Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Microsoft 70-410

Microsoft 70-410 Exam Practice Questions (P. 3)

  • Full Access (550 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #21
HOTSPOT -
Your network contains an Active Directory domain named adatum.com. All domain controllers run Windows Server 2012 R2. All client computers run Windows 7.
The computer accounts for all of the client computers are located in an organizational unit (OU) named OU1.
An administrator links a Group Policy object (GPO) to OU1. The GPO contains several application control policies.
You discover that the application control policies are not enforced on the client computers.
You need to modify the GPO to ensure that the application control policies are enforced on the client computers.
What should you configure in the GPO?
To answer, select the appropriate service in the answer area.
Hot Area:


Correct Answer:

 Does AppLocker use any services for its rule enforcement?
Yes, AppLocker uses the Application Identity service (AppIDSvc) for rule enforcement. For AppLocker rules to be enforced, this service must be set to start automatically in the GPO.
Before you can enforce AppLocker policies, you must start the Application Identity service by using the Services snap-in console.
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.
To start the Application Identity service
✑ Click Start, click Administrative Tools, and then click Services.
✑ In the Services snap-in console, double-click Application Identity.
✑ In the Application Identity Properties dialog box, click Automatic in the Startup type list, click Start, and then click OK.
Reference: http://technet.microsoft.com/en-us/library/dd759130.aspx

Question #22
Your network contains an Active Directory domain named contoso.com. You have a Group Policy object (GPO) named GP1 that is linked to the domain. GP1 contains a software restriction policy that blocks an application named App1.
You have a workgroup computer named Computer1 that runs Windows 8. A local Group Policy on Computer1 contains an application control policy that allows
App1.
You join Computer1 to the domain.
You need to prevent App1 from running on Computer1.
What should you do?
  1. A
    From Computer1, run gpupdate/force.
  2. B
    From Group Policy Management, add an application control policy to GP1.
  3. C
    From Group Policy Management, enable the Enforced option on GP1.
  4. D
    In the local Group Policy of Computer1, configure a software restriction policy.

Correct Answer:
B
AppLocker policies take precedence over policies generated by SRP on computers that are running an operating system that supports AppLocker.
AppLocker policies in the GPO are applied, and they supersede the policies generated by SRP in the GPO and local AppLocker policies or policies generated by
SRP.

Question #23
Your network contains an Active Directory domain named contoso.com. All client computer accounts are in an organizational unit (OU) named AllComputers.
Client computers run either Windows 7 or Windows 8.1.
You create a Group Policy object (GPO) named GP1.
You link GP1 to the AllComputers OU.
You need to ensure that GP1 applies only to computers that have more than 8 GB of memory.
What should you configure?
  1. A
    The Security settings of GP1
  2. B
    The Block Inheritance option for AllComputers
  3. C
    The Security settings of AllComputers
  4. D
    The WMI filter for GP1

Correct Answer:
D
Windows Management Instrumentation (WMI) filters allow you to dynamically determine the scope of Group Policy objects (GPOs) based on attributes of the target computer.
When a GPO that is linked to a WMI filter is applied on the target computer, the filter is evaluated on the target computer. If the WMI filter evaluates to false, the
GPO is not applied (except if the client computer is running Windows Server, in which case the filter is ignored and the GPO is always applied). If the WMI filter evaluates to true, the GPO is applied. WMI filters, like GPOs, are stored on a per-domain basis. A WMI filter and the GPO it is linked to must be in the same domain.
References:
Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter 10: Implementing Group Policy, p.470, 482 http://technet.microsoft.com/en-us/library/jj134176
WMI filtering using GPMC

Question #24
Your network contains an Active Directory domain named contoso.com. The domain contains an Application server named Server1. Server1 runs Windows Server
2012 R2.
Server1 is configured as an FTP server.
Client computers use an FTP Application named App1.exe. App1.exe uses TCP port 21 as the control port and dynamically requests a data port.
On Server1, you create a firewall rule to allow connections on TCP port 21.
You need to configure Server1 to support the client connections from App1.exe.
What should you do?
  1. A
    Run netsh advfirewall set global statefulftp enable.
  2. B
    Create an inbound firewall rule to allow App1.exe.
  3. C
    Create a tunnel connection security rule.
  4. D
    Run Set-NetFirewallRule -DisplayName DynamicFTP -Profile Domain

Correct Answer:
A
The netsh firewall context is supplied only for backward compatibility. We recommend that you do not use this context on a computer that is running Windows
Vista or a later version of Windows.
In the netsh advfirewall firewall context, the add command only has one variation, the add rule command. Netsh advfirewall set global statefulftp:
Configures how Windows Firewall with Advanced Security handles FTP traffic that uses an initial connection on one port to request a data connection on a different port.
When statefulftp is enabled, the firewall examines the PORT and PASV requests for these other port numbers and then allows the corresponding data connection to the port number that was requested.

Syntax -
set global statefulftp { enable | disable | notconfigured }

Parameters -
statefulftp can be set to one of the following values:
enable
The firewall tracks the port numbers specified in PORT command requests and in the responses to PASV requests, and then allows the incoming FTP data traffic entering on the requested port number. disable
This is the default value. The firewall does not track outgoing PORT commands or PASV responses, and so incoming data connections on the PORT or PASV requested port is blocked as an unsolicited incoming connection. not configured
Valid only when netsh is configuring a GPO by using the set store command.

