[Free] Download New Updated (December) Microsoft 70-413 Exam Questions 21-30

Ensurepass

QUESTION 21

A company has a single-forest and single Active Directory Domain Services (AD DS) domain named Fabrikam.com that runs Windows 2012 Server. The AD DS forest functional level and the domain functional level are both set to Windows 2008 R2. You use IP Address Management (IPAM) as the IP management solution. You have two DHCP Servers named DHCP1 and DHCP2, and one IPAM server named IPAM1.

 

The company plans to acquire a company named Contoso, Ltd., which has a single-forest and single-domain AD DS named contoso.com. The forest functional level and domain functional level of Contoso.com is set to Windows 2008. All servers at Contoso run Windows Server 2008. The IP management solution at Contoso is based on a single DHCP server named SERVER3.

 

clip_image002

 

The total number of users in both companies will be 5000.

 

You have the following requirements:

 

clip_image004The solution must be able to allocate up to three IP addresses per user.

clip_image004[1]All IP address leases must be renewed every two days.

 

You need to ensure that the corresponding servers will have enough capacity to store six years of IP utilization data and eight months of event catalog data.

 

What should you recommend?

 

A.

Add at least 20 GB of storage to the IPAM server.

B.

Migrate Contoso.com to Fabrikam.com.

C.

Establish a forest trust between Contoso.com and Fabrikam.com.

D.

Upgrade SERVER3 to Windows Server 2012.

 

Correct Answer: D

 

 

QUESTION 22

Your network contains a Hyper-V host named Host1 that runs Windows Server 2012. Host1 contains a virtual machine named DC1. DC1 is a domain controller that runs Windows Server 2012.

 

You plan to clone DC1.

 

You need to recommend which steps are required to prepare DC1 to be cloned.

 

What should you include in the recommendation? (Each correct answer presents part of the solution. Choose all that apply.)

 

A.

Run dcpromo.exe /adv.

B.

Create a file named Dccloneconfig.xml.

C.

Add DC1 to the Cloneable Domain Controllers group.

D.

Run sysprep.exe /oobe.

E.

Run New-VirtualDiskClone.

 

Correct Answer: BC

Explanation:

B: DCCloneConfig.xml is an XML configuration file that contains all of the settings the cloned DC will take when it boots. This includes network settings, DNS, WINS, AD site name, new DC name and more. This file can be generated in a few different ways.

C: There’s a new group in town. It’s called Cloneable Domain Controllers and you can find it in the Users container. Membership in this group dictates whether a DC can or cannot be cloned. This group has some permissions set on the domain head that should not be removed. Removing these permissions will cause cloning to fail. Also, as a best practice, DCs shouldn’t be added to the group until you plan to clone and DCs should be removed from the group once cloning is complete. Cloned DCs will also end up in the Cloneable Domain Controllers group. Make sure to remove those as well.

 

 

QUESTION 23

Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the DHCP Server server role installed. The network contains a Virtual Desktop Infrastructure (VDI).

 

All virtual machines run Windows 8.

 

You identify the following requirements for allocating IPv4 addresses to client computers:

 

clip_image004[2]All virtual desktops must have static IP addresses.

clip_image004[3]All laptop computers must receive dynamic IP addresses.

clip_image004[4]All virtual desktops must be prevented from obtaining dynamic address.

 

You need to recommend a DHCP solution that meets the requirements for allocating IPv4 addresses.

 

The solution must use the least amount of administrative effort.

 

What should you recommend?

 

More than one answer choice may achieve the goal. Select the BEST answer.

A.

Configure DHCP filtering.

B.

Configure DHCP policies.

C.

Create two physical subnets. Connect the laptop computers to the subnet that contains Server1.

D.

Create two physical subnets. Configure 802.1X authentication for each subnet.

