QUESTION 311
Your network contains two Active Directory forests named contoso.com and adatum.com. Each forest contains one domain. A two-way forest trust exists between the forests. The forests use the address spaces shown in the following table.
From a computer in the contoso.com domain, you can perform reverse lookups for the servers in the contoso.com domain, but you cannot perform reverse lookups for the servers in the adatum.com domain. From a computer in the adatum.com domain, you can perform reverse lookups for the servers in both domains. You need to ensure that you can perform reverse lookups for the servers in the adatum.com domain from the computers in the contoso.com domain. What should you create?
A. a delegation
B. a trust point
C. a conditional forwarder
D. a GlobalNames zone
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc757172(v=ws.10).aspx
Conditional forwarders are DNS servers that only forward queries for specific domain names. Instead of forwarding all queries it cannot resolve locally to a forwarder, a conditional forwarder is configured to forward a query to specific forwarders based on the domain name contained in the query. Forwarding according to domain names improves conventional forwarding by adding a name-based condition to the forwarding process.
The conditional forwarder setting for a DNS server consists of the following:
The domain names for which the DNS server will forward queries.
One or more DNS server IP addresses for each domain name specified.
When a DNS client or server performs a query operation against a DNS server, the DNS server looks to see if the query can be resolved using its own zone data or the data stored in its cache. If the DNS server is configured to forward for the domain name designated in the query, then the query is forwarded to the IP address of a forwarder associated with the domain name. For example, in the following figure, each of the queries for the domain names is forwarded to a DNS server associated with the domain name.
QUESTION 312
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server2 establishes an IPSec connection to Server1. You need to view which authentication method was used to establish the initial IPSec connection. What should you do?
A. From Windows Firewall with Advanced Security, view the quick mode security association.
B. From Event Viewer, search the Application Log for events that have an ID of 1704.
C. From Event Viewer, search the Security Log for events that have an ID of 4672.
D. From Windows Firewall with Advanced Security, view the main mode security association.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/dd448497(v=ws.10).aspx
Main mode negotiation establishes a secure channel between two computers by determining a set of cryptographic protection suites, exchanging keying material to establish a shared secret key, and authenticating computer and user identities. A security association (SA) is the information maintained about that secure channel on the local computer so that it can use the information for future network traffic to the remote computer. You can monitor main mode SAs for information like which peers are currently connected to this computer and which protection suite was used to form the SA.
To get to this view
In the Windows Firewall with Advanced Security MMC snap-in, expand Monitoring, expand Security Associations, and then click Main Mode.
The following information is available in the table view of all main mode SAs. To see the information for a single main mode SA, double-click the SA in the list.
Main mode SA information
You can add, remove, reorder, and sort by these columns in the Results pane:
Local Address: The local computer IP address.
Remote Address: The remote computer or peer IP address.
1st Authentication Method: The authentication method used to create the SA.
1st Authentication Local ID:: The authenticated identity of the local computer used in first authentication.
1st Authentication Remote ID: The authenticated identity of the remote computer used in first authentication.
2nd Authentication Method: The authentication method used in the SA.
2nd Authentication Local ID:: The authenticated identity of the local computer used in second authentication.
2nd Authentication Remote ID: The authenticated identity of the remote computer used in second authentication.
Encryption: The encryption method used by the SA to secure quick mode key exchanges.
Integrity: The data integrity method used by the SA to secure quick mode key exchanges.
Key Exchange: The Diffie-Hellman group used to create the main mode SA.
QUESTION 313
Hotspot Question
You have a Group Policy object (GPO) named Server Audit Policy. The settings of the GPO are shown in the Settings exhibit. (Click the Exhibit button.)
The scope of the GPO is shown in the Scope exhibit. (Click the Exhibit button.)
The domain contains a group named Group1. The membership of Group1 is shown in the Group1 exhibit. (Click the Exhibit button.)
Select Yes if the statement can be shown to be true based on the available information; otherwise select No. Each correct selection is worth one point.
Answer:
QUESTION 314
Your network contains an Active Directory domain named contoso.com. You have a Group Policy object (GPO) named GPO1 that contains several user settings. GPO1 is linked to an organizational unit (OU) named OU1. The help desk reports that GPO1App1ies to only some of the users in OU1. You open Group Policy Management as shown in the exhibit. (Click the Exhibit button.)
You need to configure GPO1 to App1y to all of the users in OU1. What should you do?
A. Modify the Security settings of GPO1.
B. Disable Block Inheritance on OU1.
C. Modify the GPO status of GPO1.
D. Enforce GPO1.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc739343(v=ws.10).aspx
QUESTION 315
Your network contains an Active Directory domain named contoso.com. The domain contains an Application server named Server1. Server1 runs Windows Server 2012 R2. Server1 is configured as an FTP server. Client computers use an FTP Application named App1.exe. App1.exe uses TCP port 21 as the control port and dynamically requests a data port. On Server1, you create a firewall rule to allow connections on TCP port 21. You need to configure Server1 to support the client connections from App1.exe. What should you do?
A. Run netshadvfirewall set global statefulftp enable.
B. Create an inbound firewall rule to allow App1.exe.
C. Create a tunnel connection security rule.
D. Run Set-NetFirewallRule -DisplayNameDynamicFTP -Profile Domain
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc771920%28v=ws.10%29.aspx#BKMK_set_2a
The netsh firewall context is supplied only for backward compatibility. We recommend that you do not use this context on a computer that is running Windows Vista or a later version of Windows
In the netsh advfirewall firewall context, the add command only has one variation, the add rule command.
Netsh advfirewall set global statefulftp:
Configures how Windows Firewall with Advanced Security handles FTP traffic that uses an initial connection on one port to request a data connection on a different port.
When statefulftp is enabled, the firewall examines the PORT and PASV requests for these other port numbers and then allows the corresponding data connection to the port number that was requested.
Syntax
set global statefulftp { enable | disable | notconfigured }
Parameters
statefulftp can be set to one of the following values:
enable
The firewall tracks the port numbers specified in PORT command requests and in the responses to PASV requests, and then allows the incoming FTP data traffic entering on the requested port number.
disable
This is the default value. The firewall does not track outgoing PORT commands or PASV responses, and so incoming data connections on the PORT or PASV requested port is blocked as an unsolicited incoming connection.
notconfigured
Valid only when netsh is configuring a GPO by using the set store command.
QUESTION 316
You work as an administrator at L2P.com. The L2P.com network consists of a single domain named L2P.com. All servers in the L2P.com domain, including domain controllers, have Windows Server 2012 R2 installed.
You have configured a server, named L2P-SR07, as a VPN server. You are required to configure new firewall rules for workstation connections.
You want to achieve this using the least amount of administrative effort.
Which of the following actions should you take?
A. You should consider making use of the Enable-NetFirewallRule cmdlet.
B. You should consider making use of the New-NetFirewallRule cmdlet.
C. You should consider making use of dism.exe from the command prompt.
D. You should consider making use of dsadd.exe from the command prompt.
Answer: B
Explanation:
New-NetFirewallRule – Creates a new inbound or outbound firewall rule and adds the rule to the target computer.
You can’t Enable what doesn’t exist yet… you must use New-NetFirewallRule
http://technet.microsoft.com/en-us/library/jj554908%28v=wps.620%29.aspx http://blogs.technet.com/b/heyscriptingguy/archive/2012/11/13/use-powershell-to-create-new-windows- firewall-rules.aspx
QUESTION 317
Hotspot Question
Your company has a main office and a sales office. The main office has 2,000 users. The sales office has 20 users. All client computers in the sales office run Windows 8. The sales office contains a print server named App1 that runs Windows Server 2012 R2. App1 has a shared printer named Printer1. Printer1 connects to a network-attached print device. You plan to connect all of the users in the sales office to Printer1 on App1. You need to ensure that if App1 fails, the users can continue to print to Printer1. What should you configure on App1?To answer, select the appropriate option in the answer area.
Answer:
QUESTION 318
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 and has the HyperV server role installed. On Server1, an administrator creates a virtual machine named VM1. A user named User1 is the member of the local Administrators group on Server1. User1 attempts to modify the settings of VM1 as shown in the following exhibit. (Click the Exhibit button.)
You need to ensure that User1 can modify the settings of VM1 by running the Set-Vm cmdlet. What should you instruct User1 to do?
A. Import the Hyper-V module.
B. Install the Integration Services on VM1.
C. Run Windows PowerShell with elevated privileges.
D. Modify the membership of the local Hyper-V Administrators group.
QUESTION 319
Drag and Drop Question
You have a Hyper-V host named Server1. A technician creates a virtual machine named VM1 on Server1 by using the New Virtual Machine Wizard. You start VM1 and you discover that there is no option to start by using PXE. You need to ensure that you can start VM1 by using PXE. Which three actions should you perform in sequence? (To answer, move the appropriate three actions from the list of actions to the answer area and arrange them in the correct order.)
Answer:
QUESTION 320
Hotspot Question
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the HyperV server role installed. You need to implement NIC teaming on Server1. Which two network connections should you include on the NIC team? (To answer, select the two appropriate network connections in the answer area.)
Answer:
Passing Microsoft 70-410 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-410 Dump: