Your success in Microsoft 70 410 vce is our sole target and we develop all our mcsa 70 410 braindumps in a way that facilitates the attainment of this target. Not only is our 70 410 exam study material the best you can find, it is also the most detailed and the most updated. 70 410 pdf Practice Exams for Microsoft Windows Server 70 410 dumps are written to the highest standards of technical accuracy.
Q201. - (Topic 3)
You have a server named Server1. Server1 runs a Server Core installation of Windows
Server 2012 R2. The local area connection on Server1 has the following configuration:
IP address: 10.1.1.1
Subnet mask: 255.255.240.0
Default gateway: 10.1.1.254
Preferred DNS server: <none>
The network contains a DNS server that has an IPv4 address of 10.1.1.200. You need to configure Server1 to use 10.1.1.200 as the preferred DNS server. The solution must not change any other settings on Server1.
Which command should you run?
A. sconfig.cmd
B. net.exe
C. Set-NetIPInterface
D. netsh.exe
Answer: A
Explanation:
In Windows Server 2012 R2, you can use the Server Configuration tool (Sconfig.cmd) to configure and manage several common aspects of Server Core installations. Network settings You can configure the IP address to be assigned automatically by a DHCP Server or you can assign a static IP address manually. This option allows you to configure DNS Server settings for the server as well.
Q202. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains 100 user accounts that reside in an organizational unit (OU) named 0U1. You need to ensure that a user named User1 can link and unlink Group Policy objects (GPOs) to OU1. The solution must minimize the number of permissions assigned to User1.
What should you do?
A. Modify the permissions on OU1.
B. Run the Set-GPPermission cmdlet.
C. Add User1 to the Group Policy Creator Owners group.
D. Modify the permissions on the User1 account.
Answer: A
Explanation:
Q203. - (Topic 3)
Which of the following is not a correct reason for creating an OU?
A. To create a permanent container that cannot be moved or renamed
B. To duplicate the divisions in your organization
C. To delegate administration tasks
D. To assign different Group Policy settings to a specific group of users or computers
Answer: A
Explanation:
A. Correct: The reasons for creating an OU include duplicating organizational divisions, assigning Group Policy settings, and delegating administration. You can easily move or rename an OU at will.
B. Incorrect: Duplicating organizational divisions is a viable reason for creating an OU.
C. Incorrect: Delegating administration tasks is a viable reason for creating an OU.
D. Incorrect: Assigning Group Policy settings is a viable reason for creating an OU.
Q204. - (Topic 3)
Your network contains two Active Directory forests named contoso.com and adatum.com. All servers run Windows Server 2012 R2.
A one-way external trust exists between contoso.com and adatum.com.
Adatum.com contains a universal group named Group1. You need to prevent Group1 from being used to provide access to the resources in contoso.com.
What should you do?
A. Modify the Managed By settings of Group1.
B. Modify the Allowed to Authenticate permissions in adatum.com.
C. Change the type of Group1 to distribution.
D. Modify the name of Group1.
Answer: B
Explanation:
* Accounts that require access to the customer Active Directory will be granted a special right called Allowed to Authenticate. This right is then applied to computer objects (Active Directory domain controllers and AD RMS servers) within the customer Active Directory to which the account needs access.
* For users in a trusted Windows Server 2008 or Windows Server 2003 domain or forest to be able to access resources in a trusting Windows Server 2008 or Windows Server 2003 domain or forest where the trust authentication setting has been set to selective authentication, each user must be explicitly granted the Allowed to Authenticate permission on the security descriptor of the computer objects (resource computers) that reside in the trusting domain or forest.
Q205. - (Topic 1)
You have a server named Server1 that runs a Server Core installation of Windows Server 2012 R2.
Server1 is configured to obtain an IPv4 address by using DHCP.
You need to configure the IPv4 settings of the network connection on Server1 as follows:
IP address: 10.1.1.1
Subnet mask: 255.255.240.0
Default gateway: 10.1.1.254
What should you run?
A. netsh.exe
B. netcfg.exe
C. msconfig.exe
D. ipconfig.exe
Answer: A
Explanation:
In order to configure TCP/IP settings such as the IP address, Subnet Mask, Default
Gateway, DNS and WINS addresses and many other options you can use Netsh.exe.
Incorrect:
Not D: Windows Server 2012 Core still has IPCONFIG.EXE that can be used to view the IP
configuration.
Modern servers typically come with several network interface ports. This causes
IPCONFIG.EXE to scroll off the screen when viewing its output. Consider piping the output
if IPCONFIG.EXE to a file and view it with Notepad.exe.
Q206. HOTSPOT - (Topic 1)
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
You need to add a user named User1 to a group named ServerAdmins.
What command should you run? To answer, select the appropriate options in the answer area.
Answer:
Q207. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The network contains a member server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed and has a primary zone for contoso.com. The Active Directory domain contains 500 client computers. There are an additional 20 computers in a workgroup. You discover that every client computer on the network can add its record to the contoso.com zone.
You need to ensure that only the client computers in the Active Directory domain can register records in the contoso.com zone.
What should you do first?
A. Move the contoso.com zone to a domain controller that is configured as a DNS server
B. Configure the Dynamic updates settings of the contoso.com zone
C. Sign the contoso.com zone by using DNSSEC
D. Configure the Security settings of the contoso.com zone.
Answer: A
Explanation:
If you install DNS server on a non-DC, then you are not able to create AD-integrated zones. DNS update security is available only for zones that are integrated into AD DS. When you directory- integrate a zone, access control list (ACL) editing features are available in DNS Managerso that you can add or remove users or groups from the ACL for a specified zone or resource record.
1. Active Directory’s DNS Domain Name is NOT a single label name (“DOMAIN” vs. the minimal requirement of”domain.com.” “domain.local”, etc.).
2. The Primary DNS Suffix MUST match the zone name that is allowing updates. Otherwise the client doesn’t know what zone name to register in. You can also have a different Conneciton Specific Suffix in addition to the Primary DNS Suffix to register into that zone as well.
3. AD/DNS zone MUST be configured to allow dynamic updates, whether Secure or Secure and Non-Secure. For client machines, if a client is not joined to the domain, and the zone is set to Secure, it will not register either.
4. You must ONLY use the DNS servers that host a copy of the AD zone name or have a reference to get to them. Do not use your ISP’s, an external DNS address, your router as a DNS address, or any other DNS that does not have a copy of the AD zone. Internet resolution for your machines will be accomplished by the Rootservers (Root Hints), however it’s recommended to configure a forwarder for efficient Internet resolution.
5. The domain controller is multihomed (which means it has more than one unteamed, active NIC, more than one IP address, and/or RRAS is installed on the DC).
6. The DNS addresses configured in the client’s IP properties must ONLY reference the DNS server(s) hosting the AD zone you want to update in. This means that you must NOT use an external DNS in any machine’s IP property in an AD environment. You can’t mix them either. That’s because of the way the DNS Client side resolver service works. Even if you mix up internal DNS and ISP’s DNS addresses, the resolver algorithm can still have trouble asking the correct DNS server. It will ask the first one first. If it doesn’t get a response, it removes the first one from the eligible resolvers list and goes to the next in the list. It will not go back to the first one unless you restart the machine, restart the DNS Client service, or set a registry entry to cut the query TTL to 0. The rule is to ONLY use your internal DNS server(s) and configure a forwarder to your ISP’s DNS for efficient Internet resolution. This is the reg entry to cut the query to 0 TTL: The DNS Client service does not revert to using the first server. The Windows 2000 Domain Name System (DNS) Client service (DNS cache) follows a certain algorithm when it decides the order in which to use the DNS servers. http://support.microsoft.com/kb/286834 For more info, please read the following on the client side resolver service: DNS, WINS NetBIOS & the Client Side Resolver, Browser Service, Disabling NetBIOS, Direct Hosted SMB (Direct SMB), If One DC is Down Does a Client logon to Another DC, and DNS Forwarders Algorithm if you have multiple forwarders.
http://msmvps.com/blogs/acefekay/archive/2009/11/29/dns-wins-netbios-amp-the-clientside- resolverbrowserservice-disabling-netbios-direct-hosted-smb-directsmb-if-one-dc-isdown-does-a- client-logon-toanother-dcand-dns-forwarders-algorithm.aspx
7. For DHCP clients, DHCP Option 006 for the clients are set to the same DNS server.
8. If using DHCP, DHCP server must only be referencing the same exact DNS server(s) in
its own IP properties in order for it to ‘force’ (if you set that setting) registration into DNS.
Otherwise, how would it know which DNS to send the reg data to?
9. If the AD DNS Domain name is a single label name, such as “EXAMPLE”, and not the
proper format of ”example.com” and/or any child of that format, such as
“child1.example.com”, then we have a real big problem.
DNS will not allow registration into a single label domain name.
This is for two reasons:
1. It’s not the proper hierarchal format. DNS is hierarchal, but a single label name has no
hierarchy. It’s just a single name.
2. Registration attempts cause major Internet queries to the Root servers. Why? Because it
thinks the single label name, such as “EXAMPLE”, is a TLD (Top Level Domain), such as
“com”, “net”, etc. It will now try to find what Root name server out there handles that TLD.
In the end it comes back to itself and then attempts to register. Unfortunately it does NOT
ask itself first for the mere reason it thinks it’s a TLD. (Quoted from Alan Woods, Microsoft,
2004):
“Due to this excessive Root query traffic, which ISC found from a study that discovered
Microsoft DNS servers are causing excessive traffic because of single label names,
Microsoft, being an internet friendly neighbor and wanting to stop this problem for their
neighbors, stopped the ability to register into DNS with Windows 2000SP4, XP SP1,
(especially XP, which cause lookup problems too), and Windows 2003. After all, DNS is
hierarchal, so therefore why even allow single label DNS domain names?” The above also
*especially* applies to Windows Vista, 7, 2008, 2008 R2, and newer.
10. ‘Register this connection’s address” on the client is not enabled under the NIC’s IP
properties, DNS tab.
11. Maybe there’s a GPO set to force Secure updates and the machine isn’t a joined
member of the domain.
12. ON 2000, 2003 and XP, the “DHCP client” Service not running. In 2008/Vista and
newer, it’s the DNS Client Service. This is a requirement for DNS registration and DNS
resolution even if the client is not actually using DHCP.
13. You can also configure DHCP to force register clients for you, as well as keep the DNS
zone clean of old or duplicate entries. See the link I posted in my previous post.
Q208. - (Topic 1)
Your network contains an Active Directory domain named adatum.com. The domain contains several thousand member servers that run Windows Server 2012 R2.All of the computer accounts for the member servers are in an organizational unit (OU) named ServersAccounts.
Servers are restarted only occasionally.
You need to identify which servers were restarted during the last two days.
What should you do?
A. Run dsquery computer and specify the –staiepwd parameter.
B. Run Get-ADComputer and specify the SearchScope parameter.
C. Run Get-ADComputer and specify the IastLogon property.
D. Run dsquery server and specify the –o parameter
Answer: C
Q209. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
The domain contains a server named Server1 that runs Windows Server 2012 R2.
You need to ensure that when users log on to Server1, their user account is added automatically to a local group named Group1 during the log on process.
Which Group Policy settings should you modify?
A. User Rights Assignment
B. Preferences
C. Security Options
D. Restricted Groups
Answer: B
Explanation:
With Preferences, local and domain accounts can be added to a local group without affecting the existing members of the group
References: Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter 8: File Services and Storage, p. 361
http://technet.microsoft.com/en-us/library/cc785631(v=ws.10).aspx http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/
http://technet.microsoft.com/en-us/library/cc780182(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh831424.aspx
Q210. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1.Server1 runs Windows Server 2012 R2.
You create a group Managed Service Account named gservice1.
You need to configure a service named Service1 to run as the gservice1 account.
How should you configure Service1?
A. From Services Console configure the recovery settings
B. From a command prompt, run sc.exe and specify the config parameter
C. From Windows PowerShell, run Set-Service and specify the -PassThrough parameter
D. From a command prompt, run sc.exe and specify the sdset parameter
Answer: B
Explanation:
Sc config, Modifies the value of a service’s entries in the registry and in the Service Control
Manager database.
obj= {<AccountName> | <ObjectName>}
Specifies a name of an account in which a service will run, or specifies a name of the
Windows driver object in
which the driver will run. The default setting is LocalSystem.
password= <Password>
Specifies a password. This is required if an account other than the LocalSystem account is
used.