getcertified4sure.com

mcsa 70 410 : Feb 2021 Edition




Your success in Microsoft 70 410 installing and configuring windows server 2012 is our sole target and we develop all our 70 410 exam questions braindumps in a way that facilitates the attainment of this target. Not only is our mcsa 70 410 study material the best you can find, it is also the most detailed and the most updated. exam collections 70 410 Practice Exams for Microsoft Windows Server 70 410 exam are written to the highest standards of technical accuracy.

Q51. - (Topic 1) 

Your network contains an Active Directory forest that contains three domains. 

A group named Group1 is configured as a domain local distribution group in the forest root domain. You plan to grant Group1 read-only access to a shared folder named Share1.Share1 is 

located in a child domain. 

You need to ensure that the members of Group1 can access Share1. 

What should you do first? 

A. Convert Group1 to a universal security group. 

B. Convert Group1 to a global distribution group. 

C. Convert Group1 to a universal distribution group. 

D. Convert Group1 to a domain local security group. 

Answer:

Explanation: 

Universal can be used for any domain or forest. Furthermore a Universal group can span multiple domains, even the entire forest. 

References: Exam Ref 70-410: Installing and Configuring Windows Server 2012 R2: Chapter 5: Install and Administer Active Directory, Objective 5.3 Create and manage Active Directory groups and Organization units, p. 289-291, 293 

http://technet.microsoft.com/en-us/library/cc781446(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc755692(v=ws.10).aspx 


Q52. - (Topic 3) 

You have a file server named File1 that runs Windows Server 2012 R2. 

File1 contains a shared folder named Share1. Share1 contains an Application named 

SalesAppl.exe. 

The NTFS permissions for Share1 are shown in the following table. 

The members of L_Sales discover that they cannot add files to Share1. Domain users can run SalesAppl.exe successfully. 

You need to ensure that the members of L_Sales can add files to Share1. 

What should you do? 

A. Add the Domain Users group to L_Sales. 

B. Add L_Sales to the Domain Users group. 

C. Edit the Share permissions. 

D. Edit the NTFS permissions. 

Answer:

Explanation: 

Based on the NTFS permissions, these users should be able to add files (as they have the “write” permission), so they must have read-only share permissions preventing them from doing so. 


Q53. - (Topic 3) 

You have a Hyper-V host named Server1 that runs Windows Server 2012 R2. Server1 hosts 50 virtual machines that run Windows Server 2012 R2. 

Your company uses smart cards for authentication. 

You need to ensure that you can use smart card authentication when you connect to the virtual machine by using Virtual Machine Connection. 

What should you configure? 

A. The RemoteFX settings 

B. The Enhanced Session Mode Policy 

C. The NUMA Spanning settings 

D. The Integration Services settings 

Answer:


Q54. - (Topic 3) 

You have an existing Active Directory site named Site1. You create a new Active Directory site and name it Site2. You need to configure Active Directory replication between Site1 and Site2. You install a new domain controller. 

You create the site link between Site1 and Site2. 

What should you do next? 

A. Use the Active Directory Sites and Services console to configure a new site link bridge object. 

B. Use the Active Directory Sites and Services console to decrease the site link cost between Site1 and Site2. 

C. Use the Active Directory Sites and Services console to assign a new IP subnet to Site2. Move the new domain controller object to Site2. 

D. Use the Active Directory Sites and Services console to configure the new domain controller as a preferred bridgehead server for Site1. 

Answer:

Explanation: 

Inter-site Replication 

The process of creating a custom site link has five basic steps: 

1. Create the site link. 

2. Configure the site link’s associated attributes. 

3. Create site link bridges. 

4. Configure connection objects. (This step is optional.) 

5. Designate a preferred bridgehead server. (This step is optional) 


Q55. - (Topic 3) 

Your infrastructure divided in 2 sites. You have a forest root domain and child domain. There is only one DC on site 2 with no FSMO roles. The link goes down to site 2 and no users can log on. What FSMO roles you need on to restore the access? 

A. Infrastructure master 

B. RID master 

C. Domain Naming master 

D. PDC Emulator 

Answer:

Explanation: 

D. The PDC emulator is used as a reference DC to double-check incorrect passwords and it also receives new password changes. PDC Emulator is the most complicated and least understood role, for it runs a diverse range of critical tasks. It is a domain-specific role, so exists in the forest root domain and every child domain. Password changes and account lockouts are immediately processed at the PDC Emulator for a domain, to ensure such changes do not prevent a user logging on as a result of multi-master replication delays, such as across Active Directory sites. 


Q56. - (Topic 2) 

You have a server named Server1 that runs Windows Server 2012 R2. You add an additional disk to Server1 as shown in the exhibit. (Click the Exhibit button.) 

You need to ensure that users can access the additional disk from drive C. 

What should you do? 

A. Convert Disk 0 to a dynamic disk and add a mirror. 

B. Create a simple volume on Disk 1 and mount the volume to a folder. 

C. Convert Disk 0 and Disk 1 to dynamic disks and extend a volume. 

D. Convert Disk 1 to a dynamic disk and create a spanned volume. 

Answer:


Q57. - (Topic 2) 

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.Client computers run either Windows 7 or Windows 8. 

All of the computer accounts of the client computers reside in an organizational unit (OU) named Clients. A Group Policy object (GPO) named GPO1 is linked to the Clients OU. All of the client computers use a DNS server named Server1. 

You configure a server named Server2 as an ISATAP router. You add a host (A) record for ISATAP to the contoso.com DNS zone. 

You need to ensure that the client computers locate the ISATAP router. 

What should you do? 

A. Run the Set-DnsServerGlobalQueryBlockList cmdlet on Server1. 

B. Configure the Network Options Group Policy preference of GPO1. 

C. Run the Add-DnsServerResourceRecord cmdlet on Server1. 

D. Configure the DNS Client Group Policy setting of GPO1. 

Answer:

Explanation: 

The Set-DnsServerGlobalQueryBlockList command will change the settings of a global query block list which you can use to ensure that client computers locate the ISATAP router. 

Windows Server 2008 introduced a new feature, called “Global Query Block list”, which prevents some arbitrary machine from registering the DNS name of WPAD. This is a good security feature, as it prevents someone from just joining your network, and setting himself up as a proxy. The dynamic update feature of Domain Name System (DNS) makes it possible for DNS client computers to register and dynamically update their resource records with a DNS server whenever a client changes its network address or host name. This reduces the need for manual administration of zone records. This convenience comes at a cost, however, because any authorized client can register any unused host name, even a host name that might have special significance for certain Applications. This can allow a malicious user to take over a special name and divert certain types of network traffic to that user’s computer. Two commonly deployed protocols are particularly vulnerable to this type of takeover: the Web Proxy Automatic Discovery Protocol (WPAD) and the Intra-site Automatic Tunnel Addressing Protocol (ISATAP). Even if a network does not deploy these protocols, clients that are configured to use them are vulnerable to the takeover that DNS dynamic update enables. Most commonly, ISATAP hosts construct their PRLs by using DNS to locate a host named isatap on the local domain. For example, if the local domain is corp.contoso.com, an ISATAP-enabled host queries DNS to obtain the IPv4 address of a host named isatap.corp.contoso.com. In its default configuration, the Windows Server 2008 DNS Server service maintains a list of names that, in effect, it ignores when it receives a query to resolve the name in any zone for which the server is authoritative. Consequently, a malicious user can spoof an ISATAP router in much the same way as a malicious user can spoof a WPAD server: A malicious user can use dynamic update to register the user’s own computer as a counterfeit ISATAP router and then divert traffic between ISATAP-enabled computers on the network. The initial contents of the block list depend on whether WPAD or ISATAP is already deployed when you add the DNS server role to an existing Windows Server 2008 deployment or when you upgrade an earlier version of Windows Server running the DNS Server service. Add-DnsServerResourceRecord – The Add-DnsServerResourceRecordcmdlet adds a resource record for a Domain Name System (DNS) zone on a DNS server. You can add different types of resource records. Use different switches for different record types. By using this cmdlet, you can change a value for a record, configure whether a record has a time stamp, whether any authenticated user can update a record with the same owner name, and change lookup timeout values, Windows Internet Name Service (WINS) cache settings, and replication settings. Set-DnsServerGlobalQueryBlockList – The Set-DnsServerGlobalQueryBlockListcmdlet changes settings of a global query block list on a Domain Name System (DNS) server. This cmdlet replaces all names in the list of names that the DNS server does not resolve with the names that you specify. If you need the DNS server to resolve names such as ISATAP and WPAD, remove these names from the list. Web Proxy Automatic Discovery Protocol (WPAD) and Intra-site Automatic Tunnel Addressing Protocol (ISATAP) are two commonly deployed protocols that are particularly vulnerable to hijacking. 

References: Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 4: Deploying domain controllers, Lesson 4: Configuring IPv6/IPv4 Interoperability, p. 254-256 http://technet.microsoft.com/en-us/library/jj649942(v=wps.620).aspx http://technet.microsoft.com/en-us/library/jj649876(v=wps.620).aspx http://technet.microsoft.com/en-us/library/jj649874.aspx http://technet.microsoft.com/en-us/library/jj649909.aspx 


Q58. - (Topic 3) 

You perform a Server Core Installation of Windows Server 2012 R2 on a server named Server1. 

You need to add a graphical user interface (GUI) to Server1. 

Which tool should you use? 

A. The Install-WindowsFeature cmdlet 

B. The Install-Module cmdlet 

C. The Install-RoleService cmdlet 

D. The setup.exe command 

Answer:

Explanation: 

The DISM command is called by the Add-WindowsFeature commanD. Here is the syntax for DISM: 

Dism /online /enable-feature /featurename:ServerCore-FullServer /featurename:Server-Gui-Shell /featurename:Server-Gui-Mgmt 


Q59. DRAG DROP - (Topic 3) 

Your company has a main office that contains 225 client computers. The client computers are located on a subnet that uses the network ID of 10.10.1.0/24. 

The company plans to open two branch offices. The offices will be configured as shown in the following table. 

You need to select a network prefix for each office to ensure that there are enough IPv4 addresses for each client computer. 

The solution must minimize the number of unused IP addresses. 

Which network prefixes should you select? 

To answer, drag the appropriate network prefix to the correct branch office in the answer area. 

Answer: 


Q60. - (Topic 2) 

You have a server that runs a Server Core installation of Windows Server 2012 R2. 

You need to change the DNS server used by IPv6. 

What should you do? 

A. From Sconfig, configure the Network Settings. 

B. Run the sc.exe command and specify the config parameter. 

C. From Windows PowerShell, run the Set-NetIpv6Protocol cmdlet. 

D. From Windows PowerShell, run the Set-DnsClientServerAddress cmdlet. 

Answer:

Explanation: 

The Set-DnsClientServerAddresscmdlet sets one or more IP addresses for DNS servers associated with an interface. This cmdlet statically adds DNS server addresses to the interface. If this cmdlet is used to add DNS servers to the interface, then the DNS servers will override any DHCP configuration for that interface. PS C:\> Set-DnsClientServerAddress -InterfaceIndex 12 -ServerAddresses "10.0.0.1","10.0.0.2") 

References: http://technet.microsoft.com/en-us/library/jj592692.aspx 

http://technet.microsoft.com/en-us/library/jj590768.aspx