 

Correct Answer: B

Explanation:

The DHCP Server role in Windows Server 2012 introduces a new feature that allows you to create IPv4 policies that specify custom IP address and option assignments for DHCP clients based on a set of conditions. The policy based assignment (PBA) feature allows you to group DHCP clients by specific attributes based on fields contained in the DHCP client request packet. PBA enables targeted administration and greater control of the configuration parameters delivered to network devices with DHCP.

 

Example: In a subnet which has a mix of wired and mobile computers, you might want to assign a shorter, 4 hour lease duration to mobile computers and longer, 4 day lease duration to wired computers.

 

Incorrect:

not A: DHCP filtering provides security by filtering untrusted DHCP messages. An untrusted message is a message that is received from outside the network or firewall, and that can cause traffic attacks within network.

 

Reference: Introduction to DHCP Policies

 

 

QUESTION 24

Your company has three offices. The offices are located in Montreal, Toronto, and Vancouver.

 

The network contains two Active Directory forests named contoso.com and adatum.com. The contoso.com forest contains one domain. The adatum.com forest contains two domains. All of the servers in adatum.com are located in the Toronto office. The servers in contoso.com are located in the Montreal and Vancouver offices. All of the servers in both of the forests run Windows Server 2012 R2.

 

A two-way, forest trusts exists between the forests.

 

Each office contains DHCP servers and DNS servers.

 

You are designing an IP Address Management (IPAM) solution to manage the network.

 

You need to recommend a solution for the placement of IPAM servers to manage all of the DHCP servers and all of the DNS servers in both of the forests. The solution must minimize the number of IPAM servers deployed.

 

What should you recommend?

 

A.

One IPAM server in each office

B.

One IPAM server in the Montreal office and one IPAM server in the Toronto office

C.

One IPAM server in the Toronto office

D.

Two IPAM servers in the Toronto office and one IPAM server in the Montreal office

E.

Two IPAM servers in the Toronto office, one IPAM server in the Montreal office, and one IPAM server in the Vancouver office

 

Correct Answer: B

Explanation:

There are three general methods to deploy IPAM servers:

 

clip_image004[5]Distributed: An IPAM server deployed at every site in an enterprise.

clip_image004[6]Centralized: One IPAM server in an enterprise.

clip_image004[7]Hybrid: A central IPAM server deployed with dedicated IPAM servers at each site.

 

Reference: IP Address Management (IPAM) Overview

 

 

QUESTION 25

A com
pany has a line-of-business application named Appl that runs on an internal IIS server. Ap1l uses a SQL Server 2008 database that is hosted on the same server. You move the database to a dedicated SQL Server named SQL1. Users report that they can no longer access the application by using their domain credentials. You need to ensure that users can access App1.

 

Solution: You configure App1 and SQL1 to use NTLM authentication. Then you restart the IIS and SQL Server services.

 

Does this meet the goal?

 

A.

Yes

B.

No

 

Correct Answer: B

 

 

QUESTION 26

HOTSPOT

Your network contains an Active Directory forest name fabrikam.com. The forest contains two domains named fabrikam.com and contoso.com. All servers run Windows Server 2012 R2.

 

The forest contains a DHCP server named Server1 and a DNS server named Server2.

 

You need to recommend a solution to ensure that any computers that are neither members of contoso.com nor fabrikam.com receive a DNS suffix of guest.fabrikam.com.

 

What two commands should you run?

 

To answer, select the appropriate options in the answer area.

 

clip_image006

 

Correct Answer:

clip_image008

 

 

QUESTION 27

Your network contains an Active Directory domain named contoso.com. The domain contains 10 sites. The sites are located in different cities and connect to each other by using low-latency WAN links.

 

In each site, you plan to implement Microsoft System Center 2012 Configuration Manager and to deploy multiple servers.

 

You need to recommend which Configuration Manager component must be deployed to each site for the planned deployment.

 

What should you include in
the recommendation?

 

More than one answer choice may achieve the goal. Select the BEST answer.

 

A.

A management point

B.

A software update point

C.

A distribution group point

D.

A secondary site server that has all of the Configuration Manager roles installed

 

Correct Answer: C

Explanation:

Distribution point groups provide a logical grouping of distribution points and collections for content distribution.

A Distribution point group is not limited to distribution points from a single site, and can contain one or more distribution points from any site in the hierarchy. When you distribute content to a distribution point group, all distribution points that are membe
rs of the distribution point group receive the content.

 

Reference: Configuring Distribution Point Groups in Configuration Manager

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 28

Your company has a main office.

 

The network contains an Active Directory domain named contoso.com. The main office contains a server named Server1 that runs Windows Server 2012. Server1 has the Remote Access server role installed and is configured to accept incoming SSTP-based VPN connections.

 

All cl
ient computers run Windows 7.

 

The company plans to open a temporary office that will contain a server named Server2 that runs Windows Server 2012 and has the DHCP Server server role installed. The office will also have 50 client computers and an Internet connection.

 

You need to recommend a solution to provide the users in the temporary office with access to the resources in the main office.

 

What should you recommend?

 

More than one answer choice may achieve the goal. Select the BEST answer.

 

A.

Use the Connection Manager Administration Kit (CMAK) to create a connection package that specifies Server1 as the target for SSTP-based VPN connections. Manually distribute the CMAK package to each client computer in the temporary office.

B.

Install the Remote Access server role on Server2. From Routing and Remote Access on Server2, add a SSTP-based VPN port. From DHCP on Server2, configure the default gateway server option.

C.

Uses the Connection Manager Administration Kit (CMAK) to create a connection package that specifies Server1 as the target for SSTP-based VPN connections. Use a Group Policy object

(GPO) to distribute the CMAK package to each client computer in the temporary office.

D.

Install the Remote Access server role on Server2. From Routing and Remote Access on Server2, configure a demand-dial interface. From DHCP on Server2, configure the default gateway server option.

 

Correct Answer: B

Explanation:

* configure RRAS server role as a VPN server on a Windows server 2008 R2 machine. To do that, you need to first install the RRAS server role.

* in case of IPv4 the remote access client’s VPN configuration is the ONLY configuration that governs whether it has default IPv4 gateway towards VPN server or not

 

Reference: Remote Access Deployment – Part 2: Configuring RRAS as a VPN server

 

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 29

DRAG DROP

Your network contains an Active Directory forest named contoso.com.

 

Your company merges with another company that has an Active Directory forest named litwareinc.com.

 

Each forest has one domain.

 

You establish a two-way forest trust between the forests.

 

The network contains three servers. The servers are configured as shown in the following table.

 

clip_image010

 

You confirm that the client computers in each forest can resolve the names of the client computers in both forests.

 

On dc1.litwareinc.com, you create a zone named GlobalNames.

 

You need to recommend changes in both forests to ensure that the users in both forests can resolve single-label names by using the GlobalNames zone in litwareinc.com.

 

Which changes should you re
commend?

 

To answer, drag the appropriate configuration to the correct server in the answer area. Each configuration may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content.

 

clip_image012

 

Correct Answer:

clip_image014

 

 

QUESTION 30

Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.

 

You plan to deploy DirectAccess.

 

The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network.

 

You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement

 

Solution: You set the ISATAP State to state disabled.

 

Does this meet the goal?

 

A.

Yes

B.

No

 

Correct Answer: A

Explanation:

With NAT64 and DNS64, the DirectAccess server now has the ability to take those client IPv6 packets and spin them down into IPv4 packets, so you can simply leave your internal network all IPv4. So back in the beginning it was standard practice to enable ISATAP globally. Today, because of the known issues, it is recommended not to use ISATAP at all, unless you have a specific reason for needing it

 

Note: ISATAP defines a method for generating a link-local IPv6 address from an IPv4 address, and a mechanism to perform Neighbor Discovery on top of IPv4.

 

Reference: IS ISATAP REQUIRED FOR DIRECTACCESS?

 

Free VCE & PDF File for Microsoft 70-413 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…