Friday, September 20, 2013

70-410 -Updated Questions & Answers

Exam 70-410 changed recently and key4pass have this updated with pass guarantee.So intead of trying outdated dump for 70-410 please use the below dumps and save your money by avoiding fail to exam.

Installing and Configuring Windows Server 2012

Exam Code: 70-410
Exam Name: Installing and Configuring Windows Server 2012
Questions and Answers: 336
Update Time: 20/09/2013


Question No : 1 - (Topic 0)
The disks on Server1 are configured as shown in the exhibit. (Click the Exhibit button.)


You create a virtual machine on Server1.

You need to ensure that you can configure a pass-through disk for the virtual machine.

What should you do?

A. Delete partition E.
B. Convert Disk 1 to a GPT disk.
C. Convert Disk 1 to a dynamic disk.
D. Take Disk 1 offline.
Answer: D

Explanation:

Pass-Through Disk must be offline
Pass-through Disk Configuration
Hyper-V allows virtual machines to access storage mapped directly to the Hyper-V server
without requiring thevolume be configured. The storage can either be a physical disk
internal to the Hyper-V server or it can be aStorage Area Network (SAN) Logical Unit (LUN)


mapped to the Hyper-V server. To ensure the Guest hasexclusive access to the storage, it

must be placed in an Offline state from the Hyper-V serverperspective

http://blogs.technet.com/b/askcore/archive/2008/10/24/configuring-pass-through-disks-inhyper-
v.aspx
http://technet.microsoft.com/pt-pt/library/ff404147%28v=ws.10%29.aspx

Question No : 2 - (Topic 0)
You have a server named Server1 that runs Windows Server 8. Server1 has the Hyper-V
server role installed.

You have fixed-size VHD named Files.vhd.

You need to make the contents in Files.vhd available to several virtual machines.

The solution must meet the following requirements:

.
Ensure that if the contents are changed on any virtual machine, the changes are
not reflected on the other virtual machines.
.
Minimize the amount of disk space used.

What should you do?

A. Create a dynamically expanding VHDX. Transfer the information from Files.vhd to the
new VHDX file.
B. Create a fixed-size VHDX. Transfer the information from Files.vhd to the new VHDX file.
C. Convert Files.vhd to a dynamically expanding VHD.
D. Create differencing VHDs that use Files.vhd as the parent disk.
Answer: D

Explanation:

A. A conversion would be needed from VHD to VHDX. Not available to multiple VM's
B. Single VHD not available to multiple VM's. Changes wouldn't be reflected
C. A conversion would be needed from VHD to VHDX. Not available to multiple VM's
D. Child disk for multiple VM's with Files.vhd as parent
A differencing disk is associated with another virtual hard disk that you select when you


create the differencing disk. This means that the disk to which you want to associate the
differencing disk must exist first. This virtual hard disk is called the "parent" disk and the
differencing disk is the "child" disk. The parent disk can be any type of virtual hard disk.
The differencing disk stores all changes that would otherwise be made to the parent disk if
the differencing disk was not being used. The differencing disk provides an ongoing way to
save changes without altering the parent disk. You can use the differencing disk to store
changes indefinitely, as long as there is enough space on the physical disk where the
differencing disk is stored. The differencing disk expands dynamically as data is written to it
and can grow as large as the maximum size allocated for the parent disk when the parent
disk was created.
http://technet.microsoft.com/en-us/library/cc720381(v=ws.10).aspx

Question No : 3 - (Topic 0)
You have a server named Server1 that runs Windows Server 2012. Server1 has the Hyper-
V server role installed.

On Server1, you create a virtual machine named VM1. VM1 has a legacy network adapter.

You need to assign a specific amount of available network bandwidth to VM1.

What should you do first?

A. Remove the legacy network adapter, and then run the Set-VMNetworkAdaptercmdlet.
B. Add a second legacy network adapter, and then run the Set-VMNetworkAdoptercmdlet.
C. Add a second legacy network adapter, and then configure network adapter teaming.
D. Remove the legacy network adapter, and then add a network adapter.
Answer: D

Explanation:

A. Set-VMNetworkAdaptercmdlet configures features of the virtual network adapter in a
virtual machine or the management operating system
B. The legacy network adapter doesn't support bandwidth management
C. The legacy network adapter doesn't support bandwidth management
D. Add a New network adapter The legacy network adapter doesn't support bandwidth
management

C:\Documents and Settings\usernwz1\Desktop\1.JPG

http://technet.microsoft.com/en-us/library/hh848457(v=wps.620).aspx
http://www.techrepublic.com/blog/networking/set-bandwidth-limits-for-hyper-v-vms-withwindows-
server-2012/5924

Question No : 4 - (Topic 0)
Your network contains an Active Directory domain named adatum.com. The domain
contains a server named Server1 that runs Windows Server 2012.

On a server named Core1, you perform a Server Core Installation of Windows Server
2012. You join Core1 to the adatum.com domain.


You need to ensure that you can use Event Viewer on Server1 to view the event logs on
Core1.

What should you do on Core1?

A. Run the Enable-NetFirewallRulecmdlet.
B. Run sconfig.exeandconfigure remote management.
C. Run the Disable-NetFirewallRulecmdlet.
D. Run sconfiq.exeandconfigure the network settings.
Answer: A

Explanation:

http://technet.microsoft.com/en-us/library/jj574205.aspx


http://technet.microsoft.com/en-us/library/cc990290(v=ws.10).aspx

Question No : 5 - (Topic 0)
Your network contains a file server named Server1 that runs Windows Server 2012. All
client computers run Windows 8.

You need to ensure that when users are connected to the network, they always use local
offline files that are cached from Server1.

Which Group Policy setting should you configure?

A. Configure slow-link mode
B. Configure Slow link speed
C. Enable file synchronization on costed networks
D. Turn on economical Application of Administratively assigned Offline Files
Answer: A


Explanation:

A. Offline Files to provide faster access to cached files and redirected folders.
B. Defines a slow connection for purposes of App1ying and updating Group Policy.
C. automatically tracks roaming and bandwidth usage limits while on metered connections
D. Lists network files and folders that are always available for offline use. This policy makes
the specified filesand folders available offline to users of the computer.
When Offline Files is operating in the slow-link mode, all network file requests are satisfied
from the OfflineFiles cache. This is similar to a user working offline.

If you enable this policy setting, Offline Files uses the slow-link mode if the network
throughput between theclient and the server is below (slower than) the Throughput
threshold parameter, or if the round-trip networklatency is above (slower than) the Latency
threshold parameter.


C:\Documents and Settings\usernwz1\Desktop\1.JPG


http://technet.microsoft.com/en-us/library/hh968298.aspx
http://technet.microsoft.com/en-us/library/cc957631.aspx
http://technet.microsoft.com/en-us/library/jj127408.aspx
http://www.group-policy.com/ref/policy/2229/Configure_slow-link_mode


C:\Documents and Settings\usernwz1\Desktop\1.JPG

Question No : 6 - (Topic 0)
Your network contains an Active Directory domain named contoso.com. All servers run
either Windows Server 2008 R2 or Windows Serve 2012. All client computers run either
Windows 7 or Windows 8.

The domain contains a member server named Server1 that runs Windows Server 2012.
Server1 has the File and Storage Services server role installed.
On Server1, you create a share named Share1.
You need to ensure that users can use Previous Versions to restore the files in Share1.
What should you configure on Server1?


A. The Shadow Copies settings
B. A Windows Server Backup schedule
C. A data recovery agent

D. The Recycle Bin properties
Answer: A

Explanation:

A. Enable and schedule shadow copies for Share1
B. The backup doesn't give users access until files are restored
C.
D. No settings for file version
http://technet.microsoft.com/en-us/library/cc786104(v=ws.10).aspx
Question No : 7 - (Topic 0)

You have a server named Server1 that runs Windows Server 2012. Server1 has the Print
and Document Services server role installed.

Server1 is connected to two identical print devices.

You need to ensure that users can submit print jobs to the print devices. The solution must
ensure that if one print device fails, the print jobs will print automatically on the other print
device.

