Microsoft happens to be an firm which includes attained global identification on the planet. It is well-known in IT field. Microsoft 70-410 refers to pc equipments including software and hardware. Its dominating out there due to its competency and quality of work. Microsoft offers quite a few qualifications which might be very appreciated together with required because of it professionals and also by Them business. Together with Microsoft get into action on the level final results.
2021 Feb 70-410 test engine
Q71. - (Topic 1)
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
On a server named Core1, you perform a Server Core Installation of Windows Server 2012 R2. You join Core1 to the adatum.com domain.
You need to ensure that you can use Event Viewer on Server1 to view the event logs on Core1.
What should you do on Core1?
A. Run the Disable NetFirewallRule cmdlet.
B. Install Remote Server Administration Tools (RSAT).
C. Install Windows Management Framework.
D. Run the Enable-Com + Network Access Firewall Rule.
Answer: D
Explanation:
Information regarding IPsec policy changes, etc. can be found in the Event Viewer. Thus you need to enable the NetFirewallRule command. This will allow you to view the event logs.
Q72. - (Topic 1)
You have virtual machine named VM1.
VM1 uses a fixed size virtual hard disk (VHD) named Disk1.vhD. Disk1.vhd is 200 GB.
You shut down VM1.
You need to reduce the size of disk1.vhd.
Which action should you select from the Edit Virtual Hard Disk Wizard?
A. Merge
B. Compact
C. Shrink
D. Convert
Answer: C
Q73. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2008 R2. One of the domain controllers is named DC1.
The network contains a member server named Server1 that runs Windows Server 2012 R2.
You need to promote Server1 to a domain controller by using install from media (IFM).
What should you do first?
A. Create a system state backup of DC1.
B. Create IFM media on DC1.
C. Upgrade DC1 to Windows Server 2012 R2.
D. Run the Active Directory Domain Services Configuration Wizard on Server1.
E. Run the Active Directory Domain Services Installation Wizard on DC1.
Answer: C
Explanation:
A. Backs up system state data to be restored
C. Only valid option. You could install ADDS role on Server 1 and run ADDS configuration wizard and add DC to existing domain
D. Need to add ADDS role first
E. Wrong server Installation from media does not work across different operating system versions. In other words, you must use a Windows Server 2012 R2 domain controller to generate installation media to use for another Windows Server 2012 R2 domain controller installation. We can use the Install from media (IFM) option to install an Additional Domain Controller in an existing domain is the best option such as a branch office scenario where network is slow, unreliable and costly. IFM will minimize replication traffic during the installation because it uses restored backup files to populate the AD DS database. This will significantly reduce the amount of traffic copied over the WAN link. Things to remember: If you are deploying your first Domain Controller in the domain, you cannot use IFM. The OS will need to match the IFM media. (If you create a 2008 R2 IFM, promote a 2008 R2 DC) If you are creating a DC that will be a Global Catalog Server, create your IFM on a Global Catalog Server.
If you are creating a DC that will be a DNS Server, create your IFM on a DNS Server. If you want to copy the SYSVOL, the DC on which you generate the installation media and the new DC must be at least running Windows Server 2008 with Service Pack 2 or Windows Server 2008 R2. Membership of the Domain Admins group is the minimum required to complete IFM.
Q74. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of an Active Directory forest that contains a root domain, named Contoso.com, and two child domains, named us.Contoso.com and uk.Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed.
The root domain hosts a domain local distribution group, named ENSUREPASSGroup. You are preparing to issue ENSUREPASSGroup read-only access to a shared folder hosted by the us.Contoso.com domain.
You want to make sure that ENSUREPASSGroup is able to access the shared folder in the us.Contoso.com domain.
Which of the following actions should you take?
A. You should consider re-configuring ENSUREPASSGroup as a universal Admins group.
B. You should consider re-configuring ENSUREPASSGroup as a universal security group.
C. You should consider re-configuring ENSUREPASSGroup as a global administrators group.
D. You should consider re-configuring ENSUREPASSGroup as a local administrators group.
Answer: B
Q75. HOTSPOT - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The network contains a DHCP server named DHCP1.
You add a new network segment to the network.
On the new network segment, you deploy a new server named Server1 that runs Windows
Server 2012 R2.
You need to configure Server1 as a DHCP Relay Agent.
Which server role should you install on Server1?
To answer, select the appropriate role in the answer area.
Answer:
Improve 70-410 free draindumps:
Q76. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The network contains a member server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed and has a primary zone for contoso.com. The Active Directory domain contains 500 client computers. There are an additional 20 computers in a workgroup. You discover that every client computer on the network can add its record to the contoso.com zone.
You need to ensure that only the client computers in the Active Directory domain can register records in the contoso.com zone.
What should you do first?
A. Move the contoso.com zone to a domain controller that is configured as a DNS server
B. Configure the Dynamic updates settings of the contoso.com zone
C. Sign the contoso.com zone by using DNSSEC
D. Configure the Security settings of the contoso.com zone.
Answer: A
Explanation:
If you install DNS server on a non-DC, then you are not able to create AD-integrated zones. DNS update security is available only for zones that are integrated into AD DS. When you directory- integrate a zone, access control list (ACL) editing features are available in DNS Managerso that you can add or remove users or groups from the ACL for a specified zone or resource record.
1. Active Directory’s DNS Domain Name is NOT a single label name (“DOMAIN” vs. the minimal requirement of”domain.com.” “domain.local”, etc.).
2. The Primary DNS Suffix MUST match the zone name that is allowing updates. Otherwise the client doesn’t know what zone name to register in. You can also have a different Conneciton Specific Suffix in addition to the Primary DNS Suffix to register into that zone as well.
3. AD/DNS zone MUST be configured to allow dynamic updates, whether Secure or Secure and Non-Secure. For client machines, if a client is not joined to the domain, and the zone is set to Secure, it will not register either.
4. You must ONLY use the DNS servers that host a copy of the AD zone name or have a reference to get to them. Do not use your ISP’s, an external DNS address, your router as a DNS address, or any other DNS that does not have a copy of the AD zone. Internet resolution for your machines will be accomplished by the Rootservers (Root Hints), however it’s recommended to configure a forwarder for efficient Internet resolution.
5. The domain controller is multihomed (which means it has more than one unteamed, active NIC, more than one IP address, and/or RRAS is installed on the DC).
6. The DNS addresses configured in the client’s IP properties must ONLY reference the DNS server(s) hosting the AD zone you want to update in. This means that you must NOT use an external DNS in any machine’s IP property in an AD environment. You can’t mix them either. That’s because of the way the DNS Client side resolver service works. Even if you mix up internal DNS and ISP’s DNS addresses, the resolver algorithm can still have trouble asking the correct DNS server. It will ask the first one first. If it doesn’t get a response, it removes the first one from the eligible resolvers list and goes to the next in the list. It will not go back to the first one unless you restart the machine, restart the DNS Client service, or set a registry entry to cut the query TTL to 0. The rule is to ONLY use your internal DNS server(s) and configure a forwarder to your ISP’s DNS for efficient Internet resolution. This is the reg entry to cut the query to 0 TTL: The DNS Client service does not revert to using the first server. The Windows 2000 Domain Name System (DNS) Client service (DNS cache) follows a certain algorithm when it decides the order in which to use the DNS servers. http://support.microsoft.com/kb/286834 For more info, please read the following on the client side resolver service: DNS, WINS NetBIOS & the Client Side Resolver, Browser Service, Disabling NetBIOS, Direct Hosted SMB (Direct SMB), If One DC is Down Does a Client logon to Another DC, and DNS Forwarders Algorithm if you have multiple forwarders.
http://msmvps.com/blogs/acefekay/archive/2009/11/29/dns-wins-netbios-amp-the-clientside- resolverbrowserservice-disabling-netbios-direct-hosted-smb-directsmb-if-one-dc-isdown-does-a- client-logon-toanother-dcand-dns-forwarders-algorithm.aspx
7. For DHCP clients, DHCP Option 006 for the clients are set to the same DNS server.
8. If using DHCP, DHCP server must only be referencing the same exact DNS server(s) in
its own IP properties in order for it to ‘force’ (if you set that setting) registration into DNS.
Otherwise, how would it know which DNS to send the reg data to?
9. If the AD DNS Domain name is a single label name, such as “EXAMPLE”, and not the
proper format of ”example.com” and/or any child of that format, such as
“child1.example.com”, then we have a real big problem.
DNS will not allow registration into a single label domain name.
This is for two reasons:
1. It’s not the proper hierarchal format. DNS is hierarchal, but a single label name has no
hierarchy. It’s just a single name.
2. Registration attempts cause major Internet queries to the Root servers. Why? Because it
thinks the single label name, such as “EXAMPLE”, is a TLD (Top Level Domain), such as
“com”, “net”, etc. It will now try to find what Root name server out there handles that TLD.
