aiotestking uk

70-413 Exam Questions - Online Test


70-413 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. - (Topic 8) 

Your network contains an Active Directory domain named contoso.com. The Active Directory site topology is configured as shown in the exhibit. (Click the Exhibit button.) 

DC1 and DC2 run Windows Server 2003 R2. All FSMO roles are located on DC2. 

You plan to deploy a read-only domain controller (RODC) to Site3. 

You need to recommend changes to the network to support the planned RODC 

implementation. 

What should you recommend? 

More than one answer choice may achieve the goal. Select the BEST answer. 

A. To Site1, add an RODC that runs Windows Server 2012. 

B. Replace DC2 with a domain controller that runs Windows Server 2012. 

C. To Site2, add an RODC that runs Windows Server 2012. 

D. Replace DC1 with a domain controller that runs Windows Server 2012. 

Answer:

Explanation: Each RODC requires a writable domain controller running Windows Server 

2012 for the same domain from which the RODC can directly replicate. 

Typically, this requires that a writable domain controller running Windows Server 2012 be 

placed in the nearest site in the topology. 

Reference: Active Directory Replication Considerations 

Q2. DRAG DROP - (Topic 8) 

You manage a Network Policy Server (NPS) infrastructure that contains four servers named NPSPRX01, NPS01, NPS02, and NPS03. All servers run Microsoft Windows Server 2012 R2. NPSPRX01 is configured as an NPS proxy. NPS01, NPS02, and NPS03 are members of a remote RADIUS server group named GR01. GR01 is configured as shown below: 

You need to ensure that authentication requests are identified even when a server is unavailable. 

If a given server is unavailable, which percentage of authentication requests will another server manage? To answer, drag the appropriate value to the correct scenario. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. 

Answer:  

Q3. - (Topic 8) 

Your network contains a Hyper-V host named Host1 that runs Windows Server 2012. Host1 contains a virtual machine named DC1. DC1 is a domain controller that runs Windows Server 2012. 

You plan to clone DC1. 

You need to recommend which steps are required to prepare DC1 to be cloned. 

What should you include in the recommendation? (Each correct answer presents part of the solution. Choose all that apply.) 

A. Run dcpromo.exe /adv. 

B. Create a file named Dccloneconfig.xml. 

C. Add DC1 to the Cloneable Domain Controllers group. 

D. Run sysprep.exe /oobe. 

E. Run New-VirtualDiskClone. 

Answer: B,C 

Explanation: 

B: DCCloneConfig.xml is an XML configuration file that contains all of the settings the cloned DC will take when it boots. This includes network settings, DNS, WINS, AD site name, new DC name and more. This file can be generated in a few different ways. 

C: There's a new group in town. It's called Cloneable Domain Controllers and you can find it in the Users container. Membership in this group dictates whether a DC can or cannot be cloned. This group has some permissions set on the domain head that should not be removed. Removing these permissions will cause cloning to fail. Also, as a best practice, DCs shouldn't be added to the group until you plan to clone and DCs should be removed from the group once cloning is complete. Cloned DCs will also end up in the Cloneable Domain Controllers group. Make sure to remove those as well. 

Q4. - (Topic 1) 

You need to recommend which changes must be implemented to the network before you can deploy the new web application. 

What should you include in the recommendation? 

A. Change the forest functional level to Windows Server 2008 R2. 

B. Upgrade the DNS servers to Windows Server 2012. 

C. Change the functional level of both the domains to Windows Server 2008 R2. 

D. Upgrade the domain controllers to Windows Server 2012. 

Answer:

Explanation: 

Scenario: 

The domain controllers run Windows Server 2008 R2. 

The company is migrating to Windows Server 2012. 

Q5. - (Topic 3) 

You need to recommend a change to the Active Directory environment to support the company's planned changes. 

What should you include in the recommendation? 

A. Raise the functional level of the domain and the forest. 

B. Implement Administrator Role Separation. 

C. Upgrade the domain controllers that have the PDC emulator master role to Windows Server 2012. 

D. Upgrade the domain controller that has the domain naming master role to Windows Server 2012. 

Answer:

Explanation: 

* Scenario: 

The functional level of the domain and the forest is Windows Server 2008. 

Implement the Active Directory Recycle Bin. 

Q6. HOTSPOT - (Topic 8) 

You have a domain controller that hosts an Active Directory-integrated zone. 

On the domain controller, you run the following cmdlet: 

PS C:\> Get-DnsServerScavenging 

NoRefreshInterval:2.00:00:00 RefreshInterval:3.00:00:00 ScavengingInterval:4.00:00:00 ScavengingState:True LastScavengeTime:1/30/2014 9:10:36 AM 

Use the drop-down menus to select the answer choice that completes each statement. 

Answer:  

Q7. - (Topic 8) 

Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table. 

All client computers run either Windows 7 or Windows 8. 

The corporate security policy states that all of the client computers must have the latest 

security updates installed. 

You need to implement a solution to ensure that only the client computers that have all of 

the required security updates installed can connect to VLAN 1. The solution must ensure 

that all other client computers connect to VLAN 3. 

Solution: You implement the VPN enforcement method. 

Does this meet the goal? 

A. Yes 

B. No 

Answer:

Explanation: VPN Enforcement need to be setup in connection with NAP (Network Access Protection). 

Q8. - (Topic 3) 

You need to ensure that NAP meets the technical requirements. 

Which role services should you install? 

A. Network Policy Server, Health Registration Authority and Host Credential Authorization Protocol 

B. Health Registration Authority, Host Credential Authorization Protocol and Online Responder 

C. Certification Authority, Network Policy Server and Health Registration Authority 

D. Online Responder, Certification Authority and Network Policy Server 

Answer:

Explanation: 

* Scenario: 

Implement Network Access Protection (NAP). 

Ensure that NAP with IPSec enforcement can be configured. 

* Health Registration Authority 

Applies To: Windows Server 2008 R2, Windows Server 2012 

Health Registration Authority (HRA) is a component of a Network Access Protection (NAP) 

infrastructure that plays a central role in NAP Internet Protocol security (IPsec) 

enforcement. 

HRA obtains health certificates on behalf of NAP clients when they are compliant with 

network health requirements. These health certificates authenticate NAP clients for IPsec-protected communications with other NAP clients on an intranet. If a NAP client does not 

have a health certificate, the IPsec peer authentication fails and the NAP client cannot 

initiate communication with other IPsec-protected computers on the network. 

HRA is installed on a computer that is also running Network Policy Server (NPS) and 

Internet 

Information Services (IIS). If they are not already installed, these services will be added when you install HRA. 

Reference: Health Registration Authority 

Q9. - (Topic 5) 

You need to configure the connection between the new remote branch office and the existing branch offices. 

What should you create? 

A. SMTP site link 

B. Forest trust 

C. Certification authority 

D. IP subnet 

Answer:

Q10. - (Topic 8) 

Your network contains an Active Directory domain named contoso.com. 

On several organizational units (OUs), an administrator named Admin1 plans to delegate control of custom tasks. You need to ensure that Admin1 can delegate a custom task named Task1 by using the Delegation of Control Wizard. 

What should you do? 

A. Add a new class to the Active Directory schema. 

B. Configure a custom MMC console. 

C. Modify the Delegwiz.inf file. 

D. Configure a new authorization store by using Authorization Manager. 

Answer:

Explanation: 

To add a task to the Delegation Wizard, you must create a task template by using the 

following syntax in the Delegwiz.inf file 

;---------------------------------------------------------

[template1] 

AppliesToClasses=<comma delimited list of object types to which this 

template applies; for example, if "organizationalUnit" is in the list, 

this template will be shown when the Delegation Wizard is invoked on 

an OU> 

Description = "<task description which will appear in the wizard>" 

Etc. 

Reference: How to customize the task list in the Delegation Wizard http://support.microsoft.com/kb/308404