[Free] Download Latest (March 2016) Microsoft 70-413 Real Exam 31-40

Ensurepass

QUESTION 31

Your company has two main offices and 10 branch offices. Each office is configured as a separate Active Directory site.

 

The main offices sites are named Site1 and Site2. Each office connects to Site1 and Site2 by using a WAN link. Each site contains a domain controller that runs Windows Server 2008.

 

You are redesigning the Active Directory infrastructure.

 

You plan to implement domain controllers that run Windows Server 2012 and decommission all of the domain controllers that run Windows Server 2008.

 

You need to recommend a placement plan for the Windows Server 2012 domain controllers to meet the following requirements:

 

clip_image002Ensure that users can log on to the domain if a domain controller or a WAN link fails.

clip_image002[1]Minimize the number of domain controllers implemented.

 

What should you include in the recommendation? (Each correct answer presents part of the solution. Choose all that apply.)

 

A.

Read-only domain controllers (RODCs) in the branch office sites

B.

A writable domain controller in Site1

C.

A writable domain controller in Site2

D.

Writable domain controllers in the branch office sites

 

Correct Answer: ABC

Explanation:

A (not D) Writeable domain controllers are not needed to authenticate users at the branch offices.

 

 

QUESTION 32

A company has offices in multiple geographic locations. The sites have high-latency, low- bandwidth connections. You need to implement a multisite Windows Deployment Services (WDS) topology for deploying standard client device images to all sites.

 

Solution: At each site, you install a WDS Server. You apply the same configuration settings to each WDS Server. You configure Distributed File Server Replication (DFSR) to synchronize install images.

 

Does this meet the goal?

 

A.

Yes

B.

No

 

Correct Answer: A

 

 

 

 

 

 

 

 

 

QUESTION 33

Your network contains an Active Directory domain named contoso.com.

 

Your company plans to open a branch office. The branch office will have 10 client computers that run Windows 8 and at least one server that runs Windows Server 2012.

The server will host

 

BranchCache files and manage print queues for the network print devices in the branch office.

 

You need to recommend a solution to ensure that the users in the branch office can print if the branch office server fails.

 

What should you recommend?

 

More than one answer choice may achieve the goal. Select the BEST answer.

 

A.

Printer pooling

B.

Branch Office Direct Printing

C.

A standby print server

D.

A print server cluster

E.

A secure Web Services on Devices (WSD) printer

 

Correct Answer: B

Explanation:

Branch Office Direct Printing can reduce Wide Area Network (WAN) usage by printing directly to a print device instead of a server print queue. This feature can be enabled or disabled on a per printer basis and is transparent to the user. This feature requires a print server running Windows Server 2012 and clients running Windows 8. It is enabled by an administrator using the Print Management Console or Windows PowerShell on the server.

 

Reference: Branch Office Direct Printing Overview

 

 

QUESTION 34

Your network contains an Active Directory forest named contoso.com.

 

You plan to add a new domain named child.contoso.com to the forest.

 

On the DNS servers in child.contoso.com, you plan to create conditional forwarders that point to the DNS servers in contoso.com.

 

You need to ensure that the DNS servers in contoso.com can resolve names for the servers in child.contoso.com.

 

What should you create on the DNS servers in contoso.com?

 

A.

A zone delegation

B.

A conditional forwarder

C.

A root hint

D.

A trust point

 

Correct Answer: A

Explanation:

Understanding Zone Delegation

Domain Name System (DNS) provides the option of dividing up the namespace into one or more zones, which can then be stored, distributed, and replicated to other DNS servers. When you are deciding whether to divide your DNS namespace to make additional zones, consider the following reasons to use additional zones:

 

clip_image002[2]You want to delegate management of part of your DNS namespace to another location or department in your organization.

clip_image002[3]You want to divide one large zone into smaller zones to distribute traffic loads among multiple servers, improve DNS name resolution performance, or create a more-fault-tolerant DNS environment.

clip_image002[4]You want to extend the namespace by adding numerous subdomains at once, for example, to accommodate the opening of a new branch or site.

 

Reference: Understanding Zone Delegation

 

 

QUESTION 35

Your network contains an Active Directory domain named contoso.com.

 

You deploy several servers that have the Remote Desktop Session Host role service installed.

 

You have two organizational units (OUs). The OUs are configured as shown in the following table.

 

clip_image004

 

GPO1 contains the Folder Redirection settings for all of the users.

 

You need to recommend a solution to prevent the sales users’ folders from being redirected when the users log on to a Remote Desktop session.

 

What should you include in the recommendation?

 

A.

FromGPO2, set the loopback processing mode.

B.

From GPO1, set the loopback processing mode.

C.

Configure security filtering for GPO1.

D.

Apply a WMI filter to GPO2.

 

Correct Answer: A

Explanation:

Group Policy applies to the user or computer in a manner that depends on where both the user and the computer objects are located in Active Directory. However, in some cases, users may need policy applied to them based on the location of the computer object alone. You can use the Group Policy loopback feature to apply Group Policy Objects (GPOs) that depend only on which computer the user logs on to.

