P.S. Simulation 70-410 pdf are available on Google Drive, GET MORE: https://drive.google.com/open?id=1Tx7a0Kv4S8BSp9VK9XVHC-fWKOkcNnJK
Q1. Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 is located on the same subnet as all of the client computers. A network technician reports that he receives a u201cRequest timed outu201d error message when he attempts to use the ping utility to connect to Server1 from his client computer. The network technician confirms that he can access resources on Server1 from his client computer.
You need to configure Windows Firewall with Advanced Security on Server1 to allow the ping utility to connect.
Which rule should you enable?
A. File and Printer Sharing (Echo Request u2013 ICMPv4-In)
B. Network Discovery (WSD-In)
C. File and Printer Sharing (NB-Session-In)
D. Network Discovery (SSDP-In)
Answer: A
Q2. Your network contains an Active Directory domain named contoso.com. The domain contains 100 user accounts that reside in an organizational unit (OU) named OU1.
You need to ensure that a user named User1 can link and unlink Group Policy objects (GPOs) to OU1. The solution must minimize the number of permissions assigned to User1.
What should you do?
A. Run the Delegation of Control Wizard on the Policies containers
B. Run the Set-GPPermission cmdlet
C. Run the Delegation of Control Wizard on OU1
D. Modify the permission on the user1 account
Answer: C
Explanation:
:A. Not minimum permissions
:B. Grants a level of permissions to a security principal for one GPO or all the GPOs in a domain
:C. Minimizes delegated permission to a single OU
:D. Will not allow GPO changes to the OU Delegation of Control Wizard
The following are common tasks that you can select to delegate control of them: Create, delete, and manage user accounts
Reset user passwords and force password change at next logon Read all user information Modify the membership of a group
Join a computer to a domain Manage Group Policy links
Generate Resultant Set of Policy (Planning) Generate Resultant Set of Policy (Logging)
Create, delete, and manage inetOrgPerson accounts
Reset inetOrgPerson passwords and force password change at next logon Read all inetOrgPerson information
Q3. You have a file server named Server1 that runs Windows Server 2012 R2.
You need to ensure that a user named User1 can use Windows Server Backup to create a complete backup of Server1.
What should you configure?
A. The local groups by using Computer Management
B. The Role Assignment by using Authorization Manager
C. A task by using Authorization Manager
D. The User Rights Assignment by using the Local Group Policy Editor
Answer: A Explanation: References:
http://technet.microsoft.com/en-us/library/cc780182(v=ws.10).aspx http://msdn.microsoft.com/en-us/library/bb897401.aspx
Q4. You have a file server named Server1 that runs Windows Server 2012 R2. Server1 contains a folder named Folder1.
You share Folder1 as Share1 by using Advanced Sharing. Access-based enumeration is enabled.
Share1 contains an application named Appl.exe.
You configure the NTFS permissions on Folder1 as shown in the following table.
The members of Group2 report that they cannot make changes to the files in Share1. The members of Group1 and Group2 run Appl.exe successfully.
You need to ensure that the members of Group2 can edit the files in Share1. What should you do?
A. Replace the NTFS permissions on all of the child objects.
B. Edit the Share permissions.
C. Edit the NTFS permissions.
D. Disable access-based enumeration.
Answer: : C
Explanation:
Share permissions and NTFS permissions are independent in the sense that neither changes the other. The final access permissions on a shared folder are determined by taking into consideration both the share permission and the NTFS permission entries. The more restrictive permissions are then applied.
References:
Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter8: File Services and Storage, Lesson 2: Provisioning and Managing Shared Storage, p.388
Q5. Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. You need to install the Remote Desktop Services server role on Server2 remotely from Server1. Which tool should you use?
A. The dsadd.exe command
B. The Server Manager console
C. The Remote Desktop Gateway Manager console
D. The Install-RemoteAccess cmdlet
Answer: B
Q6. Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. Server1 contains a shared folder named Share1. Share1 contains the home folder of each user.
All users have the necessary permissions to access only their home folder.
The users report that when they access Share1, they can see the home folders of all the users.
You need to ensure that the users see only their home folder when they access Share1. What should you do from Server1?
A. From Windows Explorer, modify the properties of the volume that contains Share1.
B. From Server Manager, modify the properties of the volume that contains Share1.
C. From Server Manager, modify the properties of Share1.
D. From Windows Explorer, modify the properties of Share1.
Answer: C
Q7. You have a network printer connected to print server. You need to be able to print if print server goes down.
What should you configure?
A. branch office direct printing
B. printer pooling
C. spooling
D. Print forwarding
Answer: A
Explanation:
Branch Office Direct Printing can reduce Wide Area Network (WAN) usage by printing directly to a print device instead of a server print queue. This feature can be enabled or disabled on a per printer basis and is transparent to the user. It is enabled by an administrator using the Print Management Console or Windows PowerShell on the server. The printer information is cached in the branch office, so that if the print server is unavailable for some reason (for example if the WAN link to the data center is down), then it is still possible for the user to print.
Branch Office Direct Printing requires the following operating systems: Windows Server 2012
Windows 8
Q8. You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have Windows Server 2012 installed.
You have been instructed to modify the name of the local Administrator account on all Contoso.com workstations. You want to achieve this using as little administrative effort as possible.
Which of the following actions should you take?
A. You should consider configuring the Security Options settings via the Group Policy Management Console (GPMC).
B. You should consider navigating to Local Users and Groups via Computer
C. You should consider configuring the replication settings.
D. You should consider navigating to Local Users and Groups via Computer Management on each workstation.
Answer: A
Explanation:
Rename administrator account policy setting determines whether a different account name is associated with the security identifier (SID) for the Administrator account.
Because the Administrator account exists on all Windows server versions, renaming the account makes it slightly more difficult for attackers to guess this user name and password combination. By default, the built-in Administrator account cannot be locked out no matter how many times a malicious user might use a bad password. This makes the Administrator account a popular target for brute-force password-guessing attacks.
The value of this countermeasure is lessened because this account has a well-known SID and there are non-Microsoft tools that allow you to initiate a brute-force attack over the network by specifying the SID rather than the account name. This means that even if you have renamed the Administrator account, a malicious user could start a brute-force attack by using the SID.
Rename the Administrator account by specifying a value for the Accounts: Rename administrator account policy setting.
Location: GPO_nameComputer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options
Q9. Your network contains an Active Directory domain named adatum.com. The domain contains a file server named Server2 that runs Windows Server 2012 R2. Server2 contains a shared folder named Home. Home contains the home folder of each user.
All users have the necessary permissions to access only their home folder.
A user named User1 opens the Home share as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that all users see only their own home folder when they access Home. What should you do from Server2?
A. From Windows Explorer, modify the properties of Home.
B. From Server Manager, modify the properties of the volume that contains Home.
C. From Windows Explorer, modify the properties of the volume that contains Home.
D. From Server Manager, modify the properties of Home.
Answer: : D
Explanation:
Access-based Enumeration is a new feature included with Windows Server 2003 Service Pack 1. This feature based file servers to list only the files and folders to which they have allows users of Windows Server 2003 access when browsing content on the file server. This eliminates user confusion that can be caused when users connect to a file server and encounter a large number of files and folders that they cannot access.
Access-based Enumeration filters the list of available files and folders on a server to include only those that the requesting user has access to. This change is important because this allows users to see only those files and directories that they have access to and nothing else. This mitigates the scenario where unauthorized users might otherwise be able to see the contents of a directory even though they donu2021t have access to it.
Q10. Your network contains an Active Directory domain named contoso.com. The domain contains 500 servers that run Windows Server 2012 R2.
You have a written security policy that states the following:
u2711 Only required ports must be open on the servers.
u2711 All of the servers must have Windows Firewall enabled.
u2711 Client computers used by administrators must be allowed to access all of the ports on all of the servers.
u2711 Client computers used by the administrators must be authenticated before the client computers can access the servers.
You have a client computer named Computer1 that runs Windows 8.
You need to ensure that you can use Computer1 to access all of the ports on all of the servers successfully. The solution must adhere to the security policy.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. On Computer1, create a connection security rule.
B. On all of the servers, create an outbound rule and select the Allow the connection if it is secure option.
C. On all of the servers, create an inbound rule and select the Allow the connection if it is secure option.
D. On Computer1, create an inbound rule and select the Allow the connection if it is secure option.
E. On Computer1, create an outbound rule and select the Allow the connection if it is secure option.
F. On all of the servers, create a connection security rule.
Answer: A,C,F
Explanation:
Unlike firewall rules, which operate unilaterally, connection security rules require that both communicating computers have a policy with connection security rules or another compatible IPsec policy.
Traffic that matches a firewall rule that uses the Allow connection if it is secure setting bypasses Windows Firewall. The rule can filter the traffic by IP address, port, or protocol. This method is supported on Windows Vista or Windows Server 2008.
References:
http://technet.microsoft.com/en-us/library/cc772021.aspx http://technet.microsoft.com/en-us/library/cc753463.aspx
P.S. Easily pass 70-410 Exam with Certleader Simulation Dumps & pdf vce, Try Free: https://www.certleader.com/70-410-dumps.html (505 New Questions)