Ensurepass

QUESTION 66
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012.
You need to configure a central store for the Group Policy Administrative Templates. What should you do on DC1?
A. From Server Manager, create a storage pool.
B. From Windows Explorer, copy the PolicyDefinitions folder to the SYSVOLcontoso.compolicies folder. C. From Server Manager, add the Group Policy Management feature
D. From Windows Explorer, copy the PolicyDefinitions folder to the NETLOGON share.
Correct Answer: B
Explanation/Reference:
A. Create Disk Storage Pool
B. PolicyDefinitions folder in SYSVOL
C. Group Policy Management is a console for GPO Mgmt
D. Folder is for logon scripts
http://support.microsoft.com/kb/929841

QUESTION 67
You install Windows Server 2012 on a standalone server named Server1. You configure Server1 as a VPN
server.
You need to ensure that client computers can establish PPTP connections to Server1.
Which two firewall rules should you create? (Each correct answer presents part of the solution. Choose two.)
A. An inbound rule for protocol 47
B. An outbound rule for protocol 47
C. An inbound rule for TCP port 1723
D. An inbound rule for TCP port 1701
E. An outbound rule for TCP port 1723
F. An outbound rule for TCP port 1701
Correct Answer: AC
Explanation/Reference:
To enable VPN tunnels between individual host computers or entire networks that have a firewall between them, you must open the following ports:
PPTP
To allow PPTP tunnel maintenance traffic, open TCP 1723.
To allow PPTP tunneled data to pass through router, open Protocol ID 47.
http://www.windowsitpro.com/article/pptp/which-ports-do-you-need-to-open-on-a-firewall-to-allow-pptp-and- l2tp-over-ipsec-vpn-tunnels–46811
If you use a personal firewall or a broadband router, or if there are routers or firewalls between the VPN client and the VPN server, the following ports and protocol must be enabled for PPTP on all firewalls and routers that are between the VPN client and the VPN server:
Client ports Server port Protocol
1024-65535/TCP 1723/TCP PPTP
Additionally, you must enable IP PROTOCOL 47 (GRE). http://support.microsoft.com/kb/314076/en-us

QUESTION 68
Your network contains an Active Directory domain named adatum.com. The computer accounts for all member servers are located in an organizational unit (OU) named Servers. You link a Group Policy object (GPO) to the Servers OU.
You need to ensure that the domain’s Backup Operators group is a member of the local Backup Operators group on each member server.
The solution must not remove any groups from the local Backup Operators groups.
What should you do?
A. Add a restricted group named adatumBackup Operators. Add Backup Operators to the This group is a member of list.
B. Add a restricted group named adatumBackup Operators. Add Backup Operators to the Members of this group list.
C. Add a restricted group named Backup Operators. Add adatumBackup Operators to the This group is a member of list.
D. Add a restricted group named Backup Operators. Add adatumBackup Operators to the Members of this group list.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
A. The Member Of list specifies which other groups the restricted group should belong to
B. Needs to be added to member of list
C. Wrong group
D. Wrong group
http://technet.microsoft.com/en-us/library/cc957640.aspx

QUESTION 69
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server
2012. An application named Appl.exe is installed on all client computers. Multiple versions of Appl.exe are installed on different client computers. Appl.exe is digitally signed.
You need to ensure that only the latest version of Appl.exe can run on the client computers. What should you create?
A. An application control policy packaged app rule
B. A software restriction policy certificate rule
C. An application control policy Windows Installer rule
D. An application control policy executable rule
Correct Answer: D
Explanation/Reference:
A. A publisher rule for a Packaged app is based on publisher, name and version
B. You can create a certificate rule that identifies software and then allows or does not allow the software to run, depending on the security level.
C. For .msi or .msp
D. For .exe and can be based on version http://technet.microsoft.com/en-us/library/dd759068.aspx http://technet.microsoft.com/en-us/library/hh994588.aspx
http://www.grouppolicy.biz/2012/08/how-manage-published-a-k-a-metro-apps-in-windows-8-using-group- policy/
http://technet.microsoft.com/en-us/library/hh994597.aspx#BKMK_Cert_Rules

QUESTION 70
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012.
You need to ensure that the local Administrator account on all computers is renamed to L_Admin. Which Group Policy settings should you modify?
A. Security Options
B. User Rights Assignment
C. Restricted Groups
D. Preferences
Correct Answer: A
Explanation/Reference:
A. Allows configuration of computers
B. User Rights Assignment policies determines which users or groups have logon rights or privileges on the computer
C. Restricted Groups defines what member or groups should exist as part of a group
D. With Preferences, local and domain accounts can be added to a local group without affecting the existing members of the group
http://technet.microsoft.com/en-us/library/cc747484(v=ws.10).aspx
In Group Policy Object Editor, click Computer Configuration, click Windows Settings, click Security Settings, click Local Policies, and then click Security Options.
In the details pane, double-click Accounts: Rename administrator account.

Download Ensurepass Latest 2013 MCSA 70-410 Real Exam Questions , help you to pass exam 100%.

Comments are closed.