Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. You need to configure a central store for the Group Policy Administrative Templates. What should you do on DC1?
A. From Server Manager, create a storage pool.
B. From Windows Explorer, copy the PolicyDefinitions folder to the SYSVOL\contoso.com\policies folder.
C. From Server Manager, add the Group Policy Management feature
D. From Windows Explorer, copy the PolicyDefinitions folder to the NETLOGON share.
A. Create Disk Storage Pool
B. PolicyDefinitions folder in SYSVOL
C. Group Policy Management is a console for GPO Mgmt
D. Folder is for logon scripts
PolicyDefinitions folder within the SYSVOL folder hierarchy. By placing the ADMX files in this directory,they are replicated to every DC in the domain; by extension, the ADMX-aware Group Policy ManagementConsole in Windows Vista, Windows 7, Windows Server 2008 and R2 can check this folder as an additionalsource of ADMX files, and will report them accordingly when setting your policies.
By default, the folder is not created. Whether you are a single DC or several thousand, I would stronglyrecommend you create a Central Store and start using it for all your ADMX file storage. It really does work well.
The Central Store To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder ona domain controller. The Central Store is a file location that is checked by the Group Policy tools. The GroupPolicy tools use any .admx files that are in the Central Store. The files that are in the Central Store are laterreplicated to all domain controllers in the domain. To create a Central Store for .admx and .adml files, create a folder that is named PolicyDefinitions in thefollowing location:
Note: FQDN is a fully qualified domain name.
You install Windows Server 2012 R2 on a standalone server named Server1. You configure Server1 as a VPN server.
You need to ensure that client computers can establish PPTP connections to Server1.
Which two firewall rules should you create? (Each correct answer presents part of the solution. Choose two.)
A. An inbound rule for protocol 47
B. An outbound rule for protocol 47
C. An inbound rule for TCP port 1723
D. An inbound rule for TCP port 1701
E. An outbound rule for TCP port 1723
F. An outbound rule for TCP port 1701
To enable VPN tunnels between individual host computers or entire networks that have a firewall between them, you must open the following ports:
To allow PPTP tunnel maintenance traffic, open TCP 1723. To allow PPTP tunneled data to pass through router, open Protocol ID 47. http://www.windowsitpro.com/article/pptp/which-ports-do-you-need-to-open-on-a-firewall-to- allow-pptp-andl2tp-over-ipsec-vpn-tunnels–46811
If you use a personal firewall or a broadband router, or if there are routers or firewalls between the VPN client and the VPN server, the following ports and protocol must be enabled for PPTP on all firewalls and routers that are between the VPN client and the VPN server:
Client ports Server port Protocol
1024-65535/TCP 1723/TCP PPTP
Additionally, you must enable IP PROTOCOL 47 (GRE).
Your network contains an Active Directory domain named adatum.com. The computer accounts for all member servers are located in an organizational unit (OU) named Servers. You link a Group Policy object (GPO) to the Servers OU.
You need to ensure that the domain’s Backup Operators group is a member of the local Backup Operators group on each member server. The solution must not remove any groups from the local Backup Operators groups.
What should you do?
A. Add a restricted group named adatum\Backup Operators. Add Backup Operators to the This group is
a member of list.
B. Add a restricted group named adatum\Backup Operators. Add Backup Operators to the Members of
this group list.
C. Add a restricted group named Backup Operators. Add adatum\Backup Operators to the This group is
a member of list.
D. Add a restricted group named Backup Operators. Add adatum\Backup Operators to the Members of
this group list.
A. The Member Of list specifies which other groups the restricted group should belong to B. Needs to be added to member of list
C. Wrong group
D. Wrong group
Restricted groups allow an administrator to define two properties for security-sensitive groups (that is,”restricted” groups).
The two properties are Members and Member Of . The Members list defines who should and should not belongto the restricted group. The Member Of list specifies which other groups the restricted group should belong to.
When a restricted Group Policy is enforced, any current member of a restricted group that is not on theMembers list is removed. Any user on the Members list which is not currently a member of the restrictedgroup is added.
The Restricted Groups folder is available only in Group Policy objects associated with domains, OUs,and sites. The Restricted Groups folder does not appear in the Local Computer Policy object. If a Restricted Group is defined such that it has no members (that is, the Members list is empty), then allmembers of the group are removed when the policy is enforced on the system. If the Member Of list is emptyno changes are made to any groups that the restricted group belongs to. In short, an empty Members listmeans the restricted group should have no members while an empty Member Of list means “don’t care” whatgroups the restricted group belongs to.
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. An application named Appl.exe is installed on all client computers. Multiple versions of Appl.exe are installed on different client computers. Appl.exe is digitally signed.
You need to ensure that only the latest version of Appl.exe can run on the client computers.
What should you create?
A. An application control policy packaged app rule
B. A software restriction policy certificate rule
C. An application control policy Windows Installer rule
D. An application control policy executable rule
A. A publisher rule for a Packaged app is based on publisher, name and version B. You can create a certificate rule that identifies software and then allows or does not allow the software torun, depending on the security level.
