I’m currently studying for Microsoft exam 70-410. I do enjoy studying for exams. It’s hard, but it’s an excellent forcing function. I learn bits and pieces here and there now and then about this and that, but when I have an exam schedule for a set date, I have to study! And not only do I put in more hours, but I follow a more systematic approach. In this article, I’m going to share GreatExam braindumps in case you too are studying and this method works for you.
QUESTION 271
You are configuring the IPv6 network infrastructure for a branch office. The corporate network administrator allocates the 2001:DB8:0:C000::/58 address space for use in the branch office.
You need to identify the maximum number of IPv6 subnets you can create.
How many IPv6 subnets should you identify?
A.    32
B.    64
C.    128
D.    1024
Answer: B
Explanation:
IPv6 has 128-bit (16-byte) source and destination IP addresses. Although 128 bits can express over 3.4×1038 possible combinations, the large address space of IPv6 has been designed for multiple levels of subnetting and address allocation from the Internet backbone to the individual subnets within an organization.
http://technet.microsoft.com/en-us/library/dd379516%28v=WS.10%29.aspx
QUESTION 272
You have a print server named Server1.
You install a printer on Server1.
You share the printer as Printer1.
You need to configure Printer1 to be available only from 19:00 to 05:00 every day.
Which settings from the properties of Printer1 should you modify?
A.    Device Settings
B.    Advanced
C.    Security
D.    Ports
E.    Sharing
Answer: B
Explanation:
When navigating to the printer properties, the Properties tab is divided into several different tabs of which the Advanced tab will give you access to the scheduling where you can configure the availability of the printer.
QUESTION 273
You have two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the DHCP Server server role installed.
You need to create an IPv6 reservation for Server2.
Which two values should you obtain from Server2? (Each correct answer presents part of the solution. Choose two.)
A.    the hardware ID
B.    the DHCPv6 unique identifier
C.    the DHCPv6 identity association ID
D.    the SMSBIOS GUID
E.    the MAC address
Answer: BC
Explanation:
The Add-DhcpServerv6Reservation cmdlet reserves a specified IPv6 address for the client identified by the specified Dynamic Host Configuration Protocol (DHCP) v6 unique identifier (ID) (DUID) and identity association ID (IAID).
http://technet.microsoft.com/en-us/library/jj590730.aspx
QUESTION 274
Hotspot Question
You have two servers that run Windows Server 2012 R2.
The servers are configured as shown in the following table.
You need to ensure that Server2 can be managed by using Server Manager from Server1.
In the table below, identify which actions must be performed on Server1 and Server2. Make only one selection in each row. Each correct selection is worth one point.
Answer:
Explanation:
http://technet.microsoft.com/library/hh831453.aspx
QUESTION 275
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows Server 2012 R2.
You log on to Server1.
You need to retrieve a list of the active TCP connections on Server2.
Which command should you run from Server1?
A.    winrm get server2
B.    dsquery * -scope base -attrip,server2
C.    winrs -r:server2netstat
D.    netstat> server2
Answer: C
Explanation:
http://msdn.microsoft.com/en-us/library/aa384291(v=vs.85).aspx
This command line tool enables administrators to remotely execute most Cmd.exe commands using the WS-Management protocol.
QUESTION 276
You have a server named Server1 that has the Print and Document Services server role installed. You need to provide users with the ability to manage print jobs on Server1 by using a web browser.
What should you do?
A.    Start the Computer Browser service and set the service to start automatically.
B.    Install the LPD Service role service.
C.    Install the Internet Printing role service.
D.    Start the Printer Extensions and Notifications service and set the service to start automatically.
Answer: C
Explanation:
Internet printing makes it possible for computers running Windows Server 2008 to use printers located anywhere in the world by sending print jobs using Hypertext Transfer Protocol (HTTP).
http://technet.microsoft.com/en-us/library/cc731368(v=ws.10).aspx
QUESTION 277
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1. Server1 runs Windows Server 2012 R2.
You plan to create a shared folder. The shared folder will have a quota limit.
You discover that when you run the New Share Wizard, you cannot select the SMB Share Advanced option.
You need to ensure that you can use SMB Share – Advanced to create the new share.
What should you do on Server1 before you run the New Share Wizard?
A.    Configure the Advanced system settings.
B.    Run the Install-WindowsFeaturecmdlet.
C.    Run the Set-SmbSharecmdlet.
D.    Install the Share and Storage Management tool.
Answer: B
Explanation:
Install-windowsfeature -name fs-resource-manager -includemanagementtools
Installs one or more Windows Server roles, role services, or features on either the local or a specified remote server that is running Windows Server 2012 R2. This cmdlet is equivalent to and replaces Add- WindowsFeature, the cmdlet that was used to install roles, role services, and features in Windows Server 2008 R2.
http://www.c-sharpcorner.com/UploadFile/cd7c2e/how-to-install-the-file-server-resource-manager-in-windows-s/
QUESTION 278
Your network contains two Active Directory forests named contoso.com and adatum.com.
All servers run Windows Server 2012 R2. A one-way external trust exists between contoso.com and adatum.com. Adatum.com contains a universal group named Group1.
You need to prevent Group1 from being used to provide access to the resources in contoso.com. What should you do?
A.    Change the scope of Group1 to domain local.
B.    Modify the Allowed to Authenticate permissions in adatum.com.
C.    Enable SID quarantine on the trust between contoso.com and adatum.com.
D.    Modify the Allowed to Authenticate permissions in contoso.com.
Answer: B
Explanation:
* Accounts that require access to the customer Active Directory will be granted a special right called Allowed to Authenticate. This right is then applied to computer objects (Active Directory domain controllers and AD RMS servers) within the customer Active Directory to which the account needs access.
* For users in a trusted Windows Server 2008 or Windows Server 2003 domain or forest to be able to access resources in a trusting Windows Server 2008 or Windows Server 2003 domain or forest where the trust authentication setting has been set to selective authentication, each user must be explicitly granted the Allowed to Authenticate permission on the security descriptor of the computer objects (resource computers) that reside in the trusting domain or forest.
http://technet.microsoft.com/en-us/library/cc816733(v=ws.10).aspx
QUESTION 279
Your network contains an Active Directory domain named contoso.com. The domain contains 100 user accounts that reside in an organizational unit (OU) named OU1.
You need to ensure that a user named User1 can link and unlink Group Policy objects (GPOs) to OU1. The solution must minimize the number of permissions assigned to User1.
What should you do?
A.    Add User1 to the Group Policy Creator Owners group.
B.    Run the Set-GPPermissioncmdiet.
C.    Modify the permission on the \\Contoso.com\SYSVOL\Contoso.com\Policies folder.
D.    Run the Delegation of Control Wizard on OU1.
Answer: D
Explanation:
http://www.howtogeek.com/50166/using-the-delegation-of-control-wizard-to-assign-permissions-in-server-2008/
QUESTION 280
Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and child.contoso.com and two sites named Site1 and Site2.
The domains and the sites are configured as shown in following table.
When the link between Site1 and Site2 fails, users fail to log on to Site2.
You need to identify what prevents the users in Site2 from logging on to the child.contoso.com domain.
What should you identify?
A.    the placement of the global catalog server
B.    the placement of the PDC emulator
C.    the placement of the infrastructure master
D.    the placement of the domain naming master
Answer: A
Explanation:
User logon. In a forest that has more than one domain, two conditions require the global catalog during user authentication:
In a domain that operates at the Windows 2000 native domain functional level or higher, domain controllers must request universal group membership enumeration from a global catalog server.
When a user principal name (UPN) is used at logon and the forest has more than one domain, a global catalog server is required to resolve the name.
http://technet.microsoft.com/en-us/library/cc728188(v=ws.10).aspx
QUESTION 281
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All servers runs Windows Server 2012 R2.The domain contains two domain controllers named DC1 and DC2. Both domain controllers are virtual machines on a HyperV host.
You plan to create a cloned domain controller named DC3 from an image of DC1.
You need to ensure that you can clone DC1.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.    Add the computer account of DC1 to the Cloneable Domain Controllers group.
B.    Create a DCCIoneConfig.xml file on DC1.
C.    Add the computer account of DC3 to the Cloneable Domain Controllers group.
D.    Run the Enable-AdOptionalFeaturecmdlet.
E.    Modify the contents of the DefaultDCCIoneAllowList.xml file on DC1.
Answer: AB
Explanation:
A: Cloneable Domain Controllers Group There’s a new group in town. It’s called Cloneable Domain Controllers and you can find it in the Users container. Membership in this group dictates whether a DC can or cannot be cloned. This group has some permissions set on the domain head that should not be removed. Removing these permissions will cause cloning to fail. Also, as a best practice, DCs shouldn’t be added to the group until you plan to clone and DCs should be removed from the group once cloning is complete. Cloned DCs will also end up in the Cloneable Domain Controllers group.
B: DCCloneConfig.xml
There’s one key difference between a cloned DC and a DC that is being restored to a previous snapshot: DCCloneConfig.XML.
DCCloneConfig.xml is an XML configuration file that contains all of the settings the cloned DC will take when it boots. This includes network settings, DNS, WINS, AD site name, new DC name and more. This file can be generated in a few different ways.
The New-ADDCCloneConfigcmdlet in PowerShell
By hand with an XML editor
By editing an existing config file, again with an XML editor. Reference: Virtual Domain Controller Cloning in Windows Server 2012
QUESTION 282
Your network contains an Active Directory forest.
The forest contains two domains named contoso.com and corp.contoso.com.
All domain controllers run Windows Server 2012 R2 and are configured as global catalog servers.
The corp.contoso.com domain contains a domain controller named DC1.
You need to disable the global catalog on DC1.
What should you do?
A.    From Active Directory Users and Computers, modify the properties of the DC1 computer account.
B.    From Active Directory Administrative Center, modify the properties of the DC1 computer account.
C.    From Active Directory Sites and Services, modify the NTDS Settings of the DC1 server object.
D.    From Active Directory Domains and Trusts, modify the properties of the corp.contoso.com domain.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc755257.aspx
To add or remove the global catalog
Open Active Directory Sites and Services. To open Active Directory Sites and Services, click Start , click Administrative Tools , and then click Active Directory Sites and Services .
To open Active Directory Sites and Services in Windows Server® 2012, click Start , type dssite.msc .
In the console tree, click the server object to which you want to add the global catalog or from which you want to remove the global catalog.
Where?
Active Directory Sites and Services\Sites\SiteName\Servers
In the details pane, right-click NTDS Settings of the selected server object, and then click Properties .
Select the Global Catalog check box to add the global catalog, or clear the check box to remove the global catalog.
QUESTION 283
Your network contains an Active Directory domain named contoso.com.
Your company hires 500 temporary employees for the summer. The human resources department gives you a Microsoft Excel document that contains a list of the temporary employees.
You need to automate the creation of user accounts for the 500 temporary employees.
Which tool or tools should you use?
A.    The Set-ADUsercmdlet and the Add-Member cmdlet
B.    The Import-CSV cmdlet and the New-ADUsercmdlet
C.    ADSI Edit
D.    Active Directory Users and Computers
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/ee176874.aspx
The CSVDE is a command-line utility that can create new AD DS objects by importing information from a comma-separated value (.csv) file. This would be the least amount of administrative effort in this case especially considering that these would be temporary employees.
QUESTION 284
Hotspot Question
You deploy a Server with a GUI installation of Windows Server 2012 R2 Datacenter. From Windows PowerShell, you run the following command: Remove-WindowsFeature ServerGui-Shell.
In the table below, identify which tools are available on Server1 and which tools are unavailable on Server1. Make only one selection in each row. Each correct selection is worth one point.
Answer:
QUESTION 285
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com.
The domain contains two servers named Server1 and Server2. Server1 and Server2 run a Server with a GUI installation of Windows Server 2012 R2.
You remove the Graphical Management Tools and Infrastructure feature on Server2.
You need to restart Server2.
What should you do? (To answer, drag the appropriate tools to the correct statements. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Answer:
QUESTION 286
Drag and Drop Question
You have a server that runs Windows Server 2012 R2.
You need to create a volume that will remain online if two disks in the volume fail.
The solution must minimize the number of disks used to create the volume.
Which three actions should you perform in sequence? (To answer, move the appropriate three actions from the list of actions to the answer area and arrange them in the correct order.)
Answer:
QUESTION 287
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server that runs Windows Server 2012 R2.
You perform a Server Core Installation of Windows Server 2012 R2 on a new server.
You need to ensure that you can add the new server to Server Manager on Server1.
What should you configure on the new server?To answer, select the appropriate setting in the answer area.
Answer:
QUESTION 288
You work as an administrator at L2P.com. The L2P.com network consists of a single domain named L2P.com. All servers in the L2P.com domain, including domain controllers, have Windows Server 2012 installed.
You have been instructed to modify the name of the local Administrator account on all L2P.com workstations.
You want to achieve this using as little administrative effort as possible.
Which of the following actions should you take?
You should consider configuring the Security Options settings via the Group Policy
A.    You should consider configuring the Security Options settings via the Group Policy Management
Console (GPMC).
B.    You should consider navigating to Local Users and Groups via Computer
C.    You should consider configuring the replication settings.
D.    You should consider navigating to Local Users and Groups via Computer Management on
each workstation.
Answer: A
Explanation:
Rename administrator account policy setting determines whether a different account name is associated with the security identifier (SID) for the Administrator account.
Because the Administrator account exists on all Windows server versions, renaming the account makes it slightly more difficult for attackers to guess this user name and password combination. By default, the built-in Administrator account cannot be locked out no matter how many times a malicious user might use a bad password. This makes the Administrator account a popular target for brute-force password-guessing attacks. The value of this countermeasure is lessened because this account has a well-known SID and there are non-Microsoft tools that allow you to initiate a brute-force attack over the network by specifying the SID rather than the account name. This means that even if you have renamed the Administrator account, a malicious user could start a brute-force attack by using the SID.
Rename the Administrator account by specifying a value for the Accounts: Rename administrator account policy setting.
Location: GPO_name\Computer Configuration\Windows Settings\Security Settings\Local
Policies\Security Options
http://technet.microsoft.com/en-us/library/jj852273%28v=ws.10%29.aspx http://windowsitpro.com/group-policy/securing-administrator-account
QUESTION 289
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1. Server1 runs Windows Server 2012 R2.
An administrator creates a security template named Template1.
You need to Apply Template1 to Server1.
Which snap-in should you use?
A.    Security Templates
B.    Authorization Manager
C.    Security Configuration and Analysis
D.    Resultant Set of Policy
Answer: C
Explanation:
The Security Configuration and Analysis tool contains the Local Security Policy snap-in that is used to apply templates.
http://technet.microsoft.com/en-us/library/bb742512.aspx
http://technet.microsoft.com/en-us/library/cc739442%28v=WS.10%29.aspx
QUESTION 290
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2. The domain contains a user named User1 and three global security groups named Group1, Group2 and, Group3.
You need to add User1 to Group1, Group2, and Group3.
Which cmdlet should you run?
A.    Add-AdPrincipalGroupMembership
B.    Install- AddsDomainController
C.    Install- WindowsFeature
D.    Install-AddsDomain
E.    Rename-AdObject
F.    Set-AdAccountControl
G.    Set-AdGroup
H.    Set-User
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/ee617203.aspx
The Add-ADPrincipalGroupMembership cmdlet adds a user, group, service account, or computer as a new member to one or more Active Directory groups.
If you want to prepare for 70-410 exam in shortest time, with minimum effort but for most effective result, you can use GreatExam 70-410 practice test which simulates the actual testing environment and allows you to focus on various sections of 70-410 exam. Best of luck!

