Examcollection implementation regarding ?¡ãa whole refund?¡À obligation. If you do buy the 70-410 examination, did not move the primary exam, with the cover or VUE examination clinics have PROMETRIC Close off exam statement minute card, well return all of the valuation on you buy examination, the absolute assurance that the likes and dislikes wont be virtually any lack of. Examcollection 70-410 study resources are definitely the wonderful mixture off the title, coverage regarding 96% or more.
2021 Dec 70-410 free question
Q51. - (Topic 3)
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 is located on the same subnet as all of the client computers. A network technician reports that he receives a “Request timed out” error message when he attempts to use the ping utility to connect to Server1 from his client computer. The network technician confirms that he can access resources on Server1 from his client computer.
You need to configure Windows Firewall with Advanced Security on Server1 to allow the ping utility to connect.
Which rule should you enable?
A. File and Printer Sharing (Echo Request – ICMPv4-In)
B. Network Discovery (WSD-In)
C. File and Printer Sharing (NB-Session-In)
D. Network Discovery (SSDP-In)
Answer: A
Q52. - (Topic 3)
Which of the following is not a type of user account that can be configured in Windows Server 2012 R2?
A. local accounts
B. domain accounts
C. network accounts
D. built-in accounts
Answer: C
Explanation:
A. Incorrect: Local accounts can be created and configured in Windows Server 2012 R2.
B. Incorrect: Domain accounts can be created and configured in Windows Server 2012 R2.
C. Correct: Three types of user accounts can be created and configured in Windows Server 2012: local accounts, domain accounts, and built-in user accounts.
D. Incorrect: Built-in accounts can be created and configured in Windows Server 2012 R2.
Q53. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed.
Contoso.com has a server, named ENSUREPASS-SR07, which has the ADDS, DHCP, and DNS server roles installed. Contoso.com also has a server, named ENSUREPASS-SR08, which has the DHCP, and Remote Access server roles installed. You have configured a server, which has the File and Storage Services server role installed, to automatically acquire an IP address. The server is named ENSUREPASSSR09.
You then create reservation on ENSUREPASS-SR07, and a filter on ENSUREPASS-SR08.
Which of the following is a reason for this configuration?
A. It allows ENSUREPASS-SR09 to acquire a constant IP address from ENSUREPASS-SR08 only.
B. It configures ENSUREPASS-SR09 with a static IP address.
C. It allows ENSUREPASS-SR09 to acquire a constant IP address from ENSUREPASS-SR07 and ENSUREPASSSR08.
D. It allows ENSUREPASS-SR09 to acquire a constant IP address from ENSUREPASS-SR07 only.
Answer: D
Explanation:
To configure the Deny filter In the DHCP console tree of DHCP Server 1, under IPv4, click Filters, right-click Deny under Filters, and then click New Filter. In the New Deny Filter dialog box, in MAC Address, enter a six hexadecimal number representing the MAC or physical address of DHCP Client 2, click Add, and then click Close. Under Filters right-click the Deny node, and then click the Enable pop-up menu item.
Q54. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
On Server1, you create a virtual machine named VM1.
When you try to add a RemoteFX 3D Video Adapter to VM1, you discover that the option is unavailable as shown in the following exhibit. (Click the Exhibit button.)
You need to add the RemoteFX 3D Video Adapter to VM1.
What should you do first?
A. On Server1, run the Add-VMRemoteFx3dVideoAdapter cmdlet
B. On Server1, install the Media Foundation feature.
C. On Server1, run the Enable-VMRemoteFxPhysicalVideoAdaptercmdlet.
D. On Server1, install the Remote Desktop Visualization Host (RD Visualization Host) role service.
Answer: D
Explanation:
Remote Desktop services are not available in server core installation; you need to add the
role.
References:
Exam Ref 70-410: Installing and Configuring Windows Server 2012 R2, Chapter 1:
Installing and Configuring servers, Objective 1.2:
Configure servers, p. 19
http://technet.microsoft.com/en-us/library/hh848506(v=wps.620).aspx http://technet.microsoft.com/en-us/library/hh848520(v=wps.620).aspx http://technet.microsoft.com/en-us/library/ff817586(v=ws.10).aspx
Q55. - (Topic 3)
You have an Active Directory domain named contoso.com. You have a domain controller named Server1 that is configured as a DNS server. Server1 hosts a standard primary zone for contoso.com. The DNS configuration of Server1 is shown in the exhibit.
You discover that stale resource records are not automatically removed from the contoso.com zone.
You need to ensure that the stale resource records are automatically removed from the contoso.com zone.
What should you do?
A. Set the scavenging period of Server1 to 0 days.
B. Modify the Server Aging/Scavenging properties.
C. Configure the aging properties for the contoso.com zone.
D. Convert the contoso.com zone to an Active Directory-integrated zone.
Answer: C
Explanation:
Scavenging or aging as it is also known as automates the deletion of old records. When scavenging is disabled, these records must be deleted manually or the size of the DNS database can become large and have an adverse effect on performance. In the exhibit it shows that scavenging is enabled on Server1, thus you should configure the aging properties for the zone.
Refresh 70-410 exam answers:
Q56. - (Topic 3)
You work as a senior administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed.
You are running a training exercise for junior administrators. You are currently discussing the use of Non-Uniform Memory Architecture (NUMA).
Which of the following is TRUE with regards to Non-Uniform Memory Architecture (NUMA)? (Choose two.)
A. It is a computer architecture used in multiprocessor systems.
B. It is a computer architecture used in single processor systems.
C. It allows a processor to access local memory faster than it can access remote memory.
D. It allows a processor to access remote memory faster than it can access local memory.
Answer: A,C
Explanation:
NUMA is a hardware design feature that divides CPUs and memory in a physical server into NUMA nodes. You get the best performance when a process uses memory and CPU from within the same NUMA node. de is full, then it’ll get memory from When a process requires more memory, but the current NUMA no another NUMA node and that comes at a performance cost to that process, and possibly all other processes on that physical server. And that’s why virtualization engineers need to be aware of this. In Hyper-V we have Dynamic Memory. Non-Uniform Memory Access or Non-Uniform Memory Architecture (NUMA) is a computer memory design used in multiprocessors, where the memory access time depends on the memory location relative to a processor. Under ccNUMA, a processor can access its own local memory faster than non-local memory, that is, memory local to another processor or memory shared between processors. NUMA architectures logically follow in scaling from symmetric multiprocessing (SMP) architectures.
Q57. - (Topic 1)
You have a server named Server1 that runs Windows Server 2012 R2.
You plan to use Windows PowerShell Desired State Configuration (DSC) to confirm that the Application Identity service is running on all file servers.
You define the following configuration in the Windows PowerShell Integrated Scripting Environment (ISE):
You need to use DSC to configure Server1 as defined in the configuration.
What should you run first?
A. Service1
B. Configuration1
C. Start DscConfiguration
D. Test-DscConfigu ration
Answer: B
Q58. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.Client computers run either Windows 7 or Windows 8.
All of the computer accounts of the client computers reside in an organizational unit (OU) named Clients. A Group Policy object (GPO) named GPO1 is linked to the Clients OU. All of the client computers use a DNS server named Server1.
You configure a server named Server2 as an ISATAP router. You add a host (A) record for ISATAP to the contoso.com DNS zone.
You need to ensure that the client computers locate the ISATAP router.
What should you do?
A. Run the Set-DnsServerGlobalQueryBlockList cmdlet on Server1.
B. Configure the Network Options Group Policy preference of GPO1.
C. Run the Add-DnsServerResourceRecord cmdlet on Server1.
D. Configure the DNS Client Group Policy setting of GPO1.
Answer: A
Explanation:
The Set-DnsServerGlobalQueryBlockList command will change the settings of a global query block list which you can use to ensure that client computers locate the ISATAP router.
Windows Server 2008 introduced a new feature, called “Global Query Block list”, which prevents some arbitrary machine from registering the DNS name of WPAD. This is a good security feature, as it prevents someone from just joining your network, and setting himself up as a proxy. The dynamic update feature of Domain Name System (DNS) makes it possible for DNS client computers to register and dynamically update their resource records with a DNS server whenever a client changes its network address or host name. This reduces the need for manual administration of zone records. This convenience comes at a cost, however, because any authorized client can register any unused host name, even a host name that might have special significance for certain Applications. This can allow a malicious user to take over a special name and divert certain types of network traffic to that user’s computer. Two commonly deployed protocols are particularly vulnerable to this type of takeover: the Web Proxy Automatic Discovery Protocol (WPAD) and the Intra-site Automatic Tunnel Addressing Protocol (ISATAP). Even if a network does not deploy these protocols, clients that are configured to use them are vulnerable to the takeover that DNS dynamic update enables. Most commonly, ISATAP hosts construct their PRLs by using DNS to locate a host named isatap on the local domain. For example, if the local domain is corp.contoso.com, an ISATAP-enabled host queries DNS to obtain the IPv4 address of a host named isatap.corp.contoso.com. In its default configuration, the Windows Server 2008 DNS Server service maintains a list of names that, in effect, it ignores when it receives a query to resolve the name in any zone for which the server is authoritative. Consequently, a malicious user can spoof an ISATAP router in much the same way as a malicious user can spoof a WPAD server: A malicious user can use dynamic update to register the user’s own computer as a counterfeit ISATAP router and then divert traffic between ISATAP-enabled computers on the network. The initial contents of the block list depend on whether WPAD or ISATAP is already deployed when you add the DNS server role to an existing Windows Server 2008 deployment or when you upgrade an earlier version of Windows Server running the DNS Server service. Add-DnsServerResourceRecord – The Add-DnsServerResourceRecordcmdlet adds a resource record for a Domain Name System (DNS) zone on a DNS server. You can add different types of resource records. Use different switches for different record types. By using this cmdlet, you can change a value for a record, configure whether a record has a time stamp, whether any authenticated user can update a record with the same owner name, and change lookup timeout values, Windows Internet Name Service (WINS) cache settings, and replication settings. Set-DnsServerGlobalQueryBlockList – The Set-DnsServerGlobalQueryBlockListcmdlet changes settings of a global query block list on a Domain Name System (DNS) server. This cmdlet replaces all names in the list of names that the DNS server does not resolve with the names that you specify. If you need the DNS server to resolve names such as ISATAP and WPAD, remove these names from the list. Web Proxy Automatic Discovery Protocol (WPAD) and Intra-site Automatic Tunnel Addressing Protocol (ISATAP) are two commonly deployed protocols that are particularly vulnerable to hijacking.
References: Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 4: Deploying domain controllers, Lesson 4: Configuring IPv6/IPv4 Interoperability, p. 254-256 http://technet.microsoft.com/en-us/library/jj649942(v=wps.620).aspx http://technet.microsoft.com/en-us/library/jj649876(v=wps.620).aspx http://technet.microsoft.com/en-us/library/jj649874.aspx http://technet.microsoft.com/en-us/library/jj649909.aspx
Q59. - (Topic 3)
Your network contains one Active Directory domain named contoso.com. The domain contains
2,000 client computers used by students. You recently discover an increase in calls to the helpdesk that relate to security policy to meet the following requirement:
. Modify the UserName of the built-in account named Administrator . Support a time mismatch between client computers and domain controllers of up to three minutes.
Which Two security settings should you modify?
A. Account Policies
B. Password Policy
C. Account Lockout Policy
D. Kerberos Policy
E. Local Policies
F. Audit Policy
G. User Rights Assignment
H. Security Options
Answer: D,H
Explanation:
In Group Policy Object Editor, click Computer Configuration, click Windows Settings, click Security Settings, click Local Policies, and then click Security Options. In the details pane, double-click Accounts: Rename administrator account.
Q60. - (Topic 3)
Your network contains an Active Directory forest that contains three domains. A group named Group1 is configured as a domain local distribution group in the forest root domain. You plan to grant Group1 read-only access to a shared folder named Share1. Share1 is located in a child domain.
You need to ensure that the members of Group1 can access Share1.
What should you do first?
A. Convert Group1 to a global distribution group.
B. Convert Group1 to a universal security group.
C. Convert Group1 to a universal distribution group.
D. Convert Group1 to a domain local security group
Answer: B