In the end it comes back to itself and then attempts to register. Unfortunately it does NOT
ask itself first for the mere reason it thinks it’s a TLD. (Quoted from Alan Woods, Microsoft,
2004):
“Due to this excessive Root query traffic, which ISC found from a study that discovered
Microsoft DNS servers are causing excessive traffic because of single label names,
Microsoft, being an internet friendly neighbor and wanting to stop this problem for their
neighbors, stopped the ability to register into DNS with Windows 2000SP4, XP SP1,
(especially XP, which cause lookup problems too), and Windows 2003. After all, DNS is
hierarchal, so therefore why even allow single label DNS domain names?” The above also
*especially* applies to Windows Vista, 7, 2008, 2008 R2, and newer.
10. ‘Register this connection’s address” on the client is not enabled under the NIC’s IP
properties, DNS tab.
11. Maybe there’s a GPO set to force Secure updates and the machine isn’t a joined
member of the domain.
12. ON 2000, 2003 and XP, the “DHCP client” Service not running. In 2008/Vista and
newer, it’s the DNS Client Service. This is a requirement for DNS registration and DNS
resolution even if the client is not actually using DHCP.
13. You can also configure DHCP to force register clients for you, as well as keep the DNS
zone clean of old or duplicate entries. See the link I posted in my previous post.
Q77. HOTSPOT - (Topic 2)
Your company has a main office and a sales office. The main office has 2,000 users. The sales office has 20 users. All client computers in the sales office run Windows 8.
The sales office contains a print server named App1 that runs Windows Server 2012 R2. App1 has a shared printer named Printer1. Printer1 connects to a network-attached print device.
You plan to connect all of the users in the sales office to Printer1 on App1.
You need to ensure that if App1 fails, the users can continue to print to Printer1.
What should you configure on App1? To answer, select the appropriate option in the answer area.
Answer:
Q78. - (Topic 3)
You have two servers named Server1 and Server2. Both servers run Windows Server 2012 R2. The servers are configured as shown in the following table.
The routing table for Server1 is shown in the Routing Table exhibit. (Click the Exhibit button.)
From Server1, you attempt to ping Server2, but you receive an error message as shown in the Error exhibit. (Click the Exhibit button.)
You need to ensure that you can successfully ping Server2 from Server1. What should you do on Server1?
A. Disable Windows Firewall.
B. Modify the subnet mask.
C. Modify the DNS settings.
D. Modify the default gateway settings.
Answer: D
Explanation:
Route is used to view and modify the IP routing table. Route Print displays a list of current routes that the host knows. Default gateways are important to make IP routing work efficiently. TCP/IP hosts rely on default gateways for most of their communication needs with hosts on remote network segments. In this way, individual hosts are freed of the burden of having to maintain extensive and continuously updated knowledge about individual remote IP network segments. Only the router that acts as the default gateway needs to maintain this level of routing knowledge to reach other remote network segments in the larger inter network. In order for Host A on Network 1 to communicate with Host B on Network 2, Host A first checks its routing table to see if a specific route to Host B exists. If there is no specific route to Host B, Host A forwards its TCP/IP traffic for Host B to its own default gateway, IP Router 1.
The Default Gateway specifies the IP address of a router on the local subnet, which the system will use to access destinations on other networks. If the default gateway settings are not properly configured, then there can be no successful connection.
Reference:
Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 6: Network Administration, Lesson 4: Configuring IPv6/IPv4 Interoperability, p. 269
Q79. - (Topic 1)
Your network contains two Hyper-V hosts that run Windows Server 2012 R2. The Hyper-V
hosts contain several virtual machines that run Windows Server 2012 R2.
You install the Network Load Balancing feature on the virtual machines.
You need to configure the virtual machines to support Network Load Balancing (NLB).
Which virtual machine settings should you configure?
A. DHCP guard
B. Port mirroring
C. Router guard
D. MAC address
Answer: D
Explanation:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/5b3a0a9d-26a2-49ba-bbbe- 29d11fcbb7ce/nlb-on-hyperv?forum=winserverhyperv
For NLB to be configured you need to enable MAC address spoofing.
Q80. - (Topic 3)
You have a server named Server1. Server1 runs Windows Server 2012 R2 and is located in a perimeter network.
You need to configure a custom connection security rule on Server1. The rule must encrypt network communications across the Internet to a computer at another company.
Which authentication method should you configure in the connection security rule?
A. Advanced
B. User (Kerberos V5)
C. Default
D. Computer (Kerberos V5)
E. Computer and user (Kerberos V5)
Answer: A
Explanation:
You need to make use of Advanced authentication method to ensure that communication is
encrypted over the network to the other company from your custom connection security
rule on Server1.
References:
http://technet.microsoft.com/en-us/library/bb742516.aspx
Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 8: File
Services and Storage, p. 428