Download Microsoft Exam Center Latest Updated 70-410 Exam Questions from Braindump2go for free now! Braindump2go 70-410 Dumps Questions ans Answers are the Latest and also provide free updation for all Exam Dumps! Guarantee 100% Exam Pass Or Money Back!
Vendor: Microsoft
Exam Code: 70-410
Exam Name: Installing and Configuring Windows Server 2012 R2 Exam
QUESTION 306
Your network contains an Active Directory domain named contoso.com.
You have a Group Policy object (GPO) named GP1 that is linked to the domain. GP1 contains a software restriction policy that blocks an Application named App1.
You have a workgroup computer named Computer1 that runs Windows 8. A local Group Policy on Computer1 contains an Application control policy that allows App1.
You join Computer1 to the domain.
You need to prevent App1 from running on Computer1.
What should you do?
A. From Group Policy Management, add an Application control policy to GP1.
B. From Group Policy Management, enable the Enforced option on GP1.
C. In the local Group Policy of Computer1, configure a software restriction policy.
D. From Computer1, run gpupdate /force.
Answer: A
Explanation:
AppLocker policies take precedence over policies generated by SRP on computers that are running an operating system that supports AppLocker
AppLocker policies in the GPO are applied, and they supersede the policies generated by SRP in the GPO and local AppLocker policies or policies generated by SRP.
http://technet.microsoft.com/en-us/library/ee791851.aspx
QUESTION 307
Your network contains an Active Directory domain named contoso.com. The domain contains an Application server named Server1. Server1 runs Windows Server 2012 R2. Server1 is configured as an FTP server. Client computers use an FTP Application named App1.exe. App1.exe uses TCP port 21 as the control port and dynamically requests a data port. On Server1, you create a firewall rule to allow connections on TCP port 21.
You need to configure Server1 to support the client connections from App1.exe. What should you do?
A. Run netsh firewall addportopening TCP 21 dynamicftp.
B. Create a tunnel connection security rule.
C. Create an outbound firewall rule to allow App1.exe.
D. Run netshadvfirewall set global statefulftp enable.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc771920%28v=ws.10%29.aspx#BKMK_set_2a
The netsh firewall context is supplied only for backward compatibility. We recommend that you do not use this context on a computer that is running Windows Vista or a later version of Windows
In the netsh advfirewall firewall context, the add command only has one variation, the add rule command.
Netsh advfirewall set global statefulftp:
Configures how Windows Firewall with Advanced Security handles FTP traffic that uses an initial connection on one port to request a data connection on a different port.
When statefulftp is enabled, the firewall examines the PORT and PASV requests for these other port numbers and then allows the corresponding data connection to the port number that was requested.
Syntax
set global statefulftp { enable | disable | notconfigured }
Parameters
statefulftp can be set to one of the following values:
enable The firewall tracks the port numbers specified in PORT command requests and in the responses to PASV requests, and then allows the incoming FTP data traffic entering on the requested port number.
disable
This is the default value. The firewall does not track outgoing PORT commands or PASV responses, and so incoming data connections on the PORT or PASV requested port is blocked as an unsolicited incoming connection.
notconfigured
Valid only when netsh is configuring a GPO by using the set store command.
QUESTION 308
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains an organizational unit (OU) named OU1 as shown in the OU1 exhibit. (Click the Exhibit button.)
The membership of Group1 is shown in the Group1 exhibit. (Click the Exhibit button.)
You configure GPO1 to prohibit access to Control Panel. GPO1 is linked to OU1 as shown in the GPO1 exhibit. (Click the Exhibit button.)
Select Yes if the statement can be shown to be true based on the available information; otherwise select No. Each correct selection is worth one point.
Answer:
QUESTION 309
Your company has a main office and four branch offices. The main office contains a server named Server1 that runs Windows Server 2012 R2. The IP configuration of each office is configured as shown in the following table.
You need to add a single static route on Server1 to ensure that Server1 can communicate with the hosts on all of the subnets.
Which command should you run?
