Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

70-410 > 70-410 - Active Directory > Flashcards

70-410 - Active Directory Flashcards

1
Q

QUESTION 24
In an isolated test environment, you deploy a server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. The test environment does not have Active Directory Domain Services (AD DS) installed.
You install the Active Directory Domain Services server role on Server1.
You need to configure Server1 as a domain controller. Which cmdlet should you run?
A. Install-ADDSDomain
B. Install-ADDSDomainController
C. Install-WindowsFeature
D. Install-ADDSForest

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

QUESTION 27
Your network contains an Active Directory forest. The forest contains a single domain named contoso.com. The domain contains four domain controllers. The domain controllers are configured as shown in the following table.
All domain controllers are DNS servers.
You plan to deploy a new domain controller named DC5 in the contoso.com domain.
You need to identify which domain controller must be online to ensure that DC5 can be promoted successfully to a domain controller.
Which domain controller should you identify?
A. DC1
B. DC2
C. DC3
D. DC4

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

QUESTION 28
Your network contains an Active Directory forest that contains three domains.
A group named Group1 is configured as a domain local distribution group in the forest root domain.
You plan to grant Group1 read-only access to a shared folder named Share1.Share1 is located in a child domain.
You need to ensure that the members of Group1 can access Share1.
What should you do first?
A. Convert Group1 to a universal security group.
B. Convert Group1 to a global distribution group.
C. Convert Group1 to a universal distribution group. D. Convert Group1 to a domain local security group.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

QUESTION 30
Your network contains an Active Directory forest named contoso.com. All domain controllers currently run Windows Server 2008 R2.
You plan to install a new domain controller named DC4 that runs Windows Server 2012 R2.
The new domain controller will have the following configurations:
Schema master
Global catalog server
Active Directory Federation Services server role Active Directory Certificate Services server role
You need to identify which configuration can be fulfilled by using the Active Directory Domain Services Configuration Wizard.
Which configuration should you identify?
A. Enable the global catalog server.
B. Install the DNS Server role.
C. Install the Active Directory Certificate Services role.
D. Transfer the schema master.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

QUESTION 31
Your network contains an Active Directory forest named contoso.com.
The forest contains two domains named contoso.com and child.contoso.com and two sites named Site1 and Site2. The domains and the sites are configured as shown in following table.
When the link between Site1 and Site2 fails, users fail to log on to Site2. You need to identify what prevents the users in Site2 from logging on to the child.contoso.com domain.
What should you identify?
A. The placement of the global catalog server
B. The placement of the infrastructure master
C. The placement of the domain naming master
D. The placement of the PDC emulator

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

QUESTION 34
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1.Server1 runs Windows Server 2012 R2.
You create a group Managed Service Account named gservice1.
You need to configure a service named Service1 to run as the gservice1 account. How should you configure Service1?
A. From the Services console, configure the General settings.
B. From Windows PowerShell, run Set-Service and specify the -StartupType parameter.
C. From a command prompt, run sc.exe and specify the config parameter.
D. From a command prompt, run sc.exe and specify the privs parameter.

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

QUESTION 35
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2.
The domain contains a user named User1 and a global security group named Group1. You need to modify the SAM account name of Group1.
Which cmdlet should you run?
A. Add-AdPrincipalGroupMembership
B. Install-AddsDomainController
C. Install-WindowsFeature
D. Install-AddsDomain
E. Rename AdObject
F. Set AdAccountControl
G. Set-AdGroup
H. Set-User

A

E

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

QUESTION 36
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2.
The domain contains a user named User1 and a global security group named Group1. You need to add a new domain controller to the domain.
You install Windows Server 2012 R2 on a new server named DC3. Which cmdlet should you run next?
A. Add-AdPrincipalGroupMembership B. Install-AddsDomainController
C. Install WindowsFeature
D. Install AddsDomain
E. Rename-AdObject
F. Set-AdAccountControl G. Set-AdGroup
H. Set-User

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

QUESTION 37
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2.
The domain contains a user named User1 and a global security group named Group1.
You need to prevent User1 from changing his password. The solution must minimize administrative effort. Which cmdlet should you run?
A. Add-AdPrincipalGroupMembership
B. Install-AddsDomainController
C. Install-WindowsFeature
D. Install-AddsDomain
E. Rename AdObject
F. Set AdAccountControl
G. Set-AdGroup
H. Set-User

