[Free] Download Latest (March 2016) Microsoft 70-413 Real Exam 61-70

Ensurepass

QUESTION 61

Your company has two divisions named Division1 and Division2.

 

The network contains an Active Directory domain named contoso.com. The domain contains two child domains named divisionl.contoso.com and division2.contoso.com.

 

The company sells Division1 to another company.

 

You need to prevent administrators in contoso.com and division2.contoso.com from gaining administrative access to the resources in division1.contoso.com.

 

What should you recommend?

 

A.

Create a new tree in the forest named contoso.secure. Migrate the resources and the accounts in divisionl.contoso.com to contoso.secure.

B.

On the domain controller accounts in divisionl.contoso.com, deny the Enterprise Admins group the Allowed to Authenticate permission.

C.

Create a new forest and migrate the resources and the accounts in divisionl.contoso.com to the new forest.

D.

In divisionl.contoso.com, remove the Enterprise Admins group from the Domain Admins group and remove the Enterprise Admins group from the access control list (ACL) on the division1.contoso.com domain object.

 

Correct Answer: C

 

 

QUESTION 62

Your company has a main office that contains several servers and several users. The main office contains a file server named Server1 that runs Windows Server 2012.

 

The users access a large report file that is created on Server1 each day.

 

The company plans to open a new branch office. The branch office will contain only client computers.

 

You need to implement a solution to reduce the amount of bandwidth used by the client computers in the branch office to download the report each day.

 

What should you do?

 

More than one answer choice may achieve the goal. Select the BEST answer.

 

A.

Install the BranchCache for network files role service on Server1. Configure the client computers to use BranchCache in hosted cache mode.

B.

Configure the offline settings of the shared folder that contains the report.

C.

Install the BranchCache for network files role service on Server1. Configure the client computers to use Branchcache in distributed mode.

D.

Enable the Background Intelligent Transfer Service (BITS) feature on Server1 and on each client computer in the branch office. Move the report to a web folder.

 

Correct Answer: C

Explanation:

Distributed cache mode. In this mode, branch office client computers download content from the content servers in the main office and then cache the content for other computers in the same branch office.

Distributed cache mode does not require a server computer in the branch office.

 

Reference: BranchCache Deployment Guide

 

 

QUESTION 63

Your network contains an Active Directory domain named contoso.com. The domain contains three Active Directory sites. The Active Directory sites are configured as shown in the following table.

 

clip_image002

 

The sites connect to each other by using the site links shown in the following table.

 

clip_image004

 

Site link name Connected sites

 

You need to design the Active Directory site topology to meet the following requirements:

 

clip_image006Ensure that all replication traffic between Site2 and Site3 replicates through Site1 if a domain controller in Site1 is available.

clip_image006[1]Ensure that the domain controllers between Site2 and Site3 can replicate if all of the domain controllers in Site1 are unavailable.

 

What should you do?

 

A.

Delete Link1.

B.

Delete Link2.

C.

Delete Link3.

D.

Disable site link bridging.

E.

Create one site link bridge.

F.

Modify the cost of Link2.

G.

Create one SMTP site link between Site2 and Site3.

H.

Create one SMTP site link between Site1 and Site3. Create one SMTP site link between Site1 and Site2.

 

Correct Answer: F

 

 

QUESTION 64

Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites. You plan to deploy DirectAccess.

 

The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network.

 

You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement.

 

What should you include in the recommendation?

 

A.

Set the ISATAP State to state enabled.

B.

Enable split tunneling.

C.

Set the ISATAP State to state disabled.

D.

Enable force tunneling.

 

Correct Answer: D

Explanation:

You can configure DirectAccess clients to send all of their traffic through the tunnels to the DirectAccess server with force tunneling. When force tunneling is configured, DirectAccess clients that detect that they are on the Internet modify their IPv4 default route so that default route IPv4 traffic is not sent. With the exception of local subnet traffic, all traffic sent by the DirectAccess client is IPv6 traffic that goes through tunnels to the DirectAccess server.

 

 

QUESTION 65

Your network contains an Active Directory domain named contoso.com.

 

Your company has 100 users in the sales department. Each sales user has a domain- joined laptop computer that runs either Windows 7 or Windows 8. The sales users rarely travel to the company’s offices to connect directly to the corporate network.

 

You need to recommend a solution to ensure that you can manage the sales users’ laptop computers when the users are working remotely.

 

What solution should you include in the recommendation?

 

A.

Deploy the Remote Access server role on a server on the internal network.

B.

Deploy the Network Policy and Access Services server role on a server on the internal network.

C.

Deploy a Microsoft System Center 2012 Service Manager infrastructure.

D.

Deploy a Microsoft System Center 2012 Operations Manager infrastructure.

 

Correct Answer: D

Explanation:

Incorrect:

Not A: The Remote Access server role just give access to the remote computers, but you need to MANAGE their computers.

 

 

QUESTION 66

Your company has a main office and a branch office.

 

The network contains an Active Directory domain named contoso.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.

 

clip_image008

 

The domain contains two global groups. The groups are configured as shown in the following table.

 

clip_image010

 

You need to ensure that the RODC is configured to meet the following requirements:

 

Cache passwords for all of the members of Branch1Users. Prevent the caching of passwords for the members of Helpdesk.

 

What should you do?

 

A.

Modify the membership of the Denied RODC Password Replication group.

B.

Install the BranchCache feature on RODC1.

C.

Modify the delegation settings of RODC1.

D.

Create a Password Settings object (PSO) for the Helpdesk group.

 

Correct Answer: A

Explanation:

Password Replication Policy Allowed and Denied lists

Two new built-in groups are introduced in Windows Server 2008 Active Directory domains to support RODC operations. These are the Allowed RODC Password Replication Group and Denied RODC Password Replication Group.

These groups help implement a default Allowed List and Denied List for the RODC Password Replication Policy. By default, the two groups are respectively added to the msDS-RevealOnDemandGroup and msDS-NeverRevealGroup Active Directory attributes.

 

Reference: Password Replication Policy

 

 

QUESTION 67

You plan to deploy multiple servers in a test environment by using Windows Deployment Services (WDS).

 

You need to identify which network services must be available in the test environment to deploy the servers.

 

Which network services should you identify? (Each correct answer presents part of the solution. Choose all that apply.)

 

A.

Active Directory Domain Services (AD DS)

B.

DNS

C.

DHCP

D.

WINS

E.

Active Directory Lightweight Directory Services (AD LDS)

F.

Network Policy Server (NPS)

 

Correct Answer: ABC

Explanation:

Prerequisites for installing Windows Deployment Services

* (A) Active Directory Domain Services (AD DS).

Windows Deployment Services server must be a member of an Active Directory Domain Services (AD DS) domain or a domain controller for an AD DS domain.

* (B) DNS. You must have a working Domain Name System (DNS) server on the network before you can run Windows Deployment Services.

* (C): DHCP. You must have a working Dynamic Host Configuration Protocol (DHCP) server with an active scope on the network because Windows Deployment Services uses PXE, which relies on DHCP for IP addressing.

* NTFS volume.

 

Reference: Windows Deployment Services Overview

 

http://technet.microsoft.com/en-us/library/hh831764.aspx

 

 

QUESTION 68

Your network contains an Active Directory forest named contoso.com. The forest is managed by using Microsoft System Center 2012.

 

You plan to create virtual machine templates to deploy servers by using the Virtual Machine Manager Self-service Portal (VMMSSP).

 

To the Virtual Machine Manager (VMM) library, you add a VHD that has a generalized image of Windows Server 2012.

 

You need to identify which VMM components must be associated with the image.

 

Which components should you identify? (Each correct answer presents part of the solution. Choose all that apply.)

 

A.

A guest OS profile

B.

A hardware profile

C.

A capability profile

D.

A host profile

 

Correct Answer: AB

Explanation:

Profiles

VMM provides the following profiles:

* (A) Guest operating system profile–A guest operating system profile defines operating system configured settings which will be applied to a virtual machine created from the template. It defines common operating system settings such as the type of operating system, the computer name, administrator password, domain name, product key, and time zone, answer file and run once file.

* (B) Hardware profile–A hardware profile defines hardware configuration settings such as CPU, memory, network adapters, a video adapter, a DVD drive, a floppy drive, COM ports, and the priority given the virtual machine when allocating resources on a virtual machine host.

NOTE: VMM also includes host profiles. Host profiles are not used for virtual machine creation.

They are used during the conversion of a bare-metal computer to a Hyper-V host.

 

Reference: Creating Profiles and Templates in VMM Overview

 

 

QUESTION 69

Your network contains an Active Directory domain named contoso.com.

 

On several organizational units (OUs), an administrator named Admin1 plans to delegate control of custom tasks.

 

You need to ensure that Admin1 can delegate a custom task named Task1 by using the Delegation of Control Wizard.

 

What should you do?

 

A.

Add a new class to the Active Directory schema.

B.

Configure a custom MMC console.

C.

Modify the Delegwiz.inf file.

D.

Configure a new authorization store by using Authorization Manager.

Correct Answer: C

Explanation:

To add a task to the Delegation Wizard, you must create a task template by using the following syntax in the Delegwiz.inf file

 ——————————————————–

[template1]

AppliesToClasses=<comma delimited list of object types to which this template applies; for example, if “organizationalUnit” is in the list, this template will be shown when the Delegation Wizard is invoked on an OU>

 

Descript
ion = “<task description which will appear in the wizard>” Etc.

 

Reference: How to customize the task list in the Delegation Wizard

 

http://support.microsoft.com/kb/308404

 

 

QUESTION 70

Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.

 

clip_image012

 

All client computers run either Windows 7 or Windows 8.

 

Goal: You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3.

 

Solution: You implement the 802.1x Network Access Protection (NAP) enforcement method.

 

Does this meet the goal?

 

A.

Yes

B.

No

 

Correct Answer: A

Explanation:

NAP supports a variety of what we call enforcement methods. In the NAP space, and enforcement method is simply a term that defines the way a machine connects to a network. In NAP, these are DHCP, 802.1x (wired or wireless), VPN, IPsec, or via a Terminal Services Gateway.

 

Free VCE & PDF File for Microsoft 70-413 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…