70-410 easy pass guide: Preparing for Microsoft 70-410 exam is really a tough task to accomplish. However, GreatExam delivers the most comprehensive braindumps, covering each and every aspect of 70-410 exam curriculum.
QUESTION 291
Your network contains an Active Directory forest named contoso.com.
The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2.
The domain contains a user named User1 and a global security group named Group1.
You need to ensure that User1 can manage the group membership of Group1. The solution must minimize the number of permissions assigned to User1.
Which cmdlet should you run?
A. Add-AdPrincipalGroupMembership
B. Install- AddsDomainController
C. Install- WindowsFeature
D. Install-AddsDomain
E. Rename-AdObject
F. Set-AdAccountControl
G. Set-AdGroup
H. Set-User
Answer: G
Explanation:
http://technet.microsoft.com/en-us/library/ee617199.aspx
The Set-ADGroup cmdlet modifies the properties of an Active Directory group.
You can modify commonly used property values by using the cmdlet parameters.
QUESTION 292
Your network contains an Active Directory forest named contoso.com.
The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2.
The domain contains a user named User1 and a global security group named Group1.
You need to prevent User1 from changing his password. The solution must minimize administrative effort.
Which cmdlet should you run?
A. Add-AdPrincipalGroupMembership
B. Install- AddsDomainController
C. Install- WindowsFeature
D. Install-AddsDomain
E. Rename-AdObject
F. Set-AdAccountControl
G. Set-AdGroup
H. Set-User
Answer: F
Explanation:
http://technet.microsoft.com/en-us/library/ee617249.aspx
Set-ADAccountControl
The Set-ADAccountControl cmdlet modifies the user account control (UAC) values for an Active Directory user or computer account. UAC values are represented by cmdlet parameters.
CannotChangePassword
Modifies the ability of an account to change its password. To disallow password change by the account set this to $true.. This parameter changes the Boolean value of the CannotChangePassword property of an account.
The following example shows how to specify the PasswordCannotChange parameter.
-CannotChangePassword $false
QUESTION 293
You have a Hyper-V host named Host1 that connects to a SAN by using a hardware Fibre Channel adapter. Host1 contains two virtual machines named VM1 and VM2.
You need to provide VM1 with direct access to the SAN. VM2 must not require access to the SAN. Which two configurations should you perform? (Each correct answer presents part of the solution. Choose two.)
A. On VM1, configure a Fibre Channel adapter.
B. On Host1, configure a new virtual switch.
C. On VM1, add a network adapter.
D. On Host1, configure a new Virtual Fibre Channel SAN.
E. On Host1, modify the Hyper-V settings.
Answer: AD
Explanation:
Step 1:
D: Building a Virtual SAN
The process of setting up virtual Fibre Channel starts with building a virtual SAN. The easiest way to accomplish this is to open the Hyper-V Manager, right click on the listing for your Hyper-V server in the console tree, and then choose the Virtual SAN Manager command from the shortcut menu.
Step 2:
A: Once you have created a virtual SAN, the next step in the process is to link a virtual machine to the virtual SAN. To do so, right click on the virtual machine for which you want to provide Fibre Channel connectivity and select the Settings command from the resulting shortcut menu. Next, select the Add Hardware container, as shown in the figure above, and then select the Fibre Channel Adapter option from the list of available hardware. Etc.
Note:
* Virtual Fibre Channel for Hyper-V (also referred to as Synthetic Fibre Channel) provides VM guest operating systemswith direct access to a Fibre Channel SAN by using a standard World Wide Name (WWN) associated with a virtual machine
QUESTION 294
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the HyperV server role installed. Server1 has 8 GB of RAM. Server1 hosts five virtual machines that run Windows Server 2012 R2. The settings of a virtual machine named Server3 are configured as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that when Server1 restarts, Server3 automatically resumes without intervention. The solution must prevent data loss.
Which settings should you modify?
A. BIOS
B. Automatic Start Action
C. Automatic Stop Action
D. Integration Services
Answer: C
Explanation:
http://www.altaro.com/hyper-v/hyper-v-automatic-start-and-stop-action/
QUESTION 295
You have a laptop named Computer1. Computer1 runs Windows 8 Enterprise.
Computer1 has a wired network adapter and a wireless network adapter. Computer1 connects to a wireless network named Network1.
For testing purposes, you install Windows Server 2012 R2 on Computer1 as a second operating system.
You install the drivers for the wireless network adapter.
You need to ensure that you can connect to Network1 from Windows Server 2012 R2.
What should you do?
A. From a local Group Policy object (GPO), configure the Wireless Network (IEEE 802.11) Policies settings.
B. From a local Group Policy object (GPO), configure the settings of Windows Connection Manager.
C. From Server Manager, install the Wireless LAN Service feature.
D. Restart the WLAN AutoConfig service.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/hh994698.aspx
The Wireless LAN service is a feature in Windows Server® 2012 R2 that you can use to enable the wireless WLAN AutoConfig service, and to configure the WLAN AutoConfig service for automatic startup. Once enabled, the WLAN AutoConfig service dynamically selects which wireless network the computer automatically connects to, and configures the necessary settings on the wireless network adapter. This includes automatically selecting and connecting to a more preferred wireless network when one becomes available.
To enable the Wireless LAN Service
In Server Manager Dashboard, click Manage, and then click Add Roles and Features. The Add Roles and Features Wizard opens.
Click Next. In Select installation type, select Role-based or feature-based installation, and then click Next.
In Select destination server, enable Select a server from the server pool, and in Server Pool, select the server for which you want to enable the Wireless LAN Service, and then click Next.
In Select server roles, click Next.
In Select Server features, in Features, select Wireless LAN Service, and then click Next.
QUESTION 296
Your network contains an Active Directory domain named contoso.com.
You install Windows Server 2012 on a new server named Server1 and you join Server1 to the domain.
You need to ensure that you can view processor usage and memory usage information in Server Manager.
What should you do?
A. From Server Manager, click Configure Performance Alerts.
B. From Server Manager, click Start Performance Counters.
C. From Performance Monitor, start the System Performance Data Collector Set (DCS).
D. From Performance Monitor, create a Data Collector Set (DCS).
Answer: B
QUESTION 297
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2. The domain contains a user named User1 and a global security group named Group1. You need to modify the SAM account name of Group1.
Which cmdlet should you run?
A. Add-AdPrincipalGroupMembership
B. Install AddsDomainControNer
C. Install WindowsFeature
D. Install AddsDomain
E. Rename-AdObject
F. Set-AdAccountControl
G. Set-AdGroup
H. Set-User
Answer: G
Explanation:
The Rename-ADObject cmdlet renames an Active Directory object. This cmdlet sets the Name property of an Active Directory object that has an LDAP Display Name (ldapDisplayName) of “name”. To modify the given name, surname and other name of a user, use the Set-ADUser cmdlet. To modify the Security Accounts Manager (SAM) account name of a user, computer, or group, use the Set-ADUser, Set-ADComputer or Set-ADGroup cmdlet.
QUESTION 298
You have a Hyper-V host named Server1 that runs Windows Server 2012 R2. Server1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2. VM1 has several snapshots.
You need to modify the snapshot file location of VM1.
What should you do?
A. Right-click VM1, and then click Export…
B. Shut down VM1, and then modify the settings of VM1.
C. Delete the existing snapshots, and then modify the settings of VM1.
D. Pause VM1, and then modify the settings of VM1.
Answer: C
Explanation:
http://doquent.wordpress.com/2012/09/02/relocating-a-hyper-v-vm-folder/
It is not A, watch this: http://www.youtube.com/watch?v=YvwtpPQk0Cs
QUESTION 299
Hotspot Question
The settings for a virtual machine named VM2 are configured as shown in the VM2 exhibit. (Click the Exhibit button.)
The settings for Diskl.vhdx are configured as shown in the Diskl.vhdx exhibit. (Click the Exhibit button.)
The settings for Disk2.vhdx are configured as shown in the Disk2.vhdx exhibit. (Click the Exhibit button.)
Select Yes if the statement can be shown to be true based on the available information; otherwise select No. Each correct selection is worth one point.
Answer:
QUESTION 300
You have a server named Server1 that runs Windows Server 2012 R2. A network technician installs a new disk on Server1 and creates a new volume. The properties of the new volume are shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can enable NTFS disk quotas for volume D.
What should you do first?
A. Install the File Server Resource Manager role service.
B. Format volume D.
C. Run the convert.exe command.
D. Convert the disk to a dynamic disk.
Answer: B
Explanation:
http://blogs.technet.com/b/askpfeplat/archive/2013/01/02/windows-server-2012-does-refs-replace-ntfs-when-should-i-use-it.aspx
REFS to NTFS requires format not convert.exe
QUESTION 301
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a print server named Print1 that runs Windows Server 2012 R2. Print1 has 50 shared printers. Each printer is listed in Active Directory. From Active Directory Users and Computers, you browse to Print1 and you discover that the 50 printers are not visible.
You need to ensure that you can view the printer objects in Active Directory Users and Computers. Which option should you select? To answer, select the appropriate option in the answer area.
Answer:
QUESTION 302
You have a file server named File1 that runs Windows Server 2012 R2. File1 contains a shared folder named Share1. Share1 contains an Application named SalesApp1.exe.
The NTFS permissions for Share1 are shown in the following table.
The members of L_Sales discover that they cannot add files to Share1.
Domain users can run SalesApp1.exe successfully.
You need to ensure that the members of L_Sales can add files to Share1.
What should you do?
A. Add the Domain Users group to L_Sales.
B. Add L_Sales to the Domain Users group.
C. Edit the Share permissions.
D. Edit the NTFS permissions.
Answer: D
Explanation:
http://www.techrepublic.com/article/windows-101-know-the-basics-about-ntfs-permissions/
The least restrictive permission applies here, so the users from L_sales have read & execute, write… in order to add files they need the NTFS permission called MODIFY.
Based on NTFS permissions:
Modify: Users can view and modify files and file properties, including deleting and adding files to a directory or file properties to a file.
QUESTION 303
Hotspot Question
You have a file server named Server1 that runs Windows Server 2012 R2.
Server1 contains a folder named Folder1.
A user named User1 is a member of Group1 and Group2.
A user named User2 is a member of Group2 and Group3.
You need to identify which actions the users can perform when they access the files in Share1. What should you identify? To answer, select the appropriate actions for each user in the answer area.
Answer:
Explanation:
In the real exam, it be changed:
User1 is the member of Group2 and Group3, and User2 is a member of Group1 and Group2
QUESTION 304
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the Group Policy Management feature installed. Server2 has the Print and Document Services server role installed. On Server2, you open Print Management and you deploy a printer named Printer1 by using a Group Policy object (GPO) named GPO1.
When you open GPO1 on Server1, you discover that the Deployed Printers node does not appear. You need to view the Deployed Printers node in GPO1.
What should you do?
A. On Server1, modify the Group Policy filtering options of GPO1.
B. On a domain controller, create a Group Policy central store.
C. On Server2, install the Group Policy Management feature.
D. On Server1, configure the security filtering of GPO1.
Answer: C
Explanation:
Pre-Requisites
To use Group Policy for printer deployment you will need to have a Windows Active Directory domain, and this article assumes that your Domain Controller is a Windows 2008 R2 Server. You will also need the Print Services role installed on a server (can be on your DC), and you will be using the Print Management and Group Policy Management consoles to configure the various settings. Its assumed that you have already followed Part One and have one or more printers shared on your server with the necessary drivers, ready to deploy to your client computers.
The wording does not say if GPMC is installed on server 2, so I can only think that it does not deploy the GPO because it had no GPMC on server 2..
GPMC is not installed by default:
http://pipe2text.com/?page_id=1591
http://technet.microsoft.com/en-us/library/cc725932.aspx
QUESTION 305
Your network contains an Active Directory domain named contoso.com.
All of the App1ocker policy settings for the member servers are configured in a Group Policy object (GPO) named GPO1.
A member server named Server1 runs Windows Server 2012 R2.
On Server1, you test a new set of AppLocker policy settings by using a local computer policy.
You need to merge the local AppLocker policy settings from Server1 into the AppLocker policy settings of GPO1.
What should you do?
A. From Local Group Policy Editor on Server1, exportan .xml file. Import the .xml file by using Group
Policy Management Editor.
B. From Local Group Policy Editor on Server1, exportan .inf file. Import the .inf file by using Group Policy
Management Editor.
C. From Server1, run the Set-AppLockerPolicy cmdlet.
D. From Server1, run the New-AppLockerPolicy cmdlet.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/ee791816(v=ws.10).aspx
The Set-AppLockerPolicy cmdlet sets the specified Group Policy Object (GPO) to contain the specified AppLocker policy. If no Lightweight Directory Access Protocol (LDAP) is specified, the local GPO is the default. When the Merge parameter is used, rules in the specified AppLocker policy will be merged with the AppLocker rules in the target GPO specified in the LDAP path. The merging of policies will remove rules with duplicate rule IDs, and the enforcement setting specified by the AppLocker policy in the target GPO will be preserved. If the Merge parameter is not specified, then the new policy will overwrite the existing policy.
QUESTION 306
Your network contains an Active Directory domain named contoso.com.
You have a Group Policy object (GPO) named GP1 that is linked to the domain. GP1 contains a software restriction policy that blocks an Application named App1.
You have a workgroup computer named Computer1 that runs Windows 8. A local Group Policy on Computer1 contains an Application control policy that allows App1.
You join Computer1 to the domain.
You need to prevent App1 from running on Computer1.
What should you do?
A. From Group Policy Management, add an Application control policy to GP1.
B. From Group Policy Management, enable the Enforced option on GP1.
C. In the local Group Policy of Computer1, configure a software restriction policy.
D. From Computer1, run gpupdate /force.
Answer: A
Explanation:
AppLocker policies take precedence over policies generated by SRP on computers that are running an operating system that supports AppLocker
AppLocker policies in the GPO are applied, and they supersede the policies generated by SRP in the GPO and local AppLocker policies or policies generated by SRP.
http://technet.microsoft.com/en-us/library/ee791851.aspx
QUESTION 307
Your network contains an Active Directory domain named contoso.com. The domain contains an Application server named Server1. Server1 runs Windows Server 2012 R2. Server1 is configured as an FTP server. Client computers use an FTP Application named App1.exe. App1.exe uses TCP port 21 as the control port and dynamically requests a data port. On Server1, you create a firewall rule to allow connections on TCP port 21.
You need to configure Server1 to support the client connections from App1.exe. What should you do?
A. Run netsh firewall addportopening TCP 21 dynamicftp.
B. Create a tunnel connection security rule.
C. Create an outbound firewall rule to allow App1.exe.
D. Run netshadvfirewall set global statefulftp enable.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc771920%28v=ws.10%29.aspx#BKMK_set_2a
The netsh firewall context is supplied only for backward compatibility. We recommend that you do not use this context on a computer that is running Windows Vista or a later version of Windows
In the netsh advfirewall firewall context, the add command only has one variation, the add rule command.
Netsh advfirewall set global statefulftp:
Configures how Windows Firewall with Advanced Security handles FTP traffic that uses an initial connection on one port to request a data connection on a different port.
When statefulftp is enabled, the firewall examines the PORT and PASV requests for these other port numbers and then allows the corresponding data connection to the port number that was requested.
Syntax
set global statefulftp { enable | disable | notconfigured }
Parameters
statefulftp can be set to one of the following values:
enable The firewall tracks the port numbers specified in PORT command requests and in the responses to PASV requests, and then allows the incoming FTP data traffic entering on the requested port number.
disable
This is the default value. The firewall does not track outgoing PORT commands or PASV responses, and so incoming data connections on the PORT or PASV requested port is blocked as an unsolicited incoming connection.
notconfigured
Valid only when netsh is configuring a GPO by using the set store command.
QUESTION 308
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains an organizational unit (OU) named OU1 as shown in the OU1 exhibit. (Click the Exhibit button.)
The membership of Group1 is shown in the Group1 exhibit. (Click the Exhibit button.)
You configure GPO1 to prohibit access to Control Panel. GPO1 is linked to OU1 as shown in the GPO1 exhibit. (Click the Exhibit button.)
Select Yes if the statement can be shown to be true based on the available information; otherwise select No. Each correct selection is worth one point.
Answer:
Explanation:
“Using security filtering, you can specify that only certain security principals within a container where the GPO is linked apply the GPO.”
http://technet.microsoft.com/en-us/library/cc781988(v=ws.10).aspx
QUESTION 309
Your company has a main office and four branch offices. The main office contains a server named Server1 that runs Windows Server 2012 R2. The IP configuration of each office is configured as shown in the following table.
You need to add a single static route on Server1 to ensure that Server1 can communicate with the hosts on all of the subnets.
Which command should you run?
A. route.exe add -p 192.168.0.0 mask 255.255.248.0 172.31.255.254
B. route.exe add -p 192.168.12.0 mask 255.255.252.0 172.31.255.254
C. route.exe add -p 192.168.8.0 mask 255.255.252.0 172.31.255.254
D. route.exe add -p 192.168.12.0 mask 255.255.255.0 172.31.255.254
Answer: B
QUESTION 310
You work as an administrator at L2P.com. The L2P.com network consists of a single domain named L2P.com. All servers in the L2P.com domain, including domain controllers, have Windows Server 2012 R2 installed.
You have created and linked a new Group Policy object (GPO) to an organizational unit (OU), named L2PServ, which host the computer accounts for servers in the L2P.com domain.
You have been tasked with adding a group to a local group on all servers in the L2P.com domain. This group should not, however, be removed from the local group.
Which of the following actions should you take?
A. You should consider adding a restricted group.
B. You should consider adding a global group.
C. You should consider adding a user group.
D. You should consider adding a server group.
Answer: A
Explanation:
Restricted groups in Group policies are a simple way of delegating permissions or group membership centrally to any domain computer or server. Using restricted groups it is easier to enforce the lowest possible permissions to any given account.
Computer Configuration\Windows Settings\Security Settings\Restricted Groups
Restricted groups allow an administrator to define two properties for security-sensitive groups (that is, “restricted” groups). The two properties are Members and Member Of .
The Members list defines who should and should not belong to the restricted group.
The Member Of list specifies which other groups the restricted group should belong to. When a restricted Group Policy is enforced, any current member of a restricted group that is not on the Members list is removed. Any user on the Members list which is not currently a member of the restricted group is added. The Restricted Groups folder is available only in Group Policy objects associated with domains, OUs, and sites. The Restricted Groups folder does not appear in the Local Computer Policy object. If a Restricted Group is defined such that it has no members (that is, the Members list is empty), then all members of the group are removed when the policy is enforced on the system. If the Member Of list is empty no changes are made to any groups that the restricted group belongs to. In short, an empty Members list means the restricted group should have no members while an empty Member Of list means “don’t care” what groups the restricted group belongs to.
http://technet.microsoft.com/en-us/library/cc957640.aspx
GreatExam provides guarantee of Microsoft 70-410 exam because GreatExam is an authenticated IT certifications site. The 70-410 study guide is updated with regular basis and the answers are rechecked of every exam. Good luck in your exam.