[2017 PDF&VCE] New Released Exam 70-410 PDF Free From the Lead2pass (101-120)
Lead2pass 2017 September New Microsoft 70-410 Exam Dumps
100% Free Download! 100% Pass Guaranteed!
This dump is valid to pass Microsoft 70-410 exam and don’t just memorize the answer, you need to get through understanding of it because the question changed a little in the real exam. The material is to supplement your studies.
Following questions and answers are all new published by Microsoft Official Exam Center: https://www.lead2pass.com/70-410.html
QUESTION 101
Your network contains a Windows Server 2012 R2 image named Server12.wim.
Server12.wim contains the images shown in the following table.
Server12.wim is located in C:\.
You need to enable the Windows Server Migration Tools feature in the Windows Server 2012 R2 Server Datacenter image.
You want to achieve this goal by using the minimum amount of Administrative effort.
Which command should you run first?
A. dism.exe /mount-wim /wimfile:c:\Server12.wim /index:4 /mountdir:c:\mount
B. imagex.exe /capture c: c:\Server12.wim “windows server 2012server datacenter”
C. dism.exe /image: c:\Server12.wim /enable-feature /featurename: servermigration
D. imagex.exe /apply c:\Server12.wim 4 c:\
Answer: A
Explanation:
A. Mounts the image before making any chnages
B. imagex /capture creates windows images .wim
C. You need to mount the image first
D. imagex /Apply Applies image to drive
The Deployment Image Servicing and Management (DISM) tool is a command-line tool that is used to modifyWindows images.
You can use DISM to enable or disable Windows features directly from the commandprompt, or by Applying an answer file to the image.
You can enable or disable Windows features offline on a WIM or VHD file, or online on a running operating system.
You can also use the DISM image management command to list the image index numbers or to verify thearchitecture for the image that you are mounting.ex:
Dism /Mount-Image /ImageFile:C:\test\images\install.wim /Name:”Base Windows Image”
/MountDir:C:\test\offline
By default, DISM is installed at C:\Program Files (x86)\Windows Kits\8.0\Assessment and
Deployment Kit\Deployment Tools\
http://technet.microsoft.com/en-us/library/hh824822.aspx
http://technet.microsoft.com/en-us/library/hh825258.aspx
http://technet.microsoft.com/en-us/library/cc749447(v=ws.10).aspx http://technet.microsoft.com/en-us/library/dd744382(v=ws.10).aspx
QUESTION 102
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1.
Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
On Server1, you create a virtual machine named VM1.
When you try to add a RemoteFX 3D Video Adapter to VM1, you discover that the option is unavailable as shown in the following exhibit.
You need to add the RemoteFX 3D Video Adapter to VM1.
What should you do first?
A. On Server1, run the Enable-VMRemoteFxPhysicalVideoAdapter cmdlet.
B. On Server1, install the Media Foundation feature.
C. On Server1, run the Add-VMRemoteFx3dVideoAdapter cmdlet.
D. On Server1, install the Remote Desktop Virtualization Host (RD Virtualization Host) role service.
Answer: D
Explanation:
A. Enables one or more RemoteFX physical video adapters for use with RemoteFX-enabled virtual machines.
B.
C. Adds a RemoteFX video adapter in a virtual machine.
D. Role must be added for host first
TM is included as part of the Remote Desktop Virtualization Host role service, and it
Microsoft?RemoteFX
enables the delivery of a full Windows user experience to a range of client devices including rich clients, thin clients, and ultrathin clients. RemoteFX renders content by using graphics processing units (GPUs) that are present on the server and then shared across multiple virtual desktops. RemoteFX renders a range of content including DirectX and all types of multimedia, and it is optimized for LAN-based networks. The number of monitors and their maximum resolution determines the amount of GPU memory on the server required by RemoteFX. This consideration is important in determining the scale for how many virtual machines a Remote Desktop
Virtualization Host server can support.
http://technet.microsoft.com/en-us/library/hh848506(v=wps.620).aspx http://technet.microsoft.com/en-us/library/hh848520(v=wps.620).aspx http://technet.microsoft.com/en-us/library/ff817586(v=ws.10).aspx
QUESTION 103
Your network contains an Active Directory domain named contoso.com. The network contains a domain controller named DC1 that has the DNS Server server role installed.
DC1 has a standard primary DNS zone for contoso.com.
