Getting Smart with: 70 410 installing and configuring windows server 2012

Our pass rate is high to 98.9% and the similarity percentage between our 70 410 pdf study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Microsoft 70 410 pdf exam in just one try? I am currently studying for the Microsoft 70 410 installing and configuring windows server 2012 r2 exam. Latest Microsoft mcsa 70 410 pdf Test exam practice questions and answers, Try Microsoft exam collections 70 410 Brain Dumps First.


Free VCE & PDF File for Microsoft 70-410 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW 70-410 Exam Dumps (PDF & VCE):
Available on:

Q271. – (Topic 3) 

Your network contains an Active Directory domain named The network contains a member server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed and has a primary zone for The Active Directory domain contains 500 client computers. There are an additional 20 computers in a workgroup. You discover that every client computer on the network can add its record to the zone. 

You need to ensure that only the client computers in the Active Directory domain can register records in the zone. 

What should you do first? 

A. Move the zone to a domain controller that is configured as a DNS server 

B. Configure the Dynamic updates settings of the zone 

C. Sign the zone by using DNSSEC 

D. Configure the Security settings of the zone. 



If you install DNS server on a non-DC, then you are not able to create AD-integrated zones. DNS update security is available only for zones that are integrated into AD DS. When you directory- integrate a zone, access control list (ACL) editing features are available in DNS Managerso that you can add or remove users or groups from the ACL for a specified zone or resource record. 

1. Active Directory’s DNS Domain Name is NOT a single label name (“DOMAIN” vs. the minimal requirement of”” “domain.local”, etc.). 

2. The Primary DNS Suffix MUST match the zone name that is allowing updates. Otherwise the client doesn’t know what zone name to register in. You can also have a different Conneciton Specific Suffix in addition to the Primary DNS Suffix to register into that zone as well. 

3. AD/DNS zone MUST be configured to allow dynamic updates, whether Secure or Secure and Non-Secure. For client machines, if a client is not joined to the domain, and the zone is set to Secure, it will not register either. 

4. You must ONLY use the DNS servers that host a copy of the AD zone name or have a reference to get to them. Do not use your ISP’s, an external DNS address, your router as a DNS address, or any other DNS that does not have a copy of the AD zone. Internet resolution for your machines will be accomplished by the Rootservers (Root Hints), however it’s recommended to configure a forwarder for efficient Internet resolution. 

5. The domain controller is multihomed (which means it has more than one unteamed, active NIC, more than one IP address, and/or RRAS is installed on the DC). 

6. The DNS addresses configured in the client’s IP properties must ONLY reference the DNS server(s) hosting the AD zone you want to update in. This means that you must NOT use an external DNS in any machine’s IP property in an AD environment. You can’t mix them either. That’s because of the way the DNS Client side resolver service works. Even if you mix up internal DNS and ISP’s DNS addresses, the resolver algorithm can still have trouble asking the correct DNS server. It will ask the first one first. If it doesn’t get a response, it removes the first one from the eligible resolvers list and goes to the next in the list. It will not go back to the first one unless you restart the machine, restart the DNS Client service, or set a registry entry to cut the query TTL to 0. The rule is to ONLY use your internal DNS server(s) and configure a forwarder to your ISP’s DNS for efficient Internet resolution. This is the reg entry to cut the query to 0 TTL: The DNS Client service does not revert to using the first server. The Windows 2000 Domain Name System (DNS) Client service (DNS cache) follows a certain algorithm when it decides the order in which to use the DNS servers. For more info, please read the following on the client side resolver service: DNS, WINS NetBIOS & the Client Side Resolver, Browser Service, Disabling NetBIOS, Direct Hosted SMB (Direct SMB), If One DC is Down Does a Client logon to Another DC, and DNS Forwarders Algorithm if you have multiple forwarders. resolverbrowserservice-disabling-netbios-direct-hosted-smb-directsmb-if-one-dc-isdown-does-a- client-logon-toanother-dcand-dns-forwarders-algorithm.aspx 

7. For DHCP clients, DHCP Option 006 for the clients are set to the same DNS server. 

8. If using DHCP, DHCP server must only be referencing the same exact DNS server(s) in 

its own IP properties in order for it to ‘force’ (if you set that setting) registration into DNS. 

Otherwise, how would it know which DNS to send the reg data to? 

9. If the AD DNS Domain name is a single label name, such as “EXAMPLE”, and not the 

proper format of ”” and/or any child of that format, such as 

“”, then we have a real big problem. 

DNS will not allow registration into a single label domain name. 

This is for two reasons: 

1. It’s not the proper hierarchal format. DNS is hierarchal, but a single label name has no 

hierarchy. It’s just a single name. 

