It is more faster and easier to pass the Microsoft 70 410 dumps pdf exam by using Downloadable Microsoft Installing and Configuring Windows Server 2012 questuins and answers. Immediate access to the Replace 70 410 dumps Exam and find the same core area vce 70 410 questions with professionally verified answers, then PASS your exam with a high score now.
P.S. Downloadable 70-410 bootcamp are available on Google Drive, GET MORE: https://drive.google.com/open?id=1Tx7a0Kv4S8BSp9VK9XVHC-fWKOkcNnJK
New Microsoft 70-410 Exam Dumps Collection (Question 6 - Question 15)
Q1. Your network contains an Active Directory domain named contoso.com. The domain contains 100 user accounts that reside in an organizational unit (OU) named 0U1. You
need to ensure that a user named User1 can link and unlink Group Policy objects (GPOs) to OU1. The solution must minimize the number of permissions assigned to User1.
What should you do?
A. Modify the permissions on OU1.
B. Run the Set-GPPermission cmdlet.
C. Add User1 to the Group Policy Creator Owners group.
D. Modify the permissions on the User1 account.
Answer: A
Explanation:
Q2. You install Windows Server 2012 R2 on a standalone server named Server1. You configure Server1 as a VPN server.
You need to ensure that client computers can establish PPTP connections to Server1. Which two firewall rules should you create? (Each correct answer presents part of the
solution. Choose two.)
A. An inbound rule for protocol 47
B. An outbound rule for protocol 47
C. An inbound rule for TCP port 1723
D. An inbound rule for TCP port 1701
E. An outbound rule for TCP port 1723
F. An outbound rule for TCP port 1701
Answer: A,C
Explanation:
The following is a list of firewall ports which need to be opened for the various VPN tunnel protocols:
For PPTP:
IP Protocol=TCP, TCP Port number=1723 <- Used by PPTP control path IP Protocol=GRE (value 47) <- Used by PPTP data path
For L2TP:
IP Protocol Type=UDP, UDP Port Number=500 <- Used by IKEv1 (IPSec control path) IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv1 (IPSec control path) IP Protocol Type=ESP (value 50) <- Used by IPSec data path
For SSTP:
IP Protocol=TCP, TCP Port number=443 <- Used by SSTP control and data path
For IKEv2:
IP Protocol Type=UDP, UDP Port Number=500 <- Used by IKEv2 (IPSec control path) IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv2 (IPSec control path) IP Protocol Type=ESP (value 50) <- Used by IPSec data path
Q3. Your network contains an Active Directory domain named contoso.com. The domain contains an application server named Server1. Server1 runs Windows Server 2012 R2. You have a client application named App1 that communicates to Server1 by using dynamic TCP ports.
On Server1, a technician runs the following command: New-NetFirewallRule -DisplayName AllowDynamic - Direction Outbound -LocalPort 1024- 65535 -Protocol TCP.
Users report that they can no longer connect to Server1 by using App1. You need to ensure that App1 can connect to Server1.
What should you run on Server1?
A. Set-NetFirewallRule -DisplayName AllowDynamic -Action Allow
B. netsh advfirewall firewall set rule name=allowdynamic new action = allow
C. Set-NetFirewallRule -DisplayName AllowDynamic -Direction Inbound
D. netsh advfirewall firewall add rule name=allowdynamic action=allow
Answer:: C
Q4. You work as a senior administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed.
You are running a training exercise for junior administrators. You are currently discussing what happens when you run the Remove-NetLbfoTeam Windows PowerShell cmdlet.
Which of the following describes the results of running this cmdlet?
A. It removes one or more network adapters from a specified NIC team.
B. It removes a team interface from a NIC team.
C. It removes a specified NIC team from the host.
D. It removes a network adapter member from a switch team.
Answer: C
Explanation:
Remove-NetLbfoTeam removes the specified NIC team from the host.
The Remove-NetLbfoTeam cmdlet removes the specified NIC team from the host. This cmdlet disconnects all associated team members and providers from the team. You can specify the team to remove by using either a team object retrieved by Get-NetLbfoTeam, or by specifying a team name.
You can use Remove-NetLbfoTeam to remove all NIC teams from the server. You need administrator privileges to use Remove-NetLbfoTeam.
Q5. You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed.
You have received instructions to convert a basic disk to a GPT disk.
Which of the following is TRUE with regards to GPT disks? (Choose all that apply.)
A. To convert a basic disk to a GPT disk, the disk must not contain any partitions or volumes.
B. You can convert a basic disk to a GPT disk, regardless of partitions or volumes.
C. GPT is required for disks larger than 2 TB.
D. GPT is required for disks smaller than 2 TB.
E. The GPT partition style can be used on removable media.
F. GPT disks make use of the standard BIOS partition table.
Answer: A,C
Explanation:
:A. For a drive to be eligible for conversion to dynamic, all basic data partitions on the drive must be contiguous.
:C. GPT allows a much larger partition size greater than 2 terabytes (TB) D. 2 terabytes is the limit for MBR disks.
:E. Dynamic disks are not supported on portable computers, removable disks, detachable disks that use USB or IEEE 1394 interfaces.
:F. Windows only supports booting from a GPT disk on systems that contain Unified Extensible Firmware Interface (UEFI) boot firmware.
Master boot record (MBR) disks use the standard BIOS partition table. GUID partition table (GPT) disks use unified extensible firmware interface (UEFI). One advantage of GPT disks is that you can have more than four partitions on each disk. GPT is also required for disks larger than 2 terabytes.
Portable computers and removable media.
Dynamic disks are not supported on portable computers, removable disks, detachable disks that use Universal Serial Bus (USB) or IEEE 1394 (also called FireWire) interfaces, or on disks connected to shared SCSI buses. If you are using a portable computer and right- click a disk in the graphical or list view in Disk Management, you will not see the option to convert the disk to dynamic.
Dynamic disks are a separate form of volume management that allows volumes to have noncontiguous extents on one or more physical disks. Dynamic disks and volumes rely on the Logical Disk Manager (LDM) and Virtual Disk Service (VDS) and their associated features. These features enable you to perform tasks such as converting basic disks into dynamic disks, and creating fault-tolerant volumes. To encourage the use of dynamic disks, multi-partition volume support was removed from basic disks, and is now exclusively supported on dynamic disks. GPT disks can be converted to MBR disks only if all existing partitioning is first deleted, with associated loss of data.
Q. What happens when a basic disk is converted to dynamic?
:A. For a drive to be eligible for conversion to dynamic, all basic data partitions on the drive must be contiguous.
If other unrecognized partitions separate basic data partitions, the disk cannot be converted. This is one of the reasons that the MSR must be created before any basic data partitions. The first step in conversion is to separate a portion of the MSR to create the configuration database partition. All non-bootable basic partitions are then combined into a single data container partition. Boot partitions are retained as separate data container partitions. This is analogous to conversion of primary partitions.
Windows XP and later versions of the Windows operating system differs from Windows 2000 in that basic and extended partitions are preferentially converted to a single 0x42 partition, rather than being retained as multiple distinct 0x42 partitions as on Windows 2000.
Q6. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2.
You plan to create a shared folder. The shared folder will have a quota limit.
You discover that when you run the New Share Wizard, you cannot select the SMB Share
u2013 Advanced option.
You need to ensure that you can use SMB Share u2013 Advanced to create the new share. What should you do on Server1 before you run the New Share Wizard?
A. Run the Set-SmbShare cmdlet.
B. Install the File Server Resource Manager role service.
C. Configure Dynamic Access Control and Apply a central access policy.
D. Configure the Advanced system settings.
Answer: B
Q7. Your network contains two Active Directory forests named contoso.com and adatum.com. All servers run Windows Server 2012 R2.
A one-way external trust exists between contoso.com and adatum.com.
Adatum.com contains a universal group named Group1. You need to prevent Group1 from being used to provide access to the resources in contoso.com.
What should you do?
A. Modify the Managed By settings of Group1.
B. Modify the Allowed to Authenticate permissions in adatum.com.
C. Change the type of Group1 to distribution.
D. Modify the name of Group1.
Answer:: B
Explanation:
* Accounts that require access to the customer Active Directory will be granted a special right called Allowed to Authenticate. This right is then applied to computer objects (Active Directory domain controllers and AD RMS servers) within the customer Active Directory to which the account needs access.
