[2017 PDF&VCE] Latest Lead2pass 70-410 Exam Free 70-410 Dumps Download (141-160)

Lead2pass 2017 September New Microsoft 70-410 Exam Dumps

100% Free Download! 100% Pass Guaranteed!

As a professional IT exam study material provider, Lead2pass gives you more than just 70-410 exam questions and answers. We provide our customers with the most accurate study material about the 70-410 exam and the guarantee of pass. We assist you to prepare for 70-410 certification which is regarded valuable the IT sector.

Following questions and answers are all new published by Microsoft Official Exam Center: https://www.lead2pass.com/70-410.html

QUESTION 141
Drag and Drop Question
You plan to deploy a DHCP server that will support four subnets.
The subnets will be configured as shown in the following table.

 

You need to identify which network ID you should use for each subnet.
What should you identify? To answer, drag the appropriate network ID to the each subnet in the answer area.

 
Answer:

 
Explanation:

 

QUESTION 142
Your network contains an Active Directory domain named adatum.com.
The domain contains a file server named Server2 that runs Windows Server 2012 R2. Server2 contains a shared folder named Home. Home contains the home folder of each user.
All users have the necessary permissions to access only their home folder.
A user named User1 opens the Home share as shown in the exhibit. (Click the Exhibit button.)

 

You need to ensure that all users see only their own home folder when they access Home.
What should you do from Server2?

A.    From Windows Explorer, modify the properties of Home.
B.    From Server Manager, modify the properties of the volume that contains Home.
C.    From Windows Explorer, modify the properties of the volume that contains Home.
D.    From Server Manager, modify the properties of Home.

Answer: D
Explanation:
Access-based Enumeration is a new feature included with Windows Server 2003 Service Pack 1. This feature based file servers to list only the files and folders to which they have allows users of Windows Server 2003
access when browsing content on the file server. This eliminates user confusion that can be caused when users connect to a file server and encounter a large number of files and folders that they cannot access.
Access-based Enumeration filters the list of available files and folders on a server to include only those that the requesting user has access to. This change is important because this allows users to see only those files and directories that they have access to and nothing else. This mitigates the scenario where unauthorized users might otherwise be able to see the contents of a directory even though they don’t have access to it.
Access-Based Enumeration (ABE) can be enabled at the Share properties through Server Manager.

 

After implementation instead of seeing all folder including the ones the user does not have access to:

 

User will have access just to the folder where has rights to:

 
If a user with full access browses the same folder it will show all 5230 folders.
http://technet.microsoft.com/en-us/library/cc784710%28v=ws.10%29.aspx http://technet.microsoft.com/pt-pt/library/dd772681%28v=ws.10%29.aspx

QUESTION 143
You have a server named Server1 that runs a Server Core Installation of Windows Server 2012 R2 Datacenter.
You have a WIM file that contains the four images of Windows Server 2012 R2 as shown in the Images exhibit. (Click the Exhibit button.)

 

You review the installed features on Server1 as shown in the Features exhibit. (Click the Exhibit button.)

 

You need to install the Server Graphical Shell feature on Server1.
Which two possible sources can you use to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

A.    Index 1
B.    Index 2
C.    Index 3
D.    Index 4

Answer: BD
Explanation:
When you install Windows Server 2012 R2 you can choose between Server Core Installation and Server with a GUI. The “Server with a GUI” option is the Windows Server 2012 R2 equivalent of the Full installation option available in Windows Server 2008 R2. The “Server Core Installation” option reduces the space required on disk, the potential attack surface, and especially the servicing requirements, so we recommend that you choose the Server Core installation unless you have a particular need for the additional user interface elements and graphical management tools that are included in the “Server with a GUI” option. For this reason, the Server Core installation is now the default. Because you can freely switch between these options at any time later, one approach might be to initially install the Server with a GUI option, use the graphical tools to configure the server, and then later switch to the Server Core Installation option. Reference: Windows Server Installation Options

QUESTION 144
Your network contains two subnets. The subnets are configured as shown in the following table.

 

You have a server named Server1 that runs Windows Server 2012 R2.
Server1 is connected to LAN1.
You run the route print command as shown in the exhibit. (Click the Exhibit button.)

 

You need to ensure that Server1 can communicate with the client computers on LAN2.
What should you do?

A.    Change the default gateway address.
B.    Set the state of the Teredo interface to disable.
C.    Change the metric of the 10.10.1.0 route.
D.    Set the state of the Microsoft ISATAP Adapter #2 interface to disable.

Answer: A
Explanation:
In general, the first and last addresses in a subnet are used as the network identifier and broadcast address,respectively. All other addresses in the subnet can be assigned to hosts on that subnet. For example, IP addresses of networks with subnet masks of at least 24 bits ending in .0 or .255 can never beassigned to hosts. Such “last” addresses of a subnet are considered “broadcast” addresses and all hosts onthe corresponding subnet will respond to it. Theoretically, there could be situations where you can assign an address ending in .0: for example, if you havea subnet like 192.168.0.0/255.255.0.0, you are allowed to assign a host the address 192.168.1.0. It couldcreate confusion though, so it’s not a very common practice. Example10.6.43.0 with subnet 255.255.252.0 (22 bit subnet mask) means subnet ID 10.6.40.0, a host address range from 10.6.40.1 to 10.6.43.254 and a broadcast address10.6.43.255. So in theory, your example 10.6.43.0 would be allowed as a valid host address. The default gateway address should not end in .0 with the /24 address http://tools.ietf.org/html/rfc4632
http://en.wikipedia.org/wiki/IPv4#Addresses_ending_in_0_or_255

QUESTION 145
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a member server named Server1.
Server1 has the File Server server role installed.
On Server1, you create a share named Documents. The Documents share will contain the files and folders of all users.
You need to ensure that when the users connect to Documents, they only see the files to which they have access.
What should you do?

A.    Modify the NTFS permissions.
B.    Modify the Share permissions.
C.    Enable access-based enumeration.
D.    Configure Dynamic Access Control.

Answer: C
Explanation:
Access-based Enumeration is a new feature included with Windows Server 2003 Service Pack 1. This featureallows users of Windows Server 2003-Based file servers to list only the files and folders to which they haveaccess when browsing content on the file server. This eliminates user confusion that can be caused whenusers connect to a file server and encounter a large number of files and folders that they cannot access.Access-based Enumeration filters the list of available files and folders on a server to include only those that therequesting user has access to. This change is important because this allows users to see only those files and directories that they haveaccess to and nothing else. This mitigates the scenario where unauthorized users might otherwise be able tosee the contents of a directory even though they don’t have access to it. Access-Based Enumeration (ABE) can be enabled at the Share properties through Server Manager.

 

 

 

After implementation instead of seeing all folder including the ones the user does not have access to:

 

User will have access just to the folder where has rights to:

 
If a user with full access browses the same folder – it will show all 5230 folders.
http://technet.microsoft.com/en-us/library/cc784710%28v=ws.10%29.aspx http://technet.microsoft.com/pt-pt/library/dd772681%28v=ws.10%29.aspx

QUESTION 146
Your network contains an Active Directory domain named contoso.com.
You have a starter Group Policy object (GPO) named GPO1 that contains more than 100 settings.
You need to create a new starter GPO based on the settings in GPO1.
You must achieve this goal by using the minimum amount of administrative effort.
What should you do?

A.    Run the New-GPStarterGPO cmdlet and the Copy-GPO cmdlet.
B.    Create a new starter GPO and manually configure the policy settings of the starter GPO.
C.    Right-click GPO1, and then click Back Up.
Create a new starter GPO.
Right-click the new GPO, and then click Restore from Backup.
D.    Right-click GPO1, and then click Copy.
Right-click Starter GPOs, and then click Paste.

Answer: A
Explanation:
The New-GPStarterGPO cmdlet creates a Starter GPO with the specified name. If the Starter GPOs folder does not exist in the SYSVOL when the New-GPStarterGPO cmdlet is called, it is created and populated with the eight Starter GPOs that ship with Group Policy.
The Copy-GPO cmdlet creates a (destination) GPO and copies the settings from the source GPO to the new GPO. The cmdlet can be used to copy a GPO from one domain to another domain within the same forest.
You can specify a migration table to map security principals and paths when copying across domains.
You can also specify whether to copy the access control list (ACL) from the source GPO to the destination GPO.
http://technet.microsoft.com/en-us/library/ee461063.aspx
http://technet.microsoft.com/en-us/library/ee461050.aspx

QUESTION 147
Your network contains an Active Directory domain named contoso.com.
The domain contains a member server named Server1.
Server1 runs Windows Server 2012 R2 and has the DHCP Server server role installed.
You create two IPv4 scopes on Server1. The scopes are configured as shown in the following table.

 

The DHCP clients in Subnet1 can connect to the client computers in Subnet2 by using an IP address or a FQDN.
You discover that the DHCP clients in Subnet2 can connect to client computers in Subnet1 by using an IP address only.
You need to ensure that the DHCP clients in both subnets can connect to any other DHCP client by using a FQDN.
What should you add?

A.    The 006 DNS Servers option to Subnet2
B.    The 015 DNS Domain Name option to Subnet1
C.    The 006 DNS Servers option to Subnet1
D.    The 015 DNS Domain Name option to Subnet2

Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/ee941136%28v=WS.10%29.aspx

QUESTION 148
Your network contains an Active Directory domain named contoso.com.
The domain contains two servers named Server1 and Server2.
Server1 runs Windows Server 2012 R2. Server2 runs Windows Server 2008 R2 Service Pack 1 (SP1) and has the DHCP Server server role installed.
You need to manage DHCP on Server2 by using the DHCP console on Server1.
What should you do first?

A.    From Windows PowerShell on Server2, run Enable-PSRemoting cmdlet.
B.    From Windows PowerShell on Server1, run Install-WindowsFeature.
C.    From Windows Firewall with Advanced Security on Server2, create an inbound rule.
D.    From Internet Explorer on Server2, download and install Windows Management Framework 3.0.

Answer: B
Explanation:
Original answer is A.
When the DHCP role is installed, it appears that the firewall rules are automatically added. This means you only need to add the DHCP Manager MMC snap-in which is a Role Administration Tool feature.
So the correct answer must be B.

QUESTION 149
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 is a DHCP server that is configured to have a scope named Scope1.
Server2 is configured to obtain an IP address automatically.
In Scope1, you create a reservation named Res_Server2 for Server2.
A technician replaces the network adapter on Server2.
You need to ensure that Server2 can obtain the same IP address.
What should you modify on Server1?

A.    The Advanced settings of Res_Server2
B.    The MAC address of Res Server2
C.    The Network Access Protection Settings of Scope1
D.    The Name Protection settings of Scope1

Answer: B
Explanation:
For clients that require a constant IP address, you can either manually configure a static IP address, or assigna reservation on the DHCP server. Reservations are permanent lease assignments that are used to ensure that a specified client on a subnet canalways use the same IP address.
You can use DHCP reservations for hosts that require a consistent IP address, but do not need to be staticallyconfigured. DHCP reservations provide a mechanism by which IP addresses may be permanently assigned to aspecific client based on the MAC address of that client. The MAC address of a Windows client can be found running the ipconfig /all command. For Linux systems thecorresponding command is ifconfig -a.
Once the MAC address has been identified, the reservation may be configured using either the DHCP consoleor at the command prompt using the netsh tool.

 

http://technet.microsoft.com/en-us/library/cc779507%28v=ws.10%29.aspx http://support.microsoft.com/kb/170062/en-us

QUESTION 150
Your network contains an Active Directory domain named contoso.com.
An organizational unit (OU) named OU1 contains the user accounts and the computer accounts for laptops and desktop computers. A Group Policy object (GPO) named GP1 is linked to OU1.
You need to ensure that the configuration settings in GP1 are applied only to the laptops in OU1. The solution must ensure that GP1 is applied automatically to new laptops that are added to OU1. What should you do?

A.    Modify the GPO Status of GP1.
B.    Configure the WMI Filter of GP1.
C.    Modify the security settings of GP1.
D.    Modify the security settings of OU1.

Answer: B
Explanation:
WMI filtering
Windows Management Instrumentation (WMI) filters allow you to dynamically determine the scope of GroupPolicy objects (GPOs) based on attributes of the target computer. When a GPO that is linked to a WMI filter isApplied on the target computer, the filter is evaluated on the target computer. If the WMI filter evaluates tofalse, the GPO is not Applied (except if the client computer is running Windows Server, in which case the filteris ignored and the GPO is always Applied). If the WMI filter evaluates to true, the GPO is Applied.
Reference: WMI filtering using GPMC
Windows Management Instrumentation (WMI) filters allow you to dynamically determine the scope of GroupPolicy objects (GPOs) based on attributes of the target computer. When a GPO that is linked to a WMI filter isApplied on the target computer, the filter is evaluated on the target computer. If the WMI filter evaluates to false, the GPO is not Applied (except if the client computer is running WindowsServer, in which case the filter is ignored and the GPO is always Applied). If the WMI filter evaluates to true, theGPO is Applied. WMI filters, like GPOs, are stored on a per-domain basis.
A WMI filter and the GPO it is linkedto must be in the same domain.
Select * from Win32_PhysicalMemory where FormFactor = 12
http://technet.microsoft.com/en-us/library/cc779036%28v=ws.10%29.aspx

