70-413 Exam
Super to 70 413 exam
Master the 70 413 pdf Designing and Implementing a Server Infrastructure content and be ready for exam day success quickly with this Pass4sure 70 413 pdf free practice questions. We guarantee it!We make it a reality and give you real 70 413 pdf questions in our Microsoft 70 413 exam braindumps.Latest 100% VALID Microsoft 70 413 pdf Exam Questions Dumps at below page. You can use our Microsoft microsoft 70 413 braindumps and pass your exam.
Q21. - (Topic 8)
Your network contains an Active Directory forest that has two domains named contoso.com and europe.contoso.com. The forest contains five servers. The servers are configured as shown in the following table.
You plan to manage the DHCP settings and the DNS settings centrally by using IP Address Management (IPAM).
You need to ensure that you can use IPAM to manage the DHCP and DNS settings in both domains. The solution must use the minimum amount of administrative effort.
What should you do?
A. Upgrade DCE1 and DCE2 to Windows Server 2012, and then install the IP Address Management (IPAM) Server feature. Run the Set-IpamConfiguration cmdlet for each domain.
B. Upgrade DCE1 and DCE2 to Windows Server 2012, and then install the IP Address Management (IPAM) Server feature. Run the Invoke-IpamGpoProvisioning cmdlet for each domain.
C. Upgrade DC1 and DC2 to Windows Server 2012, and then install the IP Address Management (IPAM) Server feature. Run the Invoke-IpamGpoProvisioning cmdlet for each domain.
D. Upgrade DC1 and DC2 to Windows Server 2012, and then install the IP Address Management (IPAM) Server feature. Run the Set-IpamConfiguration cmdlet for each domain.
Answer: B
Explanation: * Upgrade the Windows 2003 Servers.
* Invoke-IpamGpoProvisioning Creates and links group policies in the specified domain for provisioning required access settings on the servers managed by the computer running the IP Address Management (IPAM) server.
Incorrect:
Set-IpamConfiguration
Sets the configuration for the computer running the IP Address Management (IPAM)
server, including the TCP port number over which the computer running the IPAM Remote
Server Administration Tools (RSAT) client connects with the computer running the IPAM
server.
Q22. - (Topic 8)
Your company has a main office that contains several servers and several users. The main office contains a file server named Server1 that runs Windows Server 2012.
The users access a large report file that is created on Server1 each day.
The company plans to open a new branch office. The branch office will contain only client computers.
You need to implement a solution to reduce the amount of bandwidth used by the client computers in the branch office to download the report each day.
What should you do?
More than one answer choice may achieve the goal. Select the BEST answer.
A. Install the BranchCache for network files role service on Server1. Configure the client computers to use BranchCache in hosted cache mode.
B. Configure the offline settings of the shared folder that contains the report.
C. Install the BranchCache for network files role service on Server1. Configure the client computers to use Branchcache in distributed mode.
D. Enable the Background Intelligent Transfer Service (BITS) feature on Server1 and on each client computer in the branch office. Move the report to a web folder.
Answer: C
Explanation:
Distributed cache mode. In this mode, branch office client computers download content from the content servers in the main office and then cache the content for other computers in the same branch office.
Distributed cache mode does not require a server computer in the branch office. Reference: BranchCache Deployment Guide
Q23. - (Topic 8)
You are the administrator for a large company. You plan to implement servers in the environment that do not use local hard drives.
You need to recommend a supported storage solution.
Which technology should you recommend?
A. Clustered NAS
B. Cloud storage
C. USB flash drive
D. iSCSISAN
Answer: A
Q24. - (Topic 8)
Your network contains an Active Directory forest named contoso.com.
You plan to deploy 200 Hyper-V hosts by using Microsoft System Center 2012 Virtual Machine Manager (VMM) Service Pack 1 (SP1).
You add a PXE server to the fabric.
You need to identify which objects must be added to the VMM library for the planned deployment.
What should you identify? (Each correct answer presents part of the solution. Choose all that apply.)
A. A host profile
B. A capability profile
C. A hardware profile
D. A generalized image
E. A service template
Answer: A,D
Explanation: Templates and profiles are used to standardize the creation of virtual
machines and services.
These configurations are stored in the VMM database but are not represented by physical
configuration files.
(D)
There are several new types of templates and profiles in VMM, most of which are used for service creation.
(A)
There are also host profiles, used for deploying a Hyper-V host from a bare-metal computer, and capability profiles, used to specify the capabilities of virtual machines on each type of supported hypervisor when virtual machines are deployed to a private cloud.
Note:
* host profile:
A Virtual Machine Manager library resource that contains hardware and operating system
configuration settings to convert a bare-metal computer to a managed Hyper-V host.
*capability profile:
A Virtual Machine Manager library resource that defines which resources (for example,
number of processors or maximum memory) are available to a virtual machine that is
created in a private cloud.
Q25. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains servers that run either Windows Server 2008 R2 or Windows Server 2012.
All client computers on the internal network are joined to the domain. Some users establish VPN connections to the network by using Windows computers that do not belong to the domain.
All client computers receive IP addresses by using DHCP.
You need to recommend a Network Access Protection (NAP) enforcement method to meet the following requirements:
Verify whether the client computers have up-to-date antivirus software.
Provides a warning to users who have virus definitions that are out-of-date.
Ensure that client computers that have out-of-date virus definitions can connect to the network.
Which NAP enforcement method should you recommend?
A. DHCP
B. IPSec
C. VPN
D. 802.1x
Answer: A
Explanation:
NAP enforcement for DHCP DHCP enforcement is deployed with a DHCP Network Access Protection (NAP) enforcement server component, a DHCP enforcement client component, and Network Policy Server (NPS). Using DHCP enforcement, DHCP servers and NPS can enforce health policy when a computer attempts to lease or renew an IP version 4 (IPv4) address. However, if client computers are configured with a static IP address or are otherwise configured to circumvent the use of DHCP, this enforcement method is not effective.
Note: The NAP health policy server can use a health requirement server to validate the health state of the NAP client or to determine the current version of software or updates that need to be installed on the NAP client.
Reference: NAP Enforcement for DHCP
http://technet.microsoft.com/en-us/library/cc733020(v=ws.10).aspx
Q26. - (Topic 8)
Your network contains an Active Directory domain.
You plan to implement a remote access solution that will contain three servers that run Windows Server 2012. The servers will be configured as shown in the following table.
Server1 will support up to 200 concurrent VPN connections.
You need to ensure that all VPN connection requests are authenticated and authorized by either Server2 or Server3. The solution must ensure that the VPN connections can be authenticated if either Server2 or Server3 fails.
What should you do?
A. On Server1, configure a RADIUS proxy. On Server2 and Server3, add a RADIUS client.
B. On Server2 and Server3, add a RADIUS client. On Server1, modify the Authentication settings.
C. On Server1, configure a RADIUS proxy. Add Server2 and Server3 to a failover cluster.
D. Add Server2 and Server3 to a Network Load Balancing (NLB) cluster. On Server1, modify the Authentication settings.
Answer: B
Explanation:
* A network access server (NAS) is a device that provides some level of access to a larger network. A NAS using a RADIUS infrastructure is also a RADIUS client, sending connection requests and accounting messages to a RADIUS server for authentication, authorization, and accounting.
* Client computers, such as wireless portable computers and other computers running client operating systems, are not RADIUS clients. RADIUS clients are network access
servers—such as wireless access points, 802.1X-capable switches, virtual private network (VPN) servers, and dial-up servers—because they use the RADIUS protocol to communicate with RADIUS servers such as Network Policy Server (NPS) servers.
Reference: RADIUS Client
http://technet.microsoft.com/en-us/library/cc754033.aspx
Q27. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. Client computers run either Windows 7 or Windows 8.
You plan to implement several Group Policy settings that will apply only to laptop computers.
You need to recommend a Group Policy strategy for the planned deployment.
What should you include in the recommendation?
More than one answer choice may achieve the goal. Select the BEST answer.
A. Loopback processing
B. WMI filtering
C. Security filtering
D. Block inheritance
Answer: B
Explanation:
Group Policy WMI Filter – Laptop or Desktop Hardware A method to detect hardware as laptop only is to look for the presence of a battery based on the BatteryStatus property of the Win32_Battery class. By using the Win32_Battery class, we can search to see if there is a battery present. If the battery status is not equal to zero (BatteryStatus <> 0 ) then you know that it is a laptop.
Reference: Group Policy WMI Filter – Laptop or Desktop Hardware
Q28. - (Topic 8)
Your network contains an Active Directory forest named adatum.com. All domain controllers run Windows Server 2008 R2. The functional level of the domain and the forest is Windows Server 2008.
You deploy a new Active Directory forest named contoso.com. All domain controllers run Windows Server 2012 R2. The functional level of the domain and the forest is Windows Server 2012 R2.
You establish a two-way, forest trust between the forests. Both networks contain member servers that run either Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008.
You plan to use the Active Directory Migration Tool 3.2 (ADMT 3.2) to migrate user accounts from adatum.com to contoso.com. SID history will be used in contoso.com and passwords will be migrated by using a Password Export Server (PES).
You need to recommend which changes must be implemented to support the planned migration.
Which two changes should you recommend? Each correct answer presents part of the solution.
A. In the contoso.com forest, deploy a domain controller that runs Windows Server 2008 R2.
B. In the adatum.com forest, upgrade the functional level of the forest and the domain.
C. In the contoso.com forest, downgrade the functional level of the forest and the domain.
D. In the adatum.com forest, deploy a domain controller that runs Windows Server 2012 R2.
Answer: A,C
Q29. - (Topic 4)
You need to recommend a solution for the replication of Active Directory.
What should you recommend modifying?
A. The Active Directory Schema
B. The properties of Site1
C. The RODC1 computer account
D. The properties of Site2
Answer: A
Explanation: The schema is the Active Directory component that defines all the objects and attributes that the directory service uses to store data. The physical structure of the schema consists of the object definitions. The schema itself is stored in the directory. The schema is stored in its own partition (the schema partition) in the directory. The schema is replicated among all the domain controllers in the forest, and any change that is made to the schema is replicated to every domain controller in the forest. Because the schema dictates how information is stored, and because any changes that are made to the schema affect every domain controller, changes to the schema should be made only when necessary — through a tightly controlled process — after testing has been performed to ensure that there will be no adverse effects on the rest of the forest.
Reference: How the Active Directory Schema Works
Q30. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.
All client computers run either Windows 7 or Windows 8.
The corporate security policy states that all of the client computers must have the latest security updates installed.
You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3.
Solution: You implement the IPsec enforcement method.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation: Note: NAP enforcement for IPsec-protected traffic works by providing X.509 certificates, called health certificates, to client computers that meet network health requirements. Health certificates are used to authenticate NAP client computers when they initiate IPsec-protected communications with other computers. Computers that are noncompliant with health requirements do not have health certificates. If a computer that does not have a health certificate initiates communication with a computer that has a health certificate, the connection is not allowed. In this way, NAP with IPsec enforcement restricts noncompliant computers from accessing IPsec-protected resources on the network.
Because IPsec controls host access on a per-connection basis, IPsec enforcement provides the strongest form of NAP enforcement.