* For users in a trusted Windows Server 2008 or Windows Server 2003 domain or forest to be able to access resources in a trusting Windows Server 2008 or Windows Server 2003 domain or forest where the trust authentication setting has been set to selective authentication, each user must be explicitly granted the Allowed to Authenticate permission on the security descriptor of the computer objects (resource computers) that reside in the trusting domain or forest.
Q8. Your network contains an Active Directory domain named contoso.com. All user accounts in the sales department reside in an organizational unit (OU) named OU1.
You have a Group Policy object (GPO) named GPO1. GPO1 is used to deploy a logon script to all of the users in the sales department.
You discover that the logon script does not run when the sales users log on to their computers. You open Group Policy Management as shown in the exhibit.
You need to ensure that the logon script in GPO1 is applied to the sales users. What should you do?
A. Enforce GPO1.
B. Modify the link order of GPO1.
C. Modify the Delegation settings of GPO1.
D. Enable the link of GPO1.
Answer: D
Q9. Your network contains an Active Directory domain named contoso.com.
You need to prevent users from installing a Windows Store app named App1. What should you create?
A. An application control policy executable rule
B. An application control policy packaged app rule
C. A software restriction policy certificate rule
D. An application control policy Windows Installer rule
Answer: B
Explanation:
Windows 8 is coming REALLY SOON and of course one of the big new things to computer with that is the new Packaged Apps that run in the start screen. However these apps are very different and do not install like traditional apps to a path or have a true u201cexecutableu201d file to launch the program. Of course enterprises need a way to control these packaged apps and therefore Microsoft has added a new feature Packaged Apps option to the App1ocker feature.
:A. For .exe or .com
:B. A publisher rule for a Packaged app is based on publisher, name and version
:C. You can create a certificate rule that identifies software and then allows or does not allow the software to run, depending on the security level.
:D. For .msi or .msp
Packaged apps (also known as Windows 8 apps) are new to Windows Server 2012 R2 and Windows 8. They are based on the new app model that ensures that all the files within an app package share the same identity.
Therefore, it is possible to control the entire Application using a single App1ocker rule as opposed to the non-packaged apps where each file within the app could have a unique
identity. Windows does not support unsigned packaged apps which implies all packaged apps must be signed. App1ocker supports only publisher rules for Packaged apps. A publisher rule for a packaged app is based on the following information:
Publisher of the package Package name
Package version
Therefore, an App1ocker rule for a Packaged app controls both the installation as well as the running of the app. Otherwise, the publisher rules for Packaged apps are no different than the rest of the rule collections; they support exceptions, can be increased or decreased in scope, and can be assigned to users and groups.
Q10. Your network contains an Active Directory domain named contoso.com. The domain contains 100 user accounts that reside in an organizational unit (OU) named OU1.
You need to ensure that a user named User1 can link and unlink Group Policy objects (GPOs) to OU1. The solution must minimize the number of permissions assigned to User1.
What should you do?
A. Run the Delegation of Control Wizard on the Policies containers
B. Run the Set-GPPermission cmdlet
C. Run the Delegation of Control Wizard on OU1
D. Modify the permission on the user1 account
Answer: C
Explanation:
:A. Not minimum permissions
:B. Grants a level of permissions to a security principal for one GPO or all the GPOs in a domain
:C. Minimizes delegated permission to a single OU
:D. Will not allow GPO changes to the OU Delegation of Control Wizard
The following are common tasks that you can select to delegate control of them: Create, delete, and manage user accounts
Reset user passwords and force password change at next logon Read all user information Modify the membership of a group
Join a computer to a domain Manage Group Policy links
Generate Resultant Set of Policy (Planning) Generate Resultant Set of Policy (Logging)
Create, delete, and manage inetOrgPerson accounts
Reset inetOrgPerson passwords and force password change at next logon Read all inetOrgPerson information
Recommend!! Get the Downloadable 70-410 dumps in VCE and PDF From Surepassexam, Welcome to download: https://www.surepassexam.com/70-410-exam-dumps.html (New 496 Q&As Version)