QUESTION 151
Your network contains an Active Directory domain named contoso.com.
All client computer accounts are in an organizational unit (OU) named AllComputers.
Client computers run either Windows 7 or Windows 8.
You create a Group Policy object (GPO) named GP1.
You link GP1 to the AllComputers OU.
You need to ensure that GP1 applies only to computers that have more than 8 GB of memory.
What should you configure?

A.    The Security settings of AllComputers
B.    The Security settings of GP1
C.    The WMI filter for GP1
D.    The Block Inheritance option for AllComputers

Answer: C
Explanation:
Windows Management Instrumentation (WMI) filters allow you to dynamically determine the scope of Group Policy objects (GPOs) based on attributes of the target computer.
When a GPO that is linked to a WMI filter is applied on the target computer, the filter is evaluated on the target computer. If the WMI filter evaluates to false, the GPO is not applied (except if the client computer is running Windows Server, in which case the filter is ignored and the GPO is always applied). If the WMI filter evaluates to true, the GPO is applied. WMI filters, like GPOs, are stored on a per-domain basis. A WMI filter and the GPO it is linked to must be in the same domain.

 

 

SELECT Total Physical Memory FROM Win32_ComputerSystem WHERE
TotalPhysicalMemory >= 8000000000

QUESTION 152
Your network contains an Active Directory domain named contoso.com.
The domain contains two servers named Server1 and Server2.
Server1 runs Windows Server 2012 R2. Server2 runs Windows Server 2008 R2 Service Pack 1 (SP1) and has the DHCP Server server role installed.
You need to manage DHCP on Server2 by using the DHCP console on Server1.
What should you do first?

A.    From Windows Firewall with Advanced Security on Server2, create an inbound rule.
B.    From Internet Explorer on Server2, download and install Windows Management Framework 3.0.
C.    From Server Manager on Server1, install a feature.
D.    From Windows PowerShell on Server2, run Enable PSRemoting.

Answer: C
Explanation:
When the DHCP role is installed, it appears that the firewall rules are automatically added. This means you only need to add the DHCP Manager MMC snap-in which is a Role Administration Tool feature.

QUESTION 153
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named HVServer1. HVServer1 runs Windows Server 2012 and has the Hyper-V server role installed. HVServer1 hosts 10 virtual machines. All of the virtual machines connect to a virtual switch named Switch1. Switch1 is configured as a private network. All of the virtual machines have the DHCP guard and the router guard settings enabled.
You install the DHCP server role on a virtual machine named Server 1.
You authorize Server1 as a DHCP server in contoso.com.
You create an IP scope.
You discover that the virtual machines connected to Switch1 do not receive IP settings from Server1.
You need to ensure that the virtual machines can use Server1 as a DHCP server.
What should you do?

A.    Enable MAC address spoofing on Server1.
B.    Disable the DHCP guard on all of the virtual machines that are DHCP clients.
C.    Disable the DHCP guard on Server1.
D.    Enable single-root I/O virtualization (SR-IOV) on Server1.

Answer: C
Explanation:
Private virtual networks are used where you want to allow communications between virtual machine to virtual machine on the same physical server In a block diagram, a private network is an internal network without a virtual NIC in the parentpartition. A private network would commonly be used where you need complete isolation of virtual machines from external and parent partition traffic. DMZ workloads running on a leg of a tri-homed firewall, or an isolated test domain are examples where this type of network may be useful.

 

DHCP Guard is a feature that you can use (as the owner of the hypervisor) to prevent VMs that you do not authorize from acting as DHCP Servers. Unauthorized and Authorized is a procedural / process phrase. It is not a technical phrase or any setting
that can be applied. It is the business decision to call machine authorized or not. DHCP Guard is specific to the port / vNIC of a VM. And the setting moves with the VM / vNIC.
DHCPGuard allows you to specify whether DHCP server messages coming from a VM should be dropped. For VMs that are running an authorized instance of the DHCP server role, you can turn DHCPGuard off by using the following cmdlet:
Set-VMNetworkAdapter – VMName MyDhcpServer1 – DhcpGuard Off
For all other VMs that are not authorized DHCP servers, you can prevent them from becoming a rogue
DHCP server by turning DHCPGuard on, using the following cmdlet.
Set-VMNetworkAdapter – VMName CustomerVM – DhcpGuard On
http://technet.microsoft.com/en-us/library/jj679878.aspx#bkmk_dhcp http://blogs.technet.com/b/jhoward/archive/2008/06/17/hyper-v-what-are-the-uses-for-different-types-of- virtual-networks.aspx

QUESTION 154
Hotspot Question
Your network contains an Active Directory domain named adatum.com.
You create an account for a temporary employee named User1.
You need to ensure that User1 can log on to the domain only between 08:00 and 18:00 from a client computer named Computer1.
From which tab should you perform the configuration? To answer, select the appropriate tab in the answer area.

 

Answer:

 

Explanation:
To set logon hours
1. Open Active Directory Users and Computers.
2. In the console tree, click Users.
Where?
Active Directory Users and Computers/domain
node/Users Or, click the folder that contains the user account.
3. Right-click the user account, and then click Properties.
4. On the Account tab, click Logon Hours, and then set the permitted or denied logon hours for the user.

 

http://technet.microsoft.com/en-us/library/cc740199(v=ws.10).aspx

QUESTION 155
You work as a senior administrator at L2P.com. The L2P.com network consists of a single domain named L2P.com. All servers on the L2P.com network have Windows Server 2012 R2 installed.
You are running a training exercise for junior administrators.
You are currently discussing the new VHD format called VHDX.
Which of the following is TRUE with regards to VHDX? (Choose all that apply.)

A.    It supports virtual hard disk storage capacity of up to 64 GB.
B.    It supports virtual hard disk storage capacity of up to 64 TB.
C.    It does not provide protection against data corruption during power failures.
D.    It has the ability to store custom metadata about the file that the user might want to record.

Answer: BD
Explanation:
The main new features of the VHDX format are:
Support for virtual hard disk storage capacity of up to 64 TB.
Protection against data corruption during power failures by logging updates to the VHDX metadata structures. Improved alignment of the virtual hard disk format to work well on large sector disks.
The VHDX format also provides the following features:
Larger block sizes for dynamic and differencing disks, which allows these disks to attune to the needs of the workload.
A 4-KB logical sector virtual disk that allows for increased performance when used by applications and workloads that are designed for 4-KB sectors.
The ability to store custom metadata about the file that the user might want to record, such as operating system version or patches applied.
Efficiency in representing data (also known as “trim”), which results in smaller file size and allows the underlying physical storage device to reclaim unused space. (Trim requires physical disks directly attached to a virtual machine or SCSI disks, and trim-compatible hardware.)
VHDX Format – Features and Benefits
VHDX format features provide features at the virtual hard disk as well as virtual hard disk file layers and is optimized to work well with modern storage hardware configurations and capabilities. At the virtual hard disk layer, benefits include the ability to represent a large virtual disk size up to 64 TB, support larger logical sector sizes for a virtual disk up to 4 KB that facilitates the conversion of 4 KB sector physical disks to virtual disks, and support large block sizes for a virtual disk up to 256 MB that enables tuning block size to match the IO patterns of the application or system for optimal performance. At the virtual hard disk file layer, the benefits include the use of a log to ensure resiliency of the VHDX file to corruptions from system power failure events and a mechanism that allows for small pieces of user generated data to be transported along with the VHDX file. On modern storage platforms, the benefits include optimal performance on host disks that have physical sector sizes larger than 512 bytes through improved data alignment and capability to use the information from the UNMAP command, sent by the application or system using the virtual hard disk, to optimize the size of the VHDX file. The format is designed so that additional features could be introduced in the future by Microsoft or extended by other parser implementations. The format provides parsers the ability to detect features in a VHDX file that a parser does not understand.
http://technet.microsoft.com/en-us/library/hh831446.aspx
http://www.microsoft.com/en-us/download/details.aspx?id=34750

QUESTION 156
You have a server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. You attach a 4-TB disk to Server1. The disk is configured as an MBR disk.
You need to ensure that you can create a 4-TB volume on the disk.
Which Diskpart command should you use?

A.    Automount
B.    Convert
C.    Expand
D.    Attach

Answer: B
Explanation:
You can use Diskpart to convert a basic disk to a dynamic disk. The basic disk can either be empty or containeither primary partitions or logical drives. The basic disk can be a data disk or system or boot drive. A MBR file structure is only capable of 2TB maximum. The disk will have to be converted to a GPT filestructure. GPT is capable of 18 exabytes volumes. Convert gpt – Converts an empty basic disk with the master boot record (MBR) partition style into a basic diskwith the GUID partition table (GPT) partition style. The disk may be a basic or a dynamic disk but it must not contain any valid data partitions or volumes.

 

 

http://technet.microsoft.com/en-us/library/cc766465(v=ws.10).aspx http://support.microsoft.com/kb/300415/en-us

QUESTION 157
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1. Server1 runs Windows Server 2012 R2.
You need to create 3-TB virtual hard disk (VHD) on Server1.
Which tool should you use?

A.    Server Manager
B.    Diskpart
C.    New-StoragePool
D.    New-VirtualDisk

Answer: B
Explanation:
New-VirtualDisk – Creates a new virtual disk in the specified storage pool.
Although the new Server Manager UI in Windows Server 2012 R2 provides a very convenient and intuitive workflow to provision and manage Storage, interaction with PowerShell is required to access many of the advanced features.
If I then create a simple 200GB Virtual Disk via the UI named VDiskSimpleUI, the resulting Virtual Disk leverages 8 columns and maintains 1 copy of the data. But when creating the Virtual Disk via PowerShell,
I can force the tripping across all nine of the disks and optimize performance.
New-VirtualDisk -StoragePoolFriendlyName Pool01 – ResiliencySettingName Simple – Size 200GB – FriendlyName VDiskSimplePS – ProvisioningType Fixed – NumberOfDataCopies 1
– NumberOfColumns 9
And creating a mirrored 200GB Virtual Disk via the UI named VDiskMirrorUI produces a Virtual Disk with 4 columns and 2 data copies. But with PowerShell, I can create a slightly different configuration, increasing the data protection (and also the disk footprint):
New-VirtualDisk -StoragePoolFriendlyName Pool01 -ResiliencySettingName Mirror -Size 200GB –
FriendlyName VDiskMirrorPS -ProvisioningType Fixed -NumberOfDataCopies
3 -NumberOfColumns 3
http://blogs.technet.com/b/wincat/archive/2012/05/21/optimizing-windows-server-2012-storagemanagement-via-powershell-for-both-performance-and-resiliency.aspx
http://technet.microsoft.com/en-us/library/hh848643%28v=wps.620%29.aspx

QUESTION 158
Your network contains an Active Directory domain named contoso.com.
All domain controllers run Windows Server 2012 R2.
You create and enforce the default AppLocker executable rules.
Users report that they can no longer execute a legacy application installed in the root of drive C.
You need to ensure that the users can execute the legacy application.
What should you do?

A.    Modify the action of the existing rules.
B.    Create a new rule.
C.    Add an exception to the existing rules.
D.    Delete an existing rule.

Answer: B
Explanation:
AppLocker is a feature that advances the functionality of the Software Restriction Policies feature. AppLocker contains new capabilities and extensions that reduce administrative overhead and help administrators control how users can access and use files, such as executable files, scripts, Windows Installer files, and DLLs. By using AppLocker, you can:
Define rules based on file attributes that persist across application updates, such as the publisher name (derived from the digital signature), product name, file name, and file version. You can also create rules based on the file path and hash.
Assign a rule to a security group or an individual user.
Create exceptions to rules. For example, you can create a rule that allows all users to run all Windows binaries except the Registry Editor (Regedit.exe).
Use audit-only mode to deploy the policy and understand its impact before enforcing it. . Create rules on a staging server, test them, export them to your production environment, and then import them into a Group Policy Object.
Simplify creating and managing AppLocker rules by using Windows PowerShell cmdlets for AppLocker.
AppLocker default rules
AppLocker allows you to generate default rules for each of the rule types.
Executable default rule types:
Allow members of the local Administrators group to run all applications. Allow members of the Everyone group to run applications that are located in the Windows folder. Allow members of the Everyone group to run applications that are located in the Program Filesfolder. Windows Installer default rule types:
Allow members of the local Administrators group to run all Windows Installer files. Allow members of the Everyone group to run digitally signed Windows Installer files. Allow members of the Everyone group to run all Windows Installer files located in the Windows\Installer folder. Script default rule types:
Allow members of the local Administrators group to run all scripts. Allow members of the Everyone group to run scripts located in the Program Files folder. Allow members of the Everyone group to run scripts located in the Windows folder. DLL default rule types:( this on can affect system performance ) Allow members of the local Administrators group to run all DLLs. Allow members of the Everyone group to run DLLs located in the Program Files folder. Allow members of the Everyone group to run DLLs located in the Windows folder. You can apply AppLocker rules to individual users or to a group of users. If you apply a rule to a group of users, all users in that group are affected by that rule. If you need to allow a subset of a user group to use an application, you can create a special rule for that subset. For example, the rule “Allow Everyone to run Windows except Registry Editor” allows everyone in the organization to run the Windows operating system, but it does not allow anyone to run Registry Editor.
The effect of this rule would prevent users such as Help Desk personnel from running a program that is necessary for their support tasks. To resolve this problem, create a second rule that applies to the Help Desk user group: “Allow Help Desk to run Registry Editor.” If you create a deny rule that does not allow any users to run Registry Editor, the deny rule will override the second rule that allows the Help Desk user group to run Registry Editor.
http://technet.microsoft.com/library/hh831440.aspx
http://technet.microsoft.com/en-us/library/dd759068.aspx
http://technet.microsoft.com/de-de/library/hh994621.aspx

