Download of 70-410 practice exam materials and software for Microsoft certification for examinee, Real Success Guaranteed with Updated 70-410 pdf dumps vce Materials. 100% PASS Installing and Configuring Windows Server 2012 exam Today!
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Microsoft 70-410 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 70-410 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/70-410-exam-dumps.html
2021 Apr 70-410 torrent
Q11. - (Topic 3)
You have a domain controller named Server1 that runs Windows Server 2012 R2 and has the DNS Server server role installed. Server1 hosts a DNS zone named contoso.com and a GlobalNames zone.
You discover that the root hints were removed from Server1.
You need to view the default root hints of Server1.
What should you do?
A. From Event Viewer, open the DNS Manager log.
B. From Notepad, open the Cache.dns file.
C. From Windows Powershell, run Get-DNSServerDiagnostics.
D. From nslookup, run root server1.contoso.com
Answer: B
Explanation:
A. Allows you to troubleshoot DNS issues
B. DNS Server service implements root hints using a file, Cache.dns, stored in the systemrootSystem32Dnsfolder on the server
C. Gets DNS event logging details
D. nslookup is used to query the DNS server
Q12. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2.
You need to create 3-TB virtual hard disk (VHD) on Server1.
Which tool should you use?
A. New-StorageSubsytemVirtualDisk
B. File Server Resource Manager (FSRM)
C. Server Manager
D. Computer Management
Answer: A
Explanation:
For other questions to create a VHD (file) you can use computer management.
-Share and storage management (2008 only)
-New-storagesubsystemVirtualDisk (this is a virtual disk, NOT a virtual hard disk)
-Server Manager (you would use this to create virtual disks, not virtual hard disks)
Q13. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.Client computers run either Windows 7 or Windows 8.
All of the computer accounts of the client computers reside in an organizational unit (OU) named Clients. A Group Policy object (GPO) named GPO1 is linked to the Clients OU. All of the client computers use a DNS server named Server1.
You configure a server named Server2 as an ISATAP router. You add a host (A) record for ISATAP to the contoso.com DNS zone.
You need to ensure that the client computers locate the ISATAP router.
What should you do?
A. Run the Set-DnsServerGlobalQueryBlockList cmdlet on Server1.
B. Configure the Network Options Group Policy preference of GPO1.
C. Run the Add-DnsServerResourceRecord cmdlet on Server1.
D. Configure the DNS Client Group Policy setting of GPO1.
Answer: A
Explanation:
The Set-DnsServerGlobalQueryBlockList command will change the settings of a global query block list which you can use to ensure that client computers locate the ISATAP router.
Windows Server 2008 introduced a new feature, called “Global Query Block list”, which prevents some arbitrary machine from registering the DNS name of WPAD. This is a good security feature, as it prevents someone from just joining your network, and setting himself up as a proxy. The dynamic update feature of Domain Name System (DNS) makes it possible for DNS client computers to register and dynamically update their resource records with a DNS server whenever a client changes its network address or host name. This reduces the need for manual administration of zone records. This convenience comes at a cost, however, because any authorized client can register any unused host name, even a host name that might have special significance for certain Applications. This can allow a malicious user to take over a special name and divert certain types of network traffic to that user’s computer. Two commonly deployed protocols are particularly vulnerable to this type of takeover: the Web Proxy Automatic Discovery Protocol (WPAD) and the Intra-site Automatic Tunnel Addressing Protocol (ISATAP). Even if a network does not deploy these protocols, clients that are configured to use them are vulnerable to the takeover that DNS dynamic update enables. Most commonly, ISATAP hosts construct their PRLs by using DNS to locate a host named isatap on the local domain. For example, if the local domain is corp.contoso.com, an ISATAP-enabled host queries DNS to obtain the IPv4 address of a host named isatap.corp.contoso.com. In its default configuration, the Windows Server 2008 DNS Server service maintains a list of names that, in effect, it ignores when it receives a query to resolve the name in any zone for which the server is authoritative. Consequently, a malicious user can spoof an ISATAP router in much the same way as a malicious user can spoof a WPAD server: A malicious user can use dynamic update to register the user’s own computer as a counterfeit ISATAP router and then divert traffic between ISATAP-enabled computers on the network. The initial contents of the block list depend on whether WPAD or ISATAP is already deployed when you add the DNS server role to an existing Windows Server 2008 deployment or when you upgrade an earlier version of Windows Server running the DNS Server service. Add-DnsServerResourceRecord – The Add-DnsServerResourceRecordcmdlet adds a resource record for a Domain Name System (DNS) zone on a DNS server. You can add different types of resource records. Use different switches for different record types. By using this cmdlet, you can change a value for a record, configure whether a record has a time stamp, whether any authenticated user can update a record with the same owner name, and change lookup timeout values, Windows Internet Name Service (WINS) cache settings, and replication settings. Set-DnsServerGlobalQueryBlockList – The Set-DnsServerGlobalQueryBlockListcmdlet changes settings of a global query block list on a Domain Name System (DNS) server. This cmdlet replaces all names in the list of names that the DNS server does not resolve with the names that you specify. If you need the DNS server to resolve names such as ISATAP and WPAD, remove these names from the list. Web Proxy Automatic Discovery Protocol (WPAD) and Intra-site Automatic Tunnel Addressing Protocol (ISATAP) are two commonly deployed protocols that are particularly vulnerable to hijacking.
