★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 70-410 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/70-410-dumps.html
Validated of 70-410 brain dumps materials and dump for Microsoft certification for IT engineers, Real Success Guaranteed with Updated 70-410 pdf dumps vce Materials. 100% PASS Installing and Configuring Windows Server 2012 exam Today!
2021 Feb 70-410 installing and configuring windows server 2012 pdf:
Q141. - (Topic 3)
You have a server named Server1 that has the Print and Document Services server role installed.
You need to provide users with the ability to manage print jobs on Server1 by using a web browser.
What should you do?
A. Start the Printer Extensions and Notifications service and set the service to start automatically.
B. Install the LPD Service role service.
C. Start the Computer Browser service and set the service to start automatically.
D. Install the Internet Printing role service.
Answer: D
Explanation:
References: Internet printing makes it possible for computers running Windows Server 2008 to use printers located anywhere in the world by sending print jobs using Hypertext Transfer Protocol (HTTP). http://technet.microsoft.com/en-us/library/cc731368(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc731857.aspx
Q142. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named CONT1 and CONT2. Both servers run Windows Server 2012 R2.
CONT1 has a shared printer named Printer1. CONT2 connects to Printer1 on CONT1.
When you attempt to remove Printer1 from CONT2, you receive the error message shown in the exhibit. (Click the Exhibit button.)
You successfully delete the other printers installed on CONT2.
You need to identify what prevents you from deleting Printer1 on CONT2.
What should you identify?
A. Printer1 is deployed as part of a mandatory profile.
B. Printer1 is deployed by using a Group Policy object (GPO).
C. Your user account is not a member of the Print Operators group on CONT2.
D. Your user account is not a member of the Print Operators group on CONT1.
Answer: B
Q143. - (Topic 3)
You install Windows Server 2012 R2 on a standalone server named Server1. You configure Server1 as a VPN server.
You need to ensure that client computers can establish PPTP connections to Server1.
Which two firewall rules should you create? (Each correct answer presents part of the solution. Choose two.)
A. An inbound rule for protocol 47
B. An outbound rule for protocol 47
C. An inbound rule for TCP port 1723
D. An inbound rule for TCP port 1701
E. An outbound rule for TCP port 1723
F. An outbound rule for TCP port 1701
Answer: A,C
Explanation:
The following is a list of firewall ports which need to be opened for the various VPN tunnel
protocols:
For PPTP:
IP Protocol=TCP, TCP Port number=1723 <- Used by PPTP control path
IP Protocol=GRE (value 47) <- Used by PPTP data path
For L2TP:
IP Protocol Type=UDP, UDP Port Number=500 <- Used by IKEv1 (IPSec control path)
IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv1 (IPSec control path)
IP Protocol Type=ESP (value 50) <- Used by IPSec data path
For SSTP:
IP Protocol=TCP, TCP Port number=443 <- Used by SSTP control and data path
For IKEv2:
IP Protocol Type=UDP, UDP Port Number=500 <- Used by IKEv2 (IPSec control path)
IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv2 (IPSec control path)
IP Protocol Type=ESP (value 50) <- Used by IPSec data path
Q144. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a member server named Server1. Server1 has the File Server server role installed.
On Server1, you create a share named Documents. The Documents share will contain the files and folders of all users.
You need to ensure that when the users connect to Documents, they only see the files to which they have access.
What should you do?
A. Enable access-based enumeration.
B. Configure Dynamic Access Control.
C. Modify the Share permissions.
D. Modify the NTFS permissions.
Answer: A
Explanation:
Access-based Enumeration is a new feature included with Windows Server 2003 Service
Pack 1. This feature allows users of Windows Server 2003-Based file servers to list only
the files and folders to which they have access when browsing content on the file server.
This eliminates user confusion that can be caused when users connect to a file server and
encounter a large number of files and folders that they cannot access. Access-based
Enumeration filters the list of available files and folders on a server to include only those
that the requesting user has access to. This change is important because this allows users
to see only those files and directories that they have access to and nothing else. This
mitigates the scenario where unauthorized users might otherwise be able to see the
contents of a directory even though they don’t have access to it.
Access-Based Enumeration (ABE) can be enabled at the Share properties through Server
Manager
References:
Exam Ref 70-410: Installing and configuring Windows Server 2012 R2, Chapter 2:
Configure server roles and features, Objective 2.1: Configure file and share access, p. 75-
Q145. - (Topic 2)
You are configuring the IPv6 network infrastructure for a branch office.
The corporate network administrator allocates the 2001:DB8:0:C000::/58 address space for use in the branch office.
You need to identify the maximum number of IPv6 subnets you can create.
How many IPv6 subnets should you identify?
A. 32
B. 64
C. 128
D. 1024
Answer: B
Explanation:
IPv6 has 128-bit (16-byte) source and destination IP addresses. Although 128 bits can express over 3.4×1038 possible combinations, the large address space of IPv6 has been designed for multiple levels of subnetting and address allocation from the Internet backbone to the individual subnets within an organization.
: http://technet.microsoft.com/en-us/library/dd379516%28v=WS.10%29.aspx
Most up-to-date powershell cheat sheet 70-410:
Q146. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have Windows Server 2012 R2 installed.
Contoso.com has a domain controller, named ENSUREPASS-DC01.
You have been instructed to make sure that the Group Policy Administrative Templates are available centrally.
Which of the following actions should you take?
A. You should consider copying the policies folder to the PolicyDefinitions folder in the Contoso.com domain’s SYSVOL folder.
B. You should consider copying the PolicyDefinitions folder to the policies folder in the Contoso.com domain’s SYSVOL folder.
C. You should consider copying the PolicyDefinitions folder to the policies folder in the Contoso.com domain’s systemroot folder.
D. You should consider copying the PolicyDefinitions folder to the policies folder in the Contoso.com domain’s logonserver folder.
Answer: B
Explanation:
PolicyDefinitions folder within the SYSVOL folder hierarchy. By placing the ADMX files in this directory, they are replicated to every DC in the domain; by extension, the ADMX-aware Group Policy Management Console in Windows Vista, Windows 7, Windows Server 2008 and R2 can check this folder as an additional source of ADMX files, and will report them accordingly when setting your policies. By default, the folder is not created. Whether you are a single DC or several thousand, I would strongly recommend you create a Central Store and start using it for all your ADMX file storage. It really does work well. The Central Store To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain. To create a Central Store for .admx and .adml files, create a folder that is named PolicyDefinitions in the following location: \\FQDN\SYSVOL\FQDN\policies. Note: FQDN is a fully qualified domain name.
Q147. HOTSPOT - (Topic 3)
Your network contains two Active Directory forests named contoso.com and adatum.com. A two-way forest trust exists between the forests.
You have custom starter Group Policy objects (GPOs) defined in contoso.com.
You need to ensure that the same set of custom starter GPOs are available in adatum.com.
In the table below, identify which action must be performed for the starter GPOs container in each forest. Make only one selection in two of the rows. Each correct selection is worth one point.
Answer:
Q148. - (Topic 3)
Your company’s security policy states that all of the servers deployed to a branch office must not have the graphical user interface (GUI) installed. In a branch office, a support technician installs a server with a GUI installation of Windows Server 2012 on a new server, and then configures the server as a DHCP server.
You need to ensure that the new server meets the security policy. You want to achieve this goal by using the minimum amount of Administrative effort.
What should you do?
A. Reinstall Windows Server 2012 on the server.
B. From Windows PowerShell, run Uninstall-WindowsFeature Desktop-Experience.
C. From Windows PowerShell, run Uninstall-WindowsFeature PowerShell-ISE.
D. From Server Manager, uninstall the User Interfaces and Infrastructure feature.
Answer: D
Q149. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows Server 2012 R2. You log on to Server1. You need to retrieve the IP configurations of Server2. Which command should you run from Server1?
A. winrs -r:server2 ipconfig
B. winrm get server2
C. dsquery *-scope base-attr ip, server2
D. ipconfig > server2.ip
Answer: A
Q150. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The network contains a member server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed and has a primary zone for contoso.com. The Active Directory domain contains 500 client computers. There are an additional 20 computers in a workgroup. You discover that every client computer on the network can add its record to the contoso.com zone.
You need to ensure that only the client computers in the Active Directory domain can register records in the contoso.com zone.
What should you do first?
A. Move the contoso.com zone to a domain controller that is configured as a DNS server
B. Configure the Dynamic updates settings of the contoso.com zone
C. Sign the contoso.com zone by using DNSSEC
D. Configure the Security settings of the contoso.com zone.
Answer: A
Explanation:
If you install DNS server on a non-DC, then you are not able to create AD-integrated zones. DNS update security is available only for zones that are integrated into AD DS. When you directory- integrate a zone, access control list (ACL) editing features are available in DNS Managerso that you can add or remove users or groups from the ACL for a specified zone or resource record.
1. Active Directory’s DNS Domain Name is NOT a single label name (“DOMAIN” vs. the minimal requirement of”domain.com.” “domain.local”, etc.).
2. The Primary DNS Suffix MUST match the zone name that is allowing updates. Otherwise the client doesn’t know what zone name to register in. You can also have a different Conneciton Specific Suffix in addition to the Primary DNS Suffix to register into that zone as well.
3. AD/DNS zone MUST be configured to allow dynamic updates, whether Secure or Secure and Non-Secure. For client machines, if a client is not joined to the domain, and the zone is set to Secure, it will not register either.
4. You must ONLY use the DNS servers that host a copy of the AD zone name or have a reference to get to them. Do not use your ISP’s, an external DNS address, your router as a DNS address, or any other DNS that does not have a copy of the AD zone. Internet resolution for your machines will be accomplished by the Rootservers (Root Hints), however it’s recommended to configure a forwarder for efficient Internet resolution.
5. The domain controller is multihomed (which means it has more than one unteamed, active NIC, more than one IP address, and/or RRAS is installed on the DC).
6. The DNS addresses configured in the client’s IP properties must ONLY reference the DNS server(s) hosting the AD zone you want to update in. This means that you must NOT use an external DNS in any machine’s IP property in an AD environment. You can’t mix them either. That’s because of the way the DNS Client side resolver service works. Even if you mix up internal DNS and ISP’s DNS addresses, the resolver algorithm can still have trouble asking the correct DNS server. It will ask the first one first. If it doesn’t get a response, it removes the first one from the eligible resolvers list and goes to the next in the list. It will not go back to the first one unless you restart the machine, restart the DNS Client service, or set a registry entry to cut the query TTL to 0. The rule is to ONLY use your internal DNS server(s) and configure a forwarder to your ISP’s DNS for efficient Internet resolution. This is the reg entry to cut the query to 0 TTL: The DNS Client service does not revert to using the first server. The Windows 2000 Domain Name System (DNS) Client service (DNS cache) follows a certain algorithm when it decides the order in which to use the DNS servers. http://support.microsoft.com/kb/286834 For more info, please read the following on the client side resolver service: DNS, WINS NetBIOS & the Client Side Resolver, Browser Service, Disabling NetBIOS, Direct Hosted SMB (Direct SMB), If One DC is Down Does a Client logon to Another DC, and DNS Forwarders Algorithm if you have multiple forwarders.
http://msmvps.com/blogs/acefekay/archive/2009/11/29/dns-wins-netbios-amp-the-clientside- resolverbrowserservice-disabling-netbios-direct-hosted-smb-directsmb-if-one-dc-isdown-does-a- client-logon-toanother-dcand-dns-forwarders-algorithm.aspx
7. For DHCP clients, DHCP Option 006 for the clients are set to the same DNS server.
8. If using DHCP, DHCP server must only be referencing the same exact DNS server(s) in
its own IP properties in order for it to ‘force’ (if you set that setting) registration into DNS.
Otherwise, how would it know which DNS to send the reg data to?
9. If the AD DNS Domain name is a single label name, such as “EXAMPLE”, and not the
proper format of ”example.com” and/or any child of that format, such as
“child1.example.com”, then we have a real big problem.
DNS will not allow registration into a single label domain name.
This is for two reasons:
1. It’s not the proper hierarchal format. DNS is hierarchal, but a single label name has no
hierarchy. It’s just a single name.
2. Registration attempts cause major Internet queries to the Root servers. Why? Because it
thinks the single label name, such as “EXAMPLE”, is a TLD (Top Level Domain), such as
“com”, “net”, etc. It will now try to find what Root name server out there handles that TLD.
In the end it comes back to itself and then attempts to register. Unfortunately it does NOT
ask itself first for the mere reason it thinks it’s a TLD. (Quoted from Alan Woods, Microsoft,
2004):
“Due to this excessive Root query traffic, which ISC found from a study that discovered
Microsoft DNS servers are causing excessive traffic because of single label names,
Microsoft, being an internet friendly neighbor and wanting to stop this problem for their
neighbors, stopped the ability to register into DNS with Windows 2000SP4, XP SP1,
(especially XP, which cause lookup problems too), and Windows 2003. After all, DNS is
hierarchal, so therefore why even allow single label DNS domain names?” The above also
*especially* applies to Windows Vista, 7, 2008, 2008 R2, and newer.
10. ‘Register this connection’s address” on the client is not enabled under the NIC’s IP
properties, DNS tab.
11. Maybe there’s a GPO set to force Secure updates and the machine isn’t a joined
member of the domain.
12. ON 2000, 2003 and XP, the “DHCP client” Service not running. In 2008/Vista and
newer, it’s the DNS Client Service. This is a requirement for DNS registration and DNS
resolution even if the client is not actually using DHCP.
13. You can also configure DHCP to force register clients for you, as well as keep the DNS
zone clean of old or duplicate entries. See the link I posted in my previous post.