QUESTION 159
You have two servers named Server! and Server2. Both servers run Windows Server 2012 R2.
The servers are configured as shown in the following table.

 

The routing table for Server1 is shown in the Routing Table exhibit. (Click the Exhibit button.)

 

From Server1, you attempt to ping Server2, but you receive an error message as shown in the Error exhibit. (Click the Exhibit button.)

 

You need to ensure that you can successfully ping Server2 from Server1.
What should you do on Server1?

A.    Disable Windows Firewall.
B.    Modify the default gateway settings.
C.    Modify the DNS settings.
D.    Modify the subnet mask.

Answer: B
Explanation:
Route is used to view and modify the IP routing table.
Route Print displays a list of current routes that the host knows. Default gateways are important to make IP routing work efficiently. TCP/IP hosts rely on default gateways for most of their communication needs with hosts on remote networksegments. In this way, individual hosts are freed of the burden of having to maintain extensive andcontinuously updated knowledge about individual remote IP network segments. Only the router that acts as thedefault gateway needs to maintain this level of routing knowledge to reach other remote network segments inthe larger internetwork. In order for Host A on Network 1 to communicate with Host B on Network 2, Host A first checks its routing tableto see if a specific route to Host B exists. If there is no specific route to Host B, Host A forwards its TCP/IPtraffic for Host B to its own default gateway, IP Router 1.

 

http://technet.microsoft.com/en-us/library/cc779696%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/cc958877.aspx

QUESTION 160
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. The domain contains a virtual machine named VM1.
A developer wants to attach a debugger to VM1.
You need to ensure that the developer can connect to VM1 by using a named pipe.
Which virtual machine setting should you configure?

A.    Network Adapter
B.    BIOS
C.    Processor
D.    COM 1

Answer: D
Explanation:
Named pipe. This option connects the virtual serial port to a Windows named pipe on the host operatingsystem or a computer on the network. A named pipe is a portion of memory that can be used by one processto pass information to another process, so that the output of one is the input of the other. The second processcan be local (on the same computer as the first) or remote (on a networked computer). For example, a localnamed pipe path could be \\.\pipe\mypipename. Named pipes can be used to create a virtual null modem cable between two virtual machines, or between avirtual machine and a debugging program on the host operating system that supports the use of named pipes.
By connecting two virtual serial ports to the same named pipe, you can create a virtual null modem cableconnection. Named pipes are useful for debugging or for any program that requires a null modem connection.

 

http://technet.microsoft.com/en-us/library/ee449417(v=ws.10).aspx http://blogs.msdn.com/b/ntdebugging/archive/2011/12/30/configuring-a-hyper-v-vm-forkernel- debugging.aspx

More free Lead2pass 70-410 exam new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDcXAzcDVNOWI1blU

Lead2pass.com has been the world leader in providing online training solutions for 70-410 Certification. You use our training materials that have been rigorously tested by international experts.

2017 Microsoft 70-410 (All 484 Q&As) exam dumps (PDF&VCE) from Lead2pass:

https://www.lead2pass.com/70-410.html [100% Exam Pass Guaranteed]

You may also like