70-410 Exam
Top Downloadable 70-410 dump Tips!
Exam Code: 70-410 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Installing and Configuring Windows Server 2012
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass 70-410 Exam.
2021 Apr 70-410 latest exam
Q201. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain have Windows Server 2012 R2 installed, while domain controllers have Windows Server 2008 R2 installed.
You are then tasked with deploying a new Windows Server 2012 R2 domain controller. You are preparing to install the DNS Server role, and enable the global catalog server option.
Which of the following actions should you take?
A. You should consider making use of Server Manager.
B. You should consider making use of the Active Directory Installation Wizard.
C. You should consider making use of the DHCP Installation Wizard
D. You should consider making use of TS Manager
Answer: A
Q202. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
You create and enforce the default AppLocker executable rules.
Users report that they can no longer execute a legacy application installed in the root of drive C.
You need to ensure that the users can execute the legacy application.
What should you do?
A. Create a new rule.
B. Delete an existing rule.
C. Modify the action of the existing rules.
D. Add an exception to the existing rules.
Answer: A
Explanation:
AppLocker is a feature that advances the functionality of the Software Restriction Policies
feature. AppLocker contains new capabilities and extensions that reduce administrative
overhead and help administrators control how users can access and use files, such as
executable files, scripts, Windows Installer files, and DLLs. By using AppLocker, you can:
Define rules based on file attributes that persist across application updates, such as the
publisher name (derived from the digital signature), product name, file name, and file
version. You can also create rules based on the file path and hash.
Assign a rule to a security group or an individual user.
Create exceptions to rules. For example, you can create a rule that allows all users to run
all Windows binaries except the Registry Editor (Regedit.exe).
Use audit-only mode to deploy the policy and understand its impact before enforcing it. .
Create rules on a staging server, test them, export them to your production environment,
and then import them into a Group Policy Object.
Simplify creating and managing AppLocker rules by using Windows PowerShell cmdlets for
AppLocker.
AppLocker default rules
AppLocker allows you to generate default rules for each of the rule types.
Executable default rule types:
Allow members of the local Administrators group to run all applications. Allow members of the Everyone group to run applications that are located in the Windows folder. Allow members of the Everyone group to run applications that are located in the Program Filesfolder. Windows Installer default rule types: Allow members of the local Administrators group to run all Windows Installer files. Allow members of the Everyone group to run digitally signed Windows Installer files. Allow members of the Everyone group to run all Windows Installer files located in the Windows\Installer folder. Script default rule types: Allow members of the local Administrators group to run all scripts. Allow members of the Everyone group to run scripts located in the Program Files folder. Allow members of the Everyone group to run scripts located in the Windows folder. DLL default rule types: (this on can affect system performance ) Allow members of the local Administrators group to run all DLLs. Allow members of the Everyone group to run DLLs located in the Program Files folder. Allow members of the Everyone group to run DLLs located in the Windows folder. You can apply AppLocker rules to individual users or to a group of users. If you apply a rule to a group of users, all users in that group are affected by that rule. If you need to allow a subset of a user group to use an application, you can create a special rule for that subset. For example, the rule “Allow Everyone to run Windows except Registry Editor” allows everyone in the organization to run the Windows operating system, but it does not allow anyone to run Registry Editor. The effect of this rule would prevent users such as Help Desk personnel from running a program that is necessary for their support tasks. To resolve this problem, create a second rule that applies to the Help Desk user group: “Allow Help Desk to run Registry Editor.” If you create a deny rule that does not allow any users to run Registry Editor, the deny rule will override the second rule that allows the Help Desk user group to run Registry Editor.
Q203. - (Topic 3)
You run a Windows Server 2012 R2, what is the PowerShell command to set preferred dns server. Note: Other config such as ip address should not be changed.
A. Register-DnsClient
B. Set-DnsClient
C. Set-DnsPreferredClientServerAddress
D. Set-DnsClientServerAddress
Answer: D
Q204. DRAG DROP - (Topic 1)
You have a server named Server1 that runs Windows Server 2012 R2.
You need to perform the following storage configuration tasks on Server1:
Bring a disk named Disk1 online.
Defragment a volume named Volume1.
Remove a disk named Disk2 from a storage pool named Pool1.
Which cmdlet should you use to perform each task?
To answer, drag the appropriate cmdlets to the correct tasks. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q205. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that runs Windows Server 2012 R2 and a server named Server2 that runs Windows Server 2008 R2 Service Pack 1 (SP1).Both servers are member servers.
On Server2, you install all of the software required to ensure that Server2 can be managed remotely from Server Manager.
You need to ensure that you can manage Server2 from Server1 by using Server Manager.
Which two tasks should you perform on Server2? (Each correct answer presents part of the solution.Choose two.)
A. Run the systempropertiesremote. execommand.
B. Run the Fnable-PsRemoting cmdlet.
C. Run the Enable-PsSessionConfigurationcmdlet.
D. Run the Confiqure-SMRemoting.ps1script.
E. Run the Set-ExecutionPolicycmdlet.
Answer: D,E
Explanation:
The output of this command indicates whether Server Manager Remoting is enabled or disabled on the server. To configure Server Manager remote management by using Windows PowerShell On the computer that you want to manage remotely, open a Windows PowerShell session with elevated user rights.To do this, click Start, click All Programs, click Accessories, click Windows PowerShell, right-click the Windows PowerShell shortcut, and then click Run as administrator. In the Windows PowerShell session, type the following, and then press Enter. Set-ExecutionPolicy -ExecutionPolicyRemoteSigned Type the following, and then press Enter to enable all required firewall rule exceptions. Configure-SMRemoting.ps1 -force –enable.
Far out 70-410 latest exam:
Q206. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain
contains three servers named Server1, Server2, and Server3.
You create a server group named ServerGroup1.
You discover the error message shown in the following exhibit. (Click the Exhibit button.)
You need to ensure that Server2 can be managed remotely by using Server Manager. What should you do?
A. On DC1, run the Enable-PSSessionConfiguration cmdlet.
B. On Server2, run the Add-Computer cmdlet.
C. On Server2 modify the membership of the Remote Management Users group.
D. From Active Directory Users and Computers, add a computer account named Server2, and then restart Server2.
Answer: C
Explanation:
This is a security issue. To be able to access Server2 remotely through Server Manager
the user need to be a member of the Remote Management Users group.
Note:
* Name: BUILTIN\Remote Management Users Description: A Builtin Local group. Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user.
* Enable-ServerManagerStandardUserRemoting Provides one or more standard, non-Administrator users access to event, service, performance counter, and role and feature inventory data for a server that you are managing by using Server Manager. Syntax: Parameter Set: Default Enable-ServerManagerStandardUserRemoting [-User] <String[]> [-Force] [-Confirm] [-WhatIf] [ <CommonParameters>] Detailed Description Provides one or more standard, non-Administrator users access to event, service, performance counter, and role and feature inventory data for a server that you are managing, either locally or remotely, by using Server Manager. The cmdlet must be run locally on the server that you are managing by using Server Manager. The cmdlet works by performing the following actions: Adds access rights for specified standard users to the root\cimv2 namespace on the local server (for access to role and feature inventory information). Adds specified standard users to required user groups (Remote Management Users, Event Log Readers, and Performance Log Readers) that allow remote access to event and performance counter logs on the managed server. Changes access rights in the Service Control Manager to allow specified standard users remote access to the status of services on the managed server. Incorrect: Not A: the Enable-PSSessionConfiguration.This is an advanced cmdlet that is designed to be used by system administrators to manage customized session configurations for their
users.
Reference: Enable-ServerManagerStandardUserRemoting
Q207. - (Topic 3)
On Server1, you plan to create an inbound firewall rule that contains the following settings:
Allows inbound connections to an application named App1.exe
Applies to the domain profile
Overrides any block rules
You need to identify the minimum information required to create the rule.
Which two pieces of information should you identify? Each correct answer presents part of the solution.
A. the list of computers that are authorized to use the application
B. the list of Active Directory users who are authorized to use the application
C. the hash of the application
D. the name of the IPSec policies that apply to Server1
E. the local path of the application
Answer: A,E
Q208. - (Topic 2)
You plan to deploy a file server to a temporary location.
The temporary location experiences intermittent power failures.
The file server will contain a dedicated volume for shared folders.
You need to create a volume for the shared folders. The solution must minimize the
likelihood of file corruption if a power failure occurs.
Which file system should you use?
A. NFS
B. FAT32
C. ReFS
D. NTFS
Answer: C
Explanation:
The ReFS file system allows for resiliency against corruptions with the option to salvage amongst many other key features like Metadata integrity with checksums, Integrity streams with optional user data integrity, and shared storage pools across machines for additional failure tolerance and load balancing, etc.
Q209. - (Topic 3)
You have a server named Server1 that runs a Server Core installation of Windows Server 2012 R2 Standard. You establish a Remote Desktop session to Server1.
You need to identify which task can be performed on Server1 from within the Remote Desktop session.
What should you identify?
A. Install a feature by using Server Manager.
B. Modify the network settings by using Sconfig.
C. Disable services by using Msconfig.
D. Join a domain by using the System Properties.
Answer: B
Explanation:
In Windows Server 2012 R2, you can use the Server Configuration tool (Sconfig.cmd) to configure and manage several common aspects of Server Core installations. You must be a member of the Administrators group to use the tool. Sconfig.cmd is available in the Minimal Server Interface and in Server with a GUI mode.
References: http://technet.microsoft.com/en-us/library/jj647766.aspx Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 2: Deploying servers, p. 80
Q210. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The network contains a domain controller named DC1 that has the DNS Server server role installed. DC1 has a standard primary DNS zone for contoso.com.
You need to ensure that only client computers in the contoso.com domain will be able to add their records to the contoso.com zone.
What should you do first?
A. Sign the contoso.com zone.
B. Modify the Security settings of DC1.
C. Modify the Security settings of the contoso.com zone.
D. Store the contoso.com zone in Active Directory.
Answer: D
Explanation:
Only Authenticated users can create records when zone is stored in AD.
Secure dynamic updates allow an administrator to control what computers update what
names and prevent unauthorized computers from overwriting existing names in DNS.
References:
Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter 6: Network
Administration, Lesson 2: Implementing DNSSEC, p. 237
http://technet.microsoft.com/en-us/library/cc731204(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc755193.aspx