 

Reference: Loopback processing of Group Policy

 

 

 

QUESTION 36

HOTSPOT

Your network contains an Active Directory domain named contoso.com.

 

The domain has a certification authority (CA). You create four certificate templates. The templates are configured as shown in the following table:

 

clip_image006

 

You install the Remote Access server role in the domain.

 

You need to configure DirectAccess to use one-time password (OTP) authentication.

 

What should you do?

 

To answer, select the appropriate options in the answer area.

 

clip_image008

 

Correct Answer:

clip_image010

 

 

 

 

 

 

 

QUESTION 37

Your network contains an Active Directory domain named contoso.com. The domain contains three Active Directory sites. The Active Directory sites are configured as shown in the following table.

 

clip_image012

 

The sites connect to each other by using the site links shown in the following table.

 

clip_image014

 

You need to design the Active Directory site topology to meet the following requirements:

 

clip_image002[5]Ensure that all replication traffic between Site2 and Site3 replicates through Site1 if a domain controller in Site1 is available.

clip_image002[6]Ensure that the domain controllers between Site2 and Site3 can replicate if all of the domain controllers in Site1 are unavailable.

 

What should you do?

 

A.

Delete Link2.

B.

Disable site link bridging.

C.

Delete Link3.

D.

Create one site link bridge.

E.

Modify the cost of Link2.

 

Correct Answer: E

 

 

QUESTION 38

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain and two sites named Montreal and Vancouver.

 

Montreal contains an IP Address Management (IPAM) server named Server1 that is used to manage all of the DHCP servers and the DNS servers in the site.

 

Vancouver contains several DHCP servers and several DNS servers.

 

In Vancouver, you install the IP Address Management (IPAM) Server feature on a server named Server2.

 

You need to recommend which configurations must be performed to ensure that the DHCP servers and the DNS servers in Vancouver are managed by Server2.

 

What should you recommend?

 

A.

Replicate the IPAM database from Server1 to Server2. On Server2, change the manageability status of the DNS servers and the DHCP servers in Vancouver.

B.

Replicate the IPAM database from Server1 to Server2. On Server1, change the manageability status of the DNS servers and the DHCP servers in Vancouver.

C.

From Server2, run the Invoke-IpamGpoProvisioning cmdlet On Server2, change the manageability status of the DNS servers and the DHCP servers in Vancouver.

D.

From Server1, run the Invoke-IpamGpoProvisioning cmdlet. On Server1, change the manageability status of the DNS servers and the DHCP servers in Vancouver.

 

Correct Answer: C

Explanation:

Invoke-IpamGpoProvisioning

Creates and links group policies in the specified domain for provisioning required access settings on the servers managed by the computer running the IPAM server.

 

 

QUESTION 39

Your network contains an Active Directory domain named contoso.com. The domain contains an organizational unit (OU) named OU1.

 

You have a Group Policy object (GPO) named GPO1 that is linked to contoso.com. GPO1 contains custom security settings.

 

You need to design a Group Policy strategy to meet the following requirements:

 

clip_image002[7]The security settings in GPO1 must be applied to all client computers.

clip_image002[8]Only GPO1 and other GPOs that are linked to OU1 must be applied to the client computers in OU1.

 

What should you include in the design?

 

More than one answer choice may achieve the goal. Select the BEST answer.

 

A.

Enable the Block Inheritance option at the domain level. Enable the Enforced option on GPO1.

B.

Enable the Block Inheritance option on OU1. Link GPO1 to OU1.

C.

Enable the Block Inheritance option on OU1. Enable the Enforced option on all of the GPOs linked to OU1.

D.

Enable the Block Inheritance option on OU1. Enable the Enforced option on GPO1.

 

Correct Answer: D

Explanation:

* You can block inheritance for a domain or organizational unit. Blocking inheritance prevents Group Policy objects (GPOs) that are linked to higher sites, domains, or organizational units from being automatically inherited by the child-level.

 

* GPO links that are enforced cannot be blocked from the parent container.

 

 

 

 

 

 

QUESTION 40

Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.

 

You plan to deploy DirectAccess.

 

The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network.

 

You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement.

 

Solution: You enable split tunneling.

 

Does this meet the goal?

 

A.

Yes

B.

No

 

Correct Answer: A

Explanation:

DirectAccess by default enables split tunneling. All traffic destined to the corpnet is sent over the DA IPsec tunnels, and all traffic destined for the Internet is sent directly to the Internet over the local interface. This prevents DA clients from bringing the corporate Internet connection to its knees.

 

Is DA split tunneling really a problem? The answer is no.

 

Why? Because the risks that exist with VPNs, where the machine can act as a router between the Internet and the corporate network is not valid with DirectAccess. IPsec rules on the UAG server require that traffic be from an authenticated source, and all traffic between the DA client and server is protected with IPsec.

 

Thus, in the scenario where the DA client might be configured as a router, the source of the traffic isn’t going to be the DA client, and authentication will fail ?hence preventing the type of routing that VPN admins are concerned about.

 

Reference: Why Split Tunneling is Not a Security Issue with DirectAccess

 

Free VCE & PDF File for Microsoft 70-413 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…