P.S. Actual 70-410 keys are available on Google Drive, GET MORE: https://drive.google.com/open?id=1XEw2m0USoR1DzdkDOR873WF9RHZitH-o
Question No: 11
You install Windows Server 2012 R2 on a standalone server named Server1. You configure Server1 as a VPN server.
You need to ensure that client computers can establish PPTP connections to Server1. Which two firewall rules should you create? (Each correct answer presents part of the
solution. Choose two.)
A. An inbound rule for protocol 47
B. An outbound rule for protocol 47
C. An inbound rule for TCP port 1723
D. An inbound rule for TCP port 1701
E. An outbound rule for TCP port 1723
F. An outbound rule for TCP port 1701
Answer: A,C
Explanation:
The following is a list of firewall ports which need to be opened for the various VPN tunnel protocols:
For PPTP:
IP Protocol=TCP, TCP Port number=1723 <- Used by PPTP control path IP Protocol=GRE (value 47) <- Used by PPTP data path
For L2TP:
IP Protocol Type=UDP, UDP Port Number=500 <- Used by IKEv1 (IPSec control path) IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv1 (IPSec control path) IP Protocol Type=ESP (value 50) <- Used by IPSec data path
For SSTP:
IP Protocol=TCP, TCP Port number=443 <- Used by SSTP control and data path
For IKEv2:
IP Protocol Type=UDP, UDP Port Number=500 <- Used by IKEv2 (IPSec control path) IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv2 (IPSec control path) IP Protocol Type=ESP (value 50) <- Used by IPSec data path
Question No: 12
Your network contains an Active Directory domain named contoso.com.
You need to prevent users from installing a Windows Store app named App1. What should you create?
A. An application control policy executable rule
B. An application control policy packaged app rule
C. A software restriction policy certificate rule
D. An application control policy Windows Installer rule
Answer: B
Explanation:
Windows 8 is coming REALLY SOON and of course one of the big new things to computer with that is the new Packaged Apps that run in the start screen. However these apps are very different and do not install like traditional apps to a path or have a true u201cexecutableu201d file to launch the program. Of course enterprises need a way to control these packaged apps and therefore Microsoft has added a new feature Packaged Apps option to the App1ocker feature.
:A. For .exe or .com
:B. A publisher rule for a Packaged app is based on publisher, name and version
:C. You can create a certificate rule that identifies software and then allows or does not allow the software to run, depending on the security level.
:D. For .msi or .msp
Packaged apps (also known as Windows 8 apps) are new to Windows Server 2012 R2 and Windows 8. They are based on the new app model that ensures that all the files within an app package share the same identity.
Therefore, it is possible to control the entire Application using a single App1ocker rule as opposed to the non-packaged apps where each file within the app could have a unique
identity. Windows does not support unsigned packaged apps which implies all packaged apps must be signed. App1ocker supports only publisher rules for Packaged apps. A publisher rule for a packaged app is based on the following information:
Publisher of the package Package name
Package version
Therefore, an App1ocker rule for a Packaged app controls both the installation as well as the running of the app. Otherwise, the publisher rules for Packaged apps are no different than the rest of the rule collections; they support exceptions, can be increased or decreased in scope, and can be assigned to users and groups.
Question No: 13
What should you do for server core so it can be managed from another server 2012 R2?
A. 1
B. 2
C. 3
D. 4
E. 5
F. 6
G. 7
H. 8
I. 9
J. 10
K. 11
L. 12
M. 13
N. 14
O. 15
Answer: A
Explanation:
You should join the server to the domain first. You can add workgroup servers to Server Manager on a domain joined server, however, you must first add the workgroup computer to the Trusted Hosts list using "Set-Item
wsman:localhostClientTrustedHostsWorkgroupServerName -Concatenate -Force"
Question No: 14
Your network contains a Hyper-V host named Hyperv1 that runs Windows Server 2012 R2. Hyperv1 has a virtual switch named Switch1.
You replace all of the network adapters on Hyperv1 with new network adapters that support single-root I/O virtualization (SR-IOV). You need to enable SR-IOV for all of the virtual machines on Hyperv1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. On each virtual machine, modify the Advanced Features settings of the network adapter.
B. Modify the settings of the Switch1 virtual switch.
C. Delete, and then recreate the Switch1 virtual switch.
D. On each virtual machine, modify the BIOS settings.
E. On each virtual machine, modify the Hardware Acceleration settings of the network adapter.
Answer: C,E
Question No: 15
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named HVServer1. HVServer1 runs Windows Server 2012 and has the Hyper-V server role installed. HVServer1 hosts 10 virtual machines. All of the virtual machines connect to a virtual switch named Switch1. Switch1 is configured as a private network. All of the virtual machines have the DHCP guard and the router guard settings enabled.
You install the DHCP server role on a virtual machine named Server 1. You authorize Server1 as a DHCP server in contoso.com. You create an IP scope.
You discover that the virtual machines connected to Switch1 do not receive IP settings from Server1.
You need to ensure that the virtual machines can use Server1 as a DHCP server. What should you do?
A. Enable MAC address spoofing on Server1.
B. Disable the DHCP guard on all of the virtual machines that are DHCP clients.
C. Disable the DHCP guard on Server1.
D. Enable single-root I/O virtualization (SR-IOV) on Server1.
Answer: C
Explanation:
Private virtual networks are used where you want to allow communications between virtual machine to virtual machine on the same physical server in a block diagram, a private network is an internal network without a virtual NIC in the parent partition. A private network would commonly be used where you need complete isolation of virtual machines from external and parent partition traffic. DMZ workloads running on a leg of a trihomed firewall, or an isolated test domain are examples where this type of network may be useful.
