70-413 Exam
Point Checklist: 70 413 pdf
Approved of 70 413 exam test engine materials and study guides for Microsoft certification for IT professionals, Real Success Guaranteed with Updated 70 413 exam pdf dumps vce Materials. 100% PASS Designing and Implementing a Server Infrastructure exam Today!
Q51. - (Topic 8)
A company has a line-of-business application named App1 that runs on an internal IIS server. App1 uses a SQL Server 2008 database that is hosted on the same server. You move the database to a dedicated SQL Server named SQL1.
Users report that they can no longer access the application by using their domain credentials.
You need to ensure that users can access App1.
Solution: You configure Kerberos-constrained delegation and then run the following
command from an administrative command prompt:
setspn-a MSSQLsvc/SQLl:1433 <domain>\<sql_service> Does this meet the goal?
A. Yes
B. No
Answer: A
Q52. - (Topic 8)
Your company has two divisions named Division1 and Division2.
The network contains an Active Directory domain named contoso.com. The domain contains two child domains named divisionl.contoso.com and division2.contoso.com.
The company sells Division1 to another company.
You need to prevent administrators in contoso.com and division2.contoso.com from gaining administrative access to the resources in divisionl.contoso.com.
What should you recommend?
A. Create a new tree in the forest named contoso.secure. Migrate the resources and the accounts in divisionl.contoso.com to contoso.secure.
B. On the domain controller accounts in divisionl.contoso.com, deny the Enterprise Admins group the Allowed to Authenticate permission.
C. Create a new forest and migrate the resources and the accounts in divisionl.contoso.com to the new forest.
D. In divisionl.contoso.com, remove the Enterprise Admins group from the Domain Admins group and remove the Enterprise Admins group from the access control list (ACL) on the divisionl.contoso.com domain object.
Answer: C
Q53. DRAG DROP - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains an IP Address Management (IPAM) server.
You plan to delegate the administration of IPAM as shown in the following table.
You need to recommend which IPAM security group must be used for each department. The solution must minimize the number of permissions assigned to each group.
What should you recommend?
To answer, drag the appropriate group to the correct department in the answer area. Each group may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content.
Answer:
Q54. - (Topic 8)
Your company plans to hire 100 sales representatives who will work remotely.
Each sales representative will be given a laptop that will run Windows 7. A corporate image of Windows 7 will be applied to each laptop.
While the laptops are connected to the corporate network, they will be joined to the domain. The sales representatives will not be local administrators.
Once the laptops are configured, each laptop will be shipped by courier to a sales representative.
The sales representative will use a VPN connection to connect to the corporate network.
You need to recommend a solution to deploy the VPN settings for the sales representatives. The solution must meet the following requirements:
. Ensure that the VPN settings are the same for every sales representative.
. Ensure that when a user connects to the VPN, an application named App1 starts.
What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.
A. VPN auto triggering
B. The Add-VpnConnectioncmdlet
C. The Connection Manager Administration Kit (CMAK)
D. Group Policy preferences
Answer: C
Explanation: Connection Manager is a client network connection tool that allows a user to connect to a remote network, such as an Internet service provider (ISP), or a corporate network protected by a virtual private network (VPN) server. The Connection Manager Administration Kit (CMAK) is a tool that you can use to customize the remote connection experience for users on your network by creating predefined connections to remote servers and networks. To create and customize a connection for your users, you use the CMAK wizard.
Reference: Connection Manager Administration Kit
Q55. HOTSPOT - (Topic 4)
You need to recommend a solution for communicating to Windows Azure services.
What should you recommend? To answer, select the appropriate options in the answer area.
Answer:
Q56. - (Topic 8)
Your network contains an Active Directory forest named contoso.com.
You plan to add a new domain named child.contoso.com to the forest.
On the DNS servers in child.contoso.com, you plan to create conditional forwarders that
point to the DNS servers in contoso.com.
You need to ensure that the DNS servers in contoso.com can resolve names for the
servers in child.contoso.com.
What should you create on the DNS servers in contoso.com?
A. A zone delegation
B. A conditional forwarder
C. A root hint
D. A trust point
Answer: A
Explanation: Understanding Zone Delegation
Domain Name System (DNS) provides the option of dividing up the namespace into one or
more zones, which can then be stored, distributed, and replicated to other DNS servers.
When you are deciding whether to divide your DNS namespace to make additional zones,
consider the following reasons to use additional zones:
You want to delegate management of part of your DNS namespace to another location or
department in your organization.
You want to divide one large zone into smaller zones to distribute traffic loads among
multiple servers, improve DNS name resolution performance, or create a more-fault-tolerant DNS environment.
You want to extend the namespace by adding numerous subdomains at once, for example,
to accommodate the opening of a new branch or site.
Reference: Understanding Zone Delegation
Q57. - (Topic 8)
Your company has a main office and 20 branch offices. All of the offices connect to each other by using a WAN link.
The network contains an Active Directory forest named contoso.com. The forest contains a domain for each office. The forest root domain contains all of the server resources.
Each branch office contains two domain controllers for the branch office domain and one domain controller for the contoso.com domain.
Each branch office has a support technician who is responsible for managing the accounts of their respective office only.
You recently updated all of the WAN links to high-speed WAN links.
You need to recommend changes to the Active Directory infrastructure to meet the following requirements:
. Reduce the administrative overhead of moving user accounts between the offices.
. Ensure that the support technician in each office can manage the user accounts of their respective office.
What should you include in the recommendation? More than one answer choice may achieve the goal. Select the BEST answer.
A. Create a new child domain named corp.contoso.com. Create a shortcut trust between each child domain and corp.contoso.com.
B. Create shortcut trusts between each child domain. In the main office, add a domain controller to each branch office domain.
C. Move all of the user accounts of all the branch offices to the forest root domain. Decommission all of the child domains.
D. Create a new forest root domain named contoso.local. Move all of the user accounts of all the branch offices to the new forest root domain. Decommission all of the child domains.
Answer: C
Explanation: The most basic of all Active Directory structures is the single domain model; this type of domain structure comes with one major advantage over the other models: simplicity. A single security boundary defines the borders of the domain, and all objects are located within that boundary. The establishment of trust relationships between other domains is not necessary, and implementation of technologies such as Group Policies is made easier by the simple structure.
Q58. - (Topic 3)
You need to ensure that NAP meets the technical requirements.
Which role services should you install?
A. Network Policy Server, Health Registration Authority and Host Credential Authorization Protocol
B. Health Registration Authority, Host Credential Authorization Protocol and Online Responder
C. Certification Authority, Network Policy Server and Health Registration Authority
D. Online Responder, Certification Authority and Network Policy Server
Answer: C
Explanation:
* Scenario:
Implement Network Access Protection (NAP).
Ensure that NAP with IPSec enforcement can be configured.
* Health Registration Authority
Applies To: Windows Server 2008 R2, Windows Server 2012
Health Registration Authority (HRA) is a component of a Network Access Protection (NAP)
infrastructure that plays a central role in NAP Internet Protocol security (IPsec)
enforcement.
HRA obtains health certificates on behalf of NAP clients when they are compliant with
network health requirements. These health certificates authenticate NAP clients for IPsec-protected communications with other NAP clients on an intranet. If a NAP client does not
have a health certificate, the IPsec peer authentication fails and the NAP client cannot
initiate communication with other IPsec-protected computers on the network.
HRA is installed on a computer that is also running Network Policy Server (NPS) and
Internet
Information Services (IIS). If they are not already installed, these services will be added when you install HRA.
Reference: Health Registration Authority
Q59. - (Topic 2)
You run the Get-DNSServer cmdlet on DC01 and receive the following output:
You need to recommend changes to DC01. Which attribute should you recommend modifying?
A. EnablePollutionProtection
B. isReadOnly
C. Locking Percent
D. ZoneType
Answer: C
Explanation: * Scenario: The DNS servers must be prevented from overwriting the existing DNS entries that have been stored in cache.
* Cache locking is configured as a percent value. For example, if the cache locking value is set to 50, then the DNS server will not overwrite a cached entry for half of the duration of the TTL. By default, the cache locking percent value is 100. This means that cached entries will not be overwritten for the entire duration of the TTL. The cache locking value is stored in the CacheLockingPercent registry key. If the registry key is not present, then the DNS server will use the default cache locking value of 100.
Reference: DNS Cache Locking
Q60. - (Topic 8)
Your network contains an Active Directory domain named contoso.com.
Your company plans to open a branch office. The branch office will have 10 client computers that run Windows 8 and at least one server that runs Windows Server 2012. The server will host
BranchCache files and manage print queues for the network print devices in the branch office.
You need to recommend a solution to ensure that the users in the branch office can print if the branch office server fails.
What should you recommend?
More than one answer choice may achieve the goal. Select the BEST answer.
A. Printer pooling
B. Branch Office Direct Printing
C. A standby print server
D. A print server cluster
E. A secure Web Services on Devices (WSD) printer
Answer: B
Explanation:
Branch Office Direct Printing can reduce Wide Area Network (WAN) usage by printing directly to a print device instead of a server print queue. This feature can be enabled or disabled on a per printer basis and is transparent to the user. This feature requires a print server running Windows Server 2012 and clients running Windows
8. It is enabled by an administrator using the Print Management Console or Windows PowerShell on the server.
Reference: Branch Office Direct Printing Overview