70-410 Exam
Ideas to microsoft 70 410
Your success in Microsoft 70 410 installing and configuring windows server 2012 pdf is our sole target and we develop all our mcsa 70 410 braindumps in a way that facilitates the attainment of this target. Not only is our 70 410 questions study material the best you can find, it is also the most detailed and the most updated. examcollection 70 410 Practice Exams for Microsoft Windows Server microsoft 70 410 are written to the highest standards of technical accuracy.
Q231. - (Topic 3)
Your network contains an active directory domain named contoso.com. The domain consists 20
member Servers and 5 domain controllers. All servers run Windows Server 2012 R2. The domain contains 500 client computers.
You plan to deploy a domain controller for contoso.com in Microsoft Azure.
You need to prepare the conversation for planned deployment. The solution should ensure that the domain controller hosted in Azure always have the same IP address.
Witch two actions should you perform? Each correct answer is a part of the solution.
A. From an Azure virtual machine run the Set-AzureStaticVNetIP cmdlet
B. Deploy a Side by side virtual private network (VPN)
C. From Azure virtual machine run the Set –NetIPAuthentication cmdlet
D. From an domain controller run the Set-NetIPAdresses cmdlet
E. From an domain controller run adprep.exe
Answer: A
Explanation:
Set the static VNet IP address information to a VM object.
Q232. - (Topic 3)
Your network contains two Active Directory forests named contoso.com and adatum.com. All servers run Windows Server 2012 R2. A one-way external trust exists between contoso.com and adatum.com.
Adatum.com contains a universal group named Group1. You need to prevent Group1 from being used to provide access to the resources in contoso.com.
What should you do?
A. Change the scope of Group1 to domain local.
B. Modify the Allowed to Authenticate permissions in adatum.com.
C. Enable SID quarantine on the trust between contoso.com and adatum.com.
D. Modify the Allowed to Authenticate permissions in contoso.com.
Answer: D
Explanation:
* Accounts that require access to the customer Active Directory will be granted a special right called Allowed to Authenticate. This right is then applied to computer objects (Active Directory domain controllers and AD RMS servers) within the customer Active Directory to which the account needs access.
* For users in a trusted Windows Server 2008 or Windows Server 2003 domain or forest to be able to access resources in a trusting Windows Server 2008 or Windows Server 2003 domain or forest where the trust authentication setting has been set to selective authentication, each user must be explicitly granted the Allowed to Authenticate permission on the security descriptor of the computer objects (resource computers) that reside in the trusting domain or forest.
Q233. HOTSPOT - (Topic 3)
Your network contains an Active Directory domain named fabrikam.com. You implement DirectAccess and an IKEv2 VPN.
You need to view the properties of the VPN connection.
Which connection properties should you view? To answer, select the appropriate connection properties in the answer area.
Answer:
Q234. - (Topic 3)
Your network contains one Active Directory domain named contoso.com. The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01.
You have a domain controller named DC5 that has the Server Graphical Shell disabled.
You create an organizational unit (OU) named OU1.
From DC5, you need to create 50 new user accounts in OU1.
Which tool should you use?
A. the ntdsutil command
B. the Set-ADDomain cmdlet
C. the Install-ADDSDomain cmdlet
D. the dsadd command
E. the dsamain command
F. the dsmgmt command
G. the net user command
H. the Set-ADForest cmdlet
Answer: G
Explanation: Net user adds or modifies user accounts, or displays user account information.
Reference: Net User Command for Windows Server 2012 (R2)
http://www.isunshare.com/windows-2012/net-user-command-for-windows-server-2012-r2.html
Q235. HOTSPOT - (Topic 1)
Your network contains an Active Directory domain named contoso.com. All domain
controllers run Windows Server 2012 R2.
All servers are configured to enforce AppLocker policies.
You install a server named Server1.
On Server1, you install an application named App1.exe in a folder located on C:\App1.
You have two domain groups named Group1 and Group2.A user named User1 is a
member of Group1 and Group2.
You create a Group Policy object (GPO) named GPO1. You link GPO1 to contoso.com.
You create the executable rules as shown in the exhibit by using the Create Executable Rules wizard. (Click the Exhibit button.)
To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.
Answer:
Q236. DRAG DROP - (Topic 2)
Your network contains an Active Directory domain named contoso.com. All servers run
Windows Server 2012 R2.All client computers run Windows 8.
The domain contains a security group named Group1.
You have a Group Policy object (GPO) named GPO1.GPO1 is linked to the domain.
You need to ensure that only the members of Group1 can run the applications shown in the
following table.
Which type of application control policy should you implement for each application?
To answer, drag the appropriate rule types to the correct applications. Each rule type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q237. - (Topic 3)
You have a Hyper-V host named Hyper1 that runs Windows Server 2012 R2.
Hyper1 hosts several virtual machines that run Windows 8.1.
Several developers connect to the virtual machines by using the Virtual Machine Connection tool.
You need to ensure that the devlopers can print to their local printers from within virtual machine sessions.
What should you configure?
A. a virtual switch on Hyper1
B. Remote Desktop Services (RDS) on Hyper1
C. enhanced session mode on Hyper1
D. a virtual network adapter on the virtual machines
Answer: C
Explanation: To be able to use a computer’s local resources on a virtual machine:
* The Hyper-V host must have Enhanced session mode policy and Enhanced session mode settings turned on.
* The computer that you use to connect to the virtual machine with VMConnect must run Windows 8, Windows 8.1, Windows Server 2012, or Windows Server 2012 R2.
* The virtual machine must have Remote Desktop Services enabled and run Windows Server 2012 R2 or Windows 8.1 as the guest operating system.
Reference: Use local resources on Hyper-V virtual machine with VMConnect
https://technet.microsoft.com/en-us/library/dn282274.aspx
Q238. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
You create a new inbound rule by using Windows Firewall with Advanced Security.
You need to configure the rule to allow Server1 to accept unsolicited inbound packets that are received through a network address translation (NAT) device on the network.
Which setting in the rule should you configure?
A. Interface types
B. Authorized computers
C. Remote IP address
D. Edge traversal
Answer: D
Explanation:
Edge traversal – This indicates whether edge traversal is enabled (Yes) or disabled (No). When edge traversal is enabled, the application, service, or port to which the rule applies is globally addressable and accessible from outside a network address translation (NAT) or edge device.
Select one of the following options from the list: Block edge traversal (default) – Prevent applications from receiving unsolicited traffic from the Internet through a NAT edge device. Allow edge traversal – Allow applications to receive unsolicited traffic directly from the Internet through a NAT edge device. Defer to user – Let the user decide whether to allow unsolicited traffic from the Internet through a NAT edge device when an application requests it. Defer to application – Let each application determine whether to allow unsolicited traffic from the Internet through a NAT edge device.
: http://technet.microsoft.com/en-us/library/cc731927.aspx
Q239. - (Topic 2)
You have a server named Print1 that runs Windows Server 2012 R2.
On Print1, you share a printer named Printer1.
You need to ensure that only the members of the Server Operators group, the
Administrators group, and the Print Operators group can send print jobs to Printer1.
What should you do?
A. Remove the permissions for the Creator Owner group.
B. Assign the Print permission to the Server Operators group.
C. Remove the permissions for the Everyone group.
D. Assign the Print permission to the Administrators group.
Answer: C
Explanation:
By default Everyone can print. This permissions need to be removed.
Q240. - (Topic 1)
Your network contains an Active Directory domain named adatum.com.
You discover that when users join computers to the domain, the computer accounts are created in the Computers container.
You need to ensure that when users join computers to the domain, the computer accounts are automatically created in an organizational unit (OU) named All_Computers.
What should you do?
A. From a command prompt, run the redircmp.exe command.
B. From ADSI Edit, configure the properties of the OU1 object.
C. From Ldp, configure the properties of the Computers container.
D. From Windows PowerShell, run the Move-ADObject cmdlet.
Answer: A
Explanation:
This command redirects the default container for newly created computers to a specified, target organizational unit (OU) so that newly created computer objects are created in the specific target OU instead of in All_Computers.
: http://technet.microsoft.com/en-us/library/cc770619.aspx