The simple fact is we have set much hard work to satisfy each of our customers. His or her great achievement is the best proof. But it doesn?¡¥t means we are able to stay at here. Every one of the staff members are devoted to improve the particular quality with the Microsoft 70-410 exam products and also the after-sales service. The Microsoft 70-410 exam questions and answers are created within an understandable approach in order to make your passing work easier.
2021 Mar 70-410 study guide
Q161. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The network contains a member server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed and has a primary zone for contoso.com. The Active Directory domain contains 500 client computers. There are an additional 20 computers in a workgroup. You discover that every client computer on the network can add its record to the contoso.com zone.
You need to ensure that only the client computers in the Active Directory domain can register records in the contoso.com zone.
What should you do first?
A. Move the contoso.com zone to a domain controller that is configured as a DNS server
B. Configure the Dynamic updates settings of the contoso.com zone
C. Sign the contoso.com zone by using DNSSEC
D. Configure the Security settings of the contoso.com zone.
Answer: A
Explanation:
If you install DNS server on a non-DC, then you are not able to create AD-integrated zones. DNS update security is available only for zones that are integrated into AD DS. When you directory- integrate a zone, access control list (ACL) editing features are available in DNS Managerso that you can add or remove users or groups from the ACL for a specified zone or resource record.
1. Active Directory’s DNS Domain Name is NOT a single label name (“DOMAIN” vs. the minimal requirement of”domain.com.” “domain.local”, etc.).
2. The Primary DNS Suffix MUST match the zone name that is allowing updates. Otherwise the client doesn’t know what zone name to register in. You can also have a different Conneciton Specific Suffix in addition to the Primary DNS Suffix to register into that zone as well.
3. AD/DNS zone MUST be configured to allow dynamic updates, whether Secure or Secure and Non-Secure. For client machines, if a client is not joined to the domain, and the zone is set to Secure, it will not register either.
4. You must ONLY use the DNS servers that host a copy of the AD zone name or have a reference to get to them. Do not use your ISP’s, an external DNS address, your router as a DNS address, or any other DNS that does not have a copy of the AD zone. Internet resolution for your machines will be accomplished by the Rootservers (Root Hints), however it’s recommended to configure a forwarder for efficient Internet resolution.
5. The domain controller is multihomed (which means it has more than one unteamed, active NIC, more than one IP address, and/or RRAS is installed on the DC).
6. The DNS addresses configured in the client’s IP properties must ONLY reference the DNS server(s) hosting the AD zone you want to update in. This means that you must NOT use an external DNS in any machine’s IP property in an AD environment. You can’t mix them either. That’s because of the way the DNS Client side resolver service works. Even if you mix up internal DNS and ISP’s DNS addresses, the resolver algorithm can still have trouble asking the correct DNS server. It will ask the first one first. If it doesn’t get a response, it removes the first one from the eligible resolvers list and goes to the next in the list. It will not go back to the first one unless you restart the machine, restart the DNS Client service, or set a registry entry to cut the query TTL to 0. The rule is to ONLY use your internal DNS server(s) and configure a forwarder to your ISP’s DNS for efficient Internet resolution. This is the reg entry to cut the query to 0 TTL: The DNS Client service does not revert to using the first server. The Windows 2000 Domain Name System (DNS) Client service (DNS cache) follows a certain algorithm when it decides the order in which to use the DNS servers. http://support.microsoft.com/kb/286834 For more info, please read the following on the client side resolver service: DNS, WINS NetBIOS & the Client Side Resolver, Browser Service, Disabling NetBIOS, Direct Hosted SMB (Direct SMB), If One DC is Down Does a Client logon to Another DC, and DNS Forwarders Algorithm if you have multiple forwarders.
http://msmvps.com/blogs/acefekay/archive/2009/11/29/dns-wins-netbios-amp-the-clientside- resolverbrowserservice-disabling-netbios-direct-hosted-smb-directsmb-if-one-dc-isdown-does-a- client-logon-toanother-dcand-dns-forwarders-algorithm.aspx
7. For DHCP clients, DHCP Option 006 for the clients are set to the same DNS server.
8. If using DHCP, DHCP server must only be referencing the same exact DNS server(s) in
its own IP properties in order for it to ‘force’ (if you set that setting) registration into DNS.
Otherwise, how would it know which DNS to send the reg data to?
9. If the AD DNS Domain name is a single label name, such as “EXAMPLE”, and not the
proper format of ”example.com” and/or any child of that format, such as
“child1.example.com”, then we have a real big problem.
DNS will not allow registration into a single label domain name.
This is for two reasons:
1. It’s not the proper hierarchal format. DNS is hierarchal, but a single label name has no
hierarchy. It’s just a single name.
2. Registration attempts cause major Internet queries to the Root servers. Why? Because it
thinks the single label name, such as “EXAMPLE”, is a TLD (Top Level Domain), such as
“com”, “net”, etc. It will now try to find what Root name server out there handles that TLD.
In the end it comes back to itself and then attempts to register. Unfortunately it does NOT
ask itself first for the mere reason it thinks it’s a TLD. (Quoted from Alan Woods, Microsoft,
2004):
“Due to this excessive Root query traffic, which ISC found from a study that discovered
Microsoft DNS servers are causing excessive traffic because of single label names,
Microsoft, being an internet friendly neighbor and wanting to stop this problem for their
neighbors, stopped the ability to register into DNS with Windows 2000SP4, XP SP1,
(especially XP, which cause lookup problems too), and Windows 2003. After all, DNS is
hierarchal, so therefore why even allow single label DNS domain names?” The above also
*especially* applies to Windows Vista, 7, 2008, 2008 R2, and newer.
10. ‘Register this connection’s address” on the client is not enabled under the NIC’s IP
properties, DNS tab.
11. Maybe there’s a GPO set to force Secure updates and the machine isn’t a joined
member of the domain.
12. ON 2000, 2003 and XP, the “DHCP client” Service not running. In 2008/Vista and
newer, it’s the DNS Client Service. This is a requirement for DNS registration and DNS
resolution even if the client is not actually using DHCP.
13. You can also configure DHCP to force register clients for you, as well as keep the DNS
zone clean of old or duplicate entries. See the link I posted in my previous post.
Q162. - (Topic 1)
Your network contains a server named Server1 that runs Windows Server 2012
R2.Server1 has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.
You plan to schedule a complete backup of Server1 by using Windows Server Backup.
You need to ensure that the state of VM1 is saved before the backup starts.
What should you configure?
A. NUMA topology
B. Resource control
C. resource metering
D. virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Answer: I
Explanation:
The Integration Services settings on virtual machines include services such as operating system shutdown, time synchronization, data exchange, Heartbeat, and Backup (volume snapshot services). This snapshot will ensure that the state of VM1 is saved prior to backup.
References: http://msdn.microsoft.com/en-us/library/dd405549(v=vs.85).aspx Exam Ref 70-410, Installing and Configuring Windows Server 2012 R2, Chapter 3: Configure Hyper-V, Objective 3.1: Create and Configure virtual machine settings, p.144
Q163. - (Topic 3)
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has 2 dual-
core processors and 16 GB of RAM.
You install the Hyper-V server role in Server1.
You plan to create two virtual machines on Server1.
You need to ensure that both virtual machines can use up to 8 GB of memory. The solution
must ensure that both virtual machines can be started simultaneously.
What should you configure on each virtual machine?
A. Dynamic Memory
B. NUMA topology
C. Memory weight
D. Resource Control
Answer: A
Q164. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. All servers run either Windows Server 2008 R2 or Windows Serve 2012 R2. All client computers run either Windows 7 or Windows 8. The domain contains a member server named Server1 that runs Windows Server 2012 R2. Server1 has the File and Storage Services server role installed. On Server1, you create a share named Share1.
You need to ensure that users can use Previous Versions to restore the files in Share1.
What should you configure on Server1?
A. The Shadow Copies settings
B. A Windows Server Backup schedule
C. A data recovery agent
D. The Recycle Bin properties
Answer: A
Explanation:
A. Enable and schedule shadow copies for Share1
B. The backup doesn’t give users access until files are restored
D. No settings for file version
Q165. - (Topic 3)
RODC comes with a number of features that focus on heightened security with limited functionality to remote office users. Which of the following are features of RODC?
A. Filtered Attribute Sets
B. Read-Only DNS
C. Unidirectional Replication
D. All of these
Answer: A
Down to date 70-410 download:
Q166. - (Topic 1)
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2.
The domain contains a user named User1 and a global security group named Group1.
User1 logs on to a client computer named Computer1.
You need to disable the computer account of Computer1.
Which cmdlet should you run?
A. Add-AdPrincipalGroupMember.hip
B. Install-AddsDomainController
C. Install WindowsFeature
D. Install AddsDomain
E. Roname-AdObject
F. Set-AdAccountControl
G. Set-AdGroup
H. Set-User
Answer: F
Explanation:
Set-ADAccountControl Enabled Specifies if an account is enabled. An enabled account requires a password. This parameter sets the Enabled property for an account object. This parameter also sets the ADS_UF_ACCOUNTDISABLE flag of the Active Directory User Account Control (UAC) attribute. Possible values for this parameter include: $false or 0 $true or 1 The following example shows how to set this parameter to enable the account. -Enabled $true
Q167. HOTSPOT - (Topic 1)
Your network contains an Active Directory forest. The forest contains a single domain named contoso.com.
AppLocker policies are enforced on all member servers.
You view the AppLocker policy applied to the member servers as shown in the exhibit. (Click the Exhibit button.)
To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.
Answer:
Q168. HOTSPOT - (Topic 3)
You have a server named Server1. Server1 runs Windows Server 2012 R2.
A user named Admin1 is a member of the local Administrators group.
You need to ensure that Admin1 receives a User Account Control (UAC) prompt when
attempting to open Windows PowerShell as an administrator.
Which setting should you modify from the Local Group Policy Editor?
To answer, select the appropriate setting in the answer area.
Answer:
Q169. - (Topic 3)
Your network contains an Active Directory domain named adatum.com. The computer accounts for all member servers are located in an organizational unit (OU) named Servers. You link a Group Policy object (GPO) to the Servers OU.
You need to ensure that the domain’s Backup Operators group is a member of the local Backup Operators group on each member server. The solution must not remove any groups from the local Backup Operators groups.
What should you do?
A. Add a restricted group named adatum\Backup Operators. Add Backup Operators to the This group is a member of list.
B. Add a restricted group named adatum\Backup Operators. Add Backup Operators to the Members of this group list.
C. Add a restricted group named Backup Operators. Add adatum\Backup Operators to the This group is a member of list.
D. Add a restricted group named Backup Operators. Add adatum\Backup Operators to the Members of this group list.
Answer: A
Q170. - (Topic 3)
Your company has a main office and four branch offices. The main office contains a server named Server1 that runs Windows Server 2012 R2. The IP configuration of each office is configured as shown in the following table.
You need to add a single static route on Server1 to ensure that Server1 can communicate with the hosts on all of the subnets.
Which command should you run?
A. route.exe add -p 192.168.0.0 mask 255.255.248.0 172.31.255.254
B. route.exe add -p 192.168.12.0 mask 255.255.252.0 172.31.255.254
C. route.exe add -p 192.168.8.0 mask 255.255.252.0 172.31.255.254
D. route.exe add -p 192.168.12.0 mask 255.255.255.0 172.31.255.254
Answer: B