70-410 Exam
Tips to Pass 70-410 Exam (51 to 60)
Dont spend any moment to search other Exambible. Our Microsoft Microsoft exam braindumps are totally free for you. Microsoft certification exam questions and also answers are most reliable, exact and logical training materials, which promise you a large score to pass the particular Microsoft exam. Take steps right today, and you will end up being at your occupation peak very shortly with a Microsoft Microsoft certification.
2021 Apr 70-410 exam answers
Q51. - (Topic 3)
Your network contains an Active Directory domain named adatum.com. The domain contains three domain controllers.
The domain controllers are configured as shown in the following table.
DC3 loses network connectivity due to a hardware failure.
You plan to remove DC3 from the domain.
You log on to DC3.
You need to identify which service location (SRV) records are registered by DC3.
What should you do?
A. Open the %windir%\system32\config\netlogon.dns file.
B. Run dcdiag /test:dns
C. Open the %windir%\system32\dns\backup\adatum.com.dns file.
D. Run ipconfig /displaydns.
Answer: A
Explanation:
A. Netlogon service creates a log file that contains all the locator resource records and
places the logfile in the following location:
B. Analyzes the state of domain controllers in a forest or enterprise and reports any
problems to help introubleshooting.
C. dns backup file
D. used to display current resolver cache content You can verify SRV locator resource
records by viewing netlogon.dns, located in the %systemroot%\System32\Config folder.
The SRV record is a Domain Name System (DNS) resource record that is used to identify
computers that host specific services.
SRV resource records are used to locate domain controllers for Active Directory.
You can use Notepad, to view this file.
The first record in the file is the domain controller’s Lightweight Directory Access Protocol
(LDAP) SRV record.
This record should appear similar to the following: _ldap._tcp.Domain_Name
Q52. - (Topic 3)
Your network contains an Active Directory domain named contoso.com.
You need to prevent users from installing a Windows Store app named App1.
What should you create?
A. An application control policy executable rule
B. An application control policy packaged app rule
C. A software restriction policy certificate rule
D. An application control policy Windows Installer rule
Answer: B
Explanation:
Windows 8 is coming REALLY SOON and of course one of the big new things to computer with that is the new Packaged Apps that run in the start screen. However these apps are very different and do not install like traditional apps to a path or have a true “executable” file to launch the program. Of course enterprises need a way to control these packaged apps and therefore Microsoft has added a new feature Packaged Apps option to the App1ocker feature.
A. For .exe or .com
B. A publisher rule for a Packaged app is based on publisher, name and version
C. You can create a certificate rule that identifies software and then allows or does not allow the software to run, depending on the security level.
D. For .msi or .msp Packaged apps (also known as Windows 8 apps) are new to Windows Server 2012 R2 and Windows 8. They are based on the new app model that ensures that all the files within an app package share the same identity. Therefore, it is possible to control the entire Application using a single App1ocker rule as opposed to the non-packaged apps where each file within the app could have a unique identity. Windows does not support unsigned packaged apps which implies all packaged apps must be signed. App1ocker supports only publisher rules for Packaged apps. A publisher rule for a packaged app is based on the following information: Publisher of the package Package name Package version Therefore, an App1ocker rule for a Packaged app controls both the installation as well as the running of the app. Otherwise, the publisher rules for Packaged apps are no different than the rest of the rule collections; they support exceptions, can be increased or decreased in scope, and can be assigned to users and groups.
Q53. - (Topic 1)
Your network contains an Active Directory forest named contoso.com.
The forest contains two domains named contoso.com and child.contoso.com and two sites named Site1 and Site2. The domains and the sites are configured as shown in following table.
When the link between Site1 and Site2 fails, users fail to log on to Site2.
You need to identify what prevents the users in Site2 from logging on to the child.contoso.com domain.
What should you identify?
A. The placement of the global catalog server
B. The placement of the infrastructure master
C. The placement of the domain naming master
D. The placement of the PDC emulator
Answer: D
Explanation:
The exhibit shows that Site2 does not have a PDC emulator. This is important because of the close interaction between the RID operations master role and the PDC emulator role. The PDC emulator processes password changes from earlier-version clients and other domain controllers on a best-effort basis; handles password authentication requests involving passwords that have recently changed and not yet been replicated throughout the domain; and, by default, synchronizes time. If this domain controller cannot connect to the PDC emulator, this domain controller cannot process authentication requests, it may not be able to synchronize time, and password updates cannot be replicated to it. The PDC emulator master processes password changes from client computers and replicates these updates to all domain controllers throughout the domain. At any time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest.
Q54. - (Topic 3)
Your network contains an Active Directory domain named contoso.com.
You discover that when you join client computers to the domain manually, the computer accounts are created in the Computers container.
You need to ensure that new computer accounts are created automatically in an organizational unit (OU) named Corp.
Which tool should you use?
A. net.exe
B. redircmp.exe
C. regedit.exe
D. dsadd.exe
Answer: B
Explanation:
A. Used to stop/start protocols
B. Redirects the default container for newly created computers to a specified, target
organizational unit
C. Modify local registry entries
D. Adds specific types of objects to the directory
Redirects the default container for newly created computers to a specified, target
organizational unit (OU) so that newly created computer objects are created in the specific
target OU instead of in CN=Computers.
You must run the redircmp command from an elevated command prompt.
Redircmp.exe is located in the C:\Windows\System32 folder.
You must be a member of the Domain Admins group or the Enterprise Admins group to
use this tool.
Q55. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed. You have been instructed to make sure that a server, named ENSUREPASS-SR07, is configured to be managed remotely from ENSUREPASS-SR01 using Server Manager.
Which of the following is not a valid option to take? (Choose all that apply.)
A. You could access the server manager on ENSUREPASS-SR07.
B. You could access the server manager on ENSUREPASS-SR13.
C. You could run the %windir%\system32\Configure-SMRemoting.exe from an elevated command prompt on ENSUREPASS-SR13.
D. You could run the Configure-SMRemoting.exe – enable cmdlet on ENSUREPASS-SR07.
Answer: B,C
Renovate 70-410 sample question:
Q56. - (Topic 3)
Server1 runs Windows Server 2012 R2 and is installed as an FTP server. Client uses App1 to connect to Server1 for FTP. App1 uses TCP port 21 for control and a dynamic port for data. You have allowed port 21 in firewall. What should you do next in order to allow clients to use App1 to connect to server1 using ftp.
A. At Server1 allow firewall rule of outbound
B. At Server1 allow firewall rule of inbound
C. Netsh advfirewall domainprofile state off
D. Netsh advfirewall set global StatefulFtp enable
Answer: D
Explanation:
Set global statefulftp Configures how Windows Firewall with Advanced Security handles FTP traffic that uses an initial connection on one port to request a data connection on a different port. This affects both active and passive FTP.
Q57. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
You create an external virtual switch named Switch1. Switch1 has the following configurations:
Connection type: External network
Single-root I/O virtualization (SR-IOV): Enabled
Ten virtual machines connect to Switch1.
You need to ensure that all of the virtual machines that connect to Switch1 are isolated from the external network and can connect to each other only. The solution must minimize network downtime for the virtual machines.
What should you do?
A. Remove Switch1 and recreate Switch1 as an internal network.
B. Change the Connection type of Switch1 to Private network.
C. Change the Connection type of Switch1 to Internal network.
D. Remove Switch1 and recreate Switch1 as a private network.
Answer: D
Explanation:
You cannot change the type of vswitch from external to private when SR-IOV is enabled at vswitch creation ->you need to recreate the vswitch.
Q58. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. All user accounts in the sales department reside in an organizational unit (OU) named OU1.
You have a Group Policy object (GPO) named GPO1. GPO1 is used to deploy a logon script to all of the users in the sales department.
You discover that the logon script does not run when the sales users log on to their computers. You open Group Policy Management as shown in the exhibit.
You need to ensure that the logon script in GPO1 is applied to the sales users. What should you do?
A. Enforce GPO1.
B. Modify the link order of GPO1.
C. Modify the Delegation settings of GPO1.
D. Enable the link of GPO1.
Answer: D
Q59. - (Topic 1)
Your network contains an Active Directory forest. The forest functional level is Windows Server 2012 R2. The forest contains a single domain. The domain contains a member server named Server1. Server1 runs windows Server 2012 R2.
You purchase a network scanner named Scanner1 that supports Web Services on Devices (WSD).
You need to share the network scanner on Server1.
Which server role should you install on Server1?
A. Web Server (IIS)
B. Fax Server
C. Print and Document Services
D. File and Storage Services
Answer: C
Explanation:
The Print and Document Services role allows for the configuration to share printers,
scanners and fax devices.
References:
Exam Ref 70-410: Installing and Configuring Windows Server 2012 R2, Chapter 1:
Installing and Configuring servers, Objective 1.2: Configure servers, p. 8
http://technet.microsoft.com/en-us/library/hh831468.aspx
Q60. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed.
Contoso.com has a server, named ENSUREPASS-SR07, which has the ADDS, DHCP, and DNS server roles installed. Contoso.com also has a server, named ENSUREPASS-SR08, which has the DHCP, and Remote Access server roles installed. You have configured a server, which has the File and Storage Services server role installed, to automatically acquire an IP address. The server is named ENSUREPASSSR09.
You then create reservation on ENSUREPASS-SR07, and a filter on ENSUREPASS-SR08.
Which of the following is a reason for this configuration?
A. It allows ENSUREPASS-SR09 to acquire a constant IP address from ENSUREPASS-SR08 only.
B. It configures ENSUREPASS-SR09 with a static IP address.
C. It allows ENSUREPASS-SR09 to acquire a constant IP address from ENSUREPASS-SR07 and ENSUREPASSSR08.
D. It allows ENSUREPASS-SR09 to acquire a constant IP address from ENSUREPASS-SR07 only.
Answer: D
Explanation:
To configure the Deny filter In the DHCP console tree of DHCP Server 1, under IPv4, click Filters, right-click Deny under Filters, and then click New Filter. In the New Deny Filter dialog box, in MAC Address, enter a six hexadecimal number representing the MAC or physical address of DHCP Client 2, click Add, and then click Close. Under Filters right-click the Deny node, and then click the Enable pop-up menu item.