A. route.exe add -p 192.168.0.0 mask 255.255.248.0 172.31.255.254
B. route.exe add -p 192.168.12.0 mask 255.255.252.0 172.31.255.254
C. route.exe add -p 192.168.8.0 mask 255.255.252.0 172.31.255.254
D. route.exe add -p 192.168.12.0 mask 255.255.255.0 172.31.255.254
Answer: B
QUESTION 310
You work as an administrator at L2P.com. The L2P.com network consists of a single domain named L2P.com. All servers in the L2P.com domain, including domain controllers, have Windows Server 2012 R2 installed.
You have created and linked a new Group Policy object (GPO) to an organizational unit (OU), named L2PServ, which host the computer accounts for servers in the L2P.com domain.
You have been tasked with adding a group to a local group on all servers in the L2P.com domain. This group should not, however, be removed from the local group.
Which of the following actions should you take?
A. You should consider adding a restricted group.
B. You should consider adding a global group.
C. You should consider adding a user group.
D. You should consider adding a server group.
Answer: A
Explanation:
Restricted groups in Group policies are a simple way of delegating permissions or group membership centrally to any domain computer or server. Using restricted groups it is easier to enforce the lowest possible permissions to any given account.
Computer Configuration\Windows Settings\Security Settings\Restricted Groups
Restricted groups allow an administrator to define two properties for security-sensitive groups (that is, “restricted” groups). The two properties are Members and Member Of .
The Members list defines who should and should not belong to the restricted group.
The Member Of list specifies which other groups the restricted group should belong to. When a restricted Group Policy is enforced, any current member of a restricted group that is not on the Members list is removed. Any user on the Members list which is not currently a member of the restricted group is added. The Restricted Groups folder is available only in Group Policy objects associated with domains, OUs, and sites. The Restricted Groups folder does not appear in the Local Computer Policy object. If a Restricted Group is defined such that it has no members (that is, the Members list is empty), then all members of the group are removed when the policy is enforced on the system. If the Member Of list is empty no changes are made to any groups that the restricted group belongs to. In short, an empty Members list means the restricted group should have no members while an empty Member Of list means “don’t care” what groups the restricted group belongs to.
http://technet.microsoft.com/en-us/library/cc957640.aspx
QUESTION 311
Your network contains two Active Directory forests named contoso.com and adatum.com. Each forest contains one domain. A two-way forest trust exists between the forests.
The forests use the address spaces shown in the following table.
From a computer in the contoso.com domain, you can perform reverse lookups for the servers in the contoso.com domain, but you cannot perform reverse lookups for the servers in the adatum.com domain. From a computer in the adatum.com domain, you can perform reverse lookups for the servers in both domains.
You need to ensure that you can perform reverse lookups for the servers in the adatum.com domain from the computers in the contoso.com domain.
What should you create?
A. a delegation
B. a trust point
C. a conditional forwarder
D. a GlobalNames zone
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc757172(v=ws.10).aspx
Conditional forwarders are DNS servers that only forward queries for specific domain names. Instead of forwarding all queries it cannot resolve locally to a forwarder, a conditional forwarder is configured to forward a query to specific forwarders based on the domain name contained in the query. Forwarding according to domain names improves conventional forwarding by adding a name-based condition to the forwarding process.
The conditional forwarder setting for a DNS server consists of the following:
The domain names for which the DNS server will forward queries.
One or more DNS server IP addresses for each domain name specified.
When a DNS client or server performs a query operation against a DNS server, the DNS server looks to see if the query can be resolved using its own zone data or the data stored in its cache. If the DNS server is configured to forward for the domain name designated in the query, then the query is forwarded to the IP address of a forwarder associated with the domain name. For example, in the following figure, each of the queries for the domain names is forwarded to a DNS server associated with the domain name.
QUESTION 312
Your network contains an Active Directory domain named contoso.com.
The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2.
Server2 establishes an IPSec connection to Server1.
You need to view which authentication method was used to establish the initial IPSec connection. What should you do?
A. From Windows Firewall with Advanced Security, view the quick mode security association.
B. From Event Viewer, search the Application Log for events that have an ID of 1704.
C. From Event Viewer, search the Security Log for events that have an ID of 4672.
D. From Windows Firewall with Advanced Security, view the main mode security association.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/dd448497(v=ws.10).aspx
Main mode negotiation establishes a secure channel between two computers by determining a set of cryptographic protection suites, exchanging keying material to establish a shared secret key, and authenticating computer and user identities. A security association (SA) is the information maintained about that secure channel on the local computer so that it can use the information for future network traffic to the remote computer.
