Microsoft 70-410 Online Practice Questions and Exam Preparation

Microsoft 70-410 Online Questions & Answers

• Question 431:

  Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2.

  The domain contains a user named User1 and a global security group named Group1.

  You reconfigure DC2 as a member server in the domain.

  You need to add DC2 as the first domain controller in a new domain in the forest.

  Which cmdlet should you run?

  A. Add-AdPrincipalGroupMembership
  B. Install-AddsDomainController
  C. Install WindowsFeature
  D. Install AddsDomain
  E. Rename-AdObject
  F. Set AdAccountControl
  G. Set-AdGroup
  H. Set-User
  C. Install WindowsFeature

  ---

  Since a member server does not have Active Directory Domain Services installed, you must install this role before you can configure the new Domain Controller (which would require you to run Install-ADDSForest).

• Question 432:

  You have a file server named Server1 that runs Windows Server 2012 R2. Server1 has following hardware configurations:

  -16GB of RAM

  -A single quad-core CPU

  -

  Three network teams that have two network adapters each

  You add additional CPUs and RAM to Server 1.

  You repurpose Server1 as a virtualization host. You install the Hyper-V server role on Server1. You need to create four external virtual switches in Hyper-V. Which cmdlet should you run first?

  A. Set-NetAdapter.
  B. Add-Net1.bfoTeamNic
  C. Add-VMNetworkAdapter
  D. Remove-NetLbfoTeam
  D. Remove-NetLbfoTeam

• Question 433:

  Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 contains a virtual machine named VM1 that runs Windows Server 2012 R2.

  You need to ensure that a user named User1 can install Windows features on VM1. The solution must minimize the number of permissions assigned to User1.

  To which group should you add User1?

  A. Hyper-V Administrators on Server1
  B. Administrators on VM1
  C. Server Operators on Server1
  D. Power Users on VM1
  B. Administrators on VM1

  ---

  The user has to be an administrator on VM1 to be able to install features.

  In Windows Server 2012 R2, the Server Manager console and Windows PowerShell-cmdlets for

  Server Manager allow installation of roles and features to local or remote servers, or offline virtual hard disks (VHDs).

  You can install multiple roles and features on a single remote server or offline VHD in a single Add Roles and Features Wizard or Windows PowerShell session. You must be logged on to a server as an administrator to install or uninstall

  roles, role services, and features. If you are logged on to the local computer with an account that does not have administrator rights on your target server, right-click the target server in the Servers tile, and then click Manage As to provide an

  account that has administrator rights. The server on which you want to mount an offline VHD must be added to Server Manager, and you must have Administrator rights on that server.

  References:

  Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 10: Implementing Group Policy, p.539

• Question 434:

  Your network contains an Active Directory domain named adatum.com. You create an account for a temporary employee named User1. You need to ensure that User1 can log on to the domain only between 08:00 and 18:00 from a client

  computer named Computer1. From which tab should you perform the configuration?

  To answer, select the appropriate tab in the answer area.

  Hot Area:

  

  

  ---

  The User account properties contains the Logon Hours settings that you can use to change the hours that this selected object can log on to the domain. By default, domain logon is allowed 24 hours a day, 7 days a week. Note that this control does not affect the user's ability to log on locally to a computer using a local computer account instead of a domain account. To set logon hours

  1. Open Active Directory Users and Computers.

  2. In the console tree, click Users.

  Where?

  Active Directory Users and Computers/domain

  node/Users Or, click the folder that contains the user account.

  1. Right-click the user account, and then click Properties.

  2. On the Account tab, click Logon Hours, and then set the permitted or denied logon hours for the user.

  

  

  Reference: http://technet.microsoft.com/en-us/library/dd145547.aspx

• Question 435:

  Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. You need to configure a central store for the Group Policy Administrative Templates.

  What should you do on DC1?

  A. From Server Manager, create a storage pool.
  B. From Windows Explorer, copy the PolicyDefinitions folder to the SYSVOL\contoso.com\policies folder.
  C. From Server Manager, add the Group Policy Management feature
  D. From Windows Explorer, copy the PolicyDefinitions folder to the NETLOGON share.
  B. From Windows Explorer, copy the PolicyDefinitions folder to the SYSVOL\contoso.com\policies folder.

  ---

  Policy Definitions folder within the SYSVOL folder hierarchy. By placing the ADMX files in this directory, they are replicated to every DC in the domain; by extension, the ADMX-aware Group Policy Management Console in Windows Vista,

  Windows 7, Windows Server 2008 and R2 can check this folder as an additional source of ADMX files, and will report them accordingly when setting your policies.

  By default, the folder is not created. Whether you are a single DC or several thousand, I would

  Strongly recommend you create a Central Store and start using it for all your ADMX file storage. It really does work well.

  The Central Store

  To take advantage of the benefits of .admx files, you must create a Central Store in the

  SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later

  replicated to all domain controllers in the domain. To create a Central Store for .admx and .adml files, create a folder that is named Policy Definitions in the following location: \\FQDN\SYSVOL\FQDN\policies.

• Question 436:

  Your network contains an Active Directory domain named contoso.com.

  You log on to a domain controller by using an account named Admin1. Admin1 is a member of the Domain Admins group.

