70-413 Exam
Foolproof microsoft 70 413 tips
Examcollection 70 413 exam Questions are updated and all 70 413 exam answers are verified by experts. Once you have completely prepared with our microsoft 70 413 exam prep kits you will be ready for the real 70 413 exam exam without a problem. We have Most up-to-date Microsoft 70 413 exam dumps study guide. PASSED microsoft 70 413 First attempt! Here What I Did.
Q61. - (Topic 8)
Your network contains an Active Directory domain named contoso.com.
The domain contains the organization units (OUs) configured as shown in the following table.
Users and computers at the company change often.
You create a Group Policy object (GPO) named GPO6. GPO6 contains user settings.
You need to ensure that GPO6 applies to users when they log on to the kiosk computers only. The solution must minimize administrative effort.
What should you do?
A. Link GPO6 to OU4 and configure loopback processing in GPO6.
B. Link GPO6 to OU1 and configure WMI filtering on GPO3.
C. Link GPO6 to OU1 and configure loopback processing in GPO6.
D. Link GPO6 to OU1 and configure loopback processing in GPO5.
Answer: A
Explanation: Group Policy applies to the user or computer in a manner that depends on where both the user and the computer objects are located in Active Directory. However, in some cases, users may need policy applied to them based on the location of the computer object alone. You can use the Group Policy loopback feature to apply Group Policy Objects (GPOs) that depend only on which computer the user logs on to.
Q62. DRAG DROP - (Topic 2)
You need to recommend the VPN protocols for Proseware.
What should you recommend? To answer, drag the appropriate VPN protocols to the correct offices. Each protocol may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content,
Answer:
Q63. - (Topic 8)
Your network contains an Active Directory domain named contoso.com.
On several organizational units (OUs), an administrator named Admin1 plans to delegate control of custom tasks. You need to ensure that Admin1 can delegate a custom task named Task1 by using the Delegation of Control Wizard.
What should you do?
A. Add a new class to the Active Directory schema.
B. Configure a custom MMC console.
C. Modify the Delegwiz.inf file.
D. Configure a new authorization store by using Authorization Manager.
Answer: C
Explanation:
To add a task to the Delegation Wizard, you must create a task template by using the
following syntax in the Delegwiz.inf file
;---------------------------------------------------------
[template1]
AppliesToClasses=<comma delimited list of object types to which this
template applies; for example, if "organizationalUnit" is in the list,
this template will be shown when the Delegation Wizard is invoked on
an OU>
Description = "<task description which will appear in the wizard>"
Etc.
Reference: How to customize the task list in the Delegation Wizard http://support.microsoft.com/kb/308404
Q64. DRAG DROP - (Topic 8)
Your network contains three servers named Server1, Server2, and Server3 that run Windows Server 2012. Server3 is connected to a disk storage array.
You need to ensure that Server1 can store files on the storage array. The solution must ensure that Server1 can access the storage as a local disk.
What should you configure on each server?
To answer, drag the appropriate configuration to the correct location in the answer area. Each configuration may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content.
Answer:
Q65. - (Topic 6)
You need to plan the migration of App1. What should you do?
A. Install App1 on drive C. Move all of the data that supports App1 to drive D.
B. Expand the size of drive C Install App1 and all of the data that supports the app on drive C
C. Install App1 on drive D. Move all of the data that supports App1 to an additional data drive.
D. Install App1 on drive C. Move all of the data that supports App1 to an additional data drive.
Answer: C
Q66. - (Topic 8)
Your company, which is named Contoso, Ltd., has a main office and two branch offices. The main office is located in North America. The branch offices are located in Asia and Europe.
You plan to design an Active Directory forest and domain infrastructure.
You need to recommend an Active Directory design to meet the following requirements:
* The contact information of all the users in the Europe office must not be visible to the users in the other offices.
* The administrators in each office must be able to control the user settings and the computer settings of the users in their respective office.
