aiotestking uk

70-410 Exam Questions - Online Test


70-410 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. - (Topic 2) 

You have a server that runs a Server Core installation of Windows Server 2012 R2. 

You need to change the DNS server used by IPv6. 

What should you do? 

A. From Sconfig, configure the Network Settings. 

B. Run the sc.exe command and specify the config parameter. 

C. From Windows PowerShell, run the Set-NetIpv6Protocol cmdlet. 

D. From Windows PowerShell, run the Set-DnsClientServerAddress cmdlet. 

Answer:

Explanation: 

The Set-DnsClientServerAddresscmdlet sets one or more IP addresses for DNS servers associated with an interface. This cmdlet statically adds DNS server addresses to the interface. If this cmdlet is used to add DNS servers to the interface, then the DNS servers will override any DHCP configuration for that interface. PS C:\> Set-DnsClientServerAddress -InterfaceIndex 12 -ServerAddresses "10.0.0.1","10.0.0.2") 

References: http://technet.microsoft.com/en-us/library/jj592692.aspx 

http://technet.microsoft.com/en-us/library/jj590768.aspx 

Q2. - (Topic 3) 

You have a server named Server1. Server1 runs Windows Server 2012 R2 and is located in a perimeter network. 

You need to configure a custom connection security rule on Server1. The rule must encrypt network communications across the Internet to a computer at another company. 

Which authentication method should you configure in the connection security rule? 

A. Advanced 

B. User (Kerberos V5) 

C. Default 

D. Computer (Kerberos V5) 

E. Computer and user (Kerberos V5) 

Answer:

Explanation: 

You need to make use of Advanced authentication method to ensure that communication is 

encrypted over the network to the other company from your custom connection security 

rule on Server1. 

References: 

http://technet.microsoft.com/en-us/library/bb742516.aspx 

Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 8: File 

Services and Storage, p. 428 

Q3. - (Topic 3) 

You work as a senior administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers on the Contoso.com network have Windows Server 2012 R2 installed. 

You are running a training exercise for junior administrators. You are currently discussing connection security rules. 

Which of the following is TRUE with regards to connection security rules? (Choose all that apply.) 

A. Connection security rules allows for traffic to be secured via IPsec. 

B. Connection security rules do not allow the traffic through the firewall. 

C. Connection security rules are applied to programs or services. 

D. Connection security rules are applied between two computers. 

Answer: A,B,D 

Explanation: 

Connection security involves the authentication of two computers before they begin communications and the securing of information sent between two computers. Windows Firewall with Advanced Security uses Internet Protocol security (IPsec) to achieve connection security by using key exchange, authentication, data integrity, and, optionally, data encryption. How firewall rules and connection security rules are related Firewall rules allow traffic through the firewall, but do not secure that traffic. To secure traffic with IPsec, you can create Computer Connection Security rules. However, the creation of a connection security rule does not allow the traffic through the firewall. You must create a firewall rule to do this, if the traffic is not allowed by the default behavior of the firewall. Connection security rules are not applied to programs or services; they are applied between the computers that make up the two endpoints. 

Q4. - (Topic 3) 

You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. 

Contoso.com has a server, named ENSUREPASS-SR15, which has Windows Server 2012 R2 installed. Contoso.com also has a server, named ENSUREPASS-SR16, which has Windows Server 2008 R2 SP1 installed. 

You have been instructed to make sure that ENSUREPASS-SR16 is able to run Windows PowerShell 3.0. 

Which of the following actions should you take? (Choose two.) 

A. You should consider making sure that ENSUREPASS-SR16 has a full installation of Microsoft .NET Framework 4 installed. 

B. You should consider making sure that ENSUREPASS-SR16 has a full installation of Microsoft .NET Framework 2 installed. 

C. You should consider making sure that ENSUREPASS-SR16 has WS-Management 3.0 installed. 

D. You should consider making sure that ENSUREPASS-SR16 is upgraded to Windows Server 2012 R2. 

Answer: A,C 

Explanation: 

WS-Management 3.0 – Windows Management Framework 3.0 Includes Windows PowerShell 3.0, WMI, WinRM, Management OData IIS Extension, and Server Manager CIM Provider 

Windows Management Framework 3.0 requires Microsoft .NET Framework 4.0. 

Q5. - (Topic 3) 

Your network contains an Active Directory domain named contoso.com. The network contains a member server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed and has a primary zone for contoso.com. The Active Directory domain contains 500 client computers. There are an additional 20 computers in a workgroup. You discover that every client computer on the network can add its record to the contoso.com zone. 

You need to ensure that only the client computers in the Active Directory domain can register records in the contoso.com zone. 

What should you do first? 

A. Move the contoso.com zone to a domain controller that is configured as a DNS server 

B. Configure the Dynamic updates settings of the contoso.com zone 

C. Sign the contoso.com zone by using DNSSEC 

D. Configure the Security settings of the contoso.com zone. 

Answer:

Explanation: 

If you install DNS server on a non-DC, then you are not able to create AD-integrated zones. DNS update security is available only for zones that are integrated into AD DS. When you directory- integrate a zone, access control list (ACL) editing features are available in DNS Managerso that you can add or remove users or groups from the ACL for a specified zone or resource record. 

1. Active Directory’s DNS Domain Name is NOT a single label name (“DOMAIN” vs. the minimal requirement of”domain.com.” “domain.local”, etc.). 

2. The Primary DNS Suffix MUST match the zone name that is allowing updates. Otherwise the client doesn’t know what zone name to register in. You can also have a different Conneciton Specific Suffix in addition to the Primary DNS Suffix to register into that zone as well. 

3. AD/DNS zone MUST be configured to allow dynamic updates, whether Secure or Secure and Non-Secure. For client machines, if a client is not joined to the domain, and the zone is set to Secure, it will not register either. 

4. You must ONLY use the DNS servers that host a copy of the AD zone name or have a reference to get to them. Do not use your ISP’s, an external DNS address, your router as a DNS address, or any other DNS that does not have a copy of the AD zone. Internet resolution for your machines will be accomplished by the Rootservers (Root Hints), however it’s recommended to configure a forwarder for efficient Internet resolution. 

5. The domain controller is multihomed (which means it has more than one unteamed, active NIC, more than one IP address, and/or RRAS is installed on the DC). 

6. The DNS addresses configured in the client’s IP properties must ONLY reference the DNS server(s) hosting the AD zone you want to update in. This means that you must NOT use an external DNS in any machine’s IP property in an AD environment. You can’t mix them either. That’s because of the way the DNS Client side resolver service works. Even if you mix up internal DNS and ISP’s DNS addresses, the resolver algorithm can still have trouble asking the correct DNS server. It will ask the first one first. If it doesn’t get a response, it removes the first one from the eligible resolvers list and goes to the next in the list. It will not go back to the first one unless you restart the machine, restart the DNS Client service, or set a registry entry to cut the query TTL to 0. The rule is to ONLY use your internal DNS server(s) and configure a forwarder to your ISP’s DNS for efficient Internet resolution. This is the reg entry to cut the query to 0 TTL: The DNS Client service does not revert to using the first server. The Windows 2000 Domain Name System (DNS) Client service (DNS cache) follows a certain algorithm when it decides the order in which to use the DNS servers. http://support.microsoft.com/kb/286834 For more info, please read the following on the client side resolver service: DNS, WINS NetBIOS & the Client Side Resolver, Browser Service, Disabling NetBIOS, Direct Hosted SMB (Direct SMB), If One DC is Down Does a Client logon to Another DC, and DNS Forwarders Algorithm if you have multiple forwarders. 

http://msmvps.com/blogs/acefekay/archive/2009/11/29/dns-wins-netbios-amp-the-clientside- resolverbrowserservice-disabling-netbios-direct-hosted-smb-directsmb-if-one-dc-isdown-does-a- client-logon-toanother-dcand-dns-forwarders-algorithm.aspx 

7. For DHCP clients, DHCP Option 006 for the clients are set to the same DNS server. 

8. If using DHCP, DHCP server must only be referencing the same exact DNS server(s) in 

its own IP properties in order for it to ‘force’ (if you set that setting) registration into DNS. 

Otherwise, how would it know which DNS to send the reg data to? 

9. If the AD DNS Domain name is a single label name, such as “EXAMPLE”, and not the 

proper format of ”example.com” and/or any child of that format, such as 

“child1.example.com”, then we have a real big problem. 

DNS will not allow registration into a single label domain name. 

This is for two reasons: 

1. It’s not the proper hierarchal format. DNS is hierarchal, but a single label name has no 

hierarchy. It’s just a single name. 

2. Registration attempts cause major Internet queries to the Root servers. Why? Because it 

thinks the single label name, such as “EXAMPLE”, is a TLD (Top Level Domain), such as 

“com”, “net”, etc. It will now try to find what Root name server out there handles that TLD. 

In the end it comes back to itself and then attempts to register. Unfortunately it does NOT 

ask itself first for the mere reason it thinks it’s a TLD. (Quoted from Alan Woods, Microsoft, 

2004): 

“Due to this excessive Root query traffic, which ISC found from a study that discovered 

Microsoft DNS servers are causing excessive traffic because of single label names, 

Microsoft, being an internet friendly neighbor and wanting to stop this problem for their 

neighbors, stopped the ability to register into DNS with Windows 2000SP4, XP SP1, 

(especially XP, which cause lookup problems too), and Windows 2003. After all, DNS is 

hierarchal, so therefore why even allow single label DNS domain names?” The above also 

*especially* applies to Windows Vista, 7, 2008, 2008 R2, and newer. 

10. ‘Register this connection’s address” on the client is not enabled under the NIC’s IP 

properties, DNS tab. 

11. Maybe there’s a GPO set to force Secure updates and the machine isn’t a joined 

member of the domain. 

12. ON 2000, 2003 and XP, the “DHCP client” Service not running. In 2008/Vista and 

newer, it’s the DNS Client Service. This is a requirement for DNS registration and DNS 

resolution even if the client is not actually using DHCP. 

13. You can also configure DHCP to force register clients for you, as well as keep the DNS 

zone clean of old or duplicate entries. See the link I posted in my previous post. 

Q6. - (Topic 1) 

Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. 

You create a security template named Template1 by using the security template snap-in. 

You need to apply Template1 to Server2. 

Which tool should you use? 

A. Security Templates 

B. Computer Management 

C. Security Configuration and Analysis 

D. System Configuration 

Answer:

Explanation: 

A security policy is a combination of security settings that affect the security on a computer. You can use your local security policy to edit account policies and local policies on your local computer. 

A. Template was already created – Provide standard security option to use in security policies 

B. Needs to be applied at the GP level 

C. Security templates are inactive until imported into a Group Policy object or the SecurityConfiguration and Analysis 

D. Tool to ID windows problems 

Q7. - (Topic 1) 

Your network contains an Active Directory domain named contoso.com. 

You log on to a domain controller by using an account named Admin1.Admin1 is a member of the Domain Admins group. 

You view the properties of a group named Group1 as shown in the exhibit. (Click the Exhibit button.) 

Group1 is located in an organizational unit (OU) named OU1. 

You need to ensure that users from Group1 can modify the Security settings of OU1 only. 

What should you do from Active Directory Users and Computers? 

A. Modify the Managed By settings on OU1. 

B. Right-click contoso.com and select Delegate Control. 

C. Right-click OU1 and select Delegate Control. 

D. Modify the Security settings of Group1. 

Answer:

Explanation: 

Delegating control to only the OU will allow the users of Group1 to modify the security settings. 

Q8. - (Topic 2) 

Your network contains three servers that run Windows Server 2012 R2. The servers are configured as shown in the following table. 

Server3 is configured to obtain an IP address automatically. 

You need to prevent Server3 from receiving an IP address from Server1. 

What should you create on Server1? 

A. A reservation 

B. A filter 

C. A scope option 

D. An exclusion 

Answer:

Explanation: 

A. For clients that require a constant IP address 

B. Filter to exclude MAC address of Server3 

C. Range of allowed IP’s to be assigned 

D. Exclude range of IP’s MAC address based filtering ensure that only a known set of devices in the system are able to obtain an IPAddress from the DHCP Reservation and Exclusion, two incredibly different concepts. An exclusion is an address or range of addresses taken from a DHCP scope that the DHCP server is not allowed to hand out. For example, if you have set a DHCP server to exclude the address range 192.168.0.1-192.168.0.10 then the only way a computer on your network would get an address of 192.168.0.4 would be if you assigned it statically on that machine. This is because DHCP knows NOT to give this range of IP addresses out. A reservation is a specific IP addresses that is tied to a certain device through its MAC address. For example, if we have a workstation on the network that requires a certain IP address, but we don’t want to go through to trouble of assigning it statically, then we can create a reservation for it. So if the MAC address of the NIC on the computer is AA-BB-00FF-CC-AA and we want it to maintain the IP address of 192.168.0.100 then we would create a DHCP reservation under that particular scope saying that the IP address 

192.168.0.100 is reserved only for the MAC address AA-BB-00-FF-CC-AA. Reference: http://technet.microsoft.com/en-us/magazine/ff521761.aspx 

Q9. - (Topic 3) 

Your company has a remote office that contains 1,600 client computers on a single subnet. You need to select a subnet mask for the network that will support all of the client 

computers. The solution must minimize the number of unused addresses. Which subnet mask should you select? 

A. 255.255.248.0 

B. 255.255.252.0 

C. 255.255.254.0 

D. 255.255.240.0 

Answer:

Q10. HOTSPOT - (Topic 3) 

You have a DNS server named Server 1. Server1 runs Windows Server 2012 R2. 

The network ID is 10.1.1.0/24. 

An administrator creates several reverse lookup zones. 

You need to identify which reverse lookup zone is configured correctly. 

Which zone should you identify? 

To answer, select the appropriate zone in the answer area. 

Answer: