Installing and Configuring Windows Server 2012
Question No: 121 – (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.
A user named User1 attempts to log on to DC1, but receives the error message shown in the exhibit. (Click the Exhibit button.)
You need to ensure that User1 can log on to DC1. What should you do?
Add User1 to the Remote Management Users group.
Grant User1 the Allow log on locally user right.
Modify the Logon Workstations setting of the User1 account.
Modify the Account is sensitive and cannot be delegated setting of the User1 account.
Answer: B Explanation:
Domain controllers, by default, restrict the types of user accounts that have the ability to log on locally.
Exam Ref 70-410: Installing and Configuring Windows Server 2012 R2, Chapter 6: Create and Manage Group Policy, Objective 6.2: Configure Security Policies, p. 321
Exam Ref 70-410: Installing and Configuring Windows Server 2012 R2, Chapter 2: Configure server roles and features, Objective 2.3: Configure servers for remote management, p. 114
Question No: 122 – (Topic 2)
Your network contains an Active Directory domain named adatum.com. The domain contains a member server named L0N-DC1. L0N-DC1 runs Windows Server 2012 R2 and has the DHCP Server server role installed.
The network contains 100 client computers and 50 IP phones. The computers and the phones are from the same vendor.
You create an IPv4 scope that contains addresses from 172.16.0.1 to 172.16.1.254.
You need to ensure that the IP phones receive IP addresses in the range of 172.16.1.100 to 172.16.1.200. The solution must minimize administrative effort.
What should you create?
Server level policies
Scope level policies
Answer: D Explanation:
The scope is already in place.
Scope level policies are typically settings that only apply to that scope. They can also overwrite a setting that was set at the server level.
When a client matches the conditions of a policy, the DHCP server responds to the clients based on the settings of a policy.
Settings associated to a policy can be an IP address range and/or options.
An administrator could configure the policy to provide an IP address from a specified sub- range within the overall IP address range of the scope.
You can also provide different option values for clients satisfying this policy. Policies can be defined server wide or for a specific scope.
A server wide policy – on the same lines as server wide option values – is applicable to all scopes on the DHCP server.
A server wide policy however cannot have an IP address range associated with it. There a couple of ways to segregate clients based on the type of device. One way to do this is by using vendor class/identifier.
This string sent in option 60 by most DHCP clients identify the vendor and thereby the type of the device.
Another way to segregate clients based on device type is by using the MAC address prefix. The first three bytes of a MAC address is called OUI and identify the vendor or manufacturer of the device.
By creating DHCP policies with conditions based on Vendor Class or MAC address prefix, you can now segregate the clients in your subnet in such a way, that devices of a specific type get an IP address only from a specified IP address range within the scope. You can also give different set of options to these clients.
In conclusion, DHCP policies in Windows Server 2012 R2 enables grouping of clients/devices using the different criteria and delivering targeted network configuration to them.
Policy based assignment in Windows Server 2012 R2 DHCP allows you to create simple yet powerful rules to administer DHCP on your network.
Training Guide: Installing and Configuring Windows Server 2012 R2, Chapter 6: Network Administration, p.253
Question No: 123 – (Topic 2)
You have a server named Server2 that runs Windows Server 2012 R2.
A network technician installs a new disk on Server2 and creates a new volume.
The properties of the new volume are shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can enable NTFS disk quotas for volume D. What should you do first?
Format volume D
Install the File Server Resource Manager role service
Run the convert.exe command
Convert the disk to a dynamic disk
Answer: A Explanation:
To be able to use a NEW disk so that you can enable NTFS disk quotas, in other word REFS to NTFS, it requires formatting first.
Question No: 124 HOTSPOT – (Topic 2)
You have a server named Server1. Server1 runs Windows Server 2012 R2 and has the Windows Deployment Services (WDS) server role installed.
You install the DHCP Server server role on Server1.
You need to ensure that Server1 can respond to DHCP clients and WDS clients. What should you configure for the DHCP service and the WDS service?
To answer, configure the appropriate options in the answer area.
Enable Option 60 PXEClient
Enable the Do not listen on DHCP ports option
Traditionally, only DHCP listened on port UDP 67, but now WDS also listens on port UDP 67 WDS and DHCP are installed on the same server: You must tell WDS not to listen on port UDP 67, leaving it available for DHCP traffic only. But then how does the client find the WDS server? You set option 60 in DHCP.
The DHCP option 60, when set to “PXEClient” is used only to instruct the PXE clients to try to use a PXE Service bound on UDP port 4011. Actually, if there is a bootp or dhcp service bound on UDP port 67 of a host (usually called a server), a PXE service cannot bind on that port on that host. Since the PXE Service uses BOOTP/DHCP packets to send the options 66 and 67 to the clients, it needs to be able to bind to the associated port (bootps) or to an alternated port (4011) that the clients know they must use as the alternate port.
And to instruct the clients to use this alternate port, you have to set dhcp option 60 to “PXEClient”.
If Windows Deployment Services and DHCP are running on the same computer, configuring Windows Deployment Services to not respond to any client computers will not work. This is because although Windows Deployment Services will not respond, DHCP will. You should disable WDS if you have both installed and using DHCP.
To configure Windows Deployment Services to run on the same computer as Microsoft DHCP
Right-click the server and click Properties. On the DHCP tab, select Do not listen on port 67 and Configure DHCP Option #60 Tag to PXEClient.
This procedure does the following: Sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Parameters
\UseDhcpPorts to 0.
Adds the option 60 PXEClient tag to all of your DHCP scopes.
Question No: 125 HOTSPOT – (Topic 2)
Your network contains an Active Directory domain named contoso.com. The network contains a DHCP server named DHCP1.
You add a new network segment to the network.
On the new network segment, you deploy a new server named Server1 that runs Windows Server 2012 R2.
You need to configure Server1 as a DHCP Relay Agent. Which server role should you install on Server1?
To answer, select the appropriate role in the answer area.
If you opt to create a centralized or hybrid DHCP infrastructure, you will need a DHCP relay agent on every subnet that does not have a DHCP server on it. Many routers are capable of functioning as DHCP relay agents, but in situations where they are not, you can configure a Windows Server 2012 computer to function as a relay agent.
In Windows Server 2012 R2 the DirectAccess feature and the RRAS role service were combined into a new unified server role. This new Remote Access server role allows for centralized administration, configuration, and monitoring of both DirectAccess and VPN- based remote access services. Additionally, Windows Server 2012 R2 DirectAccess provided multiple updates and improvements to address deployment blockers and provide simplified management.
Question No: 126 – (Topic 2)
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
You create and enforce the default AppLocker executable rules.
Users report that they can no longer execute a legacy application installed in the root of drive C.
You need to ensure that the users can execute the legacy application. What should you do?
Create a new rule.
Delete an existing rule.
Modify the action of the existing rules.
Add an exception to the existing rules.
Answer: A Explanation:
AppLocker is a feature that advances the functionality of the Software Restriction Policies feature. AppLocker contains new capabilities and extensions that reduce administrative overhead and help administrators control how users can access and use files, such as executable files, scripts, Windows Installer files, and DLLs. By using AppLocker, you can: Define rules based on file attributes that persist across application updates, such as the publisher name (derived from the digital signature), product name, file name, and file version. You can also create rules based on the file path and hash.
Assign a rule to a security group or an individual user.
Create exceptions to rules. For example, you can create a rule that allows all users to run all Windows binaries except the Registry Editor (Regedit.exe).
Use audit-only mode to deploy the policy and understand its impact before enforcing it. . Create rules on a staging server, test them, export them to your production environment, and then import them into a Group Policy Object.
Simplify creating and managing AppLocker rules by using Windows PowerShell cmdlets for AppLocker.
AppLocker default rules
AppLocker allows you to generate default rules for each of the rule types. Executable default rule types:
Allow members of the local Administrators group to run all applications. Allow members of the Everyone group to run applications that are located in the Windows folder. Allow members of the Everyone group to run applications that are located in the Program Filesfolder. Windows Installer default rule types:
Allow members of the local Administrators group to run all Windows Installer files. Allow members of the Everyone group to run digitally signed Windows Installer files. Allow members of the Everyone group to run all Windows Installer files located in the Windows\Installer folder. Script default rule types:
Allow members of the local Administrators group to run all scripts. Allow members of the Everyone group to run scripts located in the Program Files folder. Allow members of the Everyone group to run scripts located in the Windows folder. DLL default rule types: (this on can affect system performance ) Allow members of the local Administrators group to run all DLLs. Allow members of the Everyone group to run DLLs located in the Program Files folder. Allow members of the Everyone group to run DLLs located in the Windows folder.
