70-413 Exam
How to pass 70 413 exam in Jan 2021
Our pass rate is high to 98.9% and the similarity percentage between our 70 413 exam study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Microsoft 70 413 exam exam in just one try? I am currently studying for the Microsoft microsoft 70 413 exam. Latest Microsoft 70 413 pdf Test exam practice questions and answers, Try Microsoft 70 413 pdf Brain Dumps First.
Q1. - (Topic 5)
You need to configure the connection between the new remote branch office and the existing branch offices.
What should you create?
A. SMTP site link
B. Forest trust
C. Certification authority
D. IP subnet
Answer: A
Q2. - (Topic 8)
You are designing an Active Directory forest for a company named Contoso, Ltd. Contoso identifies the following administration requirements for the design:
. User account administration and Group Policy administration will be performed by
network technicians. The technicians will be added to a group named OUAdmins.
. IT staff who are responsible for backing up servers will have user accounts that are members of the Backup Operators group in the domain.
. All user accounts will be located in an organizational unit (OU) named AllEmployees.
You run the Delegation of Control Wizard and assign the OUAdmins group full control to all of the objects in the AllEmployeesOU.
After delegating the required permissions, you discover that the user accounts of some of the IT staff have inconsistent permissions on the objects in AllEmployees.
You need to recommend a solution to ensure that the members of OUAdmins can manage all of the objects in AllEmployees.
What should you include in the recommendation?
A. Remove the IT staff user accounts from Backup Operators and place them in a new group. Grant the new group the Backup files and directories user right and the Restore files and directories user right. Enforce permission inheritance on all of the objects in the AllEmployeesOU.
B. Create separate administrator user accounts for the technicians. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Delegate permissions to the new user accounts.
C. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Run the Delegation of Control Wizard.
D. Move the user accounts of the technicians to a separate OU. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Run the Delegation of Control Wizard on the AllEmployeesOU.
Answer: C
Q3. - (Topic 7)
You need to generate the required report
Which tool should you use?
A. Microsoft Deployment Toolkit (MDT)
B. Microsoft Desktop Optimization Pack (MDOP)
C. Microsoft Assessment and Planning Toolkit (MAP)
D. Application Compatibility Toolkit (ACT)
Answer: C
Explanation:
Scenario: Consolidation reports The company requires a report that describes the impact of consolidation. The report must provide the following information:
.An inventory of the existing physical server environment
.Visual charts that show the reduction of physical servers
Reference: Microsoft Assessment and Planning (MAP) Toolkit for Hyper-V
Q4. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.
You plan to deploy DirectAccess.
The network security policy states that when client computers connect to the corporate
network from the Internet, all of the traffic destined for the Internet must be routed through
the corporate network.
You need to recommend a solution for the planned DirectAccess deployment that meets
the security policy requirement
Solution: You set the ISATAP State to state disabled.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation: With NAT64 and DNS64, the DirectAccess server now has the ability to take those client IPv6 packets and spin them down into IPv4 packets, so you can simply leave your internal network all IPv4. So back in the beginning it was standard practice to enable ISATAP globally. Today, because of the known issues, it is recommended not to use ISATAP at all, unless you have a specific reason for needing it
Note: ISATAP defines a method for generating a link-local IPv6 address from an IPv4 address, and a mechanism to perform Neighbor Discovery on top of IPv4.
Reference: IS ISATAP REQUIRED FOR DIRECTACCESS?
Q5. - (Topic 8)
Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.
The domain contains two global groups. The groups are configured as shown in the following table.
You need to ensure that the RODC is configured to meet the following requirements:
. Cache passwords for all of the members of Branch1Users.
. Prevent the caching of passwords for the members of Helpdesk.
What should you do?
A. Modify the membership of the Denied RODC Password Replication group.
B. Install the BranchCache feature on RODC1.
C. Modify the delegation settings of RODC1.
D. Create a Password Settings object (PSO) for the Helpdesk group.
Answer: A
Explanation: Password Replication Policy Allowed and Denied lists
Two new built-in groups are introduced in Windows Server 2008 Active Directory domains to support RODC operations. These are the Allowed RODC Password Replication Group and Denied RODC Password Replication Group. These groups help implement a default Allowed List and Denied List for the RODC Password Replication Policy. By default, the two groups are respectively added to the msDS-RevealOnDemandGroup and msDS-NeverRevealGroup Active Directory attributes.
Reference: Password Replication Policy
Q6. - (Topic 3)
You need to recommend changes to the Active Directory environment to support the virtualization requirements.
What should you include in the recommendation?
A. Raise the functional level of the domain and the forest.
B. Upgrade the domain controller that has the domain naming master role to Windows Server 2012.
C. Implement Administrator Role Separation.
D. Upgrade the domain controllers that have the PDC emulator master role to Windows Server 2012.
Answer: D
Explanation: From case study:
* Ensure that the additional domain controllers for the branch offices can be deployed by using domain controller cloning.
Q7. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain
contains an organizational unit (OU) named OU1.
You have a Group Policy object (GPO) named GPO1 that is linked to contoso.com. GPO1 contains custom security settings.
You need to design a Group Policy strategy to meet the following requirements:
. The security settings in GPO1 must be applied to all client computers.
. Only GPO1 and other GPOs that are linked to OU1 must be applied to the client computers in OU1.
What should you include in the design?
More than one answer choice may achieve the goal. Select the BEST answer.
A. Enable the Block Inheritance option at the domain level. Enable the Enforced option on GPO1.
B. Enable the Block Inheritance option on OU1. Link GPO1 to OU1.
C. Enable the Block Inheritance option on OU1. Enable the Enforced option on all of the GPOs linked to OU1.
D. Enable the Block Inheritance option on OU1. Enable the Enforced option on GPO1.
Answer: D
Explanation: * You can block inheritance for a domain or organizational unit. Blocking inheritance prevents Group Policy objects (GPOs) that are linked to higher sites, domains, or organizational units from being automatically inherited by the child-level.
* GPO links that are enforced cannot be blocked from the parent container.
Q8. - (Topic 6)
You need To configure the Group Policy for salespeople.
Solution: You create a Group Policy Object (GPO) with an AppLocker policy. You link the
GPO to the Computers OU for each location.
Does this meet the goal?
A. Yes
B. No
Answer: B
Q9. - (Topic 8)
Your network contains an Active Directory forest named contoso.com. The forest contains five domains. You need to ensure that the CountryCode attribute is replicated to the global catalog.
What should you do?
A. Modify the schema partition.
B. Create and modify an application partition.
C. Modify the configuration partition.
D. Modify the domain partitions.
Answer: A
Explanation: Directory Partition Subtrees
Every domain controller contains the following three directory partitions:
* Schema Contains the Schema container, which stores class and attribute definitions for all existing
and possible Active Directory objects in cn=schema,cn=configuration,dc= forestRootDomain . Updates to this container are replicated to all domain controllers in the forest. You can view the contents of the Schema container in the Active Directory Schema console.
* Configuration
* Domain
Reference: Directory Partitions
Q10. - (Topic 3)
You need to recommend a migration strategy for the DHCP servers. The strategy must meet the technical requirements.
Which Windows PowerShell cmdlet should you recommend running on the physical DHCP servers?
A. Import-SmigServerSetting
B. Export-SmigServerSetting
C. Receive-SmigServerData
D. Send-SmigServerData
Answer: B
Explanation: * Scenario: / Main office: One physical DHCP server that runs Windows Server 2008 R2 / each branch office: One physical DHCP server that runs Windows Server 2008 R2 / The IPAM server in the main office gathers data from the DNS servers and the DHCP servers in all of the offices.
* Example:
Command Prompt: C:\PS>
Export-SmigServerSetting -Feature "DHCP" -User All -Group -Path "c:\temp\store" -Verbose
This sample command exports the Dynamic Host Configuration Protocol (DHCP) Server and all other Windows features that are required by DHCP Server.