Top 16 practice exam 70-413 for IT engineers (113 to 128)

70-413 Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library! Try it Free Today!

Get it now →

Product Description:
Exam Number/Code: 70-413
Exam name: Designing and Implementing a Server Infrastructure
n questions with full explanations
Certification: Microsoft Certification
Last updated on Global synchronizing

Free Certification Real IT 70-413 Exam pdf Collection

Practical of 70-413 test materials and faq for Microsoft certification for IT engineers, Real Success Guaranteed with Updated 70-413 pdf dumps vce Materials. 100% PASS Today!

2016 Mar 70-413 Study Guide Questions:

Q113. - (Topic 3) 

You need to recommend a solution that meets the security requirements. 

Which schema attribute properties should you recommend modifying? 

A. isIndexed 

B. searchFlags 

C. isCriticalSystemObject 

D. schemaFlagsEx 

Answer: B 

Explanation: 

* Scenario: ). Confidential attributes must not be replicated to the Chicago office. 

* Applies To: Windows Server 2008, Windows Server 2012 This topic includes procedures for adding an attribute to the filtered attribute set (FAS) for a readonly domain controller (RODC) and marking the attribute as confidential data. You can perform these procedures to exclude specific data from replicating to RODCs in the forest. Because the data is not replicated to any RODCs, you can be assured that the data will not be revealed to an attacker who manages to successfully compromise an RODC. In most cases, adding an attribute to the RODC FAS is completed by the developer of the application that added the attribute to the schema. 

. Determine and then modify the current searchFlags value of an attribute 

. Verify that an attribute is added to the RODC FAS -Determine and then modify the current searchFlags value of an attribute To add an attribute to an RODC FAS, you must first determine the current searchFlags value of the attribute that you want to add, and then set the following values for searchflags: 

. To add the attribute to the RODC FAS, set the 10th bit to 0x200. 

. To mark the attribute as confidential, set the 7th bit to 0x080. 

Reference: Adding Attributes to the RODC Filtered Attribute Set 

http://technet.microsoft.com/en-us/library/cc754794(v=ws.10).aspx 


Q114. - (Topic 8) 

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2008 R2. All domain controllers are installed on physical servers. The network contains several Hyper-V hosts. 

The network contains a Microsoft System Center 2012 infrastructure. 

You plan to use domain controller cloning to deploy several domain controllers that will run Windows Server 2012. 

You need to recommend which changes must be made to the network infrastructure before you can use domain controller cloning. 

What should you recommend? 

A. Upgrade a global catalog server to Windows Server 2012. Deploy Virtual Machine Manager (VMM). 

B. Upgrade a global catalog server to Windows Server 2012. Install the Windows Deployment Services server role on a server that runs Windows Server 2012. 

C. Upgrade the domain controller that has the PDC emulator operations master role to Windows Server 2012. Deploy a Hyper-V host that runs Windows Server 2012. 

D. Upgrade the domain controller that has the infrastructure master operations master role to Windows Server 2012. Install the Windows Deployment Services server role on a server that runs Windows Server 2012. 

Answer: C 

Explanation: The clone domain controller uses the security context of the source domain controller (the domain controller whose copy it represents) to contact the Windows Server 2012 Primary Domain Controller (PDC) emulator operations master role holder (also known as flexible single master operations, or FSMO). The PDC emulator must be running Windows Server 2012, but it does not have to be running on a hypervisor. 

Reference: Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100) 


Q115. - (Topic 8) 

Your network contains an Active Directory domain named contoso.com. The domain contains a Microsoft System Center 2012 infrastructure. The domain contains two sites named Site1 and Site2. The sites connect to each other by using a 1-Mbps WAN link. 

The sites contain four servers. The servers are configured as shown in the following table. 