You can apply AppLocker rules to individual users or to a group of users. If you apply a rule to a group of users, all users in that group are affected by that rule. If you need to allow a subset of a user group to use an application, you can create a special rule for that subset. For example, the rule “Allow Everyone to run Windows except Registry Editor” allows everyone in the organization to run the Windows operating system, but it does not allow
anyone to run Registry Editor.
The effect of this rule would prevent users such as Help Desk personnel from running a program that is necessary for their support tasks. To resolve this problem, create a second rule that applies to the Help Desk user group: “Allow Help Desk to run Registry Editor.” If you create a deny rule that does not allow any users to run Registry Editor, the deny rule will override the second rule that allows the Help Desk user group to run Registry Editor.
Question No: 127 HOTSPOT – (Topic 2)
You have two servers that run Windows Server 2012 R2. The servers are configured as shown in the following table.
You need to ensure that Server2 can be managed by using Server Manager from Server1.
In the table below, identify which actions must be performed on Server1 and Server2.Make only one selection in each row. Each correct selection is worth one point.
Modify the TrustedHosts list – Server1
Set the network profile to Private- Server2
Override the User Account Control (UAC) restrictions by using the LocalAccountTokenFilterPolicy registry entry – Server 2
On the computer that is running Server Manager, add the workgroup server name to the TrustedHosts list.
Question No: 128 – (Topic 2)
Your network contains two Active Directory forests named contoso.com and adatum.com. Each forest contains one domain. A two-way forest trust exists between the forests.
The forests use the address spaces shown in the following table.
From a computer in the contoso.com domain, you can perform reverse lookups for the servers in the contoso.com domain, but you cannot perform reverse lookups for the servers in the adatum.com domain.
From a computer in the adatum.com domain, you can perform reverse lookups for the
servers in both domains.
You need to ensure that you can perform reverse lookups for the servers in the adatum.com domain from the computers in the contoso.com domain.
What should you create?
A trust point
A GlobalNames zone
A conditional forwarder
Answer: D Explanation:
Conditional forwarders are DNS servers that only forward queries for specific domain names. Instead of forwarding all queries it cannot resolve locally to a forwarder, a conditional forwarder is configured to forward a query to specific forwarders based on the domain name contained in the query. Forwarding according to domain names improves conventional forwarding by adding a name-based condition to the forwarding process.
The conditional forwarder setting for a DNS server consists of the following: The domain names for which the DNS server will forward queries.
One or more DNS server IP addresses for each domain name specified.
When a DNS client or server performs a query operation against a DNS server, the DNS server looks to see if the query can be resolved using its own zone data or the data stored in its cache. If the DNS server is configured to forward for the domain name designated in the query, then the query is forwarded to the IP address of a forwarder associated with the domain name. For example, in the following figure, each of the queries for the domain names is forwarded to a DNS server associated with the domain name.
Question No: 129 – (Topic 2)
You have a Hyper-V host named Server1 that runs Windows Server 2012 R2. Server1 has the virtual switches listed in the following table.
You create a virtual machine named VM1. VM1 has two network adapters. One network adapter connects to vSwitch1. The other network adapter connects to vSwitch2. You configure NIC teaming on VM1.
You need to ensure that if a physical NIC fails on Server1, VM1 remains connected to the network.
What should you do on Server1?
Run the Set-VmNetworkAdapter cmdlet.
Create a new virtual switch on Server1.
Modify the properties of vSwitch1 and vSwitch2.
Add a new network adapter to VM1.
Question No: 130 – (Topic 2)
You have a server named Server1 that runs Windows Server 2012 R2. You connect three new hard disks to Server1.
You need to create a storage space that contains the three disks.
The solution must meet the following requirements:
->Provide fault tolerance if a single disk fails.
->Maximize the amount of files that can be stored in the storage space.
What should you create?
A simple space
A spanned volume
A mirrored space
A parity space
Answer: D Explanation:
Stripes data across a set of pool disks, and is not resilient to any disk failures.
A spanned volume is a dynamic volume consisting of disk space on more than one physical disk and not fault tolerant
Fault tolerant but Not max space
Fault tolerant and better space ratio
Parity spaces are designed for capacity efficiency and increased resiliency. Parity spaces are best suited for archival data and streaming media, such as music and videos.
100% Ensurepass Free Download!
–Download Free Demo:70-410 Demo PDF
100% Ensurepass Free Guaranteed!
–Download 2018 EnsurePass 70-410 Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|