  You view the properties of a group named Group1 as shown in the exhibit. (Click the Exhibit button.)

  

  Group1 is located in an organizational unit (OU) named OU1.

  You need to ensure that users from Group1 can modify the Security settings of OU1 only.

  What should you do from Active Directory Users and Computers?

  A. Modify the Managed By settings on OU1.
  B. Right-click contoso.com and select Delegate Control.
  C. Right-click OU1 and select Delegate Control.
  D. Modify the Security settings of Group1.
  C. Right-click OU1 and select Delegate Control.

  ---

  Delegating control to only the OU will allow the users of Group1 to modify the security settings.

• Question 437:

  You have a server named Server1 that runs Windows Server 2012 R2.

  You need to perform the following storage configuration tasks on Server1:

  Bring a disk named Diskl online.

  Defragment a volume named Volumel.

  Remove a disk named Disk2 from a storage pool named Pooll.

  Which cmdlet should you use to perform each task?

  To answer, drag the appropriate cmdlets to the correct tasks. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

  Select and Place:

  

  

• Question 438:

  You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have Windows Server 2012 R2 installed.

  You have been instructed to make sure that Contoso.com users are not able to install a Windows Store application. You then create a rule for packaged apps.

  Which of the following is the rule based on? (Choose all that apply.)

  A. The publisher of the package.
  B. The publisher of the application.
  C. The name of the package
  D. The name of the application
  E. The package version.
  F. The application version.
  A. The publisher of the package.
  C. The name of the package
  E. The package version.

  ---

  Packaged apps (also known as Windows 8 apps) are new to Windows Server 2012 R2 and Windows 8.

  They are based on the new app model that ensures that all the files within an app package share the same identity. Therefore, it is possible to control the entire application using a single AppLocker rule as opposed to the non-packaged apps

  where each file within the app could have a unique identity. Windows does not support unsigned packaged apps which implies all packaged apps must be signed.

  AppLocker supports only publisher rules for Packaged apps.

  A publisher rule for a Packaged app is based on the following information:

  Publisher of the package

  

  Package name

  

  Package version

  

  All the files within a package as well as the package installer share these attributes. Therefore, an AppLocker rule for a Packaged app controls both the installation as well as the running of the app. Otherwise, the publisher rules for Packaged apps are no different than the rest of the rule collections; they support exceptions, can be increased or decreased in scope, and can be assigned to users and groups.

• Question 439:

  Your network contains two subnets. The subnets are configured as shown in the following table.

  

  You have a server named Server2 that runs Windows Server 2012 R2. Server2 is connected to LAN1. You run the route print command as shown in the exhibit.

  

  You need to ensure that Server2 can communicate with the client computers on LAN2. What should you do?

  A. Change the metric of the 10.10.1.0 route.
  B. Set the state of the Teredo interface to disable.
  C. Set the state of the Microsoft ISATAP Adapter #2 interface to disable.
  D. Run route delete 172.23.2.0.
  D. Run route delete 172.23.2.0.

  ---

  You should delete the route 172.23.2.0 to allow communication between the client computers and Server2. The route is used to identify PIv6 /IPv4 packets that are being sent.

• Question 440:

  Your network contains an Active Directory domain named contoso.com. The domain contains an Application server named Server1. Server1 runs Windows Server 2012 R2. Server1 is configured as an FTP server.

  Client computers use an FTP Application named App1.exe. App1.exe uses TCP port 21 as the control port and dynamically requests a data port.

  On Server1, you create a firewall rule to allow connections on TCP port 21.

  You need to configure Server1 to support the client connections from App1.exe.

  What should you do?

  A. Run netsh adv firewall set global statefulftp enable.
  B. Create an inbound firewall rule to allow App1.exe.
  C. Create a tunnel connection security rule.
  D. Run Set-NetFirewallRule -DisplayName DynamicFTP -Profile Domain
  E. Create an outbound firewall rule to allow App1.exe.
  F. Run netsh firewall add portopening TCP 21 dynamicftp
  A. Run netsh adv firewall set global statefulftp enable.

  ---

  The netsh firewall context is supplied only for backward compatibility. We recommend that you do not use this context on a computer that is running Windows Vista or a later version of Windows. In the netsh advfirewall firewall context, the

  add command only has one variation, the add rule command. Netsh advfirewall set global statefulftp:

  Configures how Windows Firewall with Advanced Security handles FTP traffic that uses an initial connection on one port to request a data connection on a different port. When statefulftp is enabled, the firewall examines the PORT and PASV

  requests for these other port numbers and then allows the corresponding data connectionto the port number that was requested.

  Syntax

  set global statefulftp { enable | disable |notconfigured }

  Parameters

  statefulftp can be set to one of the following values:

  enable

  The firewall tracks the port numbers specified in PORT command requests and in the responses to PASV requests, and then allows the incoming FTP data traffic entering on the requested port number.

  disable

  This is the default value. The firewall does not track outgoing PORT commands or PASV responses, and so incoming data connectionson the PORT or PASV requested port is blocked as an unsolicited incoming connection.

  Not configured

  Valid only when netsh is configuring a GPO by using the set store command.