The solution must use the least amount of administrative effort.
What should you include in the recommendation?
A. One forest that contains three domains
B. Three forests that each contain one domain
C. Two forests that each contain one domain
D. One forest that contains one domain
Answer: D
Explanation: * The most basic of all Active Directory structures is the single domain model; this type of domain structure comes with one major advantage over the other models: simplicity. A single security boundary defines the borders of the domain, and all objects are located within that boundary. The establishment of trust relationships between other domains is not necessary, and implementation of technologies such as Group Policies is made easier by the simple structure.
Q67. - (Topic 8)
You have a server named Server1 that runs Windows Server 2012. Server1 has the DNS Server server role installed.
You need to recommend changes to the DNS infrastructure to protect the cache from cache poisoning attacks.
What should you configure on Server1?
A. DNS cache locking
B. The global query block list
C. DNS Security Extensions (DNSSEC)
D. DNS devolution
Answer: A
Explanation: Ache locking is a new feature available if your DNS server is running Windows Server 2008 R2. When you enable cache locking, the DNS server will not allow cached records to be overwritten for the duration of the time to live (TTL) value. Cache locking provides for enhanced security against cache poisoning attacks.
Q68. - (Topic 8)
Your network contains an Active Directory forest. The forest contains two Active Directory domains named contoso.com and child.contoso.com. The forest functional level is Windows Server 2003. The functional level of both domains is Windows Server 2008.
The forest contains three domain controllers. The domain controllers are configured as shown in the following table.
DC1 and DC2 have the DNS Server server role installed and are authoritative for both contoso.com and child.contoso.com.
The child.contoso.com domain contains a server named serverl.child.contoso.com that runs Windows Server 2012.
You plan to deploy server1.child.contoso.com as a read-only domain controller (RODC).
You run the adprep.exe /rodcprep command on DC3 and receive the following error message:
You need to identify what prevents you from successfully running Adprep /rodcprep on DC3.
What should you identify?
A. The domain functional level of child.contoso.com is set to the wrong level.
B. DC3 cannot connect to the infrastructure master on DC2.
C. DC3 cannot connect to the domain naming master on DC1.
D. The forest functional level is set to the wrong level.
Answer: B
Explanation: Adprep could not contact a replica…
This problem occurs when the Adprep /rodcprep command tries to contact the
infrastructure master for each application partition in the forest.
Reference: Error message when you run the "Adprep /rodcprep" command in Windows
Server 2008: "Adprep could not contact a replica for partition
DC=DomainDnsZones,DC=Contoso,DC=com"
Q69. HOTSPOT - (Topic 8)
Your network contains an Active Directory forest name fabrikam.com. The forest contains two domains named fabrikam.com and contoso.com. All servers run Windows Server 2012 R2.
The forest contains a DHCP server named Server1 and a DNS server named Server2.
You need to recommend a solution to ensure that any computers that are neither members of contoso.com nor fabrikam.com receive a DNS suffix of guest.fabrikam.com.
What two commands should you run? To answer, select the appropriate options in the answer area.
Answer:
Q70. - (Topic 8)
Your network contains an Active Directory domain named contoso.com.
All client computers run either Windows 7 or Windows 8.
Some users work from customer locations, hotels, and remote sites. The remote sites often
have firewalls that limit connectivity to the Internet.
You need to recommend a VPN solution for the users.
Which protocol should you include in the recommendation?
A. PPTP
B. SSTP
C. IKEv2
D. L2TP/IPSec
Answer: B
Explanation: Secure Socket Tunneling Protocol (SSTP) is a form of VPN tunnel that provides a mechanism to transport PPP or L2TP traffic through an SSL 3.0 channel. SSL provides transport-level security with key-negotiation, encryption and traffic integrity checking. The use of SSL over TCP port 443 allows SSTP to pass through virtually all firewalls and proxy servers except for authenticated web proxies.