QUESTION 121

Your network contains multiple subnets. On one of the subnets, you deploy a server named Server1 that runs Windows Server 2012 R2. You install the DNS Server server role on Server1, and then you create a standard primary zone named contoso.com. You need to ensure that client computers can resolve single-label names to IP addresses. What should you do first?

 

A.

Create a reverse lookup zone.

B.

Convert the contoso.com zone to an Active Directory-integrated zone.

C.

Configure dynamic updates for contoso.com.

D.

Create a GlobalNames zone.

 

Correct Answer: A

 

 

QUESTION 122

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has six network adapters. Two of the network adapters are connected to a network named LAN1, two of the network adapters are connected to a network named LAN2, and two of the network adapters are connected to a network named LAN3. You create a network adapter team named Team1 from the two adapters connected to LAN1. You create a network adapter team named Team2 from the two adapters connected to LAN2. A company policy states that all server IP addresses must be assigned by using a reserved address in DHCP. You need to identify how many DHCP reservations you must create for Server1. How many reservations should you identify?

 

A.

3

B.

4

C.

6

D.

8

 

Correct Answer: B

Explanation:

2 Adapters = LAN1 = Team1 = 1 IP

2 Adapters = LAN2 = Team2 = 1 IP

2 Adapters = LAN3 = No Team = 2 IP

1 + 1 + 2 = 4

 

 

QUESTION 123

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a server named Server1. You open Review Options in the Active Directory Domain Services Configuration Wizard, and then you click View script. You need to ensure that you can use the script to promote Server1 to a domain controller. Which file extension should you use to save the script?

 

A.

.ps1

B.

.bat

C.

.xml

D.

.cmd

 

Correct Answer: A

Explanation:

The View Script button is used to view the corresponding PowerShell script The PowerShell script extension is .psi, The Answer could logically be either a .cmd file or a .bat file.

According to http://www.fileinfo.com/:

PAL – Settings file created by Corel Painter or Palette of colors used by Dr. Halo bitmap images BAT – DOS batch file used to execute commands with the Windows Command Prompt (cmd.exe); contains aseries of line commands that typically might be entered at the DOS command prompt; most commonly used tostart programs and run maintenance utilities within Windows. XML – XML (Extensible Markup Language) data file that uses tags to define objects and object attributes;formatted much like an .HTML document, but uses custom tags to define objects and the data within eachobject; can be thought of as a text-based database. CMD – Batch file that contains a series of commands executed in order; introduced with Windows NT, but canbe run by DOS or Windows NT systems; similar to a .BAT file, but is run by CMD.EXE instead of COMMAND.COM.

 

 

QUESTION 124

DRAG DROP

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server!. Server1 runs a Server Core installation of Windows Server 2012 R2. You install the DNS Server server role on Server1. You need to perform the following configurations on Server1:

 

Create an Active Directory-integrated zone named adatum.com.

Send unresolved DNS client queries for other domain suffixes to the DNS server of your company’s Internet Service Provider (ISP).

 

Which Windows PowerShell cmdlets should you use?

To answer, drag the appropriate cmdlet to the correct configuration in the answer area. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

 

clip_image002

 

Correct Answer:

clip_image004

 

Explanation:

Add-DnsServerDirectoryPartition: Creates a DNS application directory partition.

Add-DnsServerPrimaryZone: Adds a primary zone to a DNS server.

Set-DNSServer Overwrites a DNS server configuration.

SET-DNSServerForwarder Changes forwarder settings on a DNS server Set-DNSServerDSSetting Modifies DNS Active Directory settings.

Set-DNSServerSetting Modifies DNS server settings.

http://technet.microsoft.com/en-us/library/jj649942(v=wps.620).aspx http://technet.microsoft.com/en-us/library/jj649876(v=wps.620).aspx http://technet.microsoft.com/en-us/library/jj649845(v=wps.620).aspx http://technet.microsoft.com/en-us/library/jj649887(v=wps.620).aspx http://technet.microsoft.com/en-us/library/jj649874.aspx

http://technet.microsoft.com/en-us/library/jj649909.aspx

 

 

QUESTION 125

Your network contains an Active Directory domain named contoso.com. The network contains 500 client computers that run Windows 8. All of the client computers connect to the Internet by using a web proxy. You deploy a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed. You configure all of the client computers to use Server1 as their primary DNS server. You need to prevent Server1 from attempting to resolve Internet host names for the client computers. What should you do on Server1?

 

A.

Create a primary zone named “.”.

B.

Configure the Security settings of the contoso.com zone.

C.

Create a zone delegation for GlobalNames.contoso.com.

D.

Create a stub zone named “root”.

 

Correct Answer: A

Explanation:

When you install DNS on a Windows server that does not have a connection to the Internet, the zone for the domain is created and a root zone, also known as a dot zone, is also created. This root zone may prevent access to the Internet for DNS and for clients of the DNS. If there is a root zone, there are no other zones other than those that are listed with DNS, and you cannot configure forwarders or root hint servers.

Root domain

This is the top of the tree, representing an unnamed level; it is sometimes shown as two empty quotation marks (“”), indicating a null value. When used in a DNS domain name, it is stated by a trailing period (.) to designate that the name is located at the root or highest level of the domain hierarchy. In this instance, the DNS domain name is considered to be complete and points to an exact location in the tree of names. Names stated this way are called fully qualified domain names (FQDNs).

DNS Domain Name Hierarchy:

clip_image006

 

 

QUESTION 126

Your network contains an Active Directory domain named contoso.com. The domain contains 100 user accounts that reside in an organizational unit (OU) named 0U1. You need to ensure that a user named User1 can link and unlink Group Policy objects (GPOs) to OU1. The solution must minimize the number of permissions assigned to User1. What should you do?

 

A.

Modify the permissions on OU1.

B.

Run the Set-GPPermission cmdlet.

C.

Add User1 to the Group Policy Creator Owners group.

D.

Modify the permissions on the User1 account.

 

Correct Answer: A

Explanation:

http://www.howtogeek.com/50166/using-the-delegation-of-control-wizard-to-assign-permissions-in-server-2008/

 

clip_image008

 

 

QUESTION 127

You have a server that runs Windows Server 2012 R2. The server contains the disks configured as shown in the following table.

 

clip_image010

 

You need to create a volume that can store up to 3 TB of user files. The solution must ensure that the user files are available if one of the disks in the volume fails.

What should you create?

 

A.

a mirrored volume on Disk 1 and Disk 4

B.

a mirrored volume on Disk 2 and Disk 3

C.

a RAID-5 volume on Disk 1, Disk 2, and Disk 3

D.

a spanned volume on Disk 0 and Disk 4

 

Correct Answer: B

Explanation:

A mirrored volume provides an identical twin of the selected volume. All data written to the mirrored volume is written to both volumes, which results in disk capacity of only 50 percent. Any volume can be mirrored, including the system and boot volumes. The disk that you select for the shadow volume does not need to be identical to the original disk in size, or in its number of tracks and cylinders. This means that you do not have to replace a failed disk with an identical model. The unused area that you select for the shadow volume cannot be smaller than the original volume. If the area that you select for the shadow volume is larger than the original, the extra space on the shadow disk can be configured as another volume.

Dynamic disks provide features that basic disks do not, such as the ability to create volumes that span multiple disks (spanned and striped volumes) and the ability to create fault-tolerant volumes (mirrored and RAID-5 volumes).

The following operations can be performed only on dynamic disks:

Create and delete simple, spanned, striped, mirrored, and RAID-5 volumes. Extend a simple or spanned volume. Remove a mirror from a mirrored volume or break the mirrored volume into two volumes. Repair mirrored or RAID-5 volumes. Reactivate a missing or offline disk.

You need at least two dynamic disks to create a mirrored volume.

Mirrored volumes are fault tolerant and use RAID-1, which provides redundancy by creating two identical copies of a volume.

Mirrored volumes cannot be extended.

Both copies (mirrors) of the mirrored volume share the same drive letter.

 

clip_image012

 

http://technet.microsoft.com/en-us/library/cc779765%28v=ws.10%29.aspx http://msdn.microsoft.com/en-us/library/windows/desktop/aa363785%28v=vs.85%29.aspx http://technet.microsoft.com/en-us/library/cc938487.aspx

 

 

QUESTION 128

What should you do for server core so it can be managed from another server 2012 R2?

 

clip_image014

 

A.

1

B.

2

C.

3

D.

4

E.

5

F.

6

G.

7

H.

8

I.

9

J.

10

K.

11

L.

12

M.

13

N.

14

O.

15

 

Correct Answer: H

Explanation:

4) Configure Remote Management is already “Enabled”. 8)

Network Settings

You can configure the IP address to be assigned automatically by a DHCP Server or you can assign a static IP address manually. This option allows you to configure DNS Server settings for the server as well.

http://technet.microsoft.com/en-us/library/jj647766.aspx

 

 

QUESTION 129

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2. On Server1, you create a printer named Printer1. You share Printer1 and publish Printer1 in Active Directory.

You need to provide a group named Group1 with the ability to manage Printer1.

What should you do?

 

A.

From Print Management, configure the Sharing settings of Printer1.

B.

From Active Directory Users and Computers, configure the Security settings of Server1- Printer1.

C.

From Print Management, configure the Security settings of Printer1.

D.

From Print Management, configure the Advanced settings of Printer1.

 

Correct Answer: C

Explanation:

Set permissions for print servers

Note:

Open Print Management.

In the left pane, clickPrint Servers, right-click the App1icable print server and then clickProperties. On theSecuritytab, underGroup or users names, click a user or group for which you want to set permissions.

UnderPermissions for <user or group name>, select theAlloworDenycheck boxes for the permissions listed as needed.

To editSpecial permissions, clickAdvanced.

On thePermissionstab, click a user group, and then clickEdit. In thePermission Entrydialog box, select theAlloworDenycheck boxes for the permissions that you want to edit.

 

clip_image016

 

Reference: Set Permissions for Print Servers

 

 

 

 

 

QUESTION 130

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.

Client computers run either Windows 7 or Windows 8.

All of the computer accounts of the client computers reside in an organizational unit (OU) named Clients. A Group Policy object (GPO) named GP01 is linked to the Clients OU. All of the client computers use a DNS server named Server1.

You configure a server named Server2 as an ISATAP router. You add a host (A) record for ISATAP to the contoso.com DNS zone.

You need to ensure that the client computers locate the ISATAP router.

What should you do?

 

A.

Run the Add-DnsServerResourceRecord cmdlet on Server1.

B.

Configure the DNS Client Group Policy setting of GPO1.

C.

Configure the Network Options Group Policy preference of GPO1.

D.

Run the Set-DnsServerGlobalQueryBlockList cmdlet on Server1.

 

Correct Answer: D

Explanation:

Windows Server 2008 introduced a new feature, called “Global Query Block list”, which prevents somearbitrary machine from registering the DNS name of WPAD. This is a good security feature, as it prevents someone from just joining your network, and setting himself up asa proxy. The dynamic update feature of Domain Name System (DNS) makes it possible for DNS client computers toregister and dynamically update their resource records with a DNS server whenever a client changes itsnetwork address or host name. This reduces the need for manual administration of zone records. This convenience comes at a cost, however,because any authorized client can register any unused host name, even a host name that might havespecial significance for certain Applications. This can allow a malicious user to take over a special nameand divert certain types of network traffic to that user’s computer. Two commonly deployed protocols are particularly vulnerable to this type of takeover: the Web ProxyAutomatic Discovery Protocol (WPAD) and the Intra-site Automatic Tunnel Addressing Protocol (ISATAP). Even if a network does not deploy these protocols, clients that are configured to use them are vulnerable to thetakeover that DNS dynamic update enables. Most commonly, ISATAP hosts construct their PRLs by using DNS to locate a host named isatap on the localdomain. For example, if the local domain is corp.contoso.com, an ISATAP-enabled host queries DNS to obtainthe IPv4 address of a host named

isatap.corp.contoso.com. In its default configuration, the Windows Server 2008 DNS Server service maintains a list of names that, ineffect, it ignores when it receives a query to resolve the name in any zone for which the server is authoritative. Consequently, a malicious user can spoof an ISATAP router in much the same way as a malicious user canspoof a WPAD server: A malicious user can use dynamic update to register the user’s own computer as acounterfeit ISATAP router and then divert traffic between ISATAP-enabled computers on the network. The initial contents of the block list depend on whether WPAD or ISATAP is already deployed when you addthe DNS server role to an existing Windows Server 2008 deployment or when you upgrade an earlier versionof Windows Server running the DNS Server service. Add- DnsServerResourceRecord – The Add-DnsServerResourceRecordcmdlet adds a resource record for aDomain Name System (DNS) zone on a DNS server. You can add different types of resource records. Use different switches for different record types. By using this cmdlet, you can change a value for a record, configure whether a record has a time stamp,whether any authenticated user can update a record with the same owner name, and change lookup timeoutvalues, Windows Internet Name Service (WINS) cache settings, and replication settings. Set-DnsServerGlobalQueryBlockList – The Set-

DnsServerGlobalQueryBlockListcmdlet chang
es settingsof a global query block list on a Domain Name System (DNS) server. This cmdlet replaces all names in the list of names that the DNS server does not resolve with the names thatyou specify. If you need the DNS server to resolve names such as ISATAP and WPAD, remove these names from the list. Web Proxy Automatic Discovery Protocol (WPAD) and Intra-site Automatic Tunnel Addressing Protocol(ISATAP) are two commonly deployed protocols that are particularly vulnerable to hijacking.

http://technet.microsoft.com/en-us/library/jj649857(v=wps.620).aspx http://technet.microsoft.com/en-us/library/cc794902%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/security/bulletin/ms09-008

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0093

Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, whendynamic updates are enabled, does not restrict registration of the “wpad” hostname, which allows remoteauthenticated users to hijack the Web Proxy AutoDiscovery (WPAD) feature, and conduct man-in-the-middleattacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka “DNS ServerVulnerability in WPAD Registration Vulnerability,” a related issue to CVE- 2007-1692.

 

Free VCE & PDF File for Microsoft 70-410 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…