[Free] Download Latest (March 2016) Microsoft 70-413 Real Exam 71-80

Ensurepass

QUESTION 71

HOTSPOT

Your network contains an Active Directory forest named northwindtraders.com.

 

The client computers in the finance department run either Windows 8.1, Windows 8, or Windows 7. All of the client computers in the marketing department run Windows 8.1.

 

You need to design a Network Access Protection (NAP) solution for northwindtraders.com that meets the following requirements:

 

clip_image002The client computers in the finance department that run Windows 7 must have a firewall enabled and the antivirus software must be up-to-date.

clip_image002[1]The finance computers that run Windows 8.1 or Windows 8 must have automatic updating enabled and the antivirus software must be up-to-date.

clip_image002[2]The client computers in the marketing department must have automatic updating enabled and the antivirus software must be up-to-date.

clip_image002[3]If a computer fails to meet its requirements, the computers must be provided access to a limited set of resources on the network.

clip_image002[4]If a computer meets its requirements, the computer must have full access to the network.

 

What is the minimum number of objects that you should create to meet the requirements? To answer, select the appropriate number for each object type in the answer area.

 

clip_image004

 

Correct Answer:

clip_image006

 

 

 

 

 

QUESTION 72

HOTSPOT

Your network contains an Active Directory domain named contoso.com. You plan to implement multiple DHCP servers.

 

An administrator named Admin1 will authorize the DHCP servers. You need to ensure that

 

Admin1 can authorize the planned DHCP servers.

 

To which container should you assign Admin1 permissions?

 

To answer, select the appropriate node in the answer area.

 

clip_image008

 

Correct Answer:

clip_image010

 

 

QUESTION 73

HOTSPOT

You have a domain controller that hosts an Active Directory-integrated zone.

 

On the domain controller, you run the following cmdlet:

 

PS C:> Get-DnsServerScavenging

 

NoRefreshInterval:2.00:00:00

 

RefreshInterval:3.00:00:00

 

ScavengingInterval:4.00:00:00

 

ScavengingState:True

 

LastScavengeTime:1/30/2014 9:10:36 AM

 

Use the drop-down menus to select the answer choice that completes each statement.

 

clip_image011

 

Correct Answer:

clip_image012

 

 

QUESTION 74

Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.

 

You plan to deploy DirectAccess.

 

The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network.

 

You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement.

 

Solution: You enable force tunneling.

 

Does this meet the goal?

 

A.

Yes

B.

No

 

Correct Answer: A

Explanation:

DirectAccess. DirectAccess allows connectivity to organizational network resources without the need for traditional virtual private network (VPN) connections.

DirectAccess allows remote users to securely access internal network file shares, Web sites, and applications without connecting to a virtual private network (VPN). An internal network is also known as a private network or intranet. DirectAccess establishes bi- directional connectivity with an internal network every time a DirectAccess-enabled computer connects to the Internet, even before the user logs on. Users never have to think about connecting to the internal network and IT administrators can manage remote computers outside the office, even when the computers are not connected to the VPN.

 

 

QUESTION 75

You have a System Center 2012 R2 Virtual Machine Manager (VMM) infrastructure that manages five Hyper-V hosts. The Hyper-V hosts are not clustered.

 

You have a virtual machine template that deploys a base image of Windows Server 2012 R2. No role services or features are enabled in the base image.

 

You need to deploy a virtual machine named VM1 that is based on the virtual machine template.

 

VM1 will be deployed as part of a service. VM1 must have the Web Server (IIS) server role installed. The solution must not require modifications to the virtual machine template or the base image.

 

What are two possible profile types that achieve the goal? Each correct answer presents a complete solution.

 

A.

Capability

B.

Application

C.

Guest OS

D.

Hardware

E.

Physical Computer

 

Correct Answer: AC

Explanation:

A: In Capability, you must select a capability profile that is supported by the private cloud.

C:guest OS profile

* define Windows Operating System specialization values for the virtual machine.

*On the Configure Operating System page, configure the guest operating system settings.

If you have an existing guest operating system profile that you want to use, in the Guest OS profile list, click the guest operating system profile that you want to use. After you configure the guest operating system settings, click Next.

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 76

Your network contains an Active Directory domain named contoso.com.

 

The domain contains the organization units (OUs) configured as shown in the following table.

 

clip_image014

 

Users and computers at the company change often.

 

You create a Group Policy object (GPO) named GPO6. GPO6 contains user settings.

 

You need to ensure that GPO6 applies to users when they log on to the kiosk computers only. The solution must minimize administrative effort.

 

What should you do?

 

A.

Link GPO6 to OU4 and configure loopback processing in GPO6.

B.

Link GPO6 to OU1 and configure WMI filtering on GPO3.

C.

Link GPO6 to OU1 and configure loopback processing in GPO6.

D.

Link GPO6 to OU1 and configure loopback processing in GPO5.

 

Correct Answer: A

Explanation:

Group Policy applies to the user or computer in a manner that depends on where both the user and the computer objects are located in Active Directory. However, in some cases, users may need policy applied to them based on the location of the computer object alone. You can use the Group Policy loopback feature to apply Group Policy Objects (GPOs) that depend only on which computer the user logs on to.

 

 

 

 

 

 

 

 

 

 

 

QUESTION 77

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The forest functional level is Windows Server 2012.

 

Your company plans to deploy an application that will provide a search interface to users in the company. The application will query the global catalog for the Employee-Number attribute.

 

You need to recommend a solution to ensure that the application can retrieve the Employee-Number value from the global catalog.

 

What should you include in the recommendation?

 

A.

the Dsmod command

B.

the Ldifde command

C.

the Enable-ADOptionalFeaturecmdlet

D.

the Csvde command

 

Correct Answer: B

Explanation:

Ldifde

Creates, modifies, and deletes directory objects. You can also use ldifde to extend the schema, export Active Directory user and group information to other applications or services, and populate Active Directory Domain Services (AD DS) with data from other directory services.

Ldifde -l <LDAPAttributeList>

Sets the list of attributes to return in the results of an export query. If you do not specify this parameter, the search returns all attributes.

 

Incorrect:

Not C:

Optional feature: A non-default behavior that modifies the Active Directory state model.

 

 

QUESTION 78

Your network contains an internal network and a perimeter network. The internal network contains an Active Directory forest named contoso.com. The forest contains a Microsoft Exchange Server 2010 organization. All of the domain controllers in contoso.com run Windows Server 2012.

 

The perimeter network contains an Active Directory forest named litware.com.

 

You deploy Microsoft Forefront Unified Access Gateway (UAG) to litware.com. All of the domain controllers in litware.com run Windows Server 2012.

 

Some users connect from outside the network to use Outlook Web App.

 

You need to ensure that external users can authenticate by using client certificates.

 

What should you do?

 

More than one answer choice may achieve the goal. Select the BEST answer.

 

A.

To the perimeter network, add an Exchange server that has the Client Access server role installed.

B.

Deploy UAG to contoso.com.

C.

Enable Kerberos delegation in litware.com.

D.

Enable Kerberos constrained delegation in litware.com.

 

Correct Answer: D

Explanation:

Forefront TMG provides support for Kerberos constrained delegation (often abbreviated as KCD) to enable published Web servers to authenticate users by Kerberos afterForefront TMG verifies their identity by using a non-Kerberos authentication method. When used in this way, Kerberos constrained delegation eliminates the need for requiring users to provide credentials twice.

 

Reference: About Kerberos constrained delegation

 

 

QUESTION 79

Your company is a hosting provider that provides cloud-based services to multiple customers.

 

Each customer has its own Active Directory forest located in your company’s datacenter.

 

You plan to provide VPN access to each customer. The VPN solution will use RADIUS for authentication services and accounting services.

 

You need to recommend a solution to forward authentication and accounting messages from the perimeter network to the Active Directory forest of each customer.

 

What should you recommend?

 

More than one answer choice may achieve the goal. Select the BEST answer.

 

A.

One RADIUS proxy for each customer and Active Directory Federation Services (AD FS)

B.

A RADIUS server for each customer and one RADIUS proxy

C.

One RADIUS proxy and one Active Directory Lightweight Directory Services (AD LDS) instance for each customer

D.

A RADIUS server for each customer and a RADIUS proxy for each customer

 

Correct Answer: B

Explanation:

RADIUS proxy

You want to provide RADIUS authentication and authorization for outsourced service providers and minimize intranet firewall configuration. An intranet firewall is between your perimeter network (the network between your intranet and the Internet) and intranet. By placing an NPS server on your perimeter network, the firewall between your perimeter network and intranet must allow traffic to flow between the NPS server and multiple domain controllers. By replacing the NPS server with an NPS proxy, the firewall must allow only RADIUS traffic to flow between the NPS proxy and one or multiple NPS servers within your intranet.

 

clip_image016

 

 

QUESTION 80

DRAG DROP

Your company plans to deploy a remote access solution to meet the following requirements:

 

clip_image002[5]Ensure that client computers that are connected to the Internet can be managed remotely without requiring that the user log on.

clip_image002[6]Ensure that client computers that run Windows Vista or earlier can connect remotely.

clip_image002[7]Ensure that non-domain-joined computers can connect remotely by using TCP port 443.

 

You need to identify which remote access solutions meet the requirements.

 

Which solutions should you identify?

 

To answer, drag the appropriate solution to the correct requirement in the answer area. Each solution may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content.

 

clip_image018

 

Correct Answer:

clip_image020

 

Free VCE & PDF File for Microsoft 70-413 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…