getcertified4sure.com

70-413 Exam

Questions Ask for microsoft 70 413



We provide real 70 413 pdf exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Microsoft 70 413 pdf Exam quickly & easily. The microsoft 70 413 PDF type is available for reading and printing. You can print more and practice many times. With the help of our Microsoft 70 413 exam dumps pdf and vce product and material, you can easily pass the microsoft 70 413 exam.

Q91. - (Topic 8) 

Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites. 

You plan to deploy DirectAccess. 

The network security policy states that when client computers connect to the corporate 

network from the Internet, all of the traffic destined for the Internet must be routed through 

the corporate network. 

You need to recommend a solution for the planned DirectAccess deployment that meets 

the security policy requirement 

Solution: You set the ISATAP State to state disabled. 

Does this meet the goal? 

A. Yes 

B. No 

Answer:

Explanation: With NAT64 and DNS64, the DirectAccess server now has the ability to take those client IPv6 packets and spin them down into IPv4 packets, so you can simply leave your internal network all IPv4. So back in the beginning it was standard practice to enable ISATAP globally. Today, because of the known issues, it is recommended not to use ISATAP at all, unless you have a specific reason for needing it 

Note: ISATAP defines a method for generating a link-local IPv6 address from an IPv4 address, and a mechanism to perform Neighbor Discovery on top of IPv4. 

Reference: IS ISATAP REQUIRED FOR DIRECTACCESS? 


Q92. DRAG DROP - (Topic 7) 

You need to design the DNS zone for App1. 

What should you do? To answer, drag the appropriate resource record to the correct DNS se Each resource record may be used once, more than once, or not at all. You may need to drag split bar between panes or scroll to view content. 

Answer: 


Q93. - (Topic 8) 

Your network contains an Active Directory forest named contoso.com. The forest contains five domains. You need to ensure that the CountryCode attribute is replicated to the global catalog. 

What should you do? 

A. Modify the schema partition. 

B. Create and modify an application partition. 

C. Modify the configuration partition. 

D. Modify the domain partitions. 

Answer:

Explanation: Directory Partition Subtrees 

Every domain controller contains the following three directory partitions: 

* Schema Contains the Schema container, which stores class and attribute definitions for all existing 

and possible Active Directory objects in cn=schema,cn=configuration,dc= forestRootDomain . Updates to this container are replicated to all domain controllers in the forest. You can view the contents of the Schema container in the Active Directory Schema console. 

* Configuration 

* Domain 

Reference: Directory Partitions 


Q94. - (Topic 8) 

Your network contains an internal network and a perimeter network. The internal network contains an Active Directory forest named contoso.com. The forest contains a Microsoft Exchange Server 2010 organization. All of the domain controllers in contoso.com run Windows Server 2012. 

The perimeter network contains an Active Directory forest named litware.com. 

You deploy Microsoft Forefront Unified Access Gateway (UAG) to litware.com. All of the domain controllers in litware.com run Windows Server 2012. 

Some users connect from outside the network to use Outlook Web App. 

You need to ensure that external users can authenticate by using client certificates. 

What should you do? 

More than one answer choice may achieve the goal. Select the BEST answer. 

A. To the perimeter network, add an Exchange server that has the Client Access server role installed. 

B. Deploy UAG to contoso.com. 

C. Enable Kerberos delegation in litware.com. 

D. Enable Kerberos constrained delegation in litware.com. 

Answer:

Explanation: Forefront TMG provides support for Kerberos constrained delegation (often abbreviated as KCD) to enable published Web servers to authenticate users by Kerberos afterForefront TMG verifies their identity by using a non-Kerberos authentication method. When used in this way, Kerberos constrained delegation eliminates the need for requiring users to provide credentials twice. 

Reference: About Kerberos constrained delegation 


Q95. - (Topic 8) 

Your company has two main offices and 10 branch offices. Each office is configured as a separate Active Directory site. 

The main offices sites are named Site1 and Site2. Each office connects to Site1 and Site2 by using a WAN link. Each site contains a domain controller that runs Windows Server 2008. 

You are redesigning the Active Directory infrastructure. 

You plan to implement domain controllers that run Windows Server 2012 and decommission all of the domain controllers that run Windows Server 2008. 

You need to recommend a placement plan for the Windows Server 2012 domain controllers to meet the following requirements: 

. Ensure that users can log on to the domain if a domain controller or a WAN link fails. . Minimize the number of domain controllers implemented. 

What should you include in the recommendation? (Each correct answer presents part of the solution. Choose all that apply.) 

A. Read-only domain controllers (RODCs) in the branch office sites 

B. A writable domain controller in Site1 

C. A writable domain controller in Site2 

D. Writable domain controllers in the branch office sites 

Answer: A,B,C 

Explanation: A (not D) Writeable domain controllers are not needed to authenticate users at the branch offices. 


Q96. - (Topic 8) 

A company has a single-forest and single Active Directory Domain Services domain named contoso.com. The company has offices in multiple geographic locations and manages all computing devices from a network operations center located at a main office. 

You deploy physical servers and user devices by using a Windows Deployment Services (WDS) server named WDS1, and a server that runs System Center 2012 Virtual Machine Manager SP1 named VMM1. 

Every three months you update the standard deployment images and push the update images to all client devices in the organization. You use multicast deployments for the servers and client devices at the remote offices. To automate the deployment process, you create an Auto-Cast multicast transmission and pre-stage client devices. 

You need to ensure that client devices continue the deployment process after the first reboot and do not restart the installation. 

What should you do? 

A. Option A 

B. Option B 

C. Option C 

D. Option D 

Answer:


Q97. - (Topic 8) 

Your company has three offices. The offices are located in Montreal, Toronto, and Vancouver. 

The network contains two Active Directory forests named contoso.com and adatum.com. The contoso.com forest contains one domain. The adatum.com forest contains two domains. All of the servers in adatum.com are located in the Toronto office. The servers in contoso.com are located in the Montreal and Vancouver offices. All of the servers in both of the forests run Windows Server 2012 R2. 

A two-way, forest trusts exists between the forests. 

Each office contains DHCP servers and DNS servers. 

You are designing an IP Address Management (IPAM) solution to manage the network. 

You need to recommend a solution for the placement of IPAM servers to manage all of the DHCP servers and all of the DNS servers in both of the forests. The solution must minimize the number of IPAM servers deployed. 

What should you recommend? 

A. One IPAM server in each office 

B. One IPAM server in the Montreal office and one IPAM server in the Toronto office 

C. One IPAM server in the Toronto office 

D. Two IPAM servers in the Toronto office and one IPAM server in the Montreal office 

E. Two IPAM servers in the Toronto office, one IPAM server in the Montreal office, and one IPAM server in the Vancouver office 

Answer:

Explanation: * There are three general methods to deploy IPAM servers: 

Distributed: An IPAM server deployed at every site in an enterprise. 

Centralized: One IPAM server in an enterprise. 

Hybrid: A central IPAM server deployed with dedicated IPAM servers at each site. 

Reference: IP Address Management (IPAM) Overview 


Q98. HOTSPOT - (Topic 7) 

You need to protect the personal data of employees. 

What should you do? To answer, select the appropriate options in the answer area. 

Answer: 


Q99. - (Topic 8) 

Your network contains an Active Directory forest named contoso.com. The forest contains one domain. 

Your company plans to open a new division named Division1. A group named Division1Admins will administer users and groups for Division1. 

You identify the following requirements for Division1: 

All Division1 users must have a complex password that is 14 characters. 

Division1Admins must be able to manage the user accounts for Division1. 

Division1Admins must be able to create groups, and then delete the groups that 

they create. 

Division1Admins must be able to reset user passwords and force a password 

change at the next logon for all Division1 users. 

You need to recommend changes to the forest to support the Division1 requirements. 

What should you recommend? 

More than one answer choice may achieve the goal. Select the BEST answer. 

A. In the forest create a new organizational unit (OU) named Division1 and delegate permissions for the OU to the Division1Admins group. Move all of the Division1 user accounts to the new OU. Create a fine-grained password policy for the Division1 users. 

B. Create a new child domain named divisionl.contoso.com. Move all of the Division1 user accounts to the new domain. Add the Division1Admin members to the Domain Admins group. Configure the password policy in a Group Policy object (GPO). 

C. Create a new forest. Migrate all of the Division1 user objects to the new forest and add the Division1Admins members to the Enterprise Admins group. Configure the password policy in a Group Policy object (GPO). 

D. In the forest create a new organizational unit (OU) named Division1 and add Division1Admins to the Managed By attribute of the new OU. Move the Division1 user objects to the new OU. Create a fine-grained password policy for the Division1 users. 

Answer:


Q100. HOTSPOT - (Topic 4) 

You are planning the certificates for Northwind Traders. 

You need to identify the certificate configurations required for App1. 

How should you configure the certificate request? To answer, select the appropriate 

options in the answer area. 

Answer: 


© Copyright Getcertified4sure.com. examcollectionuk.com
All other trademarks and copyrights are the property of their respective owners.
All rights reserved.