Question #25
Your network contains an Active Directory domain named contoso.com.
All client computers run Windows 8.
You deploy a server named Server1 that runs Windows Server 2012 R2.
You install a new client-server application named App1 on Server1 and on the client computers. The client computers must use TCP port 6444 to connect to App1 on Server1.Server1 publishes the information of App1 to an intranet server named Server2 by using TCP port 3080.
You need to ensure that all of the client computers can connect to App1. The solution must ensure that the application can connect to Server2.
Which Windows Firewall rule should you create on Server1?
  1. A
    an inbound rule to allow a connection to TCP port 3080
  2. B
    an outbound rule to allow a connection to TCP port 3080
  3. C
    an outbound rule to allow a connection to TCP port 6444
  4. D
    an inbound rule to allow a connection to TCP port 6444

Correct Answer:
D
Server1 gets request from Client PCs it needs an inbound rule for 6444.
By default, Windows Firewall with Advanced Security blocks all unsolicited inbound network traffic, and allows all outbound network traffic. For unsolicited inbound network traffic to reach your computer, you must create an allow rule to permit that type of network traffic. If a network program cannot get access, verify that in the
Windows Firewall with Advanced Security snap-in there is an active allow rule for the current profile. To verify that there is an active allow rule, double-click
Monitoring and then click Firewall.
If there is no active allow rule for the program, go to the Inbound Rules node and create a new rule for that program. Create either a program rule, or a service rule, or search for a group that applies to the feature and make sure all the rules in the group are enabled. To permit the traffic, you must create a rule for the program that needs to listen for that traffic. If you know the TCP or UDP port numbers required by the program, you can additionally restrict the rule to only those ports, reducing the vulnerability of opening up all ports for the program.

Question #26
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server
2012 R2.
You create a security template named Template1 by using the security template snap-in.
You need to apply Template1 to Server2.
Which tool should you use?
  1. A
    Security Templates
  2. B
    Computer Management
  3. C
    Security Configuration and Analysis
  4. D
    System Configuration

Correct Answer:
C
A security policy is a combination of security settings that affect the security on a computer. You can use your local security policy to edit account policies and local policies on your local computer.
Security templates are inactive until imported into a Group Policy object or the Security Configuration and Analysis
Incorrect Answers:
A: The Security Template was already created Provide standard security option to use in security policies
B: Template1 needs to be applied at the GP level
D: The System Configuration tool is used to identify windows problems

Question #27
Your network contains multiple subnets.
On one of the subnets, you deploy a server named Server1 that runs Windows Server 2012 R2.
You install the DNS Server server role on Server1, and then you create a standard primary zone named contoso.com.
You need to ensure that client computers can resolve single-label names to IP addresses.
What should you do first?
  1. A
    Create a reverse lookup zone.
  2. B
    Convert the contoso.com zone to an Active Directory-integrated zone.
  3. C
    Configure dynamic updates for contoso.com.
  4. D
    Create a GlobalNames zone.

Correct Answer:
B
Although a GlobalNames zone is required in order to resolve single-label names, GNZs must be AD-integrated.
Since this is a standard primary zone (as opposed to an ADDS primary zone), we must first integrate the zone into Active Directory.
References:
Configure the DNS service, p.233
http://technet.microsoft.com/en-us/library/cc731744.aspx

Question #28
HOTSPOT -
Your network contains an Active Directory domain named contoso.com. The domain contains a single location named Site1. The domain contains a server named
Server1 that has the DHCP Server server role installed.
All client computers receive their IPv4 configurations dynamically.
The domain will expand to include a second location named Site2. A server named Server2 will be deployed to Site2. Site1 and Site2 will connect to each other by using a WAN link.
You need to ensure that the clients in both sites receive their IPv4 configurations from Server1.
In the table below, identify which actions must be performed on each server. Make only one selection in each row. Each correct selection is worth one point.
Hot Area:


Correct Answer:

 References:
http://technet.microsoft.com/library/hh831416
http://technet.microsoft.com/en-us/library/dd469766%28v=WS.10%29.aspx
Configure IPv4 and IPv6 addressing, p.192, 196

Question #29
Your network contains an Active Directory domain named contoso.com. The DNS zone for contoso.com is Active-Directory integrated.
The domain contains 500 client computers. There are an additional 20 computers in a workgroup.
You discover that every client computer on the network can add its record to the contoso.com zone.
You need to ensure that only the client computers in the Active Directory domain can register records in the contoso.com zone.
What should you do?
  1. A
    Sign the contoso.com zone by using DNSSEC.
  2. B
    Configure the Dynamic updates settings of the contoso.com zone.
  3. C
    Configure the Security settings of the contoso.com zone.
  4. D
    Move the contoso.com zone to a domain controller that is configured as a DNS server.

Correct Answer:
B

Question #30
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named Server1 that has the DNS Server server role installed. Server1 hosts a primary zone for contoso.com.
The domain contains a member server named Server2 that is configured to use Server1 as its primary DNS server.
From Server2, you run nslookup.exe as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that when you run Nslookup, the correct name of the default server is displayed.
What should you do?
  1. A
    On Server1, create a reverse lookup zone.
  2. B
    On Server1, modify the Security settings of the contoso.com zone.
  3. C
    From Advanced TCP/IP Settings on Server1, add contoso.com to the DNS suffix list.
  4. D
    From Advanced TCP/IP Settings on Server2, add contoso.com to the DNS suffix list.

Correct Answer:
A
Make sure that a reverse lookup zone that is authoritative for the PTR resource record exists.
PTR records contain the information that is required for the server to perform reverse name lookups.
References:
http://technet.microsoft.com/en-us/library/cc961417.aspx
and IPv6 addressing, p.246

Previous Questions Next Questions

All Pages