[Free] Download Latest (March 2016) Microsoft 70-413 Real Exam 51-60

Ensurepass

QUESTION 51

You have a server named Server1 that runs Windows Server 2012.

 

You have a 3-TB database that will be moved to Server1.

 

Server1 has the following physical disks:

 

clip_image002Three 2-TB SATA disks that are attached to a single IDE controller

clip_image002[1]One 1-TB SATA disk that is attached to a single IDE controller

 

You need to recommend a solution to ensure that the database can be moved to Server1.

 

The solution must ensure that the database is available if a single disk fails.

 

What should you include in the recommendation?

 

A.

Add each disk to a separate storage pool. Create a mirrored virtual disk.

B.

Add two disks to a storage pool. Add the other disk to another storage pool. Create a mirrored virtual disk.

C.

Add all of the disks to a single storage pool, and then create two simple virtual disks.

D.

Add all of the disks to a single storage pool, and then create a parity virtual disk.

 

Correct Answer: D

Explanation:

Parity A parity virtual disk is similar to a hardware Redundant Array of Inexpensive Disks (RAID5). Data, along with parity information, is striped across multiple physical disks. Parity enables Storage Spaces to continue to service read and write requests even when a drive has failed. A minimum of three physical disks is required for a parity virtual disk. Note that a parity disk cannot be used in a failover cluster.

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 52

Your company has a main office and a branch office.

 

The network contains an Active Directory domain named contoso.com. The main office contains domain controllers that run Windows Server 2012. The branch office contains a read-only domain controller (RODC) that runs Windows Server 2012.

 

You need to recommend a solution to control which Active Directory attributes are replicated to the RODC.

 

What should you include in the recommendation?

 

A.

The partial attribute set

B.

The filtered attribute set

C.

Application directory partitions

D.

Constrained delegation

 

Correct Answer: B

Explanation:

RODC filtered attribute set

Some applications that use AD DS as a data store might have credential-like data (such as passwords, credentials, or encryption keys) that you do not want to be stored on an RODC in case the RODC is compromised.

For these types of applications, you can dynamically configure a set of attributes in the schema for domain objects that will not replicate to an RODC. This set of attributes is called the RODC filtered attribute set. Attributes that are defined in the RODC filtered attribute set are not allowed to replicate to any RODCs in the forest.

 

Reference: AD DS: Read-Only Domain Controllers

 

 

QUESTION 53

You are the administrator for a large company. You plan to implement servers in the environment that do not use local hard drives.

 

You need to recommend a supported storage solution.

 

Which technology should you recommend?

 

A.

Clustered NAS

B.

Cloud storage

C.

USB flash drive

D.

iSCSISAN

 

Correct Answer: A

 

 

 

 

 

 

 

 

 

 

QUESTION 54

A company has a line-of-business application named App1 that runs on an internal IIS server. App1 uses a SQL Server 2008 database that is hosted on the same server. You move the database to a dedicated SQL Server named SQL1.

 

Users report that they can no longer access the application by using their domain credentials.

 

You need to ensure that users can access App1.

 

Solution: You configure Kerberos-constrained delegation and then run the following command from an administrative command prompt:

 

setspn-a MSSQLsvc/SQLl:1433 <domain><sql_service>

 

Does this meet the goal?

 

A.

Yes

B.

No

 

Correct Answer: A

 

 

QUESTION 55

Your network contains an Active Directory domain.

 

You plan to implement a remote access solution that will contain three servers that run Windows Server 2012. The servers will be configured as shown in the following table.

 

clip_image004

 

Server1 will support up to 200 concurrent VPN connections.

 

You need to ensure that all VPN connection requests are authenticated and authorized by either Server2 or Server3. The solution must ensure that the VPN connections can be authenticated if either Server2 or Server3 fails.

 

What should you do?

 

A.

On Server1, configure a RADIUS proxy. On Server2 and Server3, add a RADIUS client.

B.

On Server2 and Server3, add a RADIUS client. On Server1, modify the Authentication settings.

C.

On Server1, configure a RADIUS proxy. Add Server2 and Server3 to a failover cluster.

D.

Add Server2 and Server3 to a Network Load Balancing (NLB) cluster. On Server1, modify the Authentication settings.

 

Correct Answer: B

Explanation:

* A network access server (NAS) is a device that provides some level of access to a larger network. A NAS using a RADIUS infrastructure is also a RADIUS client, sending connection requests and accounting messages to a RADIUS server for authentication, authorization, and accounting.

 

* Client computers, such as wireless portable computers and other computers running client operating systems, are not RADIUS clients. RADIUS clients are network access servers–such as wireless access points, 802.1X-capable switches, virtual private network (VPN) servers, and dial-up servers–because they use the RADIUS protocol to communicate with RADIUS servers such as Network Policy Server (NPS) servers.

 

Reference: RADIUS Client

http://technet.microsoft.com/en-us/library/cc754033.aspx

 

 

QUESTION 56

Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.

 

clip_image006

 

All client computers run either Windows 7 or Windows 8.

 

The corporate security policy states that all of the client computers must have the latest security updates installed.

 

You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3.

 

Solution: You implement the IPsec enforcement method.

 

Does this meet the goal?

 

A.

Yes

B.