References: Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 4: Deploying domain controllers, Lesson 4: Configuring IPv6/IPv4 Interoperability, p. 254-256 http://technet.microsoft.com/en-us/library/jj649942(v=wps.620).aspx http://technet.microsoft.com/en-us/library/jj649876(v=wps.620).aspx http://technet.microsoft.com/en-us/library/jj649874.aspx http://technet.microsoft.com/en-us/library/jj649909.aspx
Q14. HOTSPOT - (Topic 3)
Your network contains a domain controller named dc5.adatum.com that runs Windows
Server 2012 R2.
You discover that you can connect successfully to DC5 over the network, but you receive a
request timed out message when you attempt to ping DC5.
You need to configure DC5 to respond to ping request.
Which firewall rule should you modify on DC5? To answer, select the appropriate rule in
the answer area.
Answer:
Q15. - (Topic 3)
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has 2 dual-
core processors and 16 GB of RAM.
You install the Hyper-V server role in Server1.
You plan to create two virtual machines on Server1.
You need to ensure that both virtual machines can use up to 8 GB of memory. The solution
must ensure that both virtual machines can be started simultaneously.
What should you configure on each virtual machine?
A. Dynamic Memory
B. NUMA topology
C. Memory weight
D. Resource Control
Answer: A
Abreast of the times 70-410 free exam questions:
Q16. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed. You need to log the amount of system resources used by each virtual machine. What should you do?
A. From Windows PowerShell, run the Enable-VMResourceMetering cmdlet.
B. From Windows System Resource Manager, enable Accounting.
C. From Windows System Resource Manager, add a resource allocation policy.
D. From Windows PowerShell, run the Measure-VM cmdlet.
Answer: A
Explanation:
Enable-VMResourceMetering – The Enable-VMResourceMeteringcmdlet starts collecting
resourceutilization data for a virtual machine or resource pool.
Measure-VM – The Measure-VM cmdlet reports data on processor usage, memory usage,
network traffic, and disk capacity for one or more virtual machines.
Q17. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Remote Access server role installed.
A user named User1 must connect to the network remotely. The client computer of User1 requires Challenge Handshake Authentication Protocol (CHAP) for remote connections. CHAP is enabled on Server1.
You need to ensure that User1 can connect to Server1 and authenticate to the domain.
What should you do from Active Directory Users and Computers?
A. From the properties of User1, select Store password using reversible encryption.
B. From the properties of Server1, assign the Allowed to Authenticate permission to User1.
C. From the properties of User1, select Use Kerberos DES encryption types for this account.
D. From the properties of Server1, select Trust this computer for delegation to any service (Kerberos only).
Answer: A
Explanation:
The Store password using reversible encryption policy setting provides support for Applications that use protocols that require the user’s password for authentication. Storing encrypted passwords in a way that irreversible means that the encrypted passwords can be decrypted. A knowledgeable attacker who is able to break this encryption can then log on to network resources by using the compromised account. For this reason, never enable Store password using reversible encryption for all users in the domain unless Application requirements outweigh the need to protect password information. If you use the Challenge Handshake Authentication Protocol (CHAP) through remote access or Internet Authentication Services (IAS), you must enable this policy setting. CHAP is an authentication protocol that is used by remote access and network connections. Digest Authentication in Internet Information Services (IIS) also requires that you enable this policy setting. If your organization uses CHAP through remote access or IAS, or Digest Authentication in IIS, you must configure this policy setting to Enabled. This presents a security risk when you App1y the setting through Group Policy on a user-by-user basis because it requires the appropriate user account object to be opened in Active Directory Users and Computers.
Q18. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2.
You create a security template named Template1 by using the security template snap-in.
You need to apply Template1 to Server2.
Which tool should you use?
A. Security Templates
B. Computer Management
C. Security Configuration and Analysis
D. System Configuration
Answer: C
Explanation:
A security policy is a combination of security settings that affect the security on a computer. You can use your local security policy to edit account policies and local policies on your local computer.
A. Template was already created – Provide standard security option to use in security policies
B. Needs to be applied at the GP level
C. Security templates are inactive until imported into a Group Policy object or the SecurityConfiguration and Analysis
D. Tool to ID windows problems
Q19. - (Topic 3)
Your company has a remote office that contains 1,600 client computers on a single subnet. You need to select a subnet mask for the network that will support all of the client
computers. The solution must minimize the number of unused addresses. Which subnet mask should you select?
A. 255.255.248.0
B. 255.255.252.0
C. 255.255.254.0
D. 255.255.240.0
Answer: A
Q20. HOTSPOT - (Topic 3)
You have a Hyper-V host named HYPERV1. HYPERV1 hosts a virtual machine named
DC1.
You need to prevent the clock on DC1 from synchronizing from the clock on HYPERV1.
What should you configure? To answer, select the appropriate object in the answer area.
Answer: