There are many regarding benefits when youve acquired the Microsoft 70-410 qualifications. The actual 70-410 qualifications may be a sort of ensure that you have the top volume of awareness about the That dept and you will clear up nearly all of conditions the spot of the usb ports suffers from. Also, the particular 70-410 qualifications could also increase the really worth inside the sight to your organisations. Should you be looking for just a position, the particular 70-410 qualifications will assist you to reach the very best position. Should you be looking for campaign, the particular 70-410 qualifications will help make this specific possible for an individual. Additionally, the particular 70-410 qualifications improve your valuation in your enterprise at the same time.
2021 Apr 70-410 free practice exam
Q51. - (Topic 3)
Your network contains an Active Directory domain named contoso.com.
You have a Group Policy object (GPO) named GPO1 that contains several user settings.
GPO1 is linked to an organizational unit (OU) named OU1.
The help desk reports that GPO1 applies to only some of the users in OU1.
You open Group Policy Management as shown in the exhibit. (Click the Exhibit button.)
You need to configure GPO1 to apply to all of the users in OU1.
What should you do?
A. Modify the Security settings of GPO1.
B. Disable Block Inheritance on OU1.
C. Modify the GPO status of GPO1.
D. Enforce GPO1.
Answer: A
Explanation:
Inheritance is blocked, but that would only affect policies applied ABOVE the given OU, not
the one applied directly to it (as is the case with GPO1). Also Enforcing a policy is only going to cause it to be applied even when inheritance is blocked (which, as mentioned, does not make a difference on policies which are directly linked to the OU as a child). That means that there must be something in the security settings (such as a Security Group which does not have the “read” or “Apply group policy” permission) preventing ALL of the users in OU1 from having the policy applied. (GPO status is the status of its replication within the forest, so it is not relevant here.)
Q52. HOTSPOT - (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Hyperv1 and a domain controller named DC1. Hyperv1 has the Hyper-V server role installed. DC1 is a virtual machine on Hyperv1.
Users report that the time on their client computer is incorrect.
You log on to DC1 and verify that the time services are configured correctly.
You need to prevent time conflicts between the time provided by DC1 and other potential
time sources.
What should you configure?
To answer, select the appropriate object in the answer area.
Answer:
Q53. - (Topic 1)
Your network contains an Active Directory domain named adatum.com. The domain contains several thousand member servers that run Windows Server 2012 R2.All of the computer accounts for the member servers are in an organizational unit (OU) named ServersAccounts.
Servers are restarted only occasionally.
You need to identify which servers were restarted during the last two days.
What should you do?
A. Run dsquery computer and specify the –staiepwd parameter.
B. Run Get-ADComputer and specify the SearchScope parameter.
C. Run Get-ADComputer and specify the IastLogon property.
D. Run dsquery server and specify the –o parameter
Answer: C
Q54. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains 500 servers that run Windows Server 2012 R2.
You have a written security policy that states the following:
Only required ports must be open on the servers.
All of the servers must have Windows Firewall enabled.
Client computers used by administrators must be allowed to access all of the ports
on all of the servers.
Client computers used by the administrators must be authenticated before the
client computers can access the servers.
You have a client computer named Computer1 that runs Windows 8.
... .
You need to ensure that you can use Computer1 to access all of the ports on all of the servers successfully. The solution must adhere to the security policy.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. On Computer1, create a connection security rule.
B. On all of the servers, create an outbound rule and select the Allow the connection if it is secure option.
C. On all of the servers, create an inbound rule and select the Allow the connection if it is secure option.
D. On Computer1, create an inbound rule and select the Allow the connection if it is secure option.
E. On Computer1, create an outbound rule and select the Allow the connection if it is secure option.
F. On all of the servers, create a connection security rule.
Answer: A,C,F
Explanation:
Unlike firewall rules, which operate unilaterally, connection security rules require that both
communicating computers have a policy with connection security rules or another
compatible IPsec policy.
Traffic that matches a firewall rule that uses the Allow connection if it is secure setting
bypasses Windows Firewall. The rule can filter the traffic by IP address, port, or protocol.
This method is supported on Windows Vista or Windows Server 2008.
References:
http://technet.microsoft.com/en-us/library/cc772021.aspx
http://technet.microsoft.com/en-us/library/cc753463.aspx
Q55. - (Topic 2)
You have two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the DHCP Server server role installed.
You need to create an IPv6 reservation for Server2.
Which two values should you obtain from Server2? (Each correct answer presents part of the solution. Choose two.)
A. the hardware ID
B. the DHCPv6 unique identifier
C. the DHCPv6 identity association ID
D. the SMSBIOS GUID
E. the MAC address
Answer: B,C
Explanation:
The Add-DhcpServerv6Reservation cmdlet reserves a specified IPv6 address for the client identified by the specified Dynamic Host Configuration Protocol (DHCP) v6 unique identifier (ID) (DUID) and identity association ID (IAID).
Up to the immediate present 70-410 exam question:
Q56. HOTSPOT - (Topic 3)
Your network contains an Active Directory domain named contoso.com. All client
computers run Windows 8.
An administrator creates an application control policy and links the policy to an
organizational unit (OU) named OU1. The application control policy contains several deny
rules. The deny rules apply to the Everyone group.
You need to prevent users from running the denied application.
What should you configure?
To answer, select the appropriate object in the answer area.
Answer:
Q57. - (Topic 3)
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has five network adapters. Three of the network adapters are connected to a network named LAN1. The two other network adapters are connected to a network named LAN2.
You need to create a network adapter team from the three network adapters connected to LAN1.
Which tool should you use?
A. Routing and Remote Access
B. Network and Sharing Center
C. Server Manager
D. Network Load Balancing Manager
Answer: C
Q58. HOTSPOT - (Topic 3)
Your network contains an Active Directory domain. The domain contains a server named Server28.
The computer account of Server 28 is located in an organizational unit (OU) named OU1. A Group Policy object (GPO) named Application Restriction Policy is linked to OU1.
The settings of the GPO are configured as shown in the GPO Settings exhibit. (Click the Exhibit button.)
The Services console on Server28 is shown in the Services exhibit. (Click the Exhibit
button.)
Select Yes if the statement can be shown to be true based on the available information; otherwise select No. Each correct selection is worth one point.
Answer:
Q59. - (Topic 3)
You have a Hyper-V host named Server1 that runs Windows Server 2012 R2.
Server1 hosts several virtual machines. Each virtual machine has two network adapters.
Server1 contains several virtual switches.
On Server1, you create a NIC team that has two network adapters.
You discover that the NIC team is set to Static Teaming mode.
You need to modify the NIC teaming mode to Switch Independent.
Which cmdlet should you use?
A. Set-VMNetworkAdapter
B. Set-NetLbfoTeam
C. Set-NetLbfoTeamNic
D. Set-VMSwitch
Answer: B
Explanation: The Set-NetLbfoTeam cmdlet sets the TeamingMode or LoadBalancingAlgorithm parameters on the specified NIC team.
https://technet.microsoft.com/en-us/library/jj130844(v=wps.630).aspx
Q60. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The network contains a domain controller named DC1 that has the DNS Server server role installed. DC1 has a standard primary DNS zone for contoso.com.
You need to ensure that only client computers in the contoso.com domain will be able to add their records to the contoso.com zone.
What should you do first?
A. Sign the contoso.com zone.
B. Modify the Security settings of DC1.
C. Modify the Security settings of the contoso.com zone.
D. Store the contoso.com zone in Active Directory.
Answer: D
Explanation:
Only Authenticated users can create records when zone is stored in AD.
Secure dynamic updates allow an administrator to control what computers update what
names and prevent unauthorized computers from overwriting existing names in DNS.
References:
Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter 6: Network
Administration, Lesson 2: Implementing DNSSEC, p. 237
http://technet.microsoft.com/en-us/library/cc731204(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc755193.aspx