You can monitor main mode SAs for information like which peers are currently connected to this computer and which protection suite was used to form the SA.
To get to this view
In the Windows Firewall with Advanced Security MMC snap-in, expand Monitoring, expand Security Associations, and then click Main Mode.
The following information is available in the table view of all main mode SAs. To see the information for a single main mode SA, double-click the SA in the list.
Main mode SA information
You can add, remove, reorder, and sort by these columns in the Results pane:
Local Address: The local computer IP address.
Remote Address: The remote computer or peer IP address.
1st Authentication Method: The authentication method used to create the SA.
1st Authentication Local ID:: The authenticated identity of the local computer used in first authentication.
1st Authentication Remote ID: The authenticated identity of the remote computer used in first authentication.
2nd Authentication Method: The authentication method used in the SA.
2nd Authentication Local ID:: The authenticated identity of the local computer used in second authentication.
2nd Authentication Remote ID: The authenticated identity of the remote computer used in second authentication.
Encryption: The encryption method used by the SA to secure quick mode key exchanges.
Integrity: The data integrity method used by the SA to secure quick mode key exchanges.
Key Exchange: The Diffie-Hellman group used to create the main mode SA.
QUESTION 313
Hotspot Question
You have a Group Policy object (GPO) named Server Audit Policy.
The settings of the GPO are shown in the Settings exhibit. (Click the Exhibit button.)
The scope of the GPO is shown in the Scope exhibit. (Click the Exhibit button.)
The domain contains a group named Group1. The membership of Group1 is shown in the Group1 exhibit. (Click the Exhibit button.)
Select Yes if the statement can be shown to be true based on the available information; otherwise select No. Each correct selection is worth one point.
Answer:
QUESTION 314
Your network contains an Active Directory domain named contoso.com. The domain contains an Application server named Server1. Server1 runs Windows Server 2012 R2. Server1 is configured as an FTP server. Client computers use an FTP Application named App1.exe. App1.exe uses TCP port 21 as the control port and dynamically requests a data port. On Server1, you create a firewall rule to allow connections on TCP port 21. You need to configure Server1 to support the client connections from App1.exe. What should you do?
A. Run netshadvfirewall set global statefulftp enable.
B. Create an inbound firewall rule to allow App1.exe.
C. Create a tunnel connection security rule.
D. Run Set-NetFirewallRule -DisplayNameDynamicFTP -Profile Domain
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc771920%28v=ws.10%29.aspx#BKMK_set_2a
The netsh firewall context is supplied only for backward compatibility. We recommend that you do not use this context on a computer that is running Windows Vista or a later version of Windows
In the netsh advfirewall firewall context, the add command only has one variation, the add rule command.
Netsh advfirewall set global statefulftp:
Configures how Windows Firewall with Advanced Security handles FTP traffic that uses an initial connection on one port to request a data connection on a different port.
When statefulftp is enabled, the firewall examines the PORT and PASV requests for these other port numbers and then allows the corresponding data connection to the port number that was requested.
Syntax
set global statefulftp { enable | disable | notconfigured }
Parameters
statefulftp can be set to one of the following values:
enable
The firewall tracks the port numbers specified in PORT command requests and in the responses to PASV requests, and then allows the incoming FTP data traffic entering on the requested port number.
disable
This is the default value. The firewall does not track outgoing PORT commands or PASV responses, and so incoming data connections on the PORT or PASV requested port is blocked as an unsolicited incoming connection.
notconfigured
Valid only when netsh is configuring a GPO by using the set store command.
QUESTION 315
Your network contains an Active Directory domain named contoso.com.
You have a Group Policy object (GPO) named GPO1 that contains several user settings. GPO1 is linked to an organizational unit (OU) named OU1.
The help desk reports that GPO1 Applies to only some of the users in OU1.
You open Group Policy Management as shown in the exhibit. (Click the Exhibit button.)
You need to configure GPO1 to Apply to all of the users in OU1.
What should you do?
A. Modify the Security settings of GPO1.
B. Disable Block Inheritance on OU1.
C. Modify the GPO status of GPO1.
D. Enforce GPO1.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc739343(v=ws.10).aspx
QUESTION 316
You work as an administrator at L2P.com. The L2P.com network consists of a single domain named L2P.com. All servers in the L2P.com domain, including domain controllers, have Windows Server 2012 R2 installed.
You have configured a server, named L2P-SR07, as a VPN server.
You are required to configure new firewall rules for workstation connections.
You want to achieve this using the least amount of administrative effort.
Which of the following actions should you take?
A. You should consider making use of the Enable-NetFirewallRule cmdlet.
B. You should consider making use of the New-NetFirewallRule cmdlet.
C. You should consider making use of dism.exe from the command prompt.
D. You should consider making use of dsadd.exe from the command prompt.
Answer: B
Explanation:
New-NetFirewallRule – Creates a new inbound or outbound firewall rule and adds the rule to the target computer.
You can’t Enable what doesn’t exist yet… you must use New-NetFirewallRule
http://technet.microsoft.com/en-us/library/jj554908%28v=wps.620%29.aspx http://blogs.technet.com/b/heyscriptingguy/archive/2012/11/13/use-powershell-to-create-new-windows- firewall-rules.aspx
QUESTION 317
Hotspot Question
Your company has a main office and a sales office. The main office has 2,000 users.
The sales office has 20 users. All client computers in the sales office run Windows 8. The sales office contains a print server named App1 that runs Windows Server 2012 R2.
App1 has a shared printer named Printer1. Printer1 connects to a network-attached print device.
You plan to connect all of the users in the sales office to Printer1 on App1.
You need to ensure that if App1 fails, the users can continue to print to Printer1.
What should you configure on App1? To answer, select the appropriate option in the answer area.
Answer:
QUESTION 318
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 and has the HyperV server role installed. On Server1, an administrator creates a virtual machine named VM1. A user named User1 is the member of the local Administrators group on Server1. User1 attempts to modify the settings of VM1 as shown in the following exhibit. (Click the Exhibit button.)
You need to ensure that User1 can modify the settings of VM1 by running the Set-Vm cmdlet.
What should you instruct User1 to do?
A. Import the Hyper-V module.
B. Install the Integration Services on VM1.
C. Run Windows PowerShell with elevated privileges.
D. Modify the membership of the local Hyper-V Administrators group.
Answer: C
Explanation:
You can only use the PowerShell snap-in to modify the VM settings with the vmcmdlets when you are an Administrator.
Thus best practices dictate that User1 run the Powershell with elevated privileges.
http://technet.microsoft.com/en-us/library/jj713439.aspx
QUESTION 319
Drag and Drop Question
You have a Hyper-V host named Server1. A technician creates a virtual machine named VM1 on Server1 by using the New Virtual Machine Wizard.
You start VM1 and you discover that there is no option to start by using PXE.
You need to ensure that you can start VM1 by using PXE.
Which three actions should you perform in sequence? (To answer, move the appropriate three actions from the list of actions to the answer area and arrange them in the correct order.)
Answer:
QUESTION 320
Hotspot Question
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the HyperV server role installed.
You need to implement NIC teaming on Server1.
Which two network connections should you include on the NIC team? (To answer, select the two appropriate network connections in the answer area.)
Answer:
Thanks For Trying Braindump2go Latest Microsoft 70-410 Dumps Questions! Braindump2go Exam DumpsADVANTAGES:
☆ 100% Pass Guaranteed Or Full Money Back!
☆ Instant Download Access After Payment!
☆ One Year Free Updation!
☆ Well Formated: PDF,VCE,Exam Software!
☆ Multi-Platform capabilities – Windows, Laptop, Mac, Android, iPhone, iPod, iPad.
☆ Professional, Quick,Patient IT Expert Team 24/7/365 Onlinen Help You!
☆ We served more than 35,000 customers all around the world in last 5 years with 98.99% PASS RATE!
☆ Guaranteed Secure Shopping! Your Transcations are protected by Braindump2go all the time!
☆ Pass any exams at the FIRST try!