No

 

Correct Answer: B

Explanation:

Note: NAP enforcement for IPsec-protected traffic works by providing X.509 certificates, called health certificates, to client computers that meet network health requirements. Health certificates are used to authenticate NAP client computers when they initiate IPsec-protected communications with other computers. Computers that are noncompliant with health requirements do not have health certificates. If a computer that does not have a health certificate initiates communication with a computer that has a health certificate, the connection is not allowed. In this way, NAP with IPsec enforcement restricts noncompliant computers from accessing IPsec-protected resources on the network. Because IPsec controls host access on a per-connection basis, IPsec enforcement provides the strongest form of NAP enforcement.

 

 

 

QUESTION 57

Your network contains an Active Directory forest named adatum.com. All domain controllers run Windows Server 2008 R2. The functional level of the domain and the forest is Windows Server 2008.

 

You deploy a new Active Directory forest named contoso.com. All domain controllers run Windows Server 2012 R2. The functional level of the domain and the forest is Windows Server 2012 R2.

 

You establish a two-way, forest trust between the forests. Both networks contain member servers that run either Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008.

 

You plan to use the Active Directory Migration Tool 3.2 (ADMT 3.2) to migrate user accounts from adatum.com to contoso.com. SID history will be used in contoso.com and passwords will be migrated by using a Password Export Server (PES).

 

You need to recommend which changes must be implemented to support the planned migration.

 

Which two changes should you recommend? Each correct answer presents part of the solution.

 

A.

In the contoso.com forest, deploy a domain controller that runs Windows Server 2008 R2.

B.

In the adatum.com forest, upgrade the functional level of the forest and the domain.

C.

In the contoso.com forest, downgrade the functional level of the forest and the domain.

D.

In the adatum.com forest, deploy a domain controller that runs Windows Server 2012 R2.

 

Correct Answer: AC

 

 

QUESTION 58

Your company has a main office. The main office is located in a building that has 10 floors.

 

A datacenter on the ground floor contains a Windows Server 2012 failover cluster. The failover cluster contains a DHCP server resource named DH
CP1. All client computers receive their IP addresses from DHCP1. All client computers are part of the 131.107.0.0/16 IPv4 subnet.

 

You plan to implement changes to the network subnets to include a separate subnet for each floor of the office building. The subnets will connect by using routers.

 

You need to recommend changes to the DHCP infrastructure to ensure that all of the client computers can receive their IP configuration by using DHCP.

 

What should you recommend?

 

More than one answer choice may achieve the goal. Select the BEST answer.

 

A.

Install a remote access server on each floor. Configure a DHCP relay agent on each new DHCP server. Create a scope for each subnet on DHCP1.

B.

Install a DHCP server on each floor. Create a scope for the local subnet on each new DHCP server. Enable DHCP Failover on each new DHCP server.

C.

Configure each router to forward requests for IP addresses to DHCP1. Create a scope for each subnet on DHCP1.

D.

Configure each router to forward requests for IP addresses to DHCP1. Create a scope for the 10.0.0.0/16 subnet on DHCP1.

 

Correct Answer: C

Explanation:

Excerpt: In TCP/IP networking, routers are used to interconnect hardware and software used on different physical network segments called subnets and forward IP packets between each of the subnets. To support and use DHCP service across multiple subnets, routers connecting each subnet should comply with DHCP/ BOOTP relay agent capabilities described in RFC 1542.

 

Reference: Support multiple subnets with one DHCP server by configuring DHCP relay agents

http://technet.microsoft.com/en-us/library/cc771390.aspx

 

 

QUESTION 59

Your network contains an Active Directory domain named contoso.com. The domain contains servers that run either Windows Server 2008 R2 or Windows Server 2012.

 

All client computers on the internal network are joined to the domain. Some users establish VPN connections to the network by using Windows computers that do not belong to the domain.

 

All client computers receive IP addresses by using DHCP.

 

You need to recommend a Network Access Protection (NAP) enforcement method to meet the following requirements:

 


clip_image002[2]Verify whether the client computers have up-to-date antivirus software.

clip_image002[3]Provides a warning to users who have virus definitions that are out-of-date.

clip_image002[4]Ensure that client computers that have out-of-date virus definitions can connect to the network.

 

Which NAP enforcement method should you recommend?

 

A.

DHCP

B.

IPSec

C.

VPN

D.

802.1x

 

Correct Answer: A

Explanation:

NAP enforcement for DHCP

DHCP enforcement is deployed with a DHCP Network Access Protection (NAP) enforcement server component, a DHCP enforcement client component, and Network Policy Server (NPS).

Using DHCP enforcement, DHCP servers and NPS can enforce health policy when a computer attempts to lease or renew an IP version 4 (IPv4) address. However, if client computers are configured with a static IP address or are otherwise configured to circumvent the use of DHCP, this enforcement method is not effective.

 

Note: The NAP health policy server can use a health requirement server to validate the health state of the NAP client or to determine the current version of software or updates that need to be installed on the NAP client.

 

Reference: NAP Enforcement for DHCP

http://technet.microsoft.com/en-us/library/cc733020(v=ws.10).aspx

 

 

 

 

 

QUESTION 60

Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.

 

clip_image008

 

All client computers run either Windows 7 or Windows 8.

 

The corporate security policy states that all of the client computers must have the latest security updates installed.

 

You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3.

 

Solution: You implement the VPN enforcement method.

 

Does this meet the goal?

 

A.

Yes

B.

No

 

Correct Answer: B

Explanation:

VPN Enforcement need to be setup in connection with NAP (Network Access Protection).

 

Free VCE & PDF File for Microsoft 70-413 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…