70-410 Exam
how to use 70 410 practice exam
Exam Code: 70 410 dumps pdf (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Installing and Configuring Windows Server 2012
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass mcsa 70 410 pdf Exam.
P.S. Real 70-410 preparation labs are available on Google Drive, GET MORE: https://drive.google.com/open?id=1gKqa_vO9OeNyYEjdDpkvCkiJIJhS7seE
New Microsoft 70-410 Exam Dumps Collection (Question 9 - Question 18)
Question No: 9
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have Windows Server 2012 R2 installed.
You have created and linked a new Group Policy object (GPO) to an organizational unit (OU), named ENSUREPASSServ, which host the computer accounts for servers in the Contoso.com domain.
You have been tasked with adding a group to a local group on all servers in the Contoso.com domain. This group should not, however, be removed from the local group.
Which of the following actions should you take?
A. You should consider adding a restricted group.
B. You should consider adding a global group.
C. You should consider adding a user group.
D. You should consider adding a server group.
Answer: A
Explanation:
Restricted groups in Group policies are a simple way of delegating permissions or group membership centrally to any domain computer or server. Using restricted groups it is easier to enforce the lowest possible permissions to any given account.
Computer ConfigurationWindows SettingsSecurity SettingsRestricted Groups Restricted groups allow an administrator to define two properties for security-sensitive groups (that is, u201crestrictedu201d groups). The two properties are Members and Member Of . The Members list defines who should and should not belong to the restricted group. The Member Of list specifies which other groups the restricted group should belong to.
When a restricted Group Policy is enforced, any current member of a restricted group that is not on the Members list is removed.
Question No: 10
You have a server that runs Windows Server 2012 R2. The server contains the disks configured as shown in the following table.
You need to create a volume that can store up to 3 TB of user files. The solution must ensure that the user files are available if one of the disks in the volume fails.
What should you create?
A. a mirrored volume on Disk 1 and Disk 4
B. a mirrored volume on Disk 2 and Disk 3
C. a RAID-5 volume on Disk 1, Disk 2, and Disk 3
D. a spanned volume on Disk 0 and Disk 4
Answer: B
Question No: 11
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 installed.
You have received instructions to install the Remote Desktop Services server role on a server, named ENSUREPASS-SR07. You want to achieve this remotely from a server, named ENSUREPASS-SR06.
Which of the following actions should you take?
A. You should consider accessing the Server Manager console on ENSUREPASS-SR07.
B. You should consider accessing the Server Manager console on ENSUREPASS-SR06.
C. You should consider accessing the TS Manager console on ENSUREPASS-SR07
D. You should consider accessing the TS Manager console on ENSUREPASS-SR06.
Answer: B
Question No: 12
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2 and has the File and Storage Services server role installed.
On Server1, you create a share named Documents.
You need to ensure that users can recover files that they accidently delete from Documents.
What should you do?
A. Enable shadow copies by using Computer Management.
B. Create a storage pool that contains a two-way mirrored volume by using Server Manager.
C. Modify the Startup type of the Volume Shadow Copy Service (VSS) by using the Services console.
D. Create a recovery partition by using Windows Assessment and Deployment Kit (Windows ADK).
Answer: A
Explanation:
If you enable Shadow Copies of Shared Folders on a volume using the default values, a task will be scheduled to create shadow copies at 7:00 A.M of next business day. The default storage area will be on the same volume, and its size will be 10 percent of the available space. You can only enable Shadow Copies of Shared Folders on a per-volume basisu2013that is, you cannot select specific shared folders and files on a volume to be copied or not copied.
To enable and configure Shadow Copies of Shared Folders:
1. Click Start, point to Administrative Tools, and then click Computer Management.
2. In the console tree, right-click Shared Folders, click All Tasks, and then click Configure Shadow Copies.
3. In Select a volume, click the volume that you want to enable Shadow Copies of Shared Folders for, and then click Enable.
4. You will see an alert that Windows will create a shadow copy now with the current
1. settings and that the settings might not be appropriate for servers with high I/O loads. Click Yes if you want to continue or No if you want to select a different volume or settings.
5. To make changes to the default schedule and storage area, click Settings.
Shadow copies - a feature that provides point-in-time copies of files stored on file shares on file servers. Shadow Copies of Shared Folders allows users to view and access shadow copies, which are shared files and folders as they existed at different points of time in the past. By accessing previous versions of files and folders, users can compare versions of a file while working and recover files that were accidentally deleted or overwritten.
References: Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 7: Hyper-V virtualization, Lesson 1: Deploying and configuring Hyper-V- hosts, p. 302
Question No: 13
Your network contains an Active Directory domain named contoso.com. The network contains a member server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed and has a primary zone for contoso.com.
The Active Directory domain contains 500 client computers. There are an additional 20 computers in a workgroup.
You discover that every client computer on the network can add its record to the contoso.com zone.
You need to ensure that only the client computers in the Active Directory domain can register records in the contoso.com zone.
What should you do first?
A. Move the contoso.com zone to a domain controller that is configured as a DNS server.
B. Configure the Dynamic updates settings of the contoso.com zone.
C. Sign the contoso.com zone by using DNSSEC
D. Configure the Security settings of the contoso.com zone.
Answer: A
Explanation:
If you install DNS server on a non-DC, then you are not able to create AD-integrated zones. DNS update security is available only for zones that are integrated into AD DS. When you directory- integrate a zone, access control list (ACL) editing features are available in DNS Managerso that you can add or remove users or groups from the ACL for a specified zone or resource record.
1. Active Directoryu2021s DNS Domain Name is NOT a single label name (u201cDOMAINu201d vs. the minimal requirement ofu201ddomain.com.u201d u201cdomain.localu201d, etc.).
2. The Primary DNS Suffix MUST match the zone name that is allowing updates. Otherwise the client doesnu2021t know what zone name to register in. You can also have a different Conneciton Specific Suffix in addition to the Primary DNS Suffix to register into that zone as well.
3. AD/DNS zone MUST be configured to allow dynamic updates, whether Secure or Secure and Non-Secure. For client machines, if a client is not joined to the domain, and the zone is set to Secure, it will not register either.
4. You must ONLY use the DNS servers that host a copy of the AD zone name or have a
1. reference to get to them. Do not use your ISPu2021s, an external DNS address, your router as a DNS address, or any other DNS that does not have a copy of the AD zone. Internet resolution for your machines will be accomplished by the Rootservers (Root Hints), however itu2021s recommended to configure a forwarder for efficient Internet resolution.
5. The domain controller is multihomed (which means it has more than one unteamed, active NIC, more than one IP address, and/or RRAS is installed on the DC).
6. The DNS addresses configured in the clientu2021s IP properties must ONLY reference the DNS server(s) hosting the AD zone you want to update in. This means that you must NOT use an external DNS in any machineu2021s IP property in an AD environment. You canu2021t mix them either. Thatu2021s because of the way the DNS Client side resolver service works. Even if you mix up internal DNS and ISPu2021s DNS addresses, the resolver algorithm can still have trouble asking the
correct DNS server. It will ask the first one first. If it doesnu2021t get a response, it removes the first one from the eligible resolvers list and goes to the next in the list. It will not go back to the first one unless you restart the machine, restart the DNS Client service, or set a registry entry to cut the query TTL to 0. The rule is to ONLY use your internal DNS server(s) and configure a forwarder to your ISPu2021s DNS for efficient Internet resolution.
This is the reg entry to cut the query to 0 TTL:
The DNS Client service does not revert to using the first server. The Windows 2000 Domain Name System (DNS) Client service (DNS cache) follows a certain algorithm when it decides the order in which to use the DNS servers. http://support.microsoft.com/kb/286834
For more info, please read the following on the client side resolver service:
DNS, WINS NetBIOS & the Client Side Resolver, Browser Service, Disabling NetBIOS, Direct Hosted SMB (Direct SMB), If One DC is Down Does a Client logon to Another DC, and DNS Forwarders Algorithm if you have multiple forwarders. http://msmvps.com/blogs/acefekay/archive/2009/11/29/dns-wins-netbios-amp-the- clientside- resolverbrowserservice-disabling-netbios-direct-hosted-smb-directsmb-if-one- dc-isdown-does-a- client-logon-toanother-dcand-dns-forwarders-algorithm.aspx
7. For DHCP clients, DHCP Option 006 for the clients are set to the same DNS server.
8. If using DHCP, DHCP server must only be referencing the same exact DNS server(s) in its own IP properties in order for it to u2021forceu2021 (if you set that setting) registration into DNS. Otherwise, how would it know which DNS to send the reg data to?
9. If the AD DNS Domain name is a single label name, such as u201cEXAMPLEu201d, and not the proper format of u201dexample.comu201d and/or any child of that format, such as u201cchild1.example.comu201d, then we have a real big problem.
DNS will not allow registration into a single label domain name. This is for two reasons:
1. Itu2021s not the proper hierarchal format. DNS is hierarchal, but a single label name has no hierarchy. Itu2021s just a single name.
1. 2. Registration attempts cause major Internet queries to the Root servers. Why? Because it thinks the single label name, such as u201cEXAMPLEu201d, is a TLD (Top Level Domain), such as u201ccomu201d, u201cnetu201d, etc. It will now try to find what Root name server out there handles that TLD. In the end it comes back to itself and then attempts to register. Unfortunately it does NOT ask itself first for the mere reason it thinks itu2021s a TLD. (Quoted from Alan Woods, Microsoft, 2004):
u201cDue to this excessive Root query traffic, which ISC found from a study that discovered Microsoft DNS servers are causing excessive traffic because of single label names, Microsoft, being an internet friendly neighbor and wanting to stop this problem for their neighbors, stopped the ability to register into DNS with Windows 2000SP4, XP SP1, (especially XP, which cause lookup problems too), and Windows 2003. After all, DNS is hierarchal, so therefore why even allow single label DNS domain names?u201d The above also
*especially* applies to Windows Vista, 7, 2008, 2008 R2, and newer.
