Ucertify offers free demo for 70 410 dumps exam. "Installing and Configuring Windows Server 2012", also known as mcsa 70 410 pdf exam, is a Microsoft Certification. This set of posts, Passing the Microsoft braindumps 70 410 exam, will help you answer those questions. The mcsa 70 410 Questions & Answers covers all the knowledge points of the real exam. 100% real Microsoft 70 410 questions exams and revised by experts!

Q31. - (Topic 3) 

You work as an administrator at ABC.com. The ABC.com network consists of a single domain named ABC.com. All servers in the ABC.com domain, including domain controllers, have Windows Server 2012 R2 installed. 

ABC.com’s user accounts are located in an organizational unit (OU), named ABCStaff. ABC.com’s managers belong to a group, named ABCManagers. 

You have been instructed to create a new Group Policy object (GPO) that should be linked to the ABCStaffOU, but not affect ABC.com’s managers. 

Which of the following actions should you take? 

A. You should consider removing the user accounts of the managers from the ABCStaff OU. 

B. You should consider configuring the new GPO’s WMI filter. 

C. You should consider adding the user accounts of ABC.com’s managers to the Admins group. 

D. You should consider adding the user accounts of ABC.com’s managers to the local Administrators group. 

Answer:


Q32. - (Topic 3) 

You have a print server named Server1. 

You install a printer on Server1. You share the printer as Printer1. 

You need to configure Printer1 to be available only from 19:00 to 05:00 every day. 

Which settings from the properties of Printer1 should you modify? 

A. Sharing 

B. Security 

C. Advanced 

D. Device Settings 

E. Ports 

Answer:

Explanation: 

When navigating to the printer properties, the Properties tab is divided into several different tabs of which the Advanced tab will give you access to the scheduling where you can configure the availability of the printer. 

: http://technet.microsoft.com/en-us/library/cc722526.aspx 


Q33. - (Topic 2) 

You have two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the DHCP Server server role installed. 

You need to create an IPv6 reservation for Server2. 

Which two values should you obtain from Server2? (Each correct answer presents part of the solution. Choose two.) 

A. the hardware ID 

B. the DHCPv6 unique identifier 

C. the DHCPv6 identity association ID 

D. the SMSBIOS GUID 

E. the MAC address 

Answer: B,C 

Explanation: 

The Add-DhcpServerv6Reservation cmdlet reserves a specified IPv6 address for the client identified by the specified Dynamic Host Configuration Protocol (DHCP) v6 unique identifier (ID) (DUID) and identity association ID (IAID). 


Q34. - (Topic 2) 

Your network contains an Active Directory domain named contoso.com. The domain 

contains three servers named Server1, Server2, and Server3. 

You create a server group named ServerGroup1. 

You discover the error message shown in the following exhibit. (Click the Exhibit button.) 

You need to ensure that Server2 can be managed remotely by using Server Manager. What should you do? 

A. On DC1, run the Enable-PSSessionConfiguration cmdlet. 

B. On Server2, run the Add-Computer cmdlet. 

C. On Server2 modify the membership of the Remote Management Users group. 

D. From Active Directory Users and Computers, add a computer account named Server2, and then restart Server2. 

Answer:

Explanation: 

This is a security issue. To be able to access Server2 remotely through Server Manager 

the user need to be a member of the Remote Management Users group. 

Note: 

* Name: BUILTIN\\Remote Management Users Description: A Builtin Local group. Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user. 

* Enable-ServerManagerStandardUserRemoting Provides one or more standard, non-Administrator users access to event, service, performance counter, and role and feature inventory data for a server that you are managing by using Server Manager. Syntax: Parameter Set: Default Enable-ServerManagerStandardUserRemoting [-User] <String[]> [-Force] [-Confirm] [-WhatIf] [ <CommonParameters>] Detailed Description Provides one or more standard, non-Administrator users access to event, service, performance counter, and role and feature inventory data for a server that you are managing, either locally or remotely, by using Server Manager. The cmdlet must be run locally on the server that you are managing by using Server Manager. The cmdlet works by performing the following actions: Adds access rights for specified standard users to the root\\cimv2 namespace on the local server (for access to role and feature inventory information). Adds specified standard users to required user groups (Remote Management Users, Event Log Readers, and Performance Log Readers) that allow remote access to event and performance counter logs on the managed server. Changes access rights in the Service Control Manager to allow specified standard users remote access to the status of services on the managed server. Incorrect: Not A: the Enable-PSSessionConfiguration.This is an advanced cmdlet that is designed to be used by system administrators to manage customized session configurations for their 

users. 

Reference: Enable-ServerManagerStandardUserRemoting 


Q35. - (Topic 3) 

Your network contains an Active Directory domain named contoso.com. 

All servers run Windows Server 2012 R2. 

An application named Appl.exe is installed on all client computers. Multiple versions of Appl.exe are installed on different client computers. Appl.exe is digitally signed. 

You need to ensure that only the latest version of Appl.exe can run on the client computers. 

What should you create? 

A. An application control policy packaged app rule 

B. A software restriction policy certificate rule 

C. An application control policy Windows Installer rule 

D. An application control policy executable rule 

Answer:

Explanation: 

A. A publisher rule for a Packaged app is based on publisher, name and version B. You can create a certificate rule that identifies software and then allows or does not allow the software torun, depending on the security level. 

C. For .msi or .msp 

D. Executable Rules, for .exe and can be based on Publisher, Product name, filename and version. Use Certificate Rules on Windows Executables for Software Restriction Policies This security setting determines if digital certificates are processed when a user or process attempts to run software with an .exe file name extension. This security settings is used to enable or disable certificate rules, a type of software restriction policies rule. With software restriction policies, you can create a certificate rule that will allow or disallow software that is signed by Authenticode to run, based on the digital certificate that is associated with the software. In order for certificate rules to take effect, you must enable this security setting. When certificate rules are enabled, software restriction policies will check a certificate revocation list (CRL) to make sure the software’s certificate and signature are valid. This may decrease performance when start signed programs. You can disable this feature. On Trusted Publishers Properties, clear the Publisher and Timestampcheck boxes. 


Q36. - (Topic 3) 

Your network contains an Active Directory domain named contoso.com. 

You have a Group Policy object (GPO) named GPO1 that contains several user settings. 

GPO1 is linked to an organizational unit (OU) named OU1. 

The help desk reports that GPO1 applies to only some of the users in OU1. 

You open Group Policy Management as shown in the exhibit. (Click the Exhibit button.) 

You need to configure GPO1 to apply to all of the users in OU1. 

What should you do? 

A. Modify the Security settings of GPO1. 

B. Disable Block Inheritance on OU1. 

C. Modify the GPO status of GPO1. 

D. Enforce GPO1. 

Answer:

Explanation: 

Inheritance is blocked, but that would only affect policies applied ABOVE the given OU, not 

the one applied directly to it (as is the case with GPO1). Also Enforcing a policy is only going to cause it to be applied even when inheritance is blocked (which, as mentioned, does not make a difference on policies which are directly linked to the OU as a child). That means that there must be something in the security settings (such as a Security Group which does not have the “read” or “Apply group policy” permission) preventing ALL of the users in OU1 from having the policy applied. (GPO status is the status of its replication within the forest, so it is not relevant here.) 


Q37. - (Topic 2) 

Your network contains an Active Directory domain named contoso.com. 

All of the AppLocker policy settings for the member servers are configured in a Group Policy object (GPO) named GPO1. 

A member server named Server1 runs Windows Server 2012 R2. 

On Server1, you test a new set of AppLocker policy settings by using a local computer policy. 

You need to merge the local AppLocker policy settings from Server1 into the AppLocker policy settings of GPO1. 

What should you do? 

A. From Local Group Policy Editor on Server1, export an .inf file. Import the .inf file by using Group Policy Management Editor. 

B. From Server1, run the Set-ApplockerPolicy cmdlet. 

C. From Local Group Policy Editor on Server1, export an .xml file. Import the .xml file by using Group Policy Management Editor. 

D. From Server1, run the New-ApplockerPolicy cmdlet. 

Answer:

Explanation: 

The Set-AppLockerPolicy cmdlet sets the specified Group Policy Object (GPO) to contain the specified AppLocker policy. If no Lightweight Directory Access Protocol (LDAP) is specified, the local GPO is the default. When the Merge parameter is used, rules in the specified AppLocker policy will be merged with the AppLocker rules in the target GPO specified in the LDAP path. The merging of policies will remove rules with duplicate rule IDs, and the enforcement setting specified by 

the AppLocker policy in the target GPO will be preserved. If the Merge parameter is not 

specified, then the new policy will overwrite the existing policy. 

References: 

http://technet.microsoft.com/en-us/library/ee791816(v=ws.10).aspx 

Exam Ref 70-410: Installing and configuring Windows Server 2012 R2, Chapter 10: 

Implementing Group Policy, Lesson1: Planning, Implementing and managing Group Policy, 

p. 479 


Q38. - (Topic 1) 

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2. 

The domain contains a user named User1 and a global security group named Group1. 

You need to add a new domain controller to the domain. 

You install Windows Server 2012 R2 on a new server named DC3. 

Which cmdlet should you run next? 

A. Add-AdPrincipalGroupMembership 

B. Install-AddsDomainController 

C. Install WindowsFeature 

D. Install AddsDomain 

E. Rename-AdObject 

F. Set-AdAccountControl 

G. Set-AdGroup 

H. Set-User 

Answer:

Explanation: 

It is the 2nd step when installing a DC by powershell on a fresh server. 


Q39. - (Topic 3) 

You work as a senior administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have Windows Server 2012 R2 installed. 

You are running a training exercise for junior administrators. You are currently discussing the Virtual Fibre Channel SAN feature. 

Which of the following is TRUE with regards to the Virtual Fibre Channel SAN feature? (Choose all that apply.) 

A. It prevents virtual machines from connecting directly to Fibre Channel storage. 

B. It allows for virtual machines to connect to Fibre Channel storage directly. 

C. It includes support for virtual SANs, live migration, and multipath I/O. 

D. It includes support for virtual SANs, and live migration, but not multipath I/O. 

Answer: B,C 

Explanation: 

To gain the full benefits of server virtualization and cloud architectures, virtualized workloads need to connect easily and reliably to existing SANs. For many enterprise organizations, Hyper-V deployments were limited in scale and scope because they lacked the ability to directly connect VMs to Fibre Channel SAN storage from inside a VM. Hyper-V in Windows Server 2012 R2 now provides virtual Fibre Channel Host Bus Adapter (HBA) ports within the guest operating system that runs the virtual machine, connecting virtual machines directly to FibreChannel SAN Logical Unit Numbers (LUNs). Virtual Fibre Channel for Hyper-V provides several important advantages for Hyper-V environments: Simplifies storage connectivity for virtualized workloads to ultra-reliable, high-performance Fibre Channel SAN storage. Enables new solutions that require shared storage, such as failover clustering, live migration, andmultipath I/O. Leverages and protects existing investments in Fibre Channel storage? Enables advanced FC SAN storage functionality for VMs. Facilitates migration of FC workloads into the cloud. Enables improved monitoring and troubleshooting, with visibility from the VM to the FC SAN storage. Enables centralized management of Ethernet and FC-based virtualized workloads. Combining Virtual Fibre Channel for Hyper-V and the Brocade Fibre Channel SAN infrastructure greatly simplifies connectivity between Fibre Channel SAN storage and virtualized applications, enabling enterprise IT and hosting providers to achieve new levels of availability, reliability, and scalability for cloud-based services. You need your virtualized workloads to connect easily and reliably to your existing storage arrays. Windows Server 2012 R2 provides Fibre Channel ports within the guest operating system, which allows you to connect to Fibre Channel directly from within virtual machines. This feature protects your investments in Fibre Channel, enables you to virtualize workloads that use direct access to Fibre Channel storage, allows you to cluster guest operating systems over Fibre Channel, and provides an important new storage option for servers hosted in your virtualization infrastructure. With this Hyper-V virtual Fibre Channel feature, you can connect to Fibre Channel storage from within a virtual machine. This allows you to use your existing Fibre Channel investments to support virtualized workloads. Support for Fibre Channel in Hyper-V guests also includes support for many related features, such as virtual SANs, live migration, and MPIO. 


Q40. - (Topic 3) 

You are attempting to delete a global security group in the Active Directory Users and Computers console, and the console will not let you complete the task. 

Which of the following could possibly be causes for the failure? (Choose all answers that are correct.) 

A. There are still members in the group. 

B. One of the group’s members has the group set as its primary group. 

C. You do not have the proper permissions for the container in which the group is located. 

D. You cannot delete global groups from the Active Directory Users and Computers console. 

Answer: B,C 

Explanation: 

A. Incorrect: It is possible to delete a group that has members. 

B. Correct: If any member sets the group as its primary group, then the system does not permit the group to be deleted. 

C. Correct: You must have the appropriate Active Directory permissions for the container in which the group is located to delete it. 

D. Incorrect: It is possible to delete groups using the Active Directory Users and Groups console.