2. Registration attempts cause major Internet queries to the Root servers. Why? Because it 

thinks the single label name, such as “EXAMPLE”, is a TLD (Top Level Domain), such as 

“com”, “net”, etc. It will now try to find what Root name server out there handles that TLD. 

In the end it comes back to itself and then attempts to register. Unfortunately it does NOT 

ask itself first for the mere reason it thinks it’s a TLD. (Quoted from Alan Woods, Microsoft, 


“Due to this excessive Root query traffic, which ISC found from a study that discovered 

Microsoft DNS servers are causing excessive traffic because of single label names, 

Microsoft, being an internet friendly neighbor and wanting to stop this problem for their 

neighbors, stopped the ability to register into DNS with Windows 2000SP4, XP SP1, 

(especially XP, which cause lookup problems too), and Windows 2003. After all, DNS is 

hierarchal, so therefore why even allow single label DNS domain names?” The above also 

*especially* applies to Windows Vista, 7, 2008, 2008 R2, and newer. 

10. ‘Register this connection’s address” on the client is not enabled under the NIC’s IP 

properties, DNS tab. 

11. Maybe there’s a GPO set to force Secure updates and the machine isn’t a joined 

member of the domain. 

12. ON 2000, 2003 and XP, the “DHCP client” Service not running. In 2008/Vista and 

newer, it’s the DNS Client Service. This is a requirement for DNS registration and DNS 

resolution even if the client is not actually using DHCP. 

13. You can also configure DHCP to force register clients for you, as well as keep the DNS 

zone clean of old or duplicate entries. See the link I posted in my previous post. 

Q272. HOTSPOT – (Topic 2) 

Your network contains an Active Directory domain named 

You need to identify whether the Company attribute replicates to the global catalog. 

Which part of the Active Directory partition should you view? 

To answer, select the appropriate Active Directory object in the answer area. 


Q273. – (Topic 3) 

A network technician installs Windows Server 2012 R2 Standard on a server named 


A corporate policy states that all servers must run Windows Server 2012 R2 Enterprise. 

You need to ensure that Server1 complies with the corporate policy. 

You want to achieve this goal by using the minimum amount of administrative effort. 

What should you perform? 

A. a clean installation of Windows Server 2012 R2 

B. an upgrade installation of Windows Server 2012 R2 

C. online servicing by using Dism 

D. offline servicing by using Dism 



A. Not least effort 

B. Not least effort 

C. dism /online /set-edition 

D. offline would be less ideal and more workex: DISM /online /Set-Edition:ServerEnterprise/ProductKey:489J6-VHDMP-X63PK-3K798-CPX3YWindows Server 2008 R2/2012 contains a command-line utility called DISM (Deployment Image Servicing and Management tool). This tool has many features, but one of those features is the ability to upgrade the edition of Windows in use. Note that this process is for upgrades only and is irreversible. You cannot set a Windows image to a lower edition. The lowest edition will not appear when you run the /Get- TargetEditions option. If the server is running an evaluation version of Windows Server 2012 R2 Standard or Windows Server 2012 R2 Datacenter, you can convert it to a retail version as follows: If the server is a domain controller, you cannot convert it to a retail version. In this case, install an additional domain controller on a server that runs a retail version and remove AD DS from the domain controller that runs on the evaluation version. From an elevated command prompt, determine the current edition name with the command DISM /online /Get-CurrentEdition. Make note of the edition ID, an abbreviated form of the edition name. Then run DISM /online /Set-Edition:<edition ID> /ProductKey:XXXXXXXXXX-XXXXX-XXXXXXXXXX/AcceptEula, providing the edition ID and a retail product key. The server will restart twice. 

Q274. – (Topic 3) 

You work as an administrator at The network consists of a single domain named has a domain controller, named ENSUREPASS-DC01, which has Windows Server 2012 R2 installed. Another domain controller, named ENSUREPASS-DC02, has Windows Server 2008 R2 installed. 

You have deployed a server, named ENSUREPASS-SR15, on’s perimeter network. ENSUREPASSSR15 is running a Server Core Installation of Windows Server 2012 R2. 

You have been instructed to make sure that ENSUREPASS-SR15 is part of the domain. 

Which of the following actions should you take? 

A. You should consider making use of Set-Computer Windows PowerShell cmdlet on ENSUREPASS-SR15. 

B. You should consider making use of Get-Computer Windows PowerShell cmdlet on ENSUREPASS-SR15. 

C. You should consider making use of Test-Computer Windows PowerShell cmdlet on ENSUREPASS-SR15. 

D. You should consider making use of Add-Computer Windows PowerShell cmdlet on ENSUREPASS-SR15. 



Add-Computer – Add the local computer to a domain or workgroup. 

Q275. HOTSPOT – (Topic 2) 

You have a file server named Server1 that runs Windows Server 2012 R2. Server1 contains a folder named Folder1. 

A user named User1 is a member of Group1 and Group2. A user named User2 is a 

member of Group2 and Group3. 

You need to identify which actions the users can perform when they access the files in 


What should you identify? 

To answer, select the appropriate actions for each user in the answer area. 


Q276. – (Topic 3) 

You have external virtual switch with srv-io enabled with 10 Virtual Machines on it. You need to make the Virtual Machines able to talk only to each other. 

A. remove the vswitch and recreate it as private. 

B. add new vswitch 

C. remove vswitch and recreate it as public 

D. adjust srv-io settings 



You cannot change the settings of a vswitch with SR-IOV enabled, so you must delete it and recreate it. 

Q277. – (Topic 3) 

Your network contains an Active Directory domain named All servers run Windows Server 2012 R2. The domain contains a member server named Server1. Server1 has the File Server server role installed. 

On Server1, you create a share named Documents. The Documents share will contain the files and folders of all users. 

You need to ensure that when the users connect to Documents, they only see the files to which they have access. 

What should you do? 

A. Enable access-based enumeration. 

B. Configure Dynamic Access Control. 

C. Modify the Share permissions. 

D. Modify the NTFS permissions. 



Access-based Enumeration is a new feature included with Windows Server 2003 Service 

Pack 1. This feature allows users of Windows Server 2003-Based file servers to list only 

the files and folders to which they have access when browsing content on the file server. 

This eliminates user confusion that can be caused when users connect to a file server and 

encounter a large number of files and folders that they cannot access. Access-based 

Enumeration filters the list of available files and folders on a server to include only those 

that the requesting user has access to. This change is important because this allows users 

to see only those files and directories that they have access to and nothing else. This 

mitigates the scenario where unauthorized users might otherwise be able to see the 

contents of a directory even though they don’t have access to it. 

Access-Based Enumeration (ABE) can be enabled at the Share properties through Server 



Exam Ref 70-410: Installing and configuring Windows Server 2012 R2, Chapter 2: 

Configure server roles and features, Objective 2.1: Configure file and share access, p. 75-

Q278. – (Topic 3) 

You have a server named Server1 that runs Windows Server 2012 R2. 

You plan to enable Hyper-V Network Virtualization on Server1. 

You need to install the Windows Network Visualization Filter Driver on Server1. 

Which Windows PowerShell cmdlet should you run? 

A. Set-NetVirtualizationGlobal 

B. Enable-NetAdapterBinding 

C. Add – WindowsFeature 

D. Set-NetAdapterVmq 



Hyper-V Network Virtrtualization runs multiple virtual networks on a physical network. And each virtual network operates as if it is running as a physical network. The Set-NetAdaptercmdlet sets the basic properties of a network adapter such as virtual LAN (VLAN) identifier (ID) and MAC address. Thus if you add the binding parameter to the command then you will be able to install the Windows Network Virtualization Filter Driver. Step one: Enable Windows Network Virtualization (WNV). This is a binding that is applied to the NIC that you External Virtual Switch is bound to. This can be a physical NIC, it can be an LBFO NIC team. Either way, it is the network adapter that your External Virtual Switch uses to exit the server. This also means that if you have multiple virtual networks or multiple interfaces that you can pick and choose and it is not some global setting. If you have one External Virtual Switch this is fairly easy: $vSwitch = Get-VMSwitch -SwitchType External # Check if Network Virtualization is bound # This could be done by checking for the binding and seeing if it is enabled ForEach-Object -InputObject $vSwitch { if ((Get-NetAdapterBinding -ComponentID "ms_netwnv" -InterfaceDescription $_.NetAdapterInterfaceDescription).Enabled -eq $false){ # Lets enable it Enable-NetAdapterBinding -InterfaceDescription $_.NetAdapterInterfaceDescription -ComponentID "ms_netwnv"}} 

Q279. – (Topic 3) 

In a domain running at the Windows Server 2012 R2 domain functional level, which of the following security principals can be members of a global group? (Choose all answers that are correct.) 

A. Users 

B. Computers 

C. Universal groups 

D. Global groups 

Answer: A,B,D 


A. Correct: Users can be security principals in a global group. 

B. Correct: Computers can be security principals in a global group. 

C. Incorrect: Universal groups cannot be security principals in a global group. 

D. Correct: Global group can be security principals in a global group.