70-413 Exam
microsoft 70 413 : Dec 2021 Edition
We provide real microsoft 70 413 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Microsoft 70 413 exam Exam quickly & easily. The 70 413 exam PDF type is available for reading and printing. You can print more and practice many times. With the help of our Microsoft 70 413 pdf dumps pdf and vce product and material, you can easily pass the microsoft 70 413 exam.
Q41. - (Topic 3)
You need to recommend a remote access solution that meets the VPN requirements.
Which role service should you include in the recommendation?
A. Routing
B. Network Policy Server
C. DirectAccess and VPN (RAS)
D. Host Credential Authorization Protocol
Answer: B
Explanation:
Scenario:
A server that runs Windows Server 2012 will perform RADIUS authentication for all of the
VPN connections.
Ensure that NAP with IPSec enforcement can be configured.
Network Policy Server
Network Policy Server (NPS) allows you to create and enforce organization-wide network
access policies for client health, connection request authentication, and connection request
authorization. In addition, you can use NPS as a Remote Authentication Dial-In User
Service
(RADIUS) proxy to forward connection requests to a server running NPS or other RADIUS
servers that you configure in remote RADIUS server groups.
NPS allows you to centrally configure and manage network access authentication,
authorization, are client health policies with the following three features: RADIUS server.
NPS performs centralized authorization, authorization, and accounting for wireless,
authenticating switch, remote access dial-up and virtual private network (VNP)
connections. When you use NPS as a RADIUS server, you configure network access
servers, such as wireless access points and VPN servers, as RADIUS clients in NPS. You
also configure network policies that NPS uses to authorize connection requests, and you
can configure RADIUS accounting so that NPS logs accounting information to log files on
the local hard disk or in a Microsoft SQL Server database.
Reference: Network Policy Server
Q42. - (Topic 3)
You need to implement the technical requirements for the boston.litwareinc.com domain.
Which tools should you use?
A. Gpfixup and Gpupdate
B. Rendom and Gpfixup
C. Gpupdate and Dcgpofix
D. Adprep and Rendom
Answer: B
Explanation:
Minimize the amount of administrative effort whenever possible Rename boston.litwareinc.com domain to bos.litwareinc.com
* Rendom.exe is a command-line tool that is used to rename Active Directory domains.
Reference: Rendom
Q43. - (Topic 8)
A new company registers the domain name of contoso.com. The company has a web presence on the Internet. All Internet resources have names that use a DNS suffix of contoso.com.
A third-party hosts the Internet resources and is responsible for managing the contoso.com DNS zone on the Internet. The zone contains several hundred records.
The company plans to deploy an Active Directory forest.
You need to recommend an Active Directory forest infrastructure to meet the following requirements:
. Ensure that users on the internal network can resolve the names of the company's Internet resources.
. Minimize the amount of administrative effort associated with the addition of new Internet servers.
What should you recommend?
A. A forest that contains a single domain named contoso.local
B. A forest that contains a root domain named contoso.com and another domain named contoso.local
C. A forest that contains a root domain named contoso.com and another domain named ad.contoso.com
D. A forest that contains a single domain named contoso.com
Answer: C
Explanation: Rules for Selecting a Prefix for a Registered DNS Name
Select a prefix that is not likely to become outdated.
Avoid names such as a business line or operating system that might change in the future.
Generic names such as corp or ds are recommended.
Incorrect:
not A, not B: Using single label names or unregistered suffixes, such as .local, is not
recommended.
Q44. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.
All client computers run either Windows 7 or Windows 8.
The corporate security policy states that all of the client computers must have the latest security updates installed.
You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3.
Solution: You implement the IPsec enforcement method.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation: Note: NAP enforcement for IPsec-protected traffic works by providing X.509 certificates, called health certificates, to client computers that meet network health requirements. Health certificates are used to authenticate NAP client computers when they initiate IPsec-protected communications with other computers. Computers that are noncompliant with health requirements do not have health certificates. If a computer that does not have a health certificate initiates communication with a computer that has a health certificate, the connection is not allowed. In this way, NAP with IPsec enforcement restricts noncompliant computers from accessing IPsec-protected resources on the network.
Because IPsec controls host access on a per-connection basis, IPsec enforcement provides the strongest form of NAP enforcement.
Q45. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains servers that run either Windows Server 2008 R2 or Windows Server 2012.
All client computers on the internal network are joined to the domain. Some users establish VPN connections to the network by using Windows computers that do not belong to the domain.
All client computers receive IP addresses by using DHCP.
You need to recommend a Network Access Protection (NAP) enforcement method to meet the following requirements:
Verify whether the client computers have up-to-date antivirus software.
Provides a warning to users who have virus definitions that are out-of-date.
Ensure that client computers that have out-of-date virus definitions can connect to the network.
Which NAP enforcement method should you recommend?
A. DHCP
B. IPSec
C. VPN
D. 802.1x
Answer: A
Explanation:
NAP enforcement for DHCP DHCP enforcement is deployed with a DHCP Network Access Protection (NAP) enforcement server component, a DHCP enforcement client component, and Network Policy Server (NPS). Using DHCP enforcement, DHCP servers and NPS can enforce health policy when a computer attempts to lease or renew an IP version 4 (IPv4) address. However, if client computers are configured with a static IP address or are otherwise configured to circumvent the use of DHCP, this enforcement method is not effective.
Note: The NAP health policy server can use a health requirement server to validate the health state of the NAP client or to determine the current version of software or updates that need to be installed on the NAP client.
Reference: NAP Enforcement for DHCP
http://technet.microsoft.com/en-us/library/cc733020(v=ws.10).aspx
Q46. - (Topic 8)
Your network contains an Active Directory domain.
You plan to implement a remote access solution that will contain three servers that run Windows Server 2012. The servers will be configured as shown in the following table.
Server1 will support up to 200 concurrent VPN connections.
You need to ensure that all VPN connection requests are authenticated and authorized by either Server2 or Server3. The solution must ensure that the VPN connections can be authenticated if either Server2 or Server3 fails.
What should you do?
A. On Server1, configure a RADIUS proxy. On Server2 and Server3, add a RADIUS client.
B. On Server2 and Server3, add a RADIUS client. On Server1, modify the Authentication settings.
C. On Server1, configure a RADIUS proxy. Add Server2 and Server3 to a failover cluster.
D. Add Server2 and Server3 to a Network Load Balancing (NLB) cluster. On Server1, modify the Authentication settings.
Answer: B
Explanation:
* A network access server (NAS) is a device that provides some level of access to a larger network. A NAS using a RADIUS infrastructure is also a RADIUS client, sending connection requests and accounting messages to a RADIUS server for authentication, authorization, and accounting.
* Client computers, such as wireless portable computers and other computers running client operating systems, are not RADIUS clients. RADIUS clients are network access
servers—such as wireless access points, 802.1X-capable switches, virtual private network (VPN) servers, and dial-up servers—because they use the RADIUS protocol to communicate with RADIUS servers such as Network Policy Server (NPS) servers.
Reference: RADIUS Client
http://technet.microsoft.com/en-us/library/cc754033.aspx
Q47. - (Topic 8)
Your network contains an Active Directory forest named contoso.com. The forest contains one domain.
Your company plans to open a new division named Division1. A group named Division1Admins will administer users and groups for Division1.
You identify the following requirements for Division1:
All Division1 users must have a complex password that is 14 characters.
Division1Admins must be able to manage the user accounts for Division1.
Division1Admins must be able to create groups, and then delete the groups that
they create.
Division1Admins must be able to reset user passwords and force a password
change at the next logon for all Division1 users.
You need to recommend changes to the forest to support the Division1 requirements.
What should you recommend?
More than one answer choice may achieve the goal. Select the BEST answer.
A. In the forest create a new organizational unit (OU) named Division1 and delegate permissions for the OU to the Division1Admins group. Move all of the Division1 user accounts to the new OU. Create a fine-grained password policy for the Division1 users.
B. Create a new child domain named divisionl.contoso.com. Move all of the Division1 user accounts to the new domain. Add the Division1Admin members to the Domain Admins group. Configure the password policy in a Group Policy object (GPO).
C. Create a new forest. Migrate all of the Division1 user objects to the new forest and add the Division1Admins members to the Enterprise Admins group. Configure the password policy in a Group Policy object (GPO).
D. In the forest create a new organizational unit (OU) named Division1 and add Division1Admins to the Managed By attribute of the new OU. Move the Division1 user objects to the new OU. Create a fine-grained password policy for the Division1 users.
Answer: A
Q48. - (Topic 8)
Your network contains an Active Directory domain. All servers run Windows Server 2012 R2.
The domain contains the servers shown in the following table.
You need to recommend which servers will benefit most from implementing data
deduplication.
Which servers should you recommend?
A. Server1 and Server2
B. Server1 and Server3
C. Server1 and Server4
D. Server2 and Server3
E. Server2 and Server4
F. Server3 and Server4
Answer: D
Explanation: * Server 2: Data deduplication involves finding and removing duplication within data without compromising its fidelity or integrity. The goal is to store more data in less space by segmenting files into small variable-sized chunks (32–128 KB), identifying duplicate chunks, and maintaining a single copy of each chunk. Redundant copies of the chunk are replaced by a reference to the single copy. The chunks are compressed and then organized into special container files in the System Volume Information folder
* Server 3: In Windows Server 2012 R2, Data Deduplication can be installed on a scale-out file server and used to optimize live VHDs for VDI workloads.
Reference: What's New in Data Deduplication in Windows Server
Q49. - (Topic 8)
You plan to deploy serverl.child.contoso.com as a read-only domain controller (RODC).
You run the adprep.exe /rodcprep command on DC3 and receive the following error message:
You need to identify what prevents you from successfully running Adprep /rodcprep on DC3.
What should you identify?
A. The domain functional level of child.contoso.com isset to the wrong level.
B. DC3 cannot connect to the domain naming master on DC1.
C. The forest functional level is set to the wrong level.
D. DC3 cannot connect to the infrastructure master onDC2.
Answer: D
Explanation: Adprep could not contact a replica…
This problem occurs when the Adprep /rodcprep command tries to contact the
infrastructure master for each application partition in the forest.
Reference: Error message when you run the "Adprep /rodcprep" command in Windows
Server 2008: "Adprep could not contact a replica for partition
DC=DomainDnsZones,DC=Contoso,DC=com"
Q50. DRAG DROP - (Topic 8)
Your network contains an Active Directory forest named contoso.com.
Your company merges with another company that has an Active Directory forest named
litwareinc.com.
Each forest has one domain.
You establish a two-way forest trust between the forests.
The network contains three servers. The servers are configured as shown in the following table.
You confirm that the client computers in each forest can resolve the names of the client computers in both forests.
On dc1.litwareinc.com, you create a zone named GlobalNames.
You need to recommend changes in both forests to ensure that the users in both forests can resolve single-label names by using the GlobalNames zone in litwareinc.com.
Which changes should you recommend?
To answer, drag the appropriate configuration to the correct server in the answer area. Each configuration may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content.
Answer: