70-413 Exam Questions - Online Test

70-413 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Act now and download your Microsoft 70 413 exam test today! Do not waste time for the worthless Microsoft microsoft 70 413 tutorials. Download Up to the immediate present Microsoft Designing and Implementing a Server Infrastructure exam with real questions and answers and begin to learn Microsoft 70 413 exam with a classic professional.

Q21. - (Topic 5) 

You need to plan the expansion of the Los Angeles office. 

What should you do? 

A. Install a read-only domain controller in Los Angeles. 

B. Install a domain controller in Los Angeles. 

C. Create and apply a filtered attribute set to the Los Angeles site. 

D. Create and apply a Group Policy object to the Los Angeles site. 

Answer: D 

Q22. - (Topic 3) 

You need to recommend an IPAM management solution for the Operators groups. The solution must meet the technical requirements. 

What should you include in the recommendation? 

A. Run the Invoke-IpamGpoProvisioningcmdlet in all three domains. Add the computers used by the members of the Operators group to the IPAM server. 

B. Modify the membership of the IPAM Administrators group and the WinRMRemoteWMIUsers_ group on the IPAM server. 

C. Run the Set-IpamConfigurationcmdlet and modify the membership of the WinRMRemoteWMRJsers_ group on the IPAM server. 

D. Run the Set-IpamConfigurationcmdlet on the IPAM server. Run the Invoke-IpamGpoProvisioningcmdlet in all three domains. 

Answer: B 

Explanation: 

Scenario: Ensure that the members of the Operators groups in all three domains can manage the IPAM server from their client computer. 

Q23. - (Topic 8) 

Your company has a main office and four branch offices. The main office is located in London. 

The network contains an Active Directory domain named contoso.com. The network is configured as shown in the exhibit. (Click the Exhibit button.) 

Each office contains several servers that run Windows Server 2012. 

In each branch office, you plan to deploy an additional 20 servers that will run Windows Server 2012. Some of the servers will have a Server Core installation of Windows Server 2012. 

You identify the following requirements for the deployment of the new servers: 

Operating system images must be administered centrally. 

The operating system images must be deployed by using PXE. 

The WAN traffic caused by the deployment of each operating system must be minimized. 

You need to recommend a solution for the deployment of the new servers. 

What should you recommend? 

A. Deploy Windows Deployment Services (WDS) in each office. Replicate the images by 

using Distributed File System (DFS) Replication, 

B. Deploy Windows Deployment Services (WDS) in the main office only. Replicate the images by using Distributed File System (DFS) Replication. 

C. Deploy Windows Deployment Services (WDS) in each office. Copy the images by using BranchCache. 

D. Deploy Windows Deployment Services (WDS) in the main office only. Copy the images by using BranchCache. 

Answer: A 

Explanation: DFS Replication is a replication engine that you can use to replicate images between Windows Deployment Services servers. 

Reference: Storing and Replicating Images Using DFS 

Q24. - (Topic 8) 

You have a virtual machine (VM) named VM-APP1 that hosts critical application named APP1. The VM has the following VHDX virtual disks: 

Both VHDX virtual disks are located on LUN1 of a Storage Area Network. 

Every time you perform Storage Live Migration for VM-APP1, it takes a few hours. 

You need to ensure that the storage supports Offloaded Data Transfer (ODX), and that 

ODX is enabled. 

Which two Windows PowerShell commands should you run? Each correct answer presents 

part of the solution. 

A. Set-ItemProperty HKLM:\system\currentcontrolset\control\filesystem -Name “FilterSupportedFeaturesMode” –Value 0 

B. Set-StorageSubSystem –InputObject (Get-StorageSubSystem) –ThrottleLimit 0 

C. Get-ItemProperty HKLM:\system\currentcontrolset\services\<FilterName> -Name “SupportedFeatures” 

D. Set-ItemProperty HKLM:\system\currentcontrolset\control\filesystem –Name “FilterSupportedFeatiresMode” –Value1 

Answer: A,C 

Q25. - (Topic 3) 

You need to recommend a remote access solution that meets the VPN requirements. 

Which role service should you include in the recommendation? 

A. Routing 

B. Network Policy Server 

C. DirectAccess and VPN (RAS) 

D. Host Credential Authorization Protocol 

Answer: B 

Explanation: 

Scenario: 

A server that runs Windows Server 2012 will perform RADIUS authentication for all of the 

VPN connections. 

Ensure that NAP with IPSec enforcement can be configured. 

Network Policy Server 

Network Policy Server (NPS) allows you to create and enforce organization-wide network 

access policies for client health, connection request authentication, and connection request 

authorization. In addition, you can use NPS as a Remote Authentication Dial-In User 

Service 

(RADIUS) proxy to forward connection requests to a server running NPS or other RADIUS 

servers that you configure in remote RADIUS server groups. 

NPS allows you to centrally configure and manage network access authentication, 

authorization, are client health policies with the following three features: RADIUS server. 

NPS performs centralized authorization, authorization, and accounting for wireless, 

authenticating switch, remote access dial-up and virtual private network (VNP) 

connections. When you use NPS as a RADIUS server, you configure network access 

servers, such as wireless access points and VPN servers, as RADIUS clients in NPS. You 

also configure network policies that NPS uses to authorize connection requests, and you 

can configure RADIUS accounting so that NPS logs accounting information to log files on 

the local hard disk or in a Microsoft SQL Server database. 

Reference: Network Policy Server 

Q26. - (Topic 8) 

Your network contains an Active Directory forest named contoso.com. 

You plan to add a new domain named child.contoso.com to the forest. 

On the DNS servers in child.contoso.com, you plan to create conditional forwarders that 

point to the DNS servers in contoso.com. 

You need to ensure that the DNS servers in contoso.com can resolve names for the 

servers in child.contoso.com. 

What should you create on the DNS servers in contoso.com? 

A. A zone delegation 

B. A conditional forwarder 

C. A root hint 

D. A trust point 

Answer: A 

Explanation: Understanding Zone Delegation 

Domain Name System (DNS) provides the option of dividing up the namespace into one or 

more zones, which can then be stored, distributed, and replicated to other DNS servers. 

When you are deciding whether to divide your DNS namespace to make additional zones, 

consider the following reasons to use additional zones: 

You want to delegate management of part of your DNS namespace to another location or 

department in your organization. 

You want to divide one large zone into smaller zones to distribute traffic loads among 

multiple servers, improve DNS name resolution performance, or create a more-fault-tolerant DNS environment. 

You want to extend the namespace by adding numerous subdomains at once, for example, 

to accommodate the opening of a new branch or site. 

Reference: Understanding Zone Delegation 

Q27. - (Topic 8) 

Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites. 

You plan to deploy DirectAccess. 

The network security policy states that when client computers connect to the corporate 

network from the Internet, all of the traffic destined for the Internet must be routed through 

the corporate network. 

You need to recommend a solution for the planned DirectAccess deployment that meets 

the security policy requirement. 

Solution: You enable split tunneling. 

Does this meet the goal? 

A. Yes 

B. No 

Answer: A 

Explanation: DirectAccess by default enables split tunneling. All traffic destined to the corpnet is sent over the DA IPsec tunnels, and all traffic destined for the Internet is sent directly to the Internet over the local interface. This prevents DA clients from bringing the corporate Internet connection to its knees. 

is DA split tunneling really a problem? The answer is no. 

Why? Because the risks that exist with VPNs, where the machine can act as a router between the Internet and the corporate network is not valid with DirectAccess. IPsec rules on the UAG server require that traffic be from an authenticated source, and all traffic between the DA client and server is protected with IPsec. 

Thus, in the scenario where the DA client might be configured as a router, the source of the traffic isn’t going to be the DA client, and authentication will fail – hence preventing the type of routing that VPN admins are concerned about. 

Reference: Why Split Tunneling is Not a Security Issue with DirectAccess 

Q28. - (Topic 8) 

Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table. 

All client computers run either Windows 7 or Windows 8. 

The corporate security policy states that all of the client computers must have the latest security updates installed. 

You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3. 

Which Network Access Protection (NAP) enforcement method should you implement? 

A. VPN 

B. DHCP 

C. IPsec 

D. 802.1x 

Answer: D 

Explanation: 

The most common method of the list is 802.1x for a variety of reasons. First, the industry has been selling 802.1x network authentication for the last 10 years. 1x gained tremendous popularity as wireless networking became prevalent in the late 90's and early 2000's and has been proven to be a viable solution to identifying assets and users on your network. For customers that have invested in 802.1x capable switches and access points, NAP can very easily be implemented to complement what is already in place. The Network Policy Server (NPS) role Windows Server 2008 has been dramatically improved to make 802.1x policy creation much simpler to do. 

Reference: Network Access Protection Using 802.1x VLAN’s or Port ACLs – Which is right for you? 

Q29. DRAG DROP - (Topic 8) 

Your network contains an Active Directory forest named contoso.com. 

Your company merges with another company that has an Active Directory forest named 

litwareinc.com. 

Each forest has one domain. 

You establish a two-way forest trust between the forests. 

The network contains three servers. The servers are configured as shown in the following table. 

You confirm that the client computers in each forest can resolve the names of the client computers in both forests. 

On dc1.litwareinc.com, you create a zone named GlobalNames. 

You need to recommend changes in both forests to ensure that the users in both forests can resolve single-label names by using the GlobalNames zone in litwareinc.com. 

Which changes should you recommend? 

To answer, drag the appropriate configuration to the correct server in the answer area. Each configuration may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content. 

Answer: 

Q30. - (Topic 3) 

You need to ensure that NAP meets the technical requirements. 

Which role services should you install? 

A. Network Policy Server, Health Registration Authority and Host Credential Authorization Protocol 

B. Health Registration Authority, Host Credential Authorization Protocol and Online Responder 

C. Certification Authority, Network Policy Server and Health Registration Authority 

D. Online Responder, Certification Authority and Network Policy Server 

Answer: C 

Explanation: 

* Scenario: 

Implement Network Access Protection (NAP). 

Ensure that NAP with IPSec enforcement can be configured. 

* Health Registration Authority 

Applies To: Windows Server 2008 R2, Windows Server 2012 

Health Registration Authority (HRA) is a component of a Network Access Protection (NAP) 

infrastructure that plays a central role in NAP Internet Protocol security (IPsec) 

enforcement. 

HRA obtains health certificates on behalf of NAP clients when they are compliant with 

network health requirements. These health certificates authenticate NAP clients for IPsec-protected communications with other NAP clients on an intranet. If a NAP client does not 

have a health certificate, the IPsec peer authentication fails and the NAP client cannot 

initiate communication with other IPsec-protected computers on the network. 

HRA is installed on a computer that is also running Network Policy Server (NPS) and 

Internet 

Information Services (IIS). If they are not already installed, these services will be added when you install HRA. 

Reference: Health Registration Authority