You need to ensure that only client computers in the contoso.com domain will be able to add their records to the contoso.com zone.
What should you do first?
A. Modify the Security settings of Dc1
B. Modify the Security settings of the contoso.com zone.
C. Store the contoso.com zone in Active Directory
D. Sign the contoso.com zone.
Answer: C
Explanation:
C. Only Authenticated users can create records when zone is stored in AD Secure dynamic updates allow an administrator to control what computers update what names and preventunauthorized computers from overwriting existing names in DNS. If you have an Active Directory infrastructure, you can only use Active Directory – integrated zones on ActiveDirectory domain controllers. If you are using Active Directory – integrated zones, you must decide whether or not to store Active Directory – integrated zones in the Application directory partition.
To configure computers to update DNS data more securely, store DNS zones in Active Directory DomainServices (AD DS) and use the secure dynamic update feature. Secure dynamic update restricts DNS zone updates to only those computers that are authenticated and joinedto the Active Directory domain where the DNS server is located and to the specific security settings that
aredefined in the access control lists (ACLs) for the DNS zone.
http://technet.microsoft.com/en-us/library/cc731204(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc755193.aspx
http://technet.microsoft.com/en-us/library/cc786068%28v=ws.10%29.aspx
QUESTION 104
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4. Server1 is configured as shown in the following table.
You install a network monitoring application on VM2.
You need to ensure that all of the traffic sent to VM3 can be captured on VM2.
What should you configure?
A. NUMA topology
B. Resource control
C. resource metering
D. virtual Machine Chimney
E. the VLAN ID
F. Processor Compatibility
G. the startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Answer: J
Explanation:
J. With Hyper-V Virtual Switch port mirroring, you can select the switch ports that are monitored as well as the switch port that receives copies of all the traffic
http://technet.microsoft.com/en-us/library/jj679878.aspx#bkmk_portmirror
QUESTION 105
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4. Server1 is configured as shown in the following table.
You plan to schedule a complete backup of Server1 by using Windows Server Backup.
You need to ensure that the state of VM1 is saved before the backup starts.
What should you configure?
A. NUMA topology
B. Resource control
C. resource metering
D. virtual Machine Chimney
E. the VLAN ID
F. Processor Compatibility
G. the startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Answer: I
Explanation:
What is the Hyper-V Saved State?
Some Hyper-V virtual machines briefly go offline into a “Saved State” at the initial phase of a backup.
While the backup is running, they usually come back online after a couple of seconds. Background KnowledgeThe decision to pull Hyper-V virtual machines offline into a Saved State is done solely within Hyper-VManagement Services.
Backup software utilities have no way to force a live backup when Hyper-V determines it can’t and shouldn’t bedone.There are many factors that are considered by Hyper-V when it decides whether to take a VM offline or not,Hyper-V Live Backup Requirements:
To achieve zero downtime live backups of virtual machines, you need the following conditions met:
1. The VM guest needs to have Integration Services installed, enabled, and running (COM+ System Application Service, Distributed Transaction Coordinator Service, and Volume Shadow Copy Service). Alsoreview the VM settings in Hyper-V, the ‘backup’ option needs to be checked.
2. All disks involved need to be formatted with NTFS, including the disks within the VM.
3. The Volume Shadow Copy Service and related VSS services need to be enabled and running.
4. The shadow copy storage space for each drive must be available to Hyper-V VSS Writer and be located atthe same volume. For instance, the storage space for drive C: needs to be on drive C: itself, and so on. Usethe VSSADMIN command from the command line to check the settings. (Use:
vssadmin list shadowstorage /vssadmin resize shadowstorage)
5. Ensure the VMs are partitioned using ‘basic disk’ formatting.
At the moment Hyper-V does not support livebackup for VMs formatted using dynamic disk partitioning or GPT.
7. Ensure you have at least about 20% free space on each drive involved, such as the drive on the host andthe VM’s main system drive.
8. Ensure plenty of un-fragmented RAM is available on the host. If a machine is pulled into Saved State, Hyper-V may not be able to bring the VM back online if it can’t allocate a continuous block of RAM. Note that theremay be sufficient total RAM available but not enough to place a single block. You should therefore aim to keepat least 512 MB to 1 GB of RAM free when all VMs are powered up.
http://msdn.microsoft.com/en-us/library/dd405549(v=vs.85).aspx http://backupchain.com/Understanding-Saved-State-Hyper-V-Backup.html
QUESTION 106
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4. Server1 is configured as shown in the following table.
VM3 is used to test applications.
You need to prevent VM3 from synchronizing its clock to Server1.
What should you configure?
A. NUMA topology
B. Resource control
C. resource metering
D. virtual Machine Chimney
E. the VLAN ID
F. Processor Compatibility
G. the startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Answer: I
Explanation:
By default when you install the Integration Services/Components you get time synchronization with the host OS, here is how to disable ongoing time synchronization. When you install the integration services/components in Hyper-V virtual machine you get a set of services installed and enabled by default.
Operating system shutdown
Time synchronization
Data exchange heartbeat
Backup via VSS
If you do not want the virtual machine to continuously synch its time to the Hyper-V host using the integration service, you can disable the integration service from the Hyper-V manager.
Open up the settings for the VM
Under Management, highlight the Integration Services option and you will get a list of the Integration
Services installed and enabled Uncheck the Time Synchronization service and press Apply. The virtual machine will now not sync its time with the Hyper-V host on a continuous basis….BUT it will always sync once at power on. This is required to boot strap the timer inside the virtual machine
http://www.virtualizationadmin.com/kbase/VirtualizationTips/ServerVirtualization/MicrosoftHyper- VTips/PerformanceandScalability/DisablingTimeSyncinaVM.html http://blogs.technet.com/b/virtualization/archive/2008/08/29/backing-up-hyper-v- virtualmachines.aspx
QUESTION 107
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4. Server1 is configured as shown in the following table.
You need to configure VM4 to track the CPU, memory, and network usage.
What should you configure?
A. NUMA topology
B. Resource control
C. resource metering
D. Virtual Machine Chimney
E. the VLAN ID
F. Processor Compatibility
G. the startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Answer: C
Explanation:
http://blogs.technet.com/b/meamcs/archive/2012/05/28/hyper-v-resource-metering-inwindows- server-2012-server-8-beta.aspx
Metrics
collected for each virtual machine using resource metering:
Average CPU usage, measured in megahertz over a period of time.
Average physical memory usage, measured in megabytes.
Minimum memory usage (lowest amount of physical memory).
Maximum memory usage (highest amount of physical memory).
Maximum amount of disk space allocated to a virtual machine.
Total incoming network traffic, measured in megabytes, for a virtual network adapter.
Total outgoing network traffic, measured in megabytes, for a virtual network adapter
QUESTION 108
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4. Server1 is configured as shown in the following table.
You need to ensure that VM1 can use more CPU time than the other virtual machines when the CPUs on Server1 are under a heavy load.
What should you configure?
A. NUMA topology
B. Resource control
C. resource metering
D. Virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Answer: B
Explanation:
B. Resource controls provide you with several ways to control the way that Hyper-V allocates resources to virtual machine
When you create a virtual machine, you configure the memory and processor to provide the appropriate computing resources for the workload you plan to run on the virtual machine. This workload consists of the guest operating system and all applications and services that will run at the same time on the virtual machine.
Resource controls provide you with several ways to control the way that Hyper-V allocates resources to virtual machines.
Virtual machine reserve. Of the processor resources available to a virtual machine, specifies the percentage that is reserved for the virtual machine. This setting guarantees that the percentage you specify will be available to the virtual machine. This setting can also affect how many virtual machines you can run at one time.
Virtual machine limit. Of the processor resources available to a virtual machine, specifies the maximum percentage that can be used by the virtual machine. This setting applies regardless of whether other virtual machines are running.
Relative weight. Specifies how Hyper-V allocates resources to this virtual machine when more than one virtual machine is running and the virtual machines compete for resources.
http://technet.microsoft.com/en-us/library/cc742470.aspx
QUESTION 109
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4. Server1 is configured as shown in the following table.
VM2 sends and receives large amounts of data over the network.
You need to ensure that the network traffic of VM2 bypasses the virtual switches of the parent partition.
What should you configure?
A. NUMA topology
B. Resource control
C. Resource metering
D. Virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Answer: K
Explanation:
K. SR-IOV maximizes network throughput while minimizing network latency as well as the CPU overhead required for processing network traffic.
http://technet.microsoft.com/en-us/library/hh831410.aspx
QUESTION 110
Your network contains an Active Directory domain named contoso.com. The network contains a member server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed and has a primary zone for contoso.com. The Active Directory domain contains 500 client computers. There are an additional 20 computers in a workgroup. You discover that every client computer on the network can add its record to the contoso.com zone.
You need to ensure that only the client computers in the Active Directory domain can register records in the contoso.com zone.
What should you do first?
A. Move the contoso.com zone to a domain controller that is configured as a DNS server
B. Configure the Dynamic updates settings of the contoso.com zone
C. Sign the contoso.com zone by using DNSSEC
D. Configure the Security settings of the contoso.com zone.
Answer: A
Explanation:
If you install DNS server on a non-DC, then you are not able to create AD-integrated zones. DNS update security is available only for zones that are integrated into AD DS. When you directory- integrate a zone, access control list (ACL) editing features are available in DNS Managerso that you can add or remove users or groups from the ACL for a specified zone or resource record. http://technet.microsoft.com/en-us/library/cc771255.aspx
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/9b041bbc-07654eed- bd1cd65027f05e9f/
http://blogs.msmvps.com/acefekay/2012/11/19/ad-dynamic-dns-updates-registration-rulesof- engagement/
1. Active Directory’s DNS Domain Name is NOT a single label name (“DOMAIN” vs the minimal requirement of”domain.com.” “domain.local,” etc).
2. The Primary DNS Suffix MUST match the zone name that is allowing updates. Otherwise the client doesn’tknow what zone name to register in.
You can also have a different Conneciton Specific Suffix in addition to thePrimary DNS Suffix to register into that zone as well.
3. AD/DNS zone MUST be configured to allow dynamic updates, whether Secure or Secure and Non-Secure.
For client machines, if a client is not joined to the domain, and the zone is set to Secure, it will not registereither.
4. You must ONLY use the DNS servers that host a copy of the AD zone name or have a reference to get tothem. Do not use your ISP’s, an external DNS adddress, your router as a DNS address, or any other DNS thatdoes not have a copy of the AD zone. Internet resolution for your machines will be accomplished by the Rootservers (Root Hints), however it’s recommended to configure a forwarder for efficient Internet resolution. .
5. The domain controller is multihomed (which means it has more than one unteamed, active NIC, more thanone IP address, and/or RRAS is installed on the DC).
6. The DNS addresses configured in the client’s IP properties must ONLY reference the DNS server(s) hostingthe AD zone you want to update in. This means that you must NOT use an external DNS in any machine’s IP property in an AD environment.
You can’t mix them either. That’s because of the way the DNS Client side resolver service works. Even if youmix up internal DNS and ISP’s DNS addresses, the resolver algorithm can still have trouble asking the correctDNS server. It will ask the first one first. If it doesn’t get a response, it removes the first one from the eligibleresolvers list and goes to the next in the list. It will not go back to the first one unless you restart the machine,restart the DNS Client service, or set a registry entry to cut the query TTL to 0. The rule is to ONLY use yourinternal DNS server(s) and configure a forwarder to your ISP’s DNS for efficient Internet resolution.
This is the reg entry to cut the query to 0 TTL:
The DNS Client service does not revert to using the first server …The Windows 2000 Domain Name System (DNS) Client service (Dnscache) follows a certain algorithm when it decides the order in which to use the DNSservers …
http://support.microsoft.com/kb/286834
For more info, please read the following on the client side resolver service:
DNS, WINS NetBIOS & the Client Side Resolver, Browser Service, Disabling NetBIOS, Direct Hosted SMB(DirectSMB), If One DC is Down Does a Client logon to Another DC, and DNS Forwarders Algorithm if youhave multiple forwarders.
http://msmvps.com/blogs/acefekay/archive/2009/11/29/dns-wins-netbios-amp-the-clientside- resolver-browserservice-disabling-netbios-direct-hosted-smb-directsmb-if-one-dc-isdown-does-a- client-logon-to-another-dcand-dns-forwarders-algorithm.aspx
7. For DHCP clients, DHCP Option 006 for the clients are set to the same DNS server.
8. If using DHCP, DHCP server must only be referencing the same exact DNSserver(s) in it’s own IP properties in order for it to ‘force’ (if you setthat setting) registration into DNS. Otherwise, how would it know which DNSto send the reg data to?
9. If the AD DNS Domain name is a single label name, such as “EXAMPLE”, and not the proper format of”example.com” and/or any child of that format, such as “child1.example.com”,
then we have a real big problem.
DNS will not allow registration into a single label domain name.
This is for two reasons:
1. It’s not the proper hierachal format. DNS is hierarchal, but a single label name has no hierarchy.
It’s just asingle name.
2. Registration attempts causes major Internet queriesto the Root servers. Why? Because it thinks thesingle label name, such as “EXAMPLE”, is a TLD(Top Level Domain), such as “com”, “net”, etc. Itwill now try to find what Root name server out therehandles that TLD. In the end it comes back to itselfand then attempts to register. Unfortunately it doe NOTask itself first for the mere reason it thinks it’s a TLD.
(Quoted from Alan Woods, Microsoft, 2004):
“Due to this excessive Root query traffic, which ISC found from a study that discovered Microsoft DNS serversare causing excessive traffic because of single label names, Microsoft, being an internet friendly neighbor andwanting to stop this problem for their neighbors, stopped the ability to register into DNS with Windows 2000SP4, XP SP1, (especially XP,which cause lookup problems too), and Windows 2003. After all, DNS ishierarchal, so therefore why even allow single label DNS domain names?”
The above also *especially* Applies to Windows Vista, &, 2008, 2008 R2, and newer.
10. ‘Register this connection’s address” on the client is not enabled under the NIC’s IP properties, DNS tab.
11. Maybe there’s a GPO set to force Secure updates and the machine isn’t a joined member of the domain.
12. ON 2000, 2003 and XP, the “DHCP client” Service not running. In 2008/Vista and newer, it’s the DNSClient Service. This is a requirement for DNS registration and DNS resolution even if the client is not actuallyusing DHCP.
13. You can also configure DHCP to force register clients for you, as well as keep the DNS zone clean of old orduplicate entries. See the link I posted in my previous post.
QUESTION 111
Your company has a remote office that contains 1,600 client computers on a single subnet.
You need to select a subnet mask for the network that will support all of the client computers.
The solution must minimize the number of unused addresses.
Which subnet mask should you select?
A. 255.255.248.0
B. 255.255.252.0
C. 255.255.254.0
D. 255.255.240.0
Answer: A
Explanation:
255.255.252.0 = 11111111.11111111.11111100.00000000 =>( 22 bits 1 .. 10 bits 0 ) => 1111111111 = 1023
255.255.254.0 = 11111111.11111111.11111110.00000000 =>( 23 bits 1 .. 9 bits 0 ) => 111111111 = 511
255.255.255.0 = 11111111.11111111.11111111.00000000 =>( 24 bits 1 .. 8 bits 0 ) => 11111111 = 255
255.255.255.128 = 11111111.11111111.11111111.10000000 =>( 25 bits 1 .. 7 bits 0 ) => 1111111 = 127
http://zeus.fh-brandenburg.de/~ihno/doc/lehre/internet/ip_eng.html
QUESTION 112
You plan to deploy a DHCP server that will support four subnets.
The subnets will be configured as shown in the following table.
You need to identify which network ID you should use for each subnet.
What should you identify? To answer, drag the appropriate network ID to the each subnet in the answer area.
Answer:
Explanation:
http://zeus.fh-brandenburg.de/~ihno/doc/lehre/internet/ip_eng.html
QUESTION 113
You work as a senior administrator at L2P.com. The L2P.com network consists of a single domain named L2P.com. All servers on the L2P.com network have Windows Server 2012 R2 installed, and all workstations have Windows 8 installed.
You are running a training exercise for junior administrators.
You are currently discussing a Windows PowerShell cmdlet that activates previously de-activated firewall rules.
Which of the following is the cmdlet being discussed?
A. Set-NetFirewallRule
B. Enable-NetFirewallRule
C. Set-NetIPsecRule
D. Enable-NetIPsecRule
Answer: B
Explanation:
Enable-NetFirewallRule – Enables a previously disabled firewall rule.
http://technet.microsoft.com/en-us/library/cc990290(v=ws.10).aspx http://technet.microsoft.com/en-us/library/jj574205.aspx
http://mikefrobbins.com/2013/02/28/use-powershell-to-remotely-enable-firewall-exceptions-on-windows- server-2012/
http://technet.microsoft.com/en-us/library/jj554869%28v=wps.620%29.aspx
QUESTION 114
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 is located on the same subnet as all of the client computers. A network technician reports that he receives a “Request timed out” error message when he attempts to use the ping utility to connect to Server1 from his client computer. The network technician confirms that he can access resources on Server1 from his client computer.
You need to configure Windows Firewall with Advanced Security on Server1 to allow the ping utility to connect.
Which rule should you enable?
A. File and Printer Sharing (Echo Request – ICMPv4-In)
B. Network Discovery (WSD-In)
C. File and Printer Sharing (NB-Session-In)
D. Network Discovery (SSDP-In)
Answer: A
Explanation:
Ping uses ICMP
Open Control Panel, then select System and Security by clicking on that header Select Windows Firewall, Advanced SettingsIn `Windows Firewall with Advanced security’ click on `Inbound rules’ Scroll down to `File and Printer sharing(Echo request ICMPv4-In).
Right click on the rule and select `Enable rule’
Make sure that it turns green
Powershell:
Import-Module NetSecurity
Set-NetFirewallRule -DisplayName “File and Printer Sharing (Echo Request ?ICMPv4-In)”
-enabled True
QUESTION 115
You have a file server named Server1 that runs Windows Server 2012 R2.
You need to ensure that a user named User1 can use Windows Server Backup to create a complete backup of Server1.
What should you configure?
A. The local groups by using Computer Management
B. A task by using Authorization Manager
C. The User Rights Assignment by using the Local Group Policy Editor
D. The Role Assignment by using Authorization Manager
Answer: A
Explanation:
A. User needs to be added to local Backup Operator group
B. AzMan is a role-based access control (RBAC) framework that provides an administrative tool to manage authorization policy and a runtime that allows Applications to perform access checks against that policy.
C. User Rights Assignment policies determines which users or groups have logon rights or privileges on the computer
D. AzMan is a role-based access control (RBAC) framework that provides an administrative tool to manage authorization policy and a runtime that allows Applications to perform access checks against that policy.
http://technet.microsoft.com/en-us/library/cc780182(v=ws.10).aspx
http://msdn.microsoft.com/en-us/library/bb897401.aspx
QUESTION 116
Your network contains a production Active Directory forest named contoso.com and a test Active Directory forest named contoso.test. A trust relationship does not exist between the forests. In the contoso.test domain, you create a backup of a Group Policy object (GPO) named GPO1.
You transfer the backup of GPO1 to a domain controller in the contoso.com domain.
You need to create a GPO in contoso.com based on the settings of GPO1.
You must achieve this goal by using the minimum amount of Administrative effort.
What should you do?
A. From Windows PowerShell, run the Get-GPO cmdlet and the Copy- GPO cmdlet.
B. From Windows PowerShell, run the New-GPO cmdlet and the Import- GPO cmdlet.
C. From Group Policy Management, create a new starter GPO. Right-click the new starter GPO, and then
click Restore from Backup.
D. From Group Policy Management, right-click the Croup Policy Objects container, and then click Manage
Backups.
Answer: B
Explanation:
A. Copy-GPO requires domain trust / copy from one domain to another domain within the same forest.
B. The Import-GPO cmdlet imports the settings from a GPO backup into a specified target GPO. Thetarget GPO can be in a different domain or forest than that from which the backup was made and itdoes not have to exist prior to the operation.
C.
D: You can also restore GPOs. This operation takes a backed-up GPO and restores it to the same domain from rom the GPO’s original
which it was backed up. You cannot restore a GPO from backup into a domain different f domain.
The New-GPO cmdlet creates a new GPO with a specified name. By default, the newly created GPO is not linked to a site, domain, or organizational unit (OU). The Import-GPO cmdlet imports the settings from a GPO backup into a specified target GPO. The target GPO can be in a different domain or forest than that from which the backup was made and it does not have to exist prior to the operation.
The Restore-GPO cmdlet restores a GPO backup to the original domain from which it was saved. If the original domain is not available, or if the GPO no longer exists in the domain, the cmdlet fails.
http://technet.microsoft.com/en-us/library/cc781458(v=WS.10).aspx http://technet.microsoft.com/en-us/library/hh967461.aspx
http://technet.microsoft.com/en-us/library/ee461050.aspx
http://technet.microsoft.com/en-us/library/ee461044.aspx
http://blogs.technet.com/b/askpfeplat/archive/2012/11/04/windows-server-2012-the-new-and-improved- group-policy-management-console.aspx
QUESTION 117
Your network contains an active directory forest. The forest functional level is Windows server
2012. The forest contains a single domain. The domain contains a member server named
Server1 that run windows server 2012.
You purchase a network scanner named Scanner1 that
supports Web Services on Devices (WDS).
You need to share the network scanner on Server1
Which server role should you install on Server1?
A. Web Server (IIS)
B. Fax Server
C. File and Storage Services
D. Print and Document Services
Answer: D
Explanation:
Print and Document Services enables you to centralize print server and network printer tasks. With this role, you can also receive scanned documents from network scanners and route the documents to a shared network resource, Windows SharePoint Services site, or email addresses.
Windows Server 2012 uses Web Services on Devices (WSD) technologies to integrate scanning devices into the system
http://technet.microsoft.com/en-us/library/hh831468.aspx
http://technet.microsoft.com/en-us/library/jj134196.aspx
QUESTION 118
Your network contains an Active Directory forest named adatum.com. The forest contains a child domain named asia.adatum.com. The asia.adatum.com child domain contains a server named DHCP1 that runs Windows Server 2012 R2.
You install the DHCP Server server role on DHCP1.
You have access to the administrative accounts shown in the following table.
You need to authorize DHCP1.
Which user account should you use?
A. Admin1
B. Admin2
C. Admin3
D. Admin4
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc759688(v=ws.10).aspx
QUESTION 119
Your network contains a server named Server1 that runs Windows Server 2012 R2. App1 has the Print and Document Services server role installed. All client computers run Windows 8.
The network contains a network-attached print device named Printer1. From App1, you share Printer1.
You need to ensure that users who have connected to Printer1 previously can print to Printer1 if App1 fails.
What should you configure? To answer, select the appropriate option in the answer area.
Answer:
Explanation:
Branch Office Direct Printing can reduce Wide Area Network (WAN) usage by printing directly to a print device instead of a server print queue. This feature can be enabled or disabled on a per printer basis and is transparent to the user. It is enabled by an administrator using the Print Management Console or Windows PowerShell on the server.
The printer information is cached in the branch office, so that if the print server is unavailable for some reason (for example if the WAN link to the data center is down), then it is still possible for the user to print.
Branch Office Direct Printing requires the following operating systems:
Windows Server 2012
Windows 8
http://technet.microsoft.com/en-us/library/jj134156.aspx
QUESTION 120
You have a server named Server1. Server1 runs Windows Server 2012 R2.
Server1 has two network adapters and is located in a perimeter network.
You need to install a DHCP Relay Agent on Server1.
Which node should you use to add the DHCP Relay Agent? To answer, select the appropriate node in the answer area.
Answer:
Explanation:
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.
To configure the IPv4 DHCP relay agent
1. In the Routing and Remote Access MMC snap-in, expand IPv4, right-click General, and then click New Routing Protocol.
2. In the New Routing Protocol dialog box, select DHCPv4 Relay Agent, and then click OK.
3. In the navigation pane, right-click DHCPv4 Relay Agent, and then click New Interface.
4. Add the network interfaces on which the server might receive DHCPv4 requests that you want to send to the DHCP server. Right-click DHCPv4 Relay Agent, click New Interface, select the appropriate network interface, and then click OK.
5. In the DHCP Relay Properties dialog box, select Relay DHCP packets, and then click OK.
6. In the navigation pane, right-click DHCP Relay Agent, and then click Properties.
7. On the General tab, enter the IPv4 address of the DHCP servers that you want to provide DHCP services for the RRAS server’s clients, click Add, and then click OK.
http://technet.microsoft.com/en-us/library/dd469685.aspx
More free Lead2pass 70-410 exam new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDcXAzcDVNOWI1blU
About 90% questions are from this 70-410 dump. One thing you need to pay attention is the questions are rephrased in the real 70-410 exam. And btw selections are jumbled so you must remember the answer itself not the letter of choice.
2017 Microsoft 70-410 (All 484 Q&As) exam dumps (PDF&VCE) from Lead2pass:
https://www.lead2pass.com/70-410.html [100% Exam Pass Guaranteed]