A

F

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

QUESTION 38
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2.
The domain contains a user named User1 and a global security group named Group1. You reconfigure DC2 as a member server in the domain.
You need to add DC2 as the first domain controller in a new domain in the forest. Which cmdlet should you run?
A. Add-AdPrincipalGroupMembership
B. Install-AddsDomainController
C. Install-WindowsFeature
D. Install-AddsDomain
E. Rename AdObject
F. Set AdAccountControl
G. Set-AdGroup
H. Set-User

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

QUESTION 8
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
On a server named Corel, you perform a Server Core Installation of Windows Server 2012 R2.You join Corel to the adatum.com domain.
You need to ensure that you can use Event Viewer on Server1 to view the event logs on Corel.
What should you do on Corel?
A. Run the Enable-NetFirewallRulecmdlet.
B. Run the Disable-NetFirewallRulecmdlet.
C. Install Windows Management Framework.
D. Install Remote Server Administration Tools (RSAT).

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

QUESTION 63
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Remote Access server role installed.
A user named User1 must connect to the network remotely. The client computer of User1 requires Challenge Handshake Authentication Protocol (CHAP) for remote connections. CHAP is enabled on Server1.
You need to ensure that User1 can connect to Server1 and authenticate to the domain. What should you do from Active Directory Users and Computers?
A. From the properties of User1, select Store password using reversible encryption.
B. From the properties of Server1, assign the Allowed to Authenticate permission to User1.
C. From the properties of User1, select Use Kerberos DES encryption types for this account.
D. From the properties of Server1, select Trust this computer for delegation to any service (Kerberos only).

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

QUESTION 65
Your network contains an Active Directory domain named adatum.com.
You discover that when users join computers to the domain, the computer accounts are created in the Computers container. You need to ensure that when users join computers to the domain, the computer accounts are automatically created in an organizational unit (OU) named All_Computers.
What should you do?
A. From a command prompt, run the redircmp.exe command.
B. From ADSI Edit, configure the properties of the Computers container.
C. From Ldp, configure the properties of the Computers container. D. From Windows PowerShell, run the Move-ADObjectcmdlet.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

QUESTION 66
Your network contains an Active Directory domain named contoso.com.
You log on to a domain controller by using an account named Admin1.Admin1 is a member of the Domain Admins group.
You view the properties of a group named Group1 as shown in the exhibit. (Click the Exhibit button.)
Group1 is located in an organizational unit (OU) named OU1.
You need to ensure that users from Group1 can modify the Security settings of OU1 only. What should you do from Active Directory Users and Computers?
A. Right-click OU1 and select Delegate Control.
B. Right-click contoso.com and select Delegate Control.
C. Modify the Security settings of Group1. D. Modify the Managed By settings on OU1.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

QUESTION 67
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All servers runs Windows Server 2012 R2. The domain contains two domain controllers named DC1 and DC2.Both domain controllers are virtual machines on a Hyper-V host.
You plan to create a cloned domain controller named DC3 from an image of DC1. You need to ensure that you can clone DC1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Add the computer account of DC1 to the Cloneable Domain Controllers group.
B. Create a DCCIoneConfig.xml file on DC1.
C. Add the computer account of DC3 to the Cloneable Domain Controllers group.
D. Run the Enable-AdOptionalFeaturecmdlet.
E. Modify the contents of the DefaultDCCIoneAllowList.xml file on DC1.

A

AB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

QUESTION 68
Your network contains an Active Directory domain named contoso.com.
You create a software restriction policy to allow an application named App1 by using a certificate rule. You need to ensure that when users attempt to execute App1, the certificate for App1 is verified against a certificate revocation list (CRL).
What should you do?
A. Modify the rule for App1.
B. Modify the Trusted Publishers Properties.
C. Create a new certificate rule for App1.
D. Modify the Enforcement Properties.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

QUESTION 71
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2.
The domain contains a user named User1 and three global security groups named Group1, Group2 and, Group3.
You need to add User1 to Group1, Group2, and Group3. Which cmdlet should you run?
A. Add-AdPrincipalGroupMembership
B. Install-AddsDomainControllcr
C. Install-WindowsFeature D. Install-AddsDomain
E. Rename-AdObject
F. Set-AdAccountControl G. Set-AdGroup
H. Set-User

A

A

18
Q

QUESTION 72
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2.
The domain contains a user named User1 and a global security group named Group1. User1 logs on to a client computer named Computer1.
You need to disable the computer account of Computer1. Which cmdlet should you run?
A. Add AdPrincipalGroupMember.hip
B. Install -AddsDomainController
C. Install-WindowsFeature
D. Install AddsDomain
E. RonameAdObject
F. Set-AdAccountControl
G. Set-AdGroup
H. Set-User

A

F

19
Q

QUESTION 87
Your network contains two Active Directory forests named contoso.com and adatum.com. Each forest contains one domain. A two-way forest trust exists between the forests. The forests use the address spaces shown in the following table.
The forests use the address spaces shown in the following table.
From a computer in the contoso.com domain, you can perform reverse lookups for the servers in the contoso.com domain, but you cannot perform reverse lookups for the servers in the adatum.com domain.
From a computer in the adatum.com domain, you can perform reverse lookups for the servers in both domains.
You need to ensure that you can perform reverse lookups for the servers in the adatum.com domain from the computers in the contoso.com domain.
What should you create?
A. A trust point
B. A GlobalNames zone
C. A delegation
D. A conditional forwarder

A

D

20
Q

QUESTION 104
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.
A user named User1 attempts to log on to DC1, but receives the error message shown in the exhibit.(Click the Exhibit button.)
You need to ensure that User1 can log on to DC1. What should you do?
A. Add User1 to the Remote Management Users group.
B. Grant User1 the Allow log on locally user right.
C. Modify the Logon Workstations setting of the User1 account.
D. Modify the Account is sensitive and cannot be delegated setting of the User1 account.

A

B

21
Q

QUESTION 105
Your network contains an Active Directory domain named contoso.com. The domain contains hundreds of groups, many of which are nested in other groups.
The domain contains a user account named user1.User1 is a direct member of 15 groups.
You need to identify of which Active Directory groups User1 is a member, including the nested groups. The solution must minimize administrative effort.
Which tool should you use?
A. Active Directory Users and Computers
B. ADSI Edit
C. Get-ADUser
D. Dsget

A

D

22
Q

QUESTION 123
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2.
The domain contains a user named User1 and a global security group named Group1.
You need to ensure that User1 can manage the group membership of Group1. The solution must minimize the number of permissions assigned to User1.
Which cmdlet should you run?
A. Add-AdPrincipalGroupMembership B. Install-AddsDomainController
C. Install-WindowsFeature
D. Install-AddsDomain
E. Rename AdOh
F. Set-AdAccountControl G. Set-AdGroup
H. Set-User

A

G

23
Q

QUESTION 124
Your network contains an Active Directory domain named contoso.com.
The password policy for the domain is set to require a minimum password length of 10 characters.
A user named User1 and a user named User2 work for the sales department.
User1 is forced to create a domain password that has a minimum of 12 characters.User2 is forced to create a domain password that has a minimum of eight characters.
You need to identify what forces the two users to have different password lengths. Which tool should you use?
A. Group Policy Management
B. Credential Manager
C. Active Directory Administrative Center D. Security Configuration Wizard (SCW)

A

C

24
Q

QUESTION 127
Your network contains an Active Directory forest named contoso.com. The forest contains five domains. All domain controllers run Windows Server 2012 R2.
The contoso.com domain contains two user accounts named Admin1 and Admin2.
You need to ensure that Admin1 and Admin2 can configure hardware and services on all of the member servers in the forest. The solution must minimize the number of privileges granted to Admin1 and Admin2.
Which built-in groups should you use?
A. Administrators local groups
B. Administrators domain local groups
C. Domain Admins global groups
D. Server Operators global groups

A

A

25
Q

QUESTION 145
Your network contains an Active Directory domain named contoso.com.
You log on to a domain controller by using an account named Admin1. Admin1 is a member of the Domain Admins group.
You view the properties of a group named Group1 as shown in the exhibit. (Click the Exhibit button.)
Group1 is located in an organizational unit (OU) named OU1.
You need to ensure that you can modify the Security settings of Group1 by using Active Directory Users and Computers.
What should you do from Active Directory Users and Computers?
A. From the View menu, select Users, Contacts, Groups, and Computers as containers.
B. From the View menu, select Advanced Features.
C. Right-click OU1 and select Delegate Control.
D. Right-click contoso.com and select Delegate Control.

A

C

26
Q

QUESTION 146
Your network contains an Active Directory domain named contoso.com. Your company hires 500 temporary employees for the summer.
The human resources department gives you a Microsoft Excel document that contains a list of the temporary employees.
You need to automate the creation of user accounts for the 500 temporary employees. Which tool should you use?
A. ADSI Edit
B. The csvde.exe command
C. Active Directory Users and Computers
D. The Add-Member cmdlet

A

B

27
Q

QUESTION 147
You have a server named Data1 that runs a Server Core Installation of Windows Server 2012 R2 Standard.
You need to configure Data1 to run a Server Core Installation of Windows Server 2012 R2 Datacenter. You want to achieve this goal by using the minimum amount of administrative effort.
What should you perform?
A. An offline servicing by using Dism
B. A clean installation of Windows Server 2012 R2
C. An upgrade installation of Windows Server 2012 R2
D. An online servicing by using Dism

A

D

28
Q

QUESTION 149
Your network contains an Active Directory domain named contoso.com. The domain contains three member servers.
The servers are configured as shown in the following table.
All client computers run Windows 8. All client computers receive updates from Server2.
On Server3, you add a shared printer named Printer1. Printer1 uses a Type 4 driver that is not included in the Windows 8 installation media.
You need to ensure that when users connect to the printer for the first time, the printer driver is installed automatically on their client computer.
What should you do?
A. From the Windows Deployment Services console on Server1, add the driver package for Printer1.
B. From Windows PowerShell on Server3, run the Add-PrinterDrivercmdlet.
C. From the Print Management console on Server3, add additional drivers for Printer1.
D. From the Update Services console on Server2, import and approve updates.

A

D

29
Q

QUESTION 160
Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers.
The domain controllers are configured as shown in the following table. In the perimeter network, you install a new server named Server1 that runs Windows Server 2012 R2. Server1 is in a workgroup.
You need to perform an offline domain join of Server1 to the contoso.com domain. What should you do first?
A. Run the dsadd.exe command.
B. Run the djoin.exe command.
C. Transfer the infrastructure master role to DC1. D. Transfer the PDC emulator role to DC1.

A

B

30
Q

QUESTION 161
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC5. DC5 has a Server Core Installation of Windows Server 2012 R2.
You need to uninstall Active Directory from DC5 manually. Which tool should you use?
A. The dsamain.exe command
B. The ntdsutil.exe command
C. The Remove-ADComputercmdlet
D. The Remove-WindowsFeaturecmdlet

A

C

31
Q

QUESTION 163
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2.
An administrator creates a security template named Template1. You need to apply Template1 to Server1.
Which snap-in should you use?
A. Resultant Set of Policy
B. Security Configuration and Analysis
C. Authorization Manager D. Security Templates

A

B

32
Q

QUESTION 183
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a member server named Server1. Server1 has the File and Storage Services server role installed.
On Server1, you create a share named Documents. The Documents share will contain the files and folders of all users.
You need to ensure that when the users connect to Documents, they only see the files to which they have access.
What should you do?
A. Enable access-based enumeration.
B. Configure Dynamic Access Control.
C. Modify the Share permissions.
D. Modify the NTFS permissions.

A

A

33
Q

QUESTION 196
You have a file server named File1 that runs Windows Server 2012 R2.
File1 contains a shared folder named Share1. Share1 contains an application named SalesAppl.exe. The NTFS permissions for Share1 are shown in the following table.
The members of L_Sales discover that they cannot add files to Share1. Domain users can run SalesAppl.exe successfully.
You need to ensure that the members of L_Sales can add files to Share1. What should you do?
A. Add L_Sales to the Domain Users group.
B. Edit the NTFS permissions.
C. Add the Domain Users group to L.Sales. D. Edit the Share permissions.

A

B

34
Q

QUESTION 199
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Web Server (US) server role installed.
Server1 has a web site named Web1. Web1 is configured to use digest authentication. You need to ensure that a user named User1 can access Web1.
What should you do from Active Directory Users and Computers?
A. From the properties of User1, select Store password using reversible encryption.
B. From the properties of User1, select Use Kerberos DES encryption types for this account.
C. From the properties of Server1, select Trust this computer for delegation to any service (Kerberos only).
D. From the properties of Server1, assign the Allowed to Authenticate permission to User1.

A

A

35
Q

QUESTION 200
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
When a domain user named User3 attempts to log on to a client computer named Client10, User3 receives the message shown in the following exhibit. (Click the Exhibit button.)
You need to ensure that User3 can log on to Client10. What should you do?
A. From Active Directory Users and Computers, configure the Logon Workstations setting of User3.
B. On Client10, modify the Allow log on locally User Rights Assignment.
C. From Active Directory Users and Computers, configure the Personal Virtual Desktop property of User3.
D. On Client10, modify the Deny log on locally User Rights Assignment.

A

A

36
Q

QUESTION 201
Your network contains an Active Directory domain named contoso.com.
You discover that when you join client computers to the domain manually, the computer accounts are created in the Computers container.
You need to ensure that new computer accounts are created automatically in an organizational unit (OU) named Corp.
Which tool should you use?
A. dsadd.exe
B. regedit.exe C. redircmp.exe D. net.exe

A

C

37
Q

QUESTION 202
Your network contains an Active Directory forest named contoso.com. The forest contains a child domain named corp.contoso.com.
The network has Microsoft Exchange Server 2010 deployed. You need to create a mail-enabled distribution group.
Which type of group should you create?
A. global
B. local
C. domain local
D. universal

A

D

38
Q

QUESTION 212
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2008 R2. One of the domain controllers is named DC1.
The network contains a member server named Server1 that runs Windows Server 2012 R2. You need to promote Server1 to a domain controller by using install from media (IFM). What should you do first?
A. Run the Active Directory Domain Services Installation Wizard on DC1.
B. Upgrade DC1 to Windows Server 2012 R2.
C. Run the Active Directory Domain Services Configuration Wizard on Server1.
D. Create a system state backup of DC1.
E. Create IFM media on DC1.

A

B

39
Q

QUESTION 69
Your network contains an Active Directory domain named contoso.com. The domain contains an organizational unit (OU) named OU1.
You need to ensure that when new client computers join the domain, their computer accounts are created in OU1 by default.
What should you do?
A. From Windows PowerShell, run the Move-ADObjectcmdlet.
B. From a command prompt, run the redircmp.exe command.
C. From ADSI Edit, configure the properties of the OU1 object.
D. From Ldp, configure the properties of the Computers container.

A

B

40
Q

QUESTION 69
Your network contains an Active Directory domain named contoso.com. The domain contains an organizational unit (OU) named OU1.
You need to ensure that when new client computers join the domain, their computer accounts are created in OU1 by default.
What should you do?
A. From Windows PowerShell, run the Move-ADObjectcmdlet.
B. From a command prompt, run the redircmp.exe command.
C. From ADSI Edit, configure the properties of the OU1 object.
D. From Ldp, configure the properties of the Computers container.

A

B

41
Q

QUESTION 70
Your network contains an Active Directory domain named contoso.com. The domain contains 100 user accounts that reside in an organizational unit (OU) named OU1.
You need to ensure that a user named User1 can link and unlink Group Policy objects (GPOs) to OU1. The solution must minimize the number of permissions assigned to User1.
What should you do?
A. Run the Delegation of Control Wizard on OU1.
B. Add User1 to the Group Policy Creator Owners group.
C. Modify the permission on the \Contoso.com\SYSVOL\Contoso.com\Policies folder.
D. Modify the permissions on the User1 account.

A

A

42
Q

QUESTION 128
Your network contains an Active Directory domain named contoso.com.
An administrator provides you with a file that contains the information to create user accounts for 200 temporary employees. The file is shown in the exhibit.(Click the Exhibit button.)
You need to automate the creation of the user accounts. You must achieve this goal by using the minimum amount of administrative effort.
Which tool should you use?
A. Ldifde
B. csvde
C. Dsadd
D. Net user

A

B

70-410 (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions