Microsoft 70-410 Online Practice
Questions and Exam Preparation
70-410 Exam Details
Exam Code
:70-410
Exam Name
:Installing and Configuring Windows Server 2012
Certification
:Microsoft Certifications
Vendor
:Microsoft
Total Questions
:537 Q&As
Last Updated
:Feb 03, 2022
Microsoft 70-410 Online Questions &
Answers
Question 491:
Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
In the perimeter network, you install a new server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. You need to join Server1 to the contoso.com domain. The solution must minimize administrative effort. What should you use?
A. The New-ADComputer cmdlet B. The djoin.exe command C. The dsadd.exe command D. The Add-Computer cmdlet
B. The djoin.exe command
Question 492:
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
When a domain user named User3 attempts to log on to a client computer named Client10, User3 receives the message shown in the following exhibit. (Click the Exhibit button.)
You need to ensure that User3 can log on to Client10. What should you do?
A. From Active Directory Users and Computers, configure the Logon Workstations setting of User3. B. On Client10, modify the Allow log on locally User Rights Assignment. C. From Active Directory Users and Computers, configure the Personal Virtual Desktop property of User3. D. On Client10, modify the Deny log on locally User Rights Assignment.
A. From Active Directory Users and Computers, configure the Logon Workstations setting of User3.
Question 493:
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.
You plan to schedule a complete backup of Server1 by using Windows Server Backup.
You need to ensure that the state of VM1 is saved before the backup starts.
What should you configure?
A. NUMA topology B. Resource control C. resource metering D. virtual Machine Chimney E. The VLAN ID F. Processor Compatibility G. The startup order H. Automatic Start Action I. Integration Services J. Port mirroring
I. Integration Services
The Integration Services settings on virtual machines include services such as operating system shutdown, time synchronization, data exchange, Heartbeat, and Backup (volume snapshot services). This snapshot will ensure that the state of VM1 is saved prior to backup.
References: http://msdn.microsoft.com/en-us/library/dd405549(v=vs.85).aspx Exam Ref 70-410, Installing and Configuring Windows Server 2012 R2, Chapter 3: Configure Hyper-V, Objective 3.1: Create and Configure virtual machine settings, p.144
Question 494:
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2.
The domain contains a user named User1 and a global security group named Group1.
User1 logs on to a client computer named Computer1.
You need to disable the computer account of Computer1.
Which cmdlet should you run?
A. Add-AdPrincipalGroupMember.hip B. Install-AddsDomainController C. Install WindowsFeature D. Install AddsDomain E. Roname-AdObject F. Set-AdAccountControl G. Set-AdGroup H. Set-User
F. Set-AdAccountControl
Set-ADAccountControl Enabled Specifies if an account is enabled. An enabled account requires a password. This parameter sets the Enabled property for an account object. This parameter also sets the ADS_UF_ACCOUNTDISABLE flag of the Active Directory User Account Control (UAC) attribute. Possible values for this parameter include: $false or 0 $true or 1 The following example shows how to set this parameter to enable the account. -Enabled $true
Question 495:
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2.
You create a security template named Template1 by using the Security Templates snap-in.
You need to apply Template1 to Server2.
Which tool should you use?
A. Authorization Manager B. Local Security Policy C. Certificate Templates D. Computer Management
B. Local Security Policy
A security policy is a combination of security settings that affect the security on a computer. You can use your local security policy to edit account policies and local policies on your local computer.
Question 496:
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2.
You plan to create a shared folder. The shared folder will have a quota limit. You discover that when you run the New Share Wizard, you cannot select the SMB Share ?Advanced option.
You need to ensure that you can use SMB Share ?Advanced to create the new share. What should you do on Server1 before you run the New Share Wizard?
A. Configure the Advanced system settings. B. Run the Install-WindowsFeature cmdlet. C. Configure DynamicAccess Control and apply a central access policy. D. Run the Set-SmbServerConfiguration cmdlet. E. Install the Share and Storage Management tool. F. Run the Unblock-SmbShareAccess cmdlet.
B. Run the Install-WindowsFeature cmdlet.
Install-WindowsFeature will install one or more Windows Server roles, role services, or features on either the local or a specified remote server that is running Windows Server 2012 R2. This cmdlet is equivalent to and replaces Add-WindowsFeature, the cmdlet that was used to install roles, role services, and features in Windows Server 2008 R2.
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. Client computers run either Windows 7 or Windows 8.
All of the computer accounts of the client computers reside in an organizational unit (OU) named Clients. A Group Policy object (GPO) named GPO1 is linked to the Clients OU. All of the client computers use a DNS server named Server1.
You configure a server named Server2 as an ISATAP router. You add a host (A) record for ISATAP to the contoso.com DNS zone.
You need to ensure that the client computers locate the ISATAP router.
What should you do?
A. Run the Set-DnsServerGlobalQueryBlockList cmdlet on Server1. B. Configure the Network Options Group Policy preference of GPO1. C. Run the Add-DnsServerResourceRecord cmdlet on Server1. D. Configure the DNS Client Group Policy setting of GPO1.
