READ Free Dumps For Microsoft- 70-410
| Question ID 10648 | Your network contains an Active Directory forest. The forest contains two domains named contoso.com and corp.contoso.com. All domain controllers run Windows
Server 2012 R2 and are configured as global catalog servers. The corp.contoso.com domain contains a domain controller named DC1.
You need to disable the global catalog on DC1.
What should you do?
|
| Option A | From Active Directory Users and Computers, modify the properties of the DC1 computer account.
|
| Option B | From Active Directory Administrative Center, modify the properties of the DC1 computer account.
|
| Option C | From Active Directory Sites and Services, modify the NTDS Settings of the DC1 server object.
|
| Option D | From Active Directory Domains and Trusts, modify the properties of the corp.contoso.com domain.
|
| Correct Answer | C |
Explanation Explanation/Reference: To add or remove the global catalog Open Active Directory Sites and Services. To open Active Directory Sites and Services, click Start, click Administrative Tools, and then click Active Directory Sites and Services. To open Active Directory Sites and Services in Windows Server® 2012, click Start, type dssite.msc. In the console tree, click the server object to which you want to add the global catalog or from which you want to remove the global catalog. Where? Active Directory Sites and Services\Sites\SiteName\Servers In the details pane, right-click NTDS Settings of the selected server object, and then click Properties. Select the Global Catalog check box to add the global catalog, or clear the check box to remove the global catalog.
| Question ID 10649 | You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com
domain, including domain controllers, have Windows Server 2012 installed.
You have been instructed to modify the name of the local Administrator account on all Contoso.com workstations. You want to achieve this using as little
administrative effort as possible.
Which of the following actions should you take?
|
| Option A | You should consider configuring the Security Options settings via the Group Policy Management Console (GPMC).
|
| Option B | You should consider navigating to Local Users and Groups via Computer
|
| Option C | You should consider configuring the replication settings.
|
| Option D | You should consider navigating to Local Users and Groups via Computer Management on each workstation.
|
| Correct Answer | A |
Explanation Explanation/Reference: Rename administrator account policy setting determines whether a different account name is associated with the security identifier (SID) for the Administrator account. Because the Administrator account exists on all Windows server versions, renaming the account makes it slightly more difficult for attackers to guess this user name and password combination. By default, the built-in Administrator account cannot be locked out no matter how many times a malicious user might use a bad password. This makes the Administrator account a popular target for brute-force password-guessing attacks. The value of this countermeasure is lessened because this account has a well-known SID and there are non-Microsoft tools that allow you to initiate a brute-force attack over the network by specifying the SID rather than the account name. This means that even if you have renamed the Administrator account, a malicious user could start a brute-force attack by using the SID. Rename the Administrator account by specifying a value for the Accounts: Rename administrator account policy setting. Location: GPO_name\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options