70-410 Exam
6 tips on braindump 70-410
Proper study guides for Most recent Microsoft Installing and Configuring Windows Server 2012 certified begins with Microsoft 70-410 preparation products which designed to deliver the Pinpoint 70-410 questions by making you pass the 70-410 test at your first time. Try the free 70-410 demo right now.
2021 Jul microsoft windows server 2012 certification:
Q321. - (Topic 3)
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and corp.contoso.com. All domain controllers run Windows Server 2012 R2 and are configured as global catalog servers. The corp.contoso.com domain contains a domain controller named DC1.
You need to disable the global catalog on DC1.
What should you do?
A. From Active Directory Users and Computers, modify the properties of the DC1 computer account.
B. From Active Directory Administrative Center, modify the properties of the DC1 computer account.
C. From Active Directory Sites and Services, modify the NTDS Settings of the DC1 server object.
D. From Active Directory Domains and Trusts, modify the properties of the corp.contoso.com domain.
Answer: C
Explanation:
To add or remove the global catalog
Open Active Directory Sites and Services. To open Active Directory Sites and Services,
click Start, click Administrative Tools, and then click Active Directory Sites and Services.
To open Active Directory Sites and Services in Windows Server. 2012, click Start, type
dssite.msc.
In the console tree, click the server object to which you want to add the global catalog or
from which you want to remove the global catalog.
Where?
Active Directory Sites and Services\Sites\SiteName\Servers
In the details pane, right-click NTDS Settings of the selected server object, and then click
Properties.
Select the Global Catalog check box to add the global catalog, or clear the check box to
remove the global catalog.
Q322. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains 500 servers that run Windows Server 2012 R2.
You have a written security policy that states the following:
Only required ports must be open on the servers.
All of the servers must have Windows Firewall enabled.
Client computers used by administrators must be allowed to access all of the ports
on all of the servers.
Client computers used by the administrators must be authenticated before the
client computers can access the servers.
You have a client computer named Computer1 that runs Windows 8.
... .
You need to ensure that you can use Computer1 to access all of the ports on all of the servers successfully. The solution must adhere to the security policy.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. On Computer1, create a connection security rule.
B. On all of the servers, create an outbound rule and select the Allow the connection if it is secure option.
C. On all of the servers, create an inbound rule and select the Allow the connection if it is secure option.
D. On Computer1, create an inbound rule and select the Allow the connection if it is secure option.
E. On Computer1, create an outbound rule and select the Allow the connection if it is secure option.
F. On all of the servers, create a connection security rule.
Answer: A,C,F
Explanation:
Unlike firewall rules, which operate unilaterally, connection security rules require that both
communicating computers have a policy with connection security rules or another
compatible IPsec policy.
Traffic that matches a firewall rule that uses the Allow connection if it is secure setting
bypasses Windows Firewall. The rule can filter the traffic by IP address, port, or protocol.
This method is supported on Windows Vista or Windows Server 2008.
References:
http://technet.microsoft.com/en-us/library/cc772021.aspx
http://technet.microsoft.com/en-us/library/cc753463.aspx
Q323. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the Active Directory Federation Services server role installed.Server2 is a file server.
Your company introduces a Bring Your Own Device (BYOD) policy.
You need to ensure that users can use a personal device to access domain resources by using Single Sign-On (SSO) while they are connected to the internal network.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Enable the Device Registration Service in Active Directory.
B. Publish the Device Registration Service by using a Web Application Proxy.
C. Configure Active Directory Federation Services (AD FS) for the Device Registration Service.
D. Install the Work Folders role service on Server2.
E. Create and configure a sync share on Server2.
Answer: A,C
Explanation:
*Prepare your Active Directory forest to support devices. This is a one-time operation that you must run to prepare your Active Directory forest to support devices. To prepare the Active Directory forest On your federation server, open a Windows PowerShell command window and type: Initialize-ADDeviceRegistration *Enable Device Registration Service on a federation server farm node. To enable Device Registration Service:
1. On your federation server, open a Windows PowerShell command window and type: Enable-AdfsDeviceRegistration.
2. Repeat this step on each federation farm node in your AD FS farm.
Up to the immediate present mcsa 70-410 practice test:
Q324. - (Topic 2)
Your network contains a server named Server1 and 10 Web servers. All servers run
Windows Server 2012 R2.
You create a Windows PowerShell Desired State Configuration (DSC) to push the settings
from Server1 to all of the Web servers.
On Server1, you modify the file set for the Web servers.
You need to ensure that all of the Web servers have the latest configurations.
Which cmdlet should you run on Server1?
A. Get-DcsConfiguration
B. Restore-DcsConfiguration
C. Set-DcsLocalConfigurationManager
D. Start-DcsConfiguration
Answer: D
Q325. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of two Active Directory forests, named Contoso.com and test.com. There is no trust relationship configured between the forests.
A backup of Group Policy object (GPO) from the test.com domain is stored on a domain controller in the Contoso.com domain.
You are informed that a GPO must be created in the Contoso.com domain, and must be based on the settings of the GPO in the test.com domain.
You start by creating the new GPO using the New-GPO Windows PowerShell cmdlet. You want to complete the task via a Windows PowerShell cmdlet.
Which of the following actions should you take?
A. You should consider making use of the Invoke-GPUpdate Windows PowerShell cmdlet.
B. You should consider making use of the Copy-GPO Windows PowerShell cmdlet.
C. You should consider making use of the New-GPLink Windows PowerShell cmdlet.
D. You should consider making use of the Import-GPO Windows PowerShell cmdlet.
Answer: D
Explanation:
Import-GPO -Imports the Group Policy settings from a backed-up GPO into a specified GPO.
Q326. - (Topic 3)
Your network contains one Active Directory domain named contoso.com. The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01.
You need to add an RODC to the domain by using the Install From Media (IFM) option.
Which tool should you use to create the media?
A. the ntdsutil command
B. the Set-ADDomain cmdlet
C. the Install-ADDSDomain cmdlet
D. the dsadd command
E. the dsamain command
F. the dsmgmt command
G. the net user command
H. the Set-ADForest cmdlet
Answer: A
Explanation: You can use the Ntdsutil.exe tool to create installation media for additional domain controllers that you are creating in a domain. By using the Install from Media (IFM) option, you can minimize the replication of directory data over the network. This helps you install additional domain controllers in remote sites more efficiently.
Reference: Installing AD DS from Media
https://technet.microsoft.com/en-us/library/cc770654(v=ws.10).aspx