A. Run the Set-DnsServerGlobalQueryBlockList cmdlet on Server1.
The Set-DnsServerGlobalQueryBlockList command will change the settings of a global query block list which you can use to ensure that client computers locate the ISATAP router.
Windows Server 2008 introduced a new feature, called "Global Query Block list", which prevents some arbitrary machine from registering the DNS name of WPAD. This is a good security feature, as it prevents someone from just joining your network, and setting himself up as a proxy. The dynamic update feature of Domain Name System (DNS) makes it possible for DNS client computers to register and dynamically update their resource records with a DNS server whenever a client changes its network address or host name. This reduces the need for manual administration of zone records. This convenience comes at a cost, however, because any authorized client can register any unused host name, even a host name that might have special significance for certain Applications. This can allow a malicious user to take over a special name and divert certain types of network traffic to that user's computer. Two commonly deployed protocols are particularly vulnerable to this type of takeover: the Web Proxy Automatic Discovery Protocol (WPAD) and the Intra-site Automatic Tunnel Addressing Protocol (ISATAP). Even if a network does not deploy these protocols, clients that are configured to use them are vulnerable to the takeover that DNS dynamic update enables. Most commonly, ISATAP hosts construct their PRLs by using DNS to locate a host named isatap on the local domain. For example, if the local domain is corp.contoso.com, an ISATAP-enabled host queries DNS to obtain the IPv4 address of a host named isatap.corp.contoso.com. In its default configuration, the Windows Server 2008 DNS Server service maintains a list of names that, in effect, it ignores when it receives a query to resolve the name in any zone for which the server is authoritative. Consequently, a malicious user can spoof an ISATAP router in much the same way as a malicious user can spoof a WPAD server: A malicious user can use dynamic update to register the user's own computer as a counterfeit ISATAP router and then divert traffic between ISATAP-enabled computers on the network. The initial contents of the block list depend on whether WPAD or ISATAP is already deployed when you add the DNS server role to an existing Windows Server 2008 deployment or when you upgrade an earlier version of Windows Server running the DNS Server service. Add-DnsServerResourceRecord ?The Add-DnsServerResourceRecordcmdlet adds a resource record for a Domain Name System (DNS) zone on a DNS server. You can add different types of resource records. Use different switches for different record types. By using this cmdlet, you can change a value for a record, configure whether a record has a time stamp, whether any authenticated user can update a record with the same owner name, and change lookup timeout values, Windows Internet Name Service (WINS) cache settings, and replication settings. Set-DnsServerGlobalQueryBlockList ?The Set-DnsServerGlobalQueryBlockListcmdlet changes settings of a global query block list on a Domain Name System (DNS) server. This cmdlet replaces all names in the list of names that the DNS server does not resolve with the names that you specify. If you need the DNS server to resolve names such as ISATAP and WPAD, remove these names from the list. Web Proxy Automatic Discovery Protocol (WPAD) and Intra-site Automatic Tunnel Addressing Protocol (ISATAP) are two commonly deployed protocols that are particularly vulnerable to hijacking.
References: Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 4: Deploying domain controllers, Lesson 4: Configuring IPv6/IPv4 Interoperability, p. 254-256 http://technet.microsoft.com/en-us/library/jj649942(v=wps.620).aspx http://technet.microsoft.com/en-us/library/jj649876(v=wps.620).aspx http://technet.microsoft.com/en-us/library/jj649874.aspx http://technet.microsoft.com/en-us/library/jj649909.aspx
Question 498:
A company's server administration team would like to take advantage of the newest file systems available with Windows Server 2012 R2. The team needs a file system capable of managing extremely large data drives that can auto-detect data corruption and automatically perform needed repairs without taking a volume offline.
Which file system should the server administration team choose?
A. NFS B. DFS C. NTFS D. ReFS
D. ReFS
The ReFS (Resilient File System) is capable of managing extremely large data drives (1 YB Yottabyte), can auto-detect data corruption, and automatically perform needed repairs without taking the volume offline. Quick Tip: The command fsutil fsinfo volumeinfo x: will display the volume file system. ReFS is only intended for data drives and not compatible with all Windows Server 2012 R2 file system technologies, however it is compatible with the new Storage Spaces.
Question 499:
Your network contains three servers that run Windows Server 2012 R2. The servers are configured as shown in the following table. Server3 is configured to obtain an IP address automatically.
You need to ensure that Server3 only receives an IP address from Server1. The IP address must always be the same.
Which two tasks should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Create an exclusion on Server1. B. Create a filter on Server1. C. Create a reservation on Server2 D. Create a reservation on Server1 E. Create a filter on Server2.
D. Create a reservation on Server1 E. Create a filter on Server2.
Question 500:
Your network contains an Active Directory domain named contoso.com. The domain contains a print server named Server1 that runs Windows Server 2012 R2. You share several printers on Server1. You need to ensure that you can view the printer objects associated to Server1 in Active Directory Users and Computers. Which option should you select? To answer, select the appropriate option in the answer area.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Microsoft exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 70-410 exam preparations
and Microsoft certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.