What should you do on Server1?

A. Add two printers and configure the priority of each printer.
B. Add one printer and configure printer pooling.
C. Install the Network Load Balancing (NLB) feature, and then add one printer.
D. Install the Failover Clustering feature, and then add one printer.
Answer: B

Explanation:

A. expedite documents that need to be printed immediately
B. A printing pool is one logical printer connected to multiple printers through multiple ports
of theprint server. The printer that is idle receives the next document sent to the logical
printer. Whenprinting to a printer pool, the spooler will send waiting jobs to alternate ports.
If the original or alternateports are not available
C. NLB for printing is not supported
D. Would need 2 nodes
A printing pool is one logical printer connected to multiple printers through multiple ports of
the print server.
The printer that is idle receives the next document sent to the logical printer.
This is useful in a network with a high volume of printing because it decreases the time
users wait for theirdocuments.
A printing pool also simplifies administration because multiple printers can be managed
from the same logicalprinter on a server.
If one device within a pool stops printing, the current document is held at that device. The
succeedingdocuments print to other devices in the pool, while the delayed document waits
until the nonfunctioningprinter is fixed.
Efficient printer pools have the following characteristics:
All printers in the pool are the same model.
Printer ports can be of the same type or mixed (parallel, serial, and network)
.
It is recommended that all printers be in one location. Because it is impossible to predict
which printer willreceive the document, keep all printers in a pool in a single location.
Otherwise, users might have a hard timefinding their printed document.

http://technet.microsoft.com/en-us/library/cc757086(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc784619(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc958172.aspx

You can create a printing pool to automatically distribute print jobs to the next available
printer. A printing poolis one logical printer connected to multiple printers through multiple
ports of the print server. The printer that isidle receives the next document sent to the
logical printer.

Question No : 8 - (Topic 0)
Your network contains a server named Server1 that runs Windows Server 2012. Server1
has the Print and Document Services server role installed.

You connect a new print device to the network. The marketing department and the sales
department will use the print device.

You need to provide users from both departments with the ability to print to the network
print device. The solution must ensure that if there are multiple documents queued to print,
the documents from the sales users print before the documents from the marketing users.

What should you do on Server1?

A. Add two printers. Modify the priorities of each printer and the security settings of each
printer.
B. Add two printers and configure printer pooling.
C. Add one printer and configure printer pooling.
D. Add one printer. Modify the printer priority and the security settings.
Answer: A

Explanation: http://technet.microsoft.com/en-us/library/cc738090(v=ws.10).aspx
To set different print priority to different groups
Open Printers and Faxes.

Right-click the printer you want to set, click Properties, and then click the Advanced tab.
In Priority, click the up or down arrows, and then click OK.


Or, type a priority level, where 1 is the lowest level and 99 is the highest, and then click OK.
Click Add Printer to add a second logical printer for the same physical printer. For
instructions, see Related Topics.


Click the Advanced tab.
In Priority, set a priority higher than that of the first logical printer.
Instruct the regular group of users to use the first logical printer name and the group with
higher priority to use the second logical printer name. Set the appropriate permissions for
the different groups.


Question No : 9 - (Topic 0)
You have a server named Server2 that runs Windows Server 2012.
You open Server Manager on Server2 as shown in the exhibit. (Click the Exhibit button.
)



The Everyone group has read share permission and read NTFS permission to Sources.
You need to ensure that when users browse the network, the Sources share is not visible.


What should you do?

A. From the properties of the Sources folder, remove the Sources share, and then share
the Sources folder as Sources$.
B. From the properties of the Sources folder, deny the List Folder Contents permission for
the Everyone group.
C. From the properties of the Sources share, configure access-based enumeration.
D. From the properties of the Sources folder, configure the hidden attribute.
Answer: A

Explanation:

A. need to remove the old share, $ creates a hidden share
B. This would deny everyine
C. This feature allows users of Windows Server 2003–based file servers to list only the files
and folders towhich they have access when browsing content on the file server
D. This would hide the physical folder not the share
A hidden share is identified by a dollar sign ($) at the end of the share name
Hidden shares are not listed when you look through the shares on a computer or use the
"net view" command
Why Use Hidden Shares?
Using hidden shares on your network is useful if you do not want a shared folder or drive
on the network to beeasily accessible. Hidden shares can add another layer of protection
for shared files against unauthorizedpeople connecting to your network. Using hidden
shares helps eliminate the chance for people to guess yourpassword (or be logged into an
authorized Windows account) and then receive access to the shared resource.

C:\Documents and Settings\usernwz1\Desktop\1.JPG

http://support.microsoft.com/kb/314984
http://technet.microsoft.com/en-us/library/cc784710(v=ws.10).aspx

Question No : 10 - (Topic 0)
Your network contains an Active Directory domain named contoso.com. The network
contains a server named Server1 that runs Window Server 8 and a server named Server2
that runs Windows Server 2008 R2 Service Pack 1 (SP1). Server1 and Server2 are
member server.

You need to ensure that you can manage Server2 from Server1 by using Server Manager.

Which two tasks should you perform? (Each correct answer presents part of the solution.
Choose two.)


A. Install Remote Server Administration Tools on Server1.
B. Install Windows Management Framework 3.0 on Server2.
C. Install the Windows PowerShell 2.0 engine on Server1.
D. Install Microsoft .NET Framework 4 on Server2.
E. Install Remote Server Administration Tools on Server2.
Answer: B,D

Explanation: http://technet.microsoft.com/en-us/library/hh831456.aspx


Question No : 11 - (Topic 0)
Your network contains an Active Directory domain named contoso.com. The network
contains a member server named Server1 that runs Windows Server 2012. Server1 has
the DNS Server server role installed and has a primary zone for contoso.com.

The Active Directory domain contains 500 client computers. There are an additional 20
computers in a workgroup.

You discover that every client computer on the network can add its record to the
contoso.com zone.

You need to ensure that only the client computers in the Active Directory domain can
register records in the contoso.com zone.

What should you do first?

A. Move the contoso.com zone to a domain controller that is configured as a DNS server.
B. Configure the Dynamic updates settings of the contoso.com zone.
C. Sign the contoso.com zone by using DNSSEC.

D. Configure the Security settings of the contoso.com zone.
Answer: A

Explanation:

If you install DNS server on a non-DC, then you are not able to create AD-integrated
zones.
DNS update security is available only for zones that are integrated into AD DS.
When you directory-integrate a zone, access control list (ACL) editing features are
available in DNS Managerso that you can add or remove users or groups from the ACL for
a specified zone or resource record.


http://technet.microsoft.com/en-us/library/cc771255.aspx
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/9b041bbc-0765-
4eed-bd1cd65027f05e9f/
http://blogs.msmvps.com/acefekay/2012/11/19/ad-dynamic-dns-updates-registration-rules-
of-engagement/


1. Active Directory's DNS Domain Name is NOT a single label name ("DOMAIN" vs the
minimal requirement of"domain.com." "domain.local," etc)
.
2. The Primary DNS Suffix MUST match the zone name that is allowing updates.
Otherwise the client doesn'tknow what zone name to register in. You can also have
a
different Conneciton Specific Suffix in addition to thePrimary DNS Suffix to register into that
zone as well.
3. AD/DNS zone MUST be configured to allow dynamic updates, whether Secure or
Secure and Non-Secure.
For client machines, if a client is not joined to the domain, and the zone is set to Secure, it
will not registereither.
4. You must ONLY use the DNS servers that host a copy of the AD zone name or have
a
reference to get tothem. Do not use your ISP's, an external DNS adddress, your router as
a
DNS address, or any other DNS thatdoes not have a copy of the AD zone. Internet
resolution for your machines will be accomplished by the Rootservers (Root Hints)
,
however it's recommended to configure a forwarder for efficient Internet resolution.
.
5. The domain controller is multihomed (which means it has more than one unteamed,
active NIC, more thanone IP address, and/or RRAS is installed on the DC)
.
6. The DNS addresses configured in the client's IP properties must ONLY reference the
DNS server(s) hostingthe AD zone you want to update in.
This means that you must NOT use an external DNS in any machine's IP property in an AD
environment.

You can't mix them either. That's because of the way the DNS Client side resolver service
works. Even if youmix up internal DNS and ISP's DNS addresses, the resolver algorithm
can still have trouble asking the correctDNS server. It will ask the first one first. If it doesn't
get a response, it removes the first one from the eligibleresolvers list and goes to the next
in the list. It will not go back to the first one unless you restart the machine,restart the DNS
Client service, or set a registry entry to cut the query TTL to 0. The rule is to ONLY use
yourinternal DNS server(s) and configure a forwarder to your ISP's DNS for efficient
Internet resolution.

This is the reg entry to cut the query to 0 TTL:
The DNS Client service does not revert to using the first server ...The Windows 2000
Domain Name System
(DNS) Client service (Dnscache) follows a certain algorithm when it decides the order in
which to use the DNSservers ...
http://support.microsoft.com/kb/286834
For more info, please read the following on the client side resolver service:
DNS, WINS NetBIOS & the Client Side Resolver, Browser Service, Disabling NetBIOS,
Direct Hosted SMB(DirectSMB), If One DC is Down Does a Client logon to Another DC,
and DNS Forwarders Algorithm if youhave multiple forwarders.
http://msmvps.com/blogs/acefekay/archive/2009/11/29/dns-wins-netbios-amp-the-clientside-
resolver-browserservice-disabling-netbios-direct-hosted-smb-directsmb-if-one-dc-isdown-
does-a-client-logon-to-another-dcand-dns-forwarders-algorithm.aspx

7. For DHCP clients, DHCP Option 006 for the clients are set to the same DNS server.
8. If using DHCP, DHCP server must only be referencing the same exact DNSserver(s) in
it's own IP properties in order for it to 'force' (if you setthat setting) registration into DNS.
Otherwise, how would it know which DNSto send the reg data to?
9. If the AD DNS Domain name is a single label name, such as "EXAMPLE", and not the
proper format of"example.com" and/or any child of that format, such as
"child1.example.com", then we have a real big problem.
DNS will not allow registration into a single label domain name.
This is for two reasons:

1. It's not the proper hierachal format. DNS is hierarchal, but a single label name has no
hierarchy. It's just asingle name.
2. Registration attempts causes major Internet queriesto the Root servers. Why? Because
it thinks thesingle label name, such as "EXAMPLE", is a TLD(Top Level Domain), such as
"com", "net", etc. Itwill now try to find what Root name server out therehandles that TLD. In
the end it comes back to itselfand then attempts to register. Unfortunately it doe NOTask

itself first for the mere reason it thinks it's a TLD.


(Quoted from Alan Woods, Microsoft, 2004)
:
"Due to this excessive Root query traffic, which ISC found from a study that discovered
Microsoft DNS serversare causing excessive traffic because of single label names,
Microsoft, being an internet friendly neighbor andwanting to stop this problem for their
neighbors, stopped the ability to register into DNS with Windows 2000SP4, XP SP1,
(especially XP,which cause lookup problems too), and Windows 2003. After all, DNS
ishierarchal, so therefore why even allow single label DNS domain names?
"


The above also *especially* App1ies to Windows Vista, &, 2008, 2008 R2, and newer.


10. 'Register this connection's address" on the client is not enabled under the NIC's IP
properties, DNS tab.
11. Maybe there's a GPO set to force Secure updates and the machine isn't a joined
member of the domain.
12. ON 2000, 2003 and XP, the "DHCP client" Service not running. In 2008/Vista and
newer, it's the DNSClient Service. This is a requirement for DNS registration and DNS
resolution even if the client is not actuallyusing DHCP.
13. You can also configure DHCP to force register clients for you, as well as keep the DNS
zone clean of old orduplicate entries. See the link I posted in my previous post.
Question No : 12 - (Topic 0)
Your company has a remote office that contains 1,600 client computers on a single subnet.

You need to select a subnet mask for the network that will support all of the client
computers. The solution must minimize the number of unused addresses.

Which subnet mask should you select?

A. 255.255.248.0
B. 255.255.252.0
C. 255.255.254.0
D. 255.255.240.0
Answer: A


Explanation:

255.255.252.0 = 11111111.11111111.11111100.00000000 =>( 22 bits 1 .. 10 bits
0 ) => 1111111111 = 1023
255.255.254.0 = 11111111.11111111.11111110.00000000 =>( 23 bits 1 .. 9 bits
0 ) => 111111111 = 511
255.255.255.0 = 11111111.11111111.11111111.00000000 =>( 24 bits 1 .. 8 bits
0 ) => 11111111 = 255
255.255.255.128 = 11111111.11111111.11111111.10000000 =>( 25 bits 1 .. 7 bits
0 ) => 1111111 = 127
http://zeus.fh-brandenburg.de/~ihno/doc/lehre/internet/ip_eng.html


Question No : 13 DRAG DROP - (Topic 0)
You plan to deploy a DHCP server that will support four subnets. The subnets will be
configured as shown in the following table.


You need to identify which network ID you should use for each subnet.
What should you identify?
To answer, drag the appropriate network ID to the each subnet in the answer area.



Answer:



Question No : 14 - (Topic 0)
Your network contains three servers that run Windows Server 2012. The servers are
configured as shown in the following table.


Server3 is configured to obtain an IP address automatically.

You need to ensure that Server3 only receives an IP address from Server1. The IP address
must always be the same.

Which two tasks should you perform? (Each correct answer presents part of the solution.
Choose two.)

A. Create an exclusion on Server1.
B. Create a filter on Server1.
C. Create a reservation on Server2.
D. Create a reservation on Server1.
E. Create a filter on Server2.
Answer: D,E

Explanation:

A. Exclude range of IP's for lease
B. Wrong Server
C. Wrong Sever
D. For clients that require a constant IP address, you can either manually configure a static
IP address,or assign a reservation on the DHCP server
E. DHCP Deny Filter at Server2 to exclude MAC address of Server3
MAC address filterEnable and define an explicit allow list. The DHCP server provides
DHCP services only to clients whose MACaddresses are in the allow list.

Any client that previously received IP addresses is denied address renewal if its MAC
address isn’t onthe allow list.


Enable and define an explicit deny list. The DHCP server denies DHCP services only to
clients whose MACaddresses are in the deny list.


Any client that previously received IP addresses is denied address renewal if its MAC
address is on thedeny list.


Enable and define an allow list and a block list.
The block list has precedence over the allow list. This means that the DHCP server
provides DHCPservices only to clients whose MAC addresses are in the allow list, provided
that no corresponding matchesare in the deny list.
If a MAC address has been denied, the address is always blocked even if the address is on
the allowlist.


http://technet.microsoft.com/en-us/library/cc754537(v=ws.10).aspx
http://technet.microsoft.com/en-us/magazine/ff521761.aspx
http://technet.microsoft.com/en-us/library/cc779507(v=ws.10).aspx


Question No : 15 - (Topic 0)
Your network contains an Active Directory domain named contoso.com. The domain
contains a domain controller named DC1 that runs Windows Server 2012 and a client
computer named Computer1 that runs Windows 8.

DC1 is configured as a DHCP server as shown in the exhibit. (Click the Exhibit button.)


Computer1 is configured to obtain an IP address automatically.

You need to ensure that Computer1 can receive an IP address from DC1.

What should you do?

A. Disable the Allow filters.
B. Disable the Deny filters.
C. Activate Scope [10.1.1.0] Contoso.com.
D. Authorize dc1.contoso.com.
Answer: D

Explanation:

Red down arrow indicates a unauthorized DHCP server
A DHCP server that is a domain controller or a member of an Active Directory domain
queries Active Directoryfor the list of authorized servers (identified by IP address).

If its own IP address is not in the list of authorized DHCP servers, the DHCP Server service
does not completeits startup sequence and automatically shuts down.

http://technet.microsoft.com/en-us/library/cc754792.aspx
http://technet.microsoft.com/en-us/library/ee941131(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/gg722802(v=ws.10).aspx
http://pc-addicts.com/server-2012-dhcp-server-role/


Question No : 16 - (Topic 0)
Your network contains an Active Directory domain named contoso.com. The domain
contains a domain controller named Server1 that ha the DNS Server server role installed.
Server1 hosts a primary zone for contoso.com.

The domain contains a member server named Server2 that is configured to use Server1 as
its primary DNS server.

From Server2, you run nslookup.exe as shown in the exhibit. (Click the Exhibit button.)


You need to ensure that when you run Nslookup, the correct name of the default server is
displayed.

What should you do?

A. From Advanced TCP/IP Settings on Server1, add contoso.com to the DNS suffix list.
B. On Server1, modify the Security settings of the contoso.com zone.
C. On Server1, create a reverse lookup zone.
D. From Advanced TCP/IP Settings on Server2, add contoso.com to the DNS suffix list.
Answer: C


Explanation:

C. Make sure that a reverse lookup zone that is authoritative for the PTR resource record
exists. For more information about adding a reverse lookup zone, see "Adding a Reverse
Lookup Zone"
http://technet.microsoft.com/en-us/library/cc961417.aspx
Question No : 17 - (Topic 0)
Your network contains an Active Directory domain named contoso.com. The domain
contains a domain controller named DC1 that hosts the primary DNS zone for
contoso.com.

All client computers are configured to use DC1 as the primary DNS server.

You need to configure DC1 to resolve any DNS requests that are not for the contoso.com
zone by querying the DNS server of your Internet Service Provider (ISP).

What should you configure?

A. Name server (NS) records
B. Condition& forwarders
C. Forwarders
D. Naming Authority Pointer (NAPTR) DNS resource records (RR)
Answer: C

Explanation:

A. Specifies a name server for the domain, which allows DNS lookups within various
zones. Each primary andsecondary name server should be declared through this record.
B. http://windowsitpro.com/networking/q-whats-conditional-dns-forwarding
C. manage the Domain Name System (DNS) traffic between your network and the Internet
D.
Configure forwarders to send DNS queries directly to your ISP's DNS server or other DNS
servers.
Most of the time, when you configure forwarders, DNS performance and efficiency
increases, but thisconfiguration can also introduce a point of failure if the forwarding DNS
server is experiencing problems.


A forwarder is a Domain Name System (DNS) server on a network used to forward DNS
queries for externalDNS names to DNS servers outside of that network.
A DNS server on a network is designated as a forwarder by having the other DNS servers
in the networkforward the queries they cannot resolve locally to that DNS server.


By using a forwarder, you can manage name resolution for names outside of your network,
such as names onthe Internet, and improve the efficiency of name resolution for the
computers in your network.


http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/2f35cae2-341c-
4bfe-9dac-724ddace6d51/
http://technet.microsoft.com/en-us/library/cc722542.aspx
http://technet.microsoft.com/en-us/library/cc754931.aspx


Question No : 18 - (Topic 0)
Your network contains an Active Directory domain named contoso.com. All domain
controllers run Windows Server 2012. The domain contains a server named Server1 that
runs Windows Server 2012.

You need to ensure that when users log on to Server1, their user account is added
automatically to a local group named Group1 during the log on process.

Which Group Policy settings should you modify?

A. Restricted Groups
B. Security Options
C. User Rights Assignment
D. Preferences
Answer: D

Explanation:

A. If a Restricted Groups policy is defined and Group Policy is refreshed, any current
member not on the Restricted Groups policy members list is removed
B. Security settings incorporated into policies are rules that administrators configure on a
computer or multiple computers for the purpose of protecting resources on a computer

C. User Rights Assignment policies determines which users or groups have logon rights or
privileges on the computer
D. With Preferences, local and domain accounts can be added to a local group without
affecting the existing members of the group
http://technet.microsoft.com/en-us/library/cc785631(v=ws.10).aspx
http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-localadministrator-
groups/
http://technet.microsoft.com/en-us/library/cc780182(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/hh831424.aspx

Question No : 19 - (Topic 0)
Your network contains an Active Directory domain named contoso.com.

You need to prevent users from installing a Windows Store app named App1.

What should you create?

A. AnApplication control policy executable rule
B. AnApplication control policy packaged app rule
C. A software restriction policy certificate rule
D. AnApplication control policy Windows Installer rule
Answer: B

Explanation:

Windows 8 is coming REALLY SOON and of course one of the big new things to computer
with that is the newPackaged Apps that run in the start screen. However these apps are
very different and do not install liketraditional apps to a path or have a true “executable” file
to launch the program. Ofcourse enterprises need a way to control these packaged apps
and therefore Microsoft has added a newfeature Packaged Apps option to the App1ocker
feature.

A. For .exe or .com
B. A publisher rule for a Packaged app is based on publisher, name and version
C. You can create a certificate rule that identifies software and then allows or does not
allow the software torun, depending on the security level.

D. For .msi or .msp
Packaged apps (also known as Windows 8 apps) are new to Windows Server 2012 and
Windows 8.
They are based on the new app model that ensures that all the files within an app package
share the sameidentity.
Therefore, it is possible to control the entire Application using a single App1ocker rule as
opposed to the nonpackagedapps where each file within the app could have a unique
identity.
Windows does not support unsigned packaged apps which implies all packaged apps must
be signed.
App1ocker supports only publisher rules for Packaged apps.
A publisher rule for a Packaged app is based on the following information:
Publisher of the package
Package name
Package version
Therefore, an App1ocker rule for a Packaged app controls both the installation as well as
the running of theapp. Otherwise, the publisher rules for Packaged apps are no different
than the rest of the rule collections; theysupport exceptions, can be increased or decreased
in scope, and can be assigned to users and groups.


http://technet.microsoft.com/en-us/library/dd759068.aspx
http://technet.microsoft.com/en-us/library/hh994588.aspx


http://www.grouppolicy.biz/2012/08/how-manage-published-a-k-a-metro-apps-in-windows-
8-using-grouppolicy/
http://technet.microsoft.com/en-us/library/hh994597.aspx#BKMK_Cert_Rules
Packaged Apps run in the start screen.


However these apps are very different and do not install like traditional apps to a path or
have a true“executable” file to launch the program.
Enterprises need a way to control these packaged apps and therefore Microsoft has added
a new featurePackaged Apps option to the App1ocker feature.


Question No : 20 - (Topic 0)
Your network contains an Active Directory domain named contoso.com. The domain


.
.
. .


contains 500 servers that run Windows Server 2012.

You have a written security policy that states the following:

Only required ports must be open on the servers.
All of the servers must have Windows Firewall enabled.
Client computers used by Administrators must be allowed to access all of the ports
on all of the servers.
Client computers used by the Administrators must be authenticated before the
client computers can access the servers.


You have a client computer named Computer1 that runs Windows 8.

You need to ensure that you can use Computer1 to access all of the ports on all of the
servers successfully.

The solution must adhere to the security policy.

Which three actions should you perform? (Each correct answer presents part of the
solution. Choose three.)

A. On Computer1, create a connection security rule.
B. On all of the servers, create an outbound rule and select the Allow the connection if it is
secure option.
C. On all of the servers, create an inbound rule and select the Allow the connection if it is
secure option.
D. On Computer1, create an inbound rule and select the Allow the connection if it is secure
option.
E. On Computer1, create an outbound rule and select the Allow the connection if it is
secure option.
F. On all of the servers, create a connection security rule.
Answer: A,C,F

Explanation:

http://technet.microsoft.com/en-us/library/cc772017.aspx

Unlike firewall rules, which operate unilaterally, connection security rules require that both
communicating computers have a policy with connection security rules or another
compatible IPsec policy.

http://technet.microsoft.com/en-us/library/cc753463.aspx

Traffic that matches a firewall rule that uses the Allow connection if it is secure setting


bypasses Windows Firewall. The rule can filter the traffic by IP address, port, or protocol.

This method is supported on Windows Vista® or Windows Server® 2008.



1 comment:

  1. If you want to save your money and time. So today visit Examcollection.in and download latest 70-410 dumps. Examcollection is one of the best 70-410 dumps providers. After preparation, you can easily pass the exam at the first attempt.

    ReplyDelete