Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
P.S. Download 70-410 training materials are available on Google Drive, GET MORE: https://drive.google.com/open?id=1gKqa_vO9OeNyYEjdDpkvCkiJIJhS7seE
Question No: 11
Your network contains an Active Directory domain named contoso.com. The network contains 500 client computers that run Windows 8. All of the client computers connect to the Internet by using a web proxy.
You deploy a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed.
You configure all of the client computers to use Server1 as their primary DNS server. You need to prevent Server1 from attempting to resolve Internet host names for the client
computers.
What should you do on Server1?
A. Create a primary zone named u201crootu201d.
B. Create a primary zone named "GlobalNames".
C. Create a forwarder that points to 169.254.0.1.
D. Create a primary zone named u201c.u201d.
Answer: A
Question No: 12
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All servers run Windows Server 2012 R2. The domain contains two domain controllers named DC1 and DC2. Both domain controllers are virtual machines on a Hyper-V host.
You plan to create a cloned domain controller named DC3 from an image of DC1. You need to ensure that you can clone DC1.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A. Add the computer account of DC1 to the Cloneable Domain Controllers group.
B. Create a DCCloneConfig.xml file on DC1.
C. Add the computer account of DC3 to the Cloneable Domain Controllers group.
D. Run the Enable-AdOptionalFeaturecmdlet.
E. Modify the contents of the DefaultDCCIoneAllowList.xml file on DC1.
Answer: A,B
Explanation:
:A. Cloneable Domain Controllers Group Thereu2021s a new group in town. Itu2021s called Cloneable Domain Controllers and you can find it in the Users container. Membership in this group dictates whether a DC can or cannot be cloned. This group has some permissions set on the domain head that should not be removed. Removing these permissions will cause cloning to fail. Also, as a best practice, DCs shouldnu2021t be added to the group until you plan to clone and DCs should be removed from the group once cloning is complete. Cloned DCs will also end up in the Cloneable Domain Controllers group.
:B. DCCloneConfig.xml
Thereu2021s one key difference between a cloned DC and a DC that is being restored to a previous snapshot:
DCCloneConfig.XML.
DCCloneConfig.xml is an XML configuration file that contains all of the settings the cloned DC will take when it boots. This includes network settings, DNS, WINS, AD site name, new DC name and more. This file can be generated in a few different ways.
The New-ADDCCloneConfigcmdlet in PowerShell By hand with an XML editor
By editing an existing config file, again with an XML editor.
Reference: Virtual Domain Controller Cloning in Windows Server 2012.
Question No: 13
Your network contains an Active Directory domain named adatum.com. The domain contains several thousand member servers that run Windows Server 2012 R2. All of the computer accounts for the member servers are in an organizational unit (OU) named ServersAccounts.
Servers are restarted only occasionally.
You need to identify which servers were restarted during the last two days. What should you do?
A. Run dsquery computer and specify the u2013staiepwd parameter.
B. Run Get-ADComputer and specify the SearchScope parameter.
C. Run Get-ADComputer and specify the IastLogon property.
D. Run dsquery server and specify the u2013o parameter
Answer: C
Question No: 14
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2.
Server2 establishes an IPSec connection to Server1.
You need to view which authentication method was used to establish the initial IPSec connection.
What should you do?
A. From Windows Firewall with Advanced Security, view the quick mode security association.
B. From Event Viewer, search the Application Log for events that have an ID of 1704.
C. From Event Viewer, search the Security Log for events that have an ID of 4672.
D. From Windows Firewall with Advanced Security, view the main mode security association.
Answer: D
Explanation:
Main mode negotiation establishes a secure channel between two computers by determining a set of cryptographic protection suites, exchanging keying material to establish a shared secret key, and authenticating computer and user identities. A security association (SA) is the information maintained about that secure channel on the local computer so that it can use the information for future network traffic to the remote computer. You can monitor main mode SAs for information like which peers are currently connected to this computer and which protection suite was used to form the SA.
To get to this view
In the Windows Firewall with Advanced Security MMC snap-in, expand Monitoring, expand Security Associations, and then click Main Mode.
The following information is available in the table view of all main mode SAs. To see the information for a single main mode SA, double-click the SA in the list.
Main mode SA information
You can add, remove, reorder, and sort by these columns in the Results pane: Local Address: The local computer IP address.
Remote Address: The remote computer or peer IP address.
1st Authentication Method: The authentication method used to create the SA.
1st Authentication Local ID: The authenticated identity of the local computer used in first authentication.
1st Authentication Remote ID: The authenticated identity of the remote computer used in first authentication.
2nd Authentication Method: The authentication method used in the SA.
2nd Authentication Local ID: The authenticated identity of the local computer used in second authentication.
2nd Authentication Remote ID: The authenticated identity of the remote computer used in second authentication.
Encryption: The encryption method used by the SA to secure quick mode key exchanges. Integrity: The data integrity method used by the SA to secure quick mode key exchanges. Key Exchange: The Diffie-Hellman group used to create the main mode SA.
Reference: http://technet.microsoft.com/en-us/library/dd448497(v=ws.10).aspx
Question No: 15
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed.
An iSCSI SAN is available on the network.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
You create a LUN on the SAN to host the virtual hard drive files for the virtual machines. You need to create a 3-TB virtual hard disk for VM1 on the LUN. The solution must prevent
VM1 from being paused if the LUN runs out of disk space. Which type of virtual hard disk should you create on the LUN?
A. Dynamically expanding VHDX
B. Fixed-size VHDX
C. Fixed-size VHD
D. Dynamically expanding VHD
Answer: B
Explanation:
The virtual disk needs to be a VHDX file since it is going to be over 2TB in size and it must be fixed-size so that the space is already taken on the server (that way the server does not
run out of space as the volume grows) even if the actual virtual disk does not yet hold that amount of data.
Question No: 16
Your network contains two Hyper-V hosts that run Windows Server 2012 R2. The Hyper-V hosts contain several virtual machines that run Windows Server 2012 R2.
You install the Network Load Balancing feature on the virtual machines.
You need to configure the virtual machines to support Network Load Balancing (NLB). Which virtual machine settings should you configure?
A. DHCP guard
B. Port mirroring
C. Router guard
D. MAC address
Answer: D
Explanation:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/5b3a0a9d-26a2-49ba- bbbe- 29d11fcbb7ce/nlb-on-hyperv?forum=winserverhyperv
For NLB to be configured you need to enable MAC address spoofing.
Question No: 17
Your network contains an Active Directory forest named contoso.com. All domain controllers currently run Windows Server 2008 R2.
You plan to install a new domain controller named DC4 that runs Windows Server 2012 R2.
The new domain controller will have the following configurations:
u2711 Schema master
u2711 Global catalog server
u2711 Active Directory Federation Services server role
u2711 Active Directory Certificate Services server role
You need to identify which configuration can be fulfilled by using the Active Directory Domain Services Configuration Wizard.
Which configuration should you identify?
A. Enable the global catalog server.
B. Install the DNS Server role.
C. Install the Active Directory Certificate Services role.
D. Transfer the schema master.
Answer: A
Question No: 18
You have a server named Server1 that runs Windows Server 2012 R2.
A network technician installs a new disk on Server1 and creates a new volume. The properties of the new volume are shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can enable NTFS disk quotas for volume D. What should you do first?
A. Install the File Server Resource Manager role service.
B. Format volume D.
C. Run the convert.exe command.
D. Convert the disk to a dynamic disk.
Answer: : B
Explanation:
ReFS-formatted disks cannot use NTFS disk quotas, so the drive must be formatted as an NTFS partition
Question No: 19
Your network contains an Active Directory domain named contoso.com. All client computers run Windows You deploy a server named Server1 that runs Windows Server 2012 R2.
You install a new client-server application named App1 on Server1 and on the client computers. The client computers must use TCP port 6444 to connect to App1 on Server1.Server1 publishes the information of App1 to an intranet server named Server2 by using TCP port 3080.
You need to ensure that all of the client computers can connect to App1. The solution must ensure that the application can connect to Server2.
Which Windows Firewall rule should you create on Server1?
A. an inbound rule to allow a connection to TCP port 3080
B. an outbound rule to allow a connection to TCP port 3080
C. an outbound rule to allow a connection to TCP port 6444
D. an inbound rule to allow a connection to TCP port 6444
Answer: D
Explanation:
:A. Server2 needs inbound on 3080.
:B. All ports outbound allowed by default.
:D. Server1 gets request from Client PCu2021s it needs an inbound rule for 6444.
By default, Windows Firewall with Advanced Security blocks all unsolicited inbound network traffic, and allows all outbound network traffic. For unsolicited inbound network traffic to reach your computer, you must create an allow rule to permit that type of network traffic. If a network program cannot get access, verify that in the Windows Firewall with Advanced Security snap-in there is an active allow rule for the current profile. To verify that there is an active allow rule, double-click Monitoring and then click Firewall.
If there is no active allow rule for the program, go to the Inbound Rules node and create a new rule for that program. Create either a program rule, or a service rule, or search for a group that applies to the feature and make sure all the rules in the group are enabled. To permit the traffic, you must create a rule for the program that needs to listen for that traffic. If you know the TCP or UDP port numbers required by the program, you can additionally
restrict the rule to only those ports, reducing the vulnerability of opening up all ports for the program.
Question No: 20
You have a server named Server1 that runs Windows Server 2012 R2.
You plan to use Windows PowerShell Desired State Configuration (DSC) to confirm that the Application Identity service is running on all file servers.
You define the following configuration in the Windows PowerShell Integrated Scripting Environment (ISE):
You need to use DSC to configure Server1 as defined in the configuration. What should you run first?
A. Service1
B. Configuration1
C. Start DscConfiguration
D. Test-DscConfigu ration
Answer: : B
Recommend!! Get the Download 70-410 dumps in VCE and PDF From Certifytools, Welcome to download: https://www.certifytools.com/70-410-exam.html (New 496 Q&As Version)