10. u2021Register this connectionu2021s addressu201d on the client is not enabled under the NICu2021s IP properties, DNS tab.
11. Maybe thereu2021s a GPO set to force Secure updates and the machine isnu2021t a joined member of the domain.
12. ON 2000, 2003 and XP, the u201cDHCP clientu201d Service not running. In 2008/Vista and newer, itu2021s the DNS Client Service. This is a requirement for DNS registration and DNS resolution even if the client is not actually using DHCP.
13. You can also configure DHCP to force register clients for you, as well as keep the DNS zone clean of old or duplicate entries. See the link I posted in my previous post.
Question No: 14
Your network contains an Active Directory domain named contoso.com.
An organizational unit (OU) named OU1 contains the user accounts and the computer accounts for laptops and desktop computers. A Group Policy object (GPO) named GP1 is linked to OU1. You need to ensure that the configuration settings in GP1 are applied only to the laptops in OU1. The solution must ensure that GP1 is applied automatically to new laptops that are added to OU1.
What should you do?
A. Modify the GPO Status of GP1.
B. Configure the WMI Filter of GP1.
C. Modify the security settings of GP1.
D. Modify the security settings of OU1.
Answer: B
Question No: 15
Your network contains an Active Directory domain named contoso.com. The domain contains a user account named User1 that resides in an organizational unit (OU) named OU1.
A Group Policy object (GPO) named GPO1 is linked to OU1. GPO1 is used to publish several applications to a user named User1.
In the Users container, you create a new user named User2.
You need to ensure that the same applications are published to User2. What should you do?
A. Modify the settings in GPO1.
B. Move User2 to OU1
C. Link a WMI filter to GPO1.
D. Modify the security of GPO1.
Answer: B
Explanation:
Moving User2 to OU1 will give him the same access as User1.
The GPO is linked to OU1. By moving User2 to OU1 the GPO will be applied to this user.
Question No: 16
You have a server named Server1 that has a Server Core installation of Windows Server 2008 R2.
Server1 has the DHCP Server server role and the File Server server role installed.
You need to upgrade Server1 to Windows Server 2012 R2 with the graphical user interface (GUI).
The solution must meet the following requirements:
u2711 Preserve the server roles and their configurations.
u2711 Minimize administrative effort.
What should you do?
A. On Server1, run setup.exe from the Windows Server 2012 R2 installation media and select Server with a GUI.
B. Start Server1 from the Windows Server 2012 R2 installation media and select Server Core Installation.
When the installation is complete, add the Server Graphical Shell feature.
C. Start Server1 from the Windows Server 2012 R2 installation media and select Server with a GUI.
D. On Server1, run setup.exe from the Windows Server 2012 R2 installation media and select Server Core Installation.
When the installation is complete, add the Server Graphical Shell feature
Answer: D
Explanation:
:A. Server is on 2008 R2 core, must install 2012 R2 core and then GUI
:B. Not least effort
:C. Not least effort
:D. Upgrade to 2012 R2 and install GUI shell
A. http://technet.microsoft.com/en-us/library/jj574204.aspx Upgrades that switch from a Server Core installation to the Server with a GUI mode of Windows Server 2012 R2 in one step (and vice versa) are not supported.
However, after upgrade is complete, Windows Server 2012 R2 allows you to switch freely between Server Core and Server with a GUI modes.
Question No: 17
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2 and has the
Hyper-V server role installed. You need to log the amount of system resources used by each virtual machine. What should you do?
A. From Windows PowerShell, run the Enable-VMResourceMetering cmdlet.
B. From Windows System Resource Manager, enable Accounting.
C. From Windows System Resource Manager, add a resource allocation policy.
D. From Windows PowerShell, run the Measure-VM cmdlet.
Answer: A
Explanation:
Enable-VMResourceMetering u2013 The Enable-VMResourceMeteringcmdlet starts collecting resourceutilization data for a virtual machine or resource pool.
Measure-VM u2013 The Measure-VM cmdlet reports data on processor usage, memory usage, network traffic, and disk capacity for one or more virtual machines.
Question No: 18
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
You need to ensure that the local administrator account on all computers is renamed to L.Admin.
Which Group Policy settings should you modify?
A. Restricted Groups
B. Security Options
C. User Rights Assignment
D. Preferences
Answer: B
Explanation:
In Group Policy Object Editor, click Computer Configuration, click Windows Settings, click Security Settings, click Local Policies, and then click Security Options.
In the details pane, double-click Accounts: Rename administrator account.
The Security Options node includes security settings regarding interactive logon, digital signing of data, restrictions of access to floppy and CD-ROM drives, unsigned driver
installations as well as logon dialog box behavior. This category also includes options to configure authentication and communication security within Active Directory.
Recommend!! Get the Real 70-410 dumps in VCE and PDF From Examcollectionplus, Welcome to download: https://www.examcollectionplus.net/vce-70-410/ (New 496 Q&As Version)