Question No: 16
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. You need to configure a central store for the Group Policy Administrative Templates.
What should you do on DC1?
A. From Server Manager, create a storage pool.
B. From Windows Explorer, copy the PolicyDefinitions folder to the
A. SYSVOLcontoso.compolicies folder.
C. From Server Manager, add the Group Policy Management feature
D. From Windows Explorer, copy the PolicyDefinitions folder to the NETLOGON share.
Answer: B
Explanation:
:A. Create Disk Storage Pool
:B. PolicyDefinitions folder in SYSVOL
:C. Group Policy Management is a console for GPO Mgmt
:D. Folder is for logon scripts
Policy Definitions folder within the SYSVOL folder hierarchy. By placing the ADMX files in this directory, they are replicated to every DC in the domain; by extension, the ADMX- aware Group Policy Management Console in Windows Vista, Windows 7, Windows Server 2008 and R2 can check this folder as an additional source of ADMX files, and will report them accordingly when setting your policies.
By default, the folder is not created. Whether you are a single DC or several thousand, I would
Strongly recommend you create a Central Store and start using it for all your ADMX file storage. It really does work well.
The Central Store
To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain. To create a Central Store for .admx and .adml files, create a folder that is named Policy Definitions in the following location:
\FQDNSYSVOLFQDNpolicies.
Question No: 17
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the
Hyper-V server role installed. You have fixed-size VHD named Files.vhd.
You need to make the contents in Files.vhd available to several virtual machines. The solution must meet the following requirements:
u2711 Ensure that if the contents are changed on any virtual machine, the changes are not reflected on the other virtual machines.
u2711 Minimize the amount of disk space used.
What should you do?
A. Create a fixed-size VHDX. Transfer the information from Files.vhd to the new VHDX file.
B. Convert Files.vhd to a dynamically expanding VHD?
C. Create a dynamically expanding VHDX. Transfer the information from Files.vhd to the new VHDX file.
D. Create differencing VHDs that use Files.vhd as the parent disk.
Answer: D
Explanation:
:A. A conversion would be needed from VHD to VHDX. Not available to multiple VMu2021s
:B. Single VHD not available to multiple VMu2021s. Changes wouldnu2021t be reflected
:C. A conversion would be needed from VHD to VHDX. Not available to multiple VMu2021s
:D. Child disk for multiple VMu2021s with Files.vhd as parent. A differencing disk is associated with another virtual hard disk that you select when you create the differencing disk. This means that the disk to which you want to associate the differencing disk must exist first. This virtual hard disk is called the u201cparentu201d disk and the differencing disk is the u201cchildu201d disk. The parent disk can be any type of virtual hard disk.
The differencing disk stores all changes that would otherwise be made to the parent disk if the differencing disk was not being used. The differencing disk provides an ongoing way to save changes without altering the parent disk. You can use the differencing disk to store changes indefinitely, as long as there is enough space on the physical disk where the differencing disk is stored. The differencing disk expands dynamically as data is written to it and can grow as large as the maximum size allocated for the parent disk when the parent disk was created.
Question No: 18
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
The domain contains a server named Server1 that runs Windows Server 2012 R2. You need to ensure that when users log on to Server1, their user account is added
automatically to a local group named Group1 during the log on process.
Which Group Policy settings should you modify?
A. User Rights Assignment
B. Preferences
C. Security Options
D. Restricted Groups
Answer: B
Explanation:
With Preferences, local and domain accounts can be added to a local group without affecting the existing members of the group
References:
Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter 8: File Services and Storage, p. 361.
http://technet.microsoft.com/en-us/library/cc785631(v=ws.10).aspx http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local- administrator-groups/
http://technet.microsoft.com/en-us/library/cc780182(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh831424.aspx
Question No: 19
Your companyu2021s security policy states that all of the servers deployed to a branch office must not have the graphical user interface (GUI) installed. In a branch office, a support technician installs a server with a GUI installation of Windows Server 2012 on a new server, and then configures the server as a DHCP server.
You need to ensure that the new server meets the security policy. You want to achieve this goal by using the minimum amount of Administrative effort.
What should you do?
A. Reinstall Windows Server 2012 on the server.
B. From Windows PowerShell, run Uninstall-WindowsFeature Desktop-Experience.
C. From Windows PowerShell, run Uninstall-WindowsFeature PowerShell-ISE.
D. From Server Manager, uninstall the User Interfaces and Infrastructure feature.
Answer: D
Question No: 20
Your network contains an Active Directory domain named contoso.com.
An organizational unit (OU) named OU1 contains the user accounts and the computer accounts for laptops and desktop computers. A Group Policy object (GPO) named GP1 is linked to OU1. You need to ensure that the configuration settings in GP1 are applied only to the laptops in OU1. The solution must ensure that GP1 is applied automatically to new laptops that are added to OU1.
What should you do?
A. Modify the GPO Status of GP1.
B. Configure the WMI Filter of GP1.
C. Modify the security settings of GP1.
D. Modify the security settings of OU1.
Answer: B
100% Down to date Microsoft 70-410 Questions & Answers shared by Examcollection, Get HERE: http://www.examcollectionuk.com/70-410-vce-download.html (New 505 Q&As)