C. For .msi or .msp
D. Executable Rules, for .exe and can be based on Publisher, Product name, filename and version. Use Certificate Rules on Windows Executables for Software Restriction Policies This security setting determines if digital certificates are processed when a user or process attempts to runsoftware with an .exe file name extension. This security settings is used to enable or disable certificate rules, atype of software restriction policies rule. With software restriction policies, you can create a certificate rule thatwill allow or disallow software that is signed by Authenticode to run, based on the digital certificate that isassociated with the software. In order for certificate rules to take effect, you must enable this security setting. When certificate rules are enabled, software restriction policies will check a certificate revocation list (CRL) tomake sure the software’s certificate and signature are valid. This may decrease performance when start signedprograms. You can disable this feature. On Trusted Publishers Properties, clear the Publisher and Timestampcheck boxes.
http://technet.microsoft.com/en-us/library/hh994588.aspx http://www.grouppolicy.biz/2012/08/how-manage-published-a-k-a-metro-apps-in-windows8-using- grouppolicy/
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. You need to ensure that the local Administrator account on all computers is renamed to L_Admin. Which Group Policy settings should you modify?
A. Security Options
B. User Rights Assignment
C. Restricted Groups
A. Allows configuration of computers
B. User Rights Assignment policies determines which users or groups have logon rights or privileges on thecomputer
C. Restricted Groups defines what member or groups should exist as part of a group D. With Preferences, local and domain accounts can be added to a local group without affecting the existingmembers of the group In Group Policy Object Editor, click Computer Configuration, click Windows Settings, click Security Settings,click Local Policies, and then click Security Options. In the details pane, double-click Accounts: Rename administrator account.
In Group Policy Object Editor, click Computer Configuration, click Windows Settings, click Security Settings, click Local Policies, and then click Security Options. In the details pane, double-click Accounts: Rename administrator account.
You have a server that runs Windows Server 2012 R2. The disks on the server are configured as shown in the exhibit. (Click the Exhibit button.) You need to create a storage pool that contains Disk 1 and Disk 2. What should you do first?
A. Delete volume E
B. Convert Disk 1 and Disk 2 to dynamic disks
C. Convert Disk 1 and Disk 2 to GPT disks
D. Create a volume on Disk 2
A. Storage Pools use unallocated space
There is no way to create a storage pool with existing data. Storage pools are only a collection ofdrives that are managed by windows.
You have a server named Server1 that runs Windows Server 2012 R2. You add a 4-TB disk named Disk 5 to Server1. You need to ensure that you can create a 3-TB volume on Disk 5. What should you do?
A. Create a storage pool.
B. Convert the disk to a dynamic disk.
C. Create a VHD, and then attach the VHD.
D. Convert the disk to a GPT disk.
MBR max is 2TB, the disk must be GPT
For any hard drive over 2TB, we need to use GPT partition. If you have a disk larger than 2TB size, the rest ofthe disk space will not be used unless you convert it to GPT. An existing MBR partition can’t be converted to GPT unless it is completely empty; you must either deleteeverything and convert or create the partition as GPT. It is not possible to boot to a GPT partition, impossible to convert MBR to GPT without data loss.
You have a server named Server1 that has a Server Core installation of Windows Server 2008 R2. Server1 has the DHCP Server server role and the File Server server role installed.
You need to upgrade Server1 to Windows Server 2012 R2 with the graphical user interface (GUI). The solution must meet the following requirements:
• Preserve the server roles and their configurations.
• Minimize Administrative effort.
What should you do?
A. On Server1, run setup.exe from the Windows Server 2012 R2 installation media and select Server with a GUI.
B. Start Server1 from the Windows Server 2012 R2 installation media and select Server Core Installation.
When the installation is complete, add the Server Graphical Shell feature.
C. Start Server1 from the Windows Server 2012 R2 installation media and select Server with a GUI.
D. On Server1, run setup.exe from the Windows Server 2012 R2 installation media and select Server Core
When the installation is complete, add the Server Graphical Shell feature
A. Server is on 2008 R2 core, must install 2012 R2 core and then GUI B. Not least effort
C. Not least effort
D. Upgrade to 2012 R2 and install GUI shell
http://technet.microsoft.com/en-us/library/jj574204.aspx Upgrades that switch from a Server Core installation to the Server with a GUI mode of Windows Server 2012 R2 in one step (and vice versa) are not supported. However, after upgrade is complete, Windows Server 2012 R2 allows you to switch freely between Server Core and Server with a GUI modes. For more information about these installation options, how to convert between them, and how to use the new Minimal Server Interface and
Features on Demand, see http://technet.microsoft.com/library/hh831786.
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. You need to install the Remote Desktop Services server role on Server2 remotely from Server1. Which tool should you use?
A. The dsadd.exe command
B. The Server Manager console
C. The Remote Desktop Gateway Manager console
D. The Install-RemoteAccess cmdlet
A. Adds specific types of objects to the directory
B. You can manage remote server by Server Manager and install roles/features C. Remote Desktop Gateway (RD Gateway) is a role service that enables authorized remote users to connectto resources on an internal corporate or private network, from any Internet-connected device that can run theRemote Desktop Connection (RDC) client. D. Performs prerequisite checks for DirectAccess (DA) to ensure that it can be installed, installs DA for remoteaccess (RA) (includes management of remote clients) or for management of remote clients only, and installsVPN (both Remote Access VPN and siteto-site VPN).
You have a server named Server1 that runs a full installation of Windows Server 2012 R2.
You need to uninstall the graphical user interface (GUI) on Server1. You must achieve this goal by using the minimum amount of Administrative effort. What should you do?
A. Reinstall Windows Server 2012 R2 on the server.
B. From Server Manager, uninstall the User Interfaces and Infrastructure feature.
C. From Windows PowerShell, run Uninstall-WindowsFeature PowerShell-ISE
D. From Windows PowerShell, run Uninstall-WindowsFeature Desktop-Experience.
A. Not least effort
B. Quick and Easy
C. Uninstalls PS-ISE
D. Doesn’t remove all GUI components
Passing Microsoft 70-410 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-410 Dump: