installing AD DS from Media
https://technet.microsoft.com/en-us/library/cc770654(v=ws.10).aspx
Q234. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have Windows Server 2012 installed.
You have been instructed to modify the name of the local Administrator account on all Contoso.com workstations. You want to achieve this using as little administrative effort as possible.
Which of the following actions should you take?
A. You should consider configuring the Security Options settings via the Group Policy Management Console (GPMC).
B. You should consider navigating to Local Users and Groups via Computer
C. You should consider configuring the replication settings.
D. You should consider navigating to Local Users and Groups via Computer Management on each workstation.
Answer: A
Explanation:
Rename administrator account policy setting determines whether a different account name is associated with the security identifier (SID) for the Administrator account. Because the Administrator account exists on all Windows server versions, renaming the account makes it slightly more difficult for attackers to guess this user name and password combination. By default, the built-in Administrator account cannot be locked out no matter how many times a malicious user might use a bad password. This makes the Administrator account a popular target for brute-force password-guessing attacks. The value of this countermeasure is lessened because this account has a well-known SID and there are non-Microsoft tools that allow you to initiate a brute-force attack over the network by specifying the SID rather than the account name. This means that even if you have renamed the Administrator account, a malicious user could start a brute-force attack by using the SID. Rename the Administrator account by specifying a value for the Accounts: Rename administrator account policy setting. Location: GPO_name\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
Q235. - (Topic 2)
Your network contains an Active Directory domain named contoso.com.
All of the AppLocker policy settings for the member servers are configured in a Group Policy object (GPO) named GPO1.
A member server named Server1 runs Windows Server 2012 R2.
On Server1, you test a new set of AppLocker policy settings by using a local computer policy.
You need to merge the local AppLocker policy settings from Server1 into the AppLocker policy settings of GPO1.
What should you do?
A. From Local Group Policy Editor on Server1, export an .inf file. Import the .inf file by using Group Policy Management Editor.
B. From Server1, run the Set-ApplockerPolicy cmdlet.
C. From Local Group Policy Editor on Server1, export an .xml file. Import the .xml file by using Group Policy Management Editor.
D. From Server1, run the New-ApplockerPolicy cmdlet.
Answer: B
Explanation:
The Set-AppLockerPolicy cmdlet sets the specified Group Policy Object (GPO) to contain the specified AppLocker policy. If no Lightweight Directory Access Protocol (LDAP) is specified, the local GPO is the default. When the Merge parameter is used, rules in the specified AppLocker policy will be merged with the AppLocker rules in the target GPO specified in the LDAP path. The merging of policies will remove rules with duplicate rule IDs, and the enforcement setting specified by
the AppLocker policy in the target GPO will be preserved. If the Merge parameter is not
specified, then the new policy will overwrite the existing policy.
References:
http://technet.microsoft.com/en-us/library/ee791816(v=ws.10).aspx
Exam Ref 70-410: Installing and configuring Windows Server 2012 R2, Chapter 10:
Implementing Group Policy, Lesson1: Planning, Implementing and managing Group Policy,
p. 479
Replace 70-410 training:
Q236. - (Topic 2)
You have a server named Data1 that runs a Server Core Installation of Windows Server 2012 R2 Standard.
You need to configure Data1 to run a Server Core Installation of Windows Server 2012 R2 Enterprise. You want to achieve this goal by using the minimum amount of administrative effort.
What should you perform?
A. a clean installation of Windows Server 2012
B. an offline servicing by using Dism
C. an online servicing by using Dism
D. an upgrade installation of Windows Server 2012
Answer: C
Explanation:
References: Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter 2: Deploying Servers, p. 44 Exam Ref 70-410: Installing and Configuring Windows Server 2012 R2: Chapter 1: Installing and Configuring Servers, p. 19-22
Q237. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named Server1 that has the DNS Server server role installed. Server1 hosts a primary zone for contoso.com.
The domain contains a member server named Server2 that is configured to use Server1 as its primary DNS server.
From Server2, you run nslookup.exe as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that when you run Nslookup, the correct name of the default server is displayed.
What should you do?
A. On Server1, create a reverse lookup zone.
B. On Server1, modify the Security settings of the contoso.com zone.
C. From Advanced TCP/IP Settings on Server1, add contoso.com to the DNS suffix list.
D. From Advanced TCP/IP Settings on Server2, add contoso.com to the DNS suffix list.
Answer: A
Explanation:
Make sure that a reverse lookup zone that is authoritative for the PTR resource record
exists.
PTR records contain the information that is required for the server to perform reverse name
lookups.
References:
http://technet.microsoft.com/en-us/library/cc961417.aspx
Exam Ref: 70-410: Installing and Configuring Windows Server 2012 R2, Chapter4:
Deploying and configuring core network services, Objective 4.1: Configure IPv4 and IPv6
addressing, p.246
Q238. HOTSPOT - (Topic 3)
You have a server named Server1. Server1 runs Windows Server 2012 R2.
A user named Admin1 is a member of the local Administrators group.
You need to ensure that Admin1 receives a User Account Control (UAC) prompt when
attempting to open Windows PowerShell as an administrator.
Which setting should you modify from the Local Group Policy Editor?
To answer, select the appropriate setting in the answer area.
Answer:
Q239. HOTSPOT - (Topic 3)
You run a Windows 2012 and implementing 3 new printers in a warehouse. You need to makean exclusion forthese IP addresses within DHCP server.
Select the location where would configure at the DHCP console?
Answer:
Q240. HOTSPOT - (Topic 1)
Your network contains an Active Directory domain named adatum.com.
You create an account for a temporary employee named User1.
You need to ensure that User1 can log on to the domain only between 08:00 and 18:00
from a client computer named Computer1.
From which tab should you perform the configuration?
To answer, select the appropriate tab in the answer area.
Answer: