Secrets to mcsa 70 410

High value of exam 70 410 pdf real exam materials and braindump for Microsoft certification for client, Real Success Guaranteed with Updated 70 410 installing and configuring windows server 2012 pdf pdf dumps vce Materials. 100% PASS Installing and Configuring Windows Server 2012 exam Today!

Q171. - (Topic 3) 

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. 

The domain contains a server named Server1 that runs Windows Server 2012 R2. 

You need to ensure that when users log on to Server1, their user account is added automatically to a local group named Group1 during the log on process. 

Which Group Policy settings should you modify? 

A. User Rights Assignment 

B. Preferences 

C. Security Options 

D. Restricted Groups 

Answer:

Explanation: 

With Preferences, local and domain accounts can be added to a local group without affecting the existing members of the group 

References: Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter 8: File Services and Storage, p. 361 

http://technet.microsoft.com/en-us/library/cc785631(v=ws.10).aspx http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/ 

http://technet.microsoft.com/en-us/library/cc780182(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh831424.aspx 


Q172. - (Topic 3) 

Your network contains two Active Directory forests named contoso.com and adatum.com. All servers run Windows Server 2012 R2. A one-way external trust exists between contoso.com and adatum.com. 

Adatum.com contains a universal group named Group1. You need to prevent Group1 from being used to provide access to the resources in contoso.com. 

What should you do? 

A. Change the scope of Group1 to domain local. 

B. Modify the Allowed to Authenticate permissions in adatum.com. 

C. Enable SID quarantine on the trust between contoso.com and adatum.com. 

D. Modify the Allowed to Authenticate permissions in contoso.com. 

Answer:

Explanation: 

* Accounts that require access to the customer Active Directory will be granted a special right called Allowed to Authenticate. This right is then applied to computer objects (Active Directory domain controllers and AD RMS servers) within the customer Active Directory to which the account needs access. 

* For users in a trusted Windows Server 2008 or Windows Server 2003 domain or forest to be able to access resources in a trusting Windows Server 2008 or Windows Server 2003 domain or forest where the trust authentication setting has been set to selective authentication, each user must be explicitly granted the Allowed to Authenticate permission on the security descriptor of the computer objects (resource computers) that reside in the trusting domain or forest. 


Q173. - (Topic 2) 

Your network contains an Active Directory domain named contoso.com. The domain contains 20 computer accounts that reside in an organizational unit (OU) named OU1. 

A Group Policy object (GPO) named GPO1 is linked to OU1. GPO1 is used to assign several user rights to a user named User1. 

In the Users container, you create a new user named User2. 

You need to ensure that User2 is assigned the same user rights as User1 on all of the client computers in OU1. 

What should you do? 

A. Modify the settings in GPO1. 

B. Modify the link of GPO1. 

C. Link a WMI filter to GPO1. 

D. Move User2 to OU1. 

Answer:

Explanation: 

The GPO is linked to OU1. By moving User2 to OU1 the GPO will be applied to this user. 


Q174. - (Topic 3) 

Your network contains an Active Directory domain named contoso.com. 

You need to prevent users from installing a Windows Store app named App1. 

What should you create? 

A. An application control policy executable rule 

B. An application control policy packaged app rule 

C. A software restriction policy certificate rule 

D. An application control policy Windows Installer rule 

Answer:

Explanation: 

Windows 8 is coming REALLY SOON and of course one of the big new things to computer with that is the new Packaged Apps that run in the start screen. However these apps are very different and do not install like traditional apps to a path or have a true “executable” file to launch the program. Of course enterprises need a way to control these packaged apps and therefore Microsoft has added a new feature Packaged Apps option to the App1ocker feature. 

A. For .exe or .com 

B. A publisher rule for a Packaged app is based on publisher, name and version 

C. You can create a certificate rule that identifies software and then allows or does not allow the software to run, depending on the security level. 

D. For .msi or .msp Packaged apps (also known as Windows 8 apps) are new to Windows Server 2012 R2 and Windows 8. They are based on the new app model that ensures that all the files within an app package share the same identity. Therefore, it is possible to control the entire Application using a single App1ocker rule as opposed to the non-packaged apps where each file within the app could have a unique identity. Windows does not support unsigned packaged apps which implies all packaged apps must be signed. App1ocker supports only publisher rules for Packaged apps. A publisher rule for a packaged app is based on the following information: Publisher of the package Package name Package version Therefore, an App1ocker rule for a Packaged app controls both the installation as well as the running of the app. Otherwise, the publisher rules for Packaged apps are no different than the rest of the rule collections; they support exceptions, can be increased or decreased in scope, and can be assigned to users and groups. 


Q175. - (Topic 3) 

Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 is a DHCP server that is configured to have a scope named Scope1. Server2 is configured to obtain an IP address automatically. 

In Scope1, you create a reservation named Res_Server2 for Server2. 

A technician replaces the network adapter on Server2. 

You need to ensure that Server2 can obtain the same IP address. 

What should you modify on Server1? 

A. The Name Protection settings of Scope1 

B. The MAC address of Res_Server2 

C. The Advanced settings of Res_Server2 

D. The Network Access Protection Settings of Scope1 

Answer:

Explanation: 

DHCP reservations are given based upon MAC address (at least on IPv4/DHCPv4). For clients that require a constant IP address, you can either manually configure a static IP address, or assign a reservation on the DHCP server. Reservations are permanent lease assignments that are used to ensure that a specified client on a subnet can always use the same IP address. You can use DHCP reservations for hosts that require a consistent IP address, but do not need to be statically configured. DHCP reservations provide a mechanism by which IP addresses may be permanently assigned to a specific client based on the MAC address of that client. The MAC address of a Windows client can be found running the ipconfig /all command. For Linux systems the corresponding command is ifconfig -a. Once the MAC address has been identified, the reservation may be configured using either the DHCP console or at the command prompt using the netsh tool. 

Media access control (MAC) address authorization functions in the same way as automatic number identification (ANI) authorization, but it is used for wireless clients and clients connecting to your network by using an 802.1X authenticating switch. Since the network adapter was replaced, you need to modify the MAC address on Server1 to ensure that Server2 can obtain the same IP address. 

Reference: http://technet.microsoft.com/en-us/library/dd197535%28v=WS.10%29.aspx 


Q176. HOTSPOT - (Topic 2) 

Your network contains an Active Directory forest. The forest contains two domains named Domain1 and Domain2. 

Domain1 contains a file server named Server1. Server1 has a shared folder named Share1. 

Domain2 contains 50 users who require access to Share1. 

You need to create groups in each domain to meet the following requirements: 

. In Domain1, create a group named Group1. Group1 must be granted access to Share1. . In Domain2, create a group named Group2. Group2 must contain the user accounts of the 50 users. . Permission to Share1 must only be assigned directly to Group1. 

Which type of groups should you create and which group nesting strategy should you use? 

To answer, select the appropriate configuration in the answer area. 

Answer: 


Q177. - (Topic 3) 

You work as an administrator at Contoso.com. The Contoso.com network consists of two Active Directory forests, named Contoso.com and test.com. There is no trust relationship configured between the forests. 

A backup of Group Policy object (GPO) from the test.com domain is stored on a domain controller in the Contoso.com domain. 

You are informed that a GPO must be created in the Contoso.com domain, and must be based on the settings of the GPO in the test.com domain. 

You start by creating the new GPO using the New-GPO Windows PowerShell cmdlet. You want to complete the task via a Windows PowerShell cmdlet. 

Which of the following actions should you take? 

A. You should consider making use of the Invoke-GPUpdate Windows PowerShell cmdlet. 

B. You should consider making use of the Copy-GPO Windows PowerShell cmdlet. 

C. You should consider making use of the New-GPLink Windows PowerShell cmdlet. 

D. You should consider making use of the Import-GPO Windows PowerShell cmdlet. 

Answer:

Explanation: 

Import-GPO -Imports the Group Policy settings from a backed-up GPO into a specified GPO. 


Q178. - (Topic 1) 

Your network contains an Active Directory domain named contoso.com. 

You create a software restriction policy to allow an application named App1 by using a certificate rule. You need to ensure that when users attempt to execute App1, the certificate for App1 is 

verified against a certificate revocation list (CRL). What should you do? 

A. Modify the rule for App1. 

B. Modify the Trusted Publishers Properties. 

C. Create a new certificate rule for App1. 

D. Modify the Enforcement Properties. 

Answer:


Q179. - (Topic 3) 

You have a server named Server1 that runs a Server Core installation of Windows Server 2012 R2 Standard. You establish a Remote Desktop session to Server1. 

You need to identify which task can be performed on Server1 from within the Remote Desktop session. 

What should you identify? 

A. Install a feature by using Server Manager. 

B. Modify the network settings by using Sconfig. 

C. Disable services by using Msconfig. 

D. Join a domain by using the System Properties. 

Answer:

Explanation: 

In Windows Server 2012 R2, you can use the Server Configuration tool (Sconfig.cmd) to configure and manage several common aspects of Server Core installations. You must be a member of the Administrators group to use the tool. Sconfig.cmd is available in the Minimal Server Interface and in Server with a GUI mode. 

References: http://technet.microsoft.com/en-us/library/jj647766.aspx Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 2: Deploying servers, p. 80 


Q180. HOTSPOT - (Topic 2) 

Your network contains an Active Directory domain named corp.contoso.com. The domain contains a domain controller named DC1. 

When you run ping dc1.corp.contoso.com, you receive the result as shown in the exhibit. (Click the Exhibit button.) 

You need to ensure that DC1 can respond to the Ping command. 

Which rule should you modify? 

To answer, select the appropriate rule in the answer area. 

Answer: