2013 Latest MCSA 70-410 Exam Questions 16-20

Ensurepass

QUESTION 16
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named Server1 that has the DNS Server server role installed. Server1 hosts a primary zone for contoso.com. The domain contains a member server named Server2 that is configured to use Server1 as its primary DNS server. From Server2, you run nslookup.exe as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that when you run Nslookup, the correct name of the default server is displayed. What should you do?
Exhibit:
A. From Advanced TCP/IP Settings on Server1, add contoso.com to the DNS suffix list
B. On Server1, modify the Security settings of the contoso.com zone
C. On Server1, create a reverse lookup zone.
D. From Advanced TCP/IP Settings on Server2, add contoso.com to the DNS suffix list
Correct Answer: C
Explanation/Reference:
C. Make sure that a reverse lookup zone that is authoritative for the PTR resource record exists. For more information about adding a reverse lookup zone, see “Adding a Reverse Lookup Zone”
http://technet.microsoft.com/en-us/library/cc961417.aspx

QUESTION 17
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that hosts the primary DNS zone for contoso.com. All client computers are configured to use DC1 as the primary DNS server.
You need to configure DC1 to resolve any DNS requests that are not for the contoso.com zone by querying the DNS server of your Internet Service Provider (ISP).
What should you configure?
A. Name server (NS) records
B. Condition& forwarders
C. Forwarders
D. Naming Authority Pointer (NAPTR) DNS resource records (RR)
Correct Answer: C
Explanation/Reference:
A.Specifies a name server for the domain, which allows DNS lookups within various zones. Each primary and secondary name server should be declared through this record.
B.
C.manage the Domain Name System (DNS) traffic between your network and the Internet
D.
http://technet.microsoft.com/en-us/library/cc722542.aspx http://technet.microsoft.com/en-us/library/cc754931.aspx

QUESTION 18
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012. The domain contains a server named Server1 that runs Windows Server 2012.
You need to ensure that when users log on to Server1, their user account is added automatically to a local group named Group1 during the log on process.
Which Group Policy settings should you modify?
A. Restricted Groups
B. Security Options
C. User Rights Assignment
D. Preferences
Correct Answer: D
Explanation/Reference:
A. If a Restricted Groups policy is defined and Group Policy is refreshed, any current member not on the
Restricted Groups policy members list is removed
B. Security settings incorporated into policies are rules that administrators configure on a computer or multiple computers for the purpose of protecting resources on a computer
C. User Rights Assignment policies determines which users or groups have logon rights or privileges on the computer
D. With Preferences, local and domain accounts can be added to a local group without affecting the existing members of the group
http://technet.microsoft.com/en-us/library/cc785631(v=ws.10).aspx http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator- groups/
http://technet.microsoft.com/en-us/library/cc780182(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh831424.aspx

QUESTION 19
Your network contains an Active Directory domain named contoso.com.
You need to prevent users from installing a Windows Store app named App1. What should you create?
A. An application control policy executable rule
B. An application control policy packaged app rule
C. A software restriction policy certificate rule
D. An application control policy Windows Installer rule
Correct Answer: B
Explanation/Reference:
A. For .exe or .com
B. A publisher rule for a Packaged app is based on publisher, name and version
C. You can create a certificate rule that identifies software and then allows or does not allow the software to run, depending on the security level.
D. For .msi or .msp
http://technet.microsoft.com/en-us/library/dd759068.aspx http://technet.microsoft.com/en-us/library/hh994588.aspx
http://www.grouppolicy.biz/2012/08/how-manage-published-a-k-a-metro-apps-in-windows-8-using-group- policy/
http://technet.microsoft.com/en-us/library/hh994597.aspx#BKMK_Cert_Rules
Windows 8 is coming REALLY SOON and of course one of the big new things to computer with that is the new Packaged Apps that run in the start screen. However these apps are very different and do not install like traditional apps to a path or have a true executable file to launch the program. Of course enterprises need a way to control these packaged apps and therefore Microsoft has added a new feature Packaged Apps option to the AppLocker feature.

QUESTION 20
Your network contains an Active Directory domain named contoso.com. The domain contains 500 servers that run Windows Server 2012. You have a written security policy that states the following:
Only required ports must be open on the servers.
All of the servers must have Windows Firewall enabled.
Client computers used by Administrators must be allowed to access all of the ports on all of the servers.
Client computers used by the Administrators must be authenticated before the client computers can access the servers.
You have a client computer named Computer1 that runs Windows 8.
You need to ensure that you can use Computer1 to access all of the ports on all of the servers successfully. The solution must adhere to the security policy.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. On Computer1, create a connection security rule
B. On all of the servers, create an outbound rule and select the Allow the connection if it is secureoption. C. On all of the servers, create an inbound rule and select the Allow the connection if it is secureoption. D. On Computer1, create an inbound rule and select the Allow the connection if it is secureoption.
E. On Computer1, create an outbound rule and select the Allow the connection if it is secureoption
F. On all of the servers, create a connection security rule
Correct Answer: ACF
Explanation/Reference:
http://technet.microsoft.com/en-us/library/cc772017.aspx
Unlike firewall rules, which operate unilaterally, connection security rules require that both communicating computers have a policy with connection security rules or another compatible IPsec policy.
http://technet.microsoft.com/en-us/library/cc753463(v=ws.10).aspx
Traffic that matches a firewall rule that uses the Allow connection if it is secure setting bypasses Windows Firewall. The rule can filter the traffic by IP address, port, or protocol. This method is supported on Windows Vista? or Windows Server? 2008.

Download Ensurepass Latest 2013 MCSA 70-410 Real Exam Questions , help you to pass exam 100%.