Exam Code: 70-410 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Installing and Configuring Windows Server 2012
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass 70-410 Exam.
2021 Dec 70-410 exam guide
Q251. - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
On a server named Server2, you perform a Server Core Installation of Windows Server 2012 R2. You join Server2 to the contoso.com domain.
You need to ensure that you can manage Server2 by using the Computer Management console on Server1.
What should you do on Server2?
A. Install Windows Management Framework.
B. Run sconfig.exe and configure Remote Server Administration Tools (RSAT).
C. Install Remote Server Administration Tools (RSAT).
D. Run sconfig.exe and configure remote management.
Answer: D
Explanation:
In Windows Server 2012 R2, you can use the Server Configuration tool (Sconfig.cmd) to configure and manage several common aspects of Server Core installations. You must be a member of the Administrators group to use the tool. Sconfig.cmd is available in the Minimal Server Interface and in Server with a GUI mode.
References: http://technet.microsoft.com/en-us/library/jj647766.aspx Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 2: Deploying servers, p. 80
Q252. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains 100 user accounts that reside in an organizational unit (OU) named OU1.
You need to ensure that a user named User1 can link and unlink Group Policy objects (GPOs) to OU1. The solution must minimize the number of permissions assigned to User1.
What should you do?
A. Run the Delegation of Control Wizard on the Policies containers
B. Run the Set-GPPermission cmdlet
C. Run the Delegation of Control Wizard on OU1
D. Modify the permission on the user1 account
Answer: C
Explanation:
A. Not minimum permissions
B. Grants a level of permissions to a security principal for one GPO or all the GPOs in a domain
C. Minimizes delegated permission to a single OU
D. Will not allow GPO changes to the OU Delegation of Control Wizard The following are common tasks that you can select to delegate control of them: Create, delete, and manage user accounts Reset user passwords and force password change at next logon Read all user information Modify the membership of a group Join a computer to a domain Manage Group Policy links Generate Resultant Set of Policy (Planning) Generate Resultant Set of Policy (Logging) Create, delete, and manage inetOrgPerson accounts Reset inetOrgPerson passwords and force password change at next logon Read all inetOrgPerson information
Q253. - (Topic 3)
Your network contains an Active Directory domain named contoso.com.
You need to prevent users from installing a Windows Store app named App1.
What should you create?
A. An application control policy executable rule
B. An application control policy packaged app rule
C. A software restriction policy certificate rule
D. An application control policy Windows Installer rule
Answer: B
Explanation:
Windows 8 is coming REALLY SOON and of course one of the big new things to computer with that is the new Packaged Apps that run in the start screen. However these apps are very different and do not install like traditional apps to a path or have a true “executable” file to launch the program. Of course enterprises need a way to control these packaged apps and therefore Microsoft has added a new feature Packaged Apps option to the App1ocker feature.
A. For .exe or .com
B. A publisher rule for a Packaged app is based on publisher, name and version
C. You can create a certificate rule that identifies software and then allows or does not allow the software to run, depending on the security level.
D. For .msi or .msp Packaged apps (also known as Windows 8 apps) are new to Windows Server 2012 R2 and Windows 8. They are based on the new app model that ensures that all the files within an app package share the same identity. Therefore, it is possible to control the entire Application using a single App1ocker rule as opposed to the non-packaged apps where each file within the app could have a unique identity. Windows does not support unsigned packaged apps which implies all packaged apps must be signed. App1ocker supports only publisher rules for Packaged apps. A publisher rule for a packaged app is based on the following information: Publisher of the package Package name Package version Therefore, an App1ocker rule for a Packaged app controls both the installation as well as the running of the app. Otherwise, the publisher rules for Packaged apps are no different than the rest of the rule collections; they support exceptions, can be increased or decreased in scope, and can be assigned to users and groups.
Q254. - (Topic 1)
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 are part of a workgroup.
On Server1 and Server2, you create a local user account named Admin1.You add the account to the local Administrators group. On both servers, Admin1 has the same password.
You log on to Server1 as Admin1. You open Computer Management and you.connect to Server2.
When you attempt to create a scheduled task, view the event logs, and manage the shared folders, you receive Access Denied messages.
You need to ensure that you can administer Server2 remotely from Server1 by using Computer Management.
What should you configure on Server2?
A. From Server Manager, modify the Remote Management setting.
B. From Local Users and Groups, modify the membership of the Remote Management Users group.
C. From Windows Firewall, modify the Windows Management Instrumentation (WMI) firewall rule.
D. From Registry Editor, configure the LocalAccountTokenFilterPolicy registry value.
Answer: D
Explanation:
The LocalAccountTokenFilterPolicy setting affects how administrator credentials are applied to remotely administer the computer. : http://support.microsoft.com/kb/942817
Q255. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
When a domain user named User3 attempts to log on to a client computer named Client10, User3 receives the message shown in the following exhibit. (Click the Exhibit button.)
You need to ensure that User3 can log on to Client10.
What should you do?
A. From Active Directory Users and Computers, configure the Logon Workstations setting of User3.
B. On Client10, modify the Allow log on locally User Rights Assignment.
C. From Active Directory Users and Computers, configure the Personal Virtual Desktop property of User3.
D. On Client10, modify the Deny log on locally User Rights Assignment.
Answer: A
Regenerate 70-410 exam prep:
Q256. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have Windows Server 2012 R2 installed.
You have configured a server, named ENSUREPASS-SR07, as a VPN server. You are required to configure new firewall rules for workstation connections.
You want to achieve this using the least amount of administrative effort.
Which of the following actions should you take?
A. You should consider making use of the Enable-NetFirewallRule cmdlet.
B. You should consider making use of the New-NetFirewallRule cmdlet.
C. You should consider making use of dism.exe from the command prompt.
D. You should consider making use of dsadd.exe from the command prompt.
Answer: B
Explanation:
New-NetFirewallRule – Creates a new inbound or outbound firewall rule and adds the rule to the target computer. You can’t Enable what doesn’t exist yet… you must use New-NetFirewallRule
Q257. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have Windows Server 2012 R2 installed.
You have been instructed to make sure that Contoso.com users are not able to install a Windows Store application. You then create a rule for packaged apps.
Which of the following is the rule based on? (Choose all that apply.)
A. The publisher of the package.
B. The publisher of the application.
C. The name of the package
D. The name of the application
E. The package version.
F. The application version.
Answer: A,C,E
Explanation:
Packaged apps (also known as Windows 8 apps) are new to Windows Server 2012 R2 and Windows 8. They are based on the new app model that ensures that all the files within an app package share the same identity. Therefore, it is possible to control the entire application using a single AppLocker rule as opposed to the non-packaged apps where each file within the app could have a unique identity. Windows does not support unsigned packaged apps which implies all packaged apps must be signed. AppLocker supports only publisher rules for Packaged apps. A publisher rule for a Packaged app is based on the following information: Publisher of the package Package name Package version All the files within a package as well as the package installer share these attributes. Therefore, an AppLocker rule for a Packaged app controls both the installation as well as the running of the app. Otherwise, the publisher rules for Packaged apps are no different than the rest of the rule collections; they support exceptions, can be increased or decreased in scope, and can be assigned to users and groups.
Q258. - (Topic 3)
You work as a senior administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed.
You are running a training exercise for junior administrators. You are currently discussing the Windows Firewall with Advanced Security feature.
Which of the following is TRUE with regards to Windows Firewall with Advanced Security? (Choose all that apply.)
A. It provides host-based, two-way network traffic filtering for a computer.
B. It provides host-based, one-way network traffic filtering for a computer.
C. It blocks unauthorized network traffic flowing into or out of the local computer.
D. It only blocks unauthorized network traffic flowing into the local computer.
E. It only blocks unauthorized network traffic flowing out of the local computer.
Answer: A,C
Explanation:
Windows Firewall with Advanced Security is an important part of a layered security model. By providing host-based, two-way network traffic filtering for a computer, Windows Firewall with Advanced Security blocks unauthorized network traffic flowing into or out of the local computer. Windows Firewall with Advanced Security also works with Network Awareness so that it can apply security settings appropriate to the types of networks to which the computer is connected. Windows Firewall and Internet Protocol Security (IPsec) configuration settings are integrated into a single Microsoft Management Console (MMC) named important part of your network’s Windows Firewall with Advanced Security, so Windows Firewall is also an isolation strategy.
Q259. HOTSPOT - (Topic 2)
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed.
You need to implement NIC teaming on Server1.
Which two network connections should you include on the NIC team? (To answer, select the two appropriate network connections in the answer area.)
Answer:
Q260. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
You have a virtual machine named VM1. VM1 has a checkpoint.
You need to modify the Checkpoint File Location of VM1.
What should you do first?
A. Copy the checkpoint file.
B. Delete the checkpoint.
C. Shut down VM1.
D. Pause VM1.
Answer: B