12 tips on active directory 70-410

Exam Code: 70-410 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Installing and Configuring Windows Server 2012
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass 70-410 Exam.

2016 Apr 70-410 Study Guide Questions:

Q361. - (Topic 3) 

You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain have Windows Server 2012 R2 installed. 

You have logged on to a server, named ENSUREPASS-SR07, and would like to obtain the IP configurations of a server, named ENSUREPASS-SR13. 

Which of the following actions should you take? 

A. You should consider making use of the Winrs.exe command. 

B. You should consider making use of the Winsat.exe command. 

C. You should consider making use of the Winpop.exe command. 

D. You should consider making use of the Dsrm.exe command. 

Answer: A 


Q362. - (Topic 3) 

Your network contains one Active Directory domain named contoso.com. The domain contains 

2,000 client computers used by students. You recently discover an increase in calls to the helpdesk that relate to security policy to meet the following requirement: 

. Modify the UserName of the built-in account named Administrator . Support a time mismatch between client computers and domain controllers of up to three minutes. 

Which Two security settings should you modify? 

A. Account Policies 

B. Password Policy 

C. Account Lockout Policy 

D. Kerberos Policy 

E. Local Policies 

F. Audit Policy 

G. User Rights Assignment 

H. Security Options 

Answer: D,H 

Explanation: 

In Group Policy Object Editor, click Computer Configuration, click Windows Settings, click Security Settings, click Local Policies, and then click Security Options. In the details pane, double-click Accounts: Rename administrator account. 


Q363. - (Topic 3) 

Your network contains one Active Directory domain named contoso.com. The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. 

The domain contains an administrator account named Admin1. 

You need to prevent Admin1 from creating more than 100 objects in the domain partition. 

Which tool should you use? 

A. the ntdsutil command 

B. the Set-ADDomain cmdlet 

C. the Install-ADDSDomain cmdlet 

D. the dsadd command 

E. the dsamain command 

F. the dsmgmt command 

G. the net user command 

H. the Set-ADForest cmdlet 

Answer: D 

Explanation: 

Active Directory quotas are limits on the number of objects that a security principal (that has been delegated the Create Child Objects or Delete Child Objects permission) can own and create. To assign a quota to a security principal, you must use the directory services tools. The command and required parameters for assigning a quota to a security principal are as follows: 

dsadd quota –part <partition distinguished name> –qlimit <quotalimit> –acct <security prinicipal> 

Reference: Active Directory Quotas 

https://technet.microsoft.com/en-us/library/cc904295(v=ws.10).aspx 


Q364. - (Topic 2) 

Your company has a main office and four branch offices. The main office contains a server named Server1 that runs Windows Server 2012 R2. 

The IP configuration of each office is configured as shown in the following table. 


You need to add a single static route on Server1 to ensure that Server1 can communicate with the hosts on all of the subnets. 

Which command should you run? 

A. route.exe add -p 10.10.0.0 mask 255.255.252.0 10.10.0.1 

B. route.exe add -p 172.16.16.0 mask 255.255.252.0 10.10.0.1 

C. route.exe add -p 10.10.0.0 mask 255.255.252.0 172.16.0.0 

D. route.exe add -p 172.16.18.0 mask 255.255.252.0 10.10.0.1 

Answer: B 

Explanation: 

These parameters will allow communication with all the hosts. 


References: 

Exam Ref: 70-410: Installing and Configuring Windows Server 2012 R2, Chapter4: 

Deploying and configuring core network services, Objective 4.1: Configure IPv4 and IPv6 

addressing, p.192, 196 


70-410 free practice questions

Improved trainsignal 70-410:

Q365. - (Topic 1) 

You have a Hyper-V host named Server1 that runs Windows Server 2012 R2. 

Server1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2. 

VM1 has several snapshots. 

You need to modify the snapshot file location of VM1. 

What should you do? 

A. Right-click VM1, and then click Export. 

B. Shut down VM1, and then modify the settings of VM1. 

C. Delete the existing snapshots, and then modify the settings of VM1. 

D. Pause VM1, and then modify the settings of VM1. 

Answer: C 


Q366. - (Topic 3) 

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. Server1 has 8 GB of RAM. 

Server1 hosts five virtual machines that run Windows Server 2012 R2. 

The settings of a virtual machine named Server3 are configured as shown in the exhibit. (Click the Exhibit button.) 


You need to ensure that when Server1 restarts, Server3 automatically resumes without intervention. The solution must prevent data loss. 

Which settings should you modify? 

A. BIOS 

B. Automatic Start Action 

C. Automatic Stop Action 

D. Integration Services 

Answer: C 

Explanation: 

The Automatic Stop Action setting should be modified because it will allow you to configure: “Save the virtual machine state” option instructs Hyper-V Virtual Machine Management Service to save the virtual machine state on the local disk when the Hyper-V Server shuts down. OR “Turn Off the virtual machine” is used by the Hyper-V Management Service (VMMS.exe) to gracefully turn off the virtual machine. OR “Shut down the guest operating system” is successful only if the “Hyper-V Shutdown” guest service is running in the virtual machine. The guest service is required to be running in the virtual machine as the Hyper-V VMMS.EXE process will trigger Windows Exit message which is received by the service. Once the message is received by the guest service, it takes the necessary actions to shut down the virtual machine. 

: http://www.altaro.com/hyper-v/hyper-v-automatic-start-and-stop-action/ 


Q367. - (Topic 3) 

Your network contains a Hyper-V host named Server1 that runs Windows Server 2012 R2. 

Server1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2. 

You take a snapshot of VM1, and then you install an application on VM1. 

You verify that the application runs properly. 

You need to ensure that the current state of VM1 is contained in a single virtual hard disk file. The solution must minimize the amount of downtime on VM1. 

What should you do? 

A. From Hyper-V Manager, delete the snapshot. 

B. From a command prompt, run dism.exe and specify the /commit-image parameter. 

C. From a command prompt, run dism.exe and specify the /delete-image parameter. 

D. From Hyper-V Manager, inspect the virtual hard disk. 

Answer: A 

Explanation: 

Virtual machine snapshots are file-based snapshots of the state, disk data, and configuration of a virtualmachine at a specific point in time. You can take multiple snapshots of a virtual machine, even while it is running. You can then revert the virtual machine to any of the previous states by App1ying a snapshot to the virtualmachine. Taking a snapshot of a VM is to in essence freeze the current state and make it a parent disk based on currentstate, and at the same time create a child disk to capture all subsequent changes. – See more at: Snapshots require adequate storage space. Snapshots are stored as .avhd files in the same location at thevirtual hard disk. Taking multiple snapshots can quickly consume a large amount of storage space. When you use Hyper-V Manager to delete a snapshot, the snapshot is removed from the snapshot treebut the .avhd file is not deleted until you turn off the virtual machine. 



Q368. - (Topic 1) 

Your network contains an Active Directory domain named contoso.com. The DNS zone for contoso.com is Active-Directory integrated. 

The domain contains 500 client computers. There are an additional 20 computers in a workgroup. 

You discover that every client computer on the network can add its record to the contoso.com zone. 

You need to ensure that only the client computers in the Active Directory domain can register records in the contoso.com zone. 

What should you do? 

A. Sign the contoso.com zone by using DNSSEC. 

B. Configure the Dynamic updates settings of the contoso.com zone. 

C. Configure the Security settings of the contoso.com zone. 

D. Move the contoso.com zone to a domain controller that is configured as a DNS server. 

Answer: B 


70-410 download

Vivid server 2012 exam 70-410:

Q369. - (Topic 3) 

You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed. 

Contoso.com has a server, named ENSUREPASS-SR07, which has the ADDS, DHCP, and DNS server roles installed. Contoso.com also has a server, named ENSUREPASS-SR08, which has the DHCP, and Remote Access server roles installed. You have configured a server, which has the File and Storage Services server role installed, to automatically acquire an IP address. The server is named ENSUREPASSSR09. 

You then create reservation on ENSUREPASS-SR07, and a filter on ENSUREPASS-SR08. 

Which of the following is a reason for this configuration? 

A. It allows ENSUREPASS-SR09 to acquire a constant IP address from ENSUREPASS-SR08 only. 

B. It configures ENSUREPASS-SR09 with a static IP address. 

C. It allows ENSUREPASS-SR09 to acquire a constant IP address from ENSUREPASS-SR07 and ENSUREPASSSR08. 

D. It allows ENSUREPASS-SR09 to acquire a constant IP address from ENSUREPASS-SR07 only. 

Answer: D 

Explanation: 

To configure the Deny filter In the DHCP console tree of DHCP Server 1, under IPv4, click Filters, right-click Deny under Filters, and then click New Filter. In the New Deny Filter dialog box, in MAC Address, enter a six hexadecimal number representing the MAC or physical address of DHCP Client 2, click Add, and then click Close. Under Filters right-click the Deny node, and then click the Enable pop-up menu item. 


Q370. - (Topic 1) 

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. 

You create a new inbound rule by using Windows Firewall with Advanced Security. 

You need to configure the rule to allow Server1 to accept unsolicited inbound packets that are received through a network address translation (NAT) device on the network. 

Which setting in the rule should you configure? 

A. Interface types 

B. Authorized computers 

C. Remote IP address 

D. Edge traversal 

Answer: D 

Explanation: 

Edge traversal – This indicates whether edge traversal is enabled (Yes) or disabled (No). When edge traversal is enabled, the application, service, or port to which the rule applies is globally addressable and accessible from outside a network address translation (NAT) or edge device. 

Select one of the following options from the list: Block edge traversal (default) – Prevent applications from receiving unsolicited traffic from the Internet through a NAT edge device. Allow edge traversal – Allow applications to receive unsolicited traffic directly from the Internet through a NAT edge device. Defer to user – Let the user decide whether to allow unsolicited traffic from the Internet through a NAT edge device when an application requests it. Defer to application – Let each application determine whether to allow unsolicited traffic from the Internet through a NAT edge device. 

: http://technet.microsoft.com/en-us/library/cc731927.aspx 


Q371. - (Topic 2) 

Your network contains an Active Directory domain named contoso.com. 

All of the AppLocker policy settings for the member servers are configured in a Group Policy object (GPO) named GPO1. 

A member server named Server1 runs Windows Server 2012 R2. 

On Server1, you test a new set of AppLocker policy settings by using a local computer policy. 

You need to merge the local AppLocker policy settings from Server1 into the AppLocker policy settings of GPO1. 

What should you do? 

A. From Local Group Policy Editor on Server1, export an .inf file. Import the .inf file by using Group Policy Management Editor. 

B. From Server1, run the Set-ApplockerPolicy cmdlet. 

C. From Local Group Policy Editor on Server1, export an .xml file. Import the .xml file by using Group Policy Management Editor. 

D. From Server1, run the New-ApplockerPolicy cmdlet. 

Answer: B 

Explanation: 

The Set-AppLockerPolicy cmdlet sets the specified Group Policy Object (GPO) to contain the specified AppLocker policy. If no Lightweight Directory Access Protocol (LDAP) is specified, the local GPO is the default. When the Merge parameter is used, rules in the specified AppLocker policy will be merged with the AppLocker rules in the target GPO specified in the LDAP path. The merging of policies will remove rules with duplicate rule IDs, and the enforcement setting specified by 

the AppLocker policy in the target GPO will be preserved. If the Merge parameter is not 

specified, then the new policy will overwrite the existing policy. 

References: 

http://technet.microsoft.com/en-us/library/ee791816(v=ws.10).aspx 

Exam Ref 70-410: Installing and configuring Windows Server 2012 R2, Chapter 10: 

Implementing Group Policy, Lesson1: Planning, Implementing and managing Group Policy, 

p. 479 


Q372. - (Topic 3) 

You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have Windows Server 2012 R2 installed. 

You have been instructed to make sure that Contoso.com users are not able to install a Windows Store application. You then create a rule for packaged apps. 

Which of the following is the rule based on? (Choose all that apply.) 

A. The publisher of the package. 

B. The publisher of the application. 

C. The name of the package 

D. The name of the application 

E. The package version. 

F. The application version. 

Answer: A,C,E 

Explanation: 

Packaged apps (also known as Windows 8 apps) are new to Windows Server 2012 R2 and Windows 8. They are based on the new app model that ensures that all the files within an app package share the same identity. Therefore, it is possible to control the entire application using a single AppLocker rule as opposed to the non-packaged apps where each file within the app could have a unique identity. Windows does not support unsigned packaged apps which implies all packaged apps must be signed. AppLocker supports only publisher rules for Packaged apps. A publisher rule for a Packaged app is based on the following information: Publisher of the package Package name Package version All the files within a package as well as the package installer share these attributes. Therefore, an AppLocker rule for a Packaged app controls both the installation as well as the running of the app. Otherwise, the publisher rules for Packaged apps are no different than the rest of the rule collections; they support exceptions, can be increased or decreased in scope, and can be assigned to users and groups. 



see more 70-410 - Installing and Configuring Windows Server 2012

Microsoft 70-410 Certification Sample Questions and Answers: https://www.braindumpsall.net/70-410-dumps/

P.S. New 70-410 dumps PDF: http://www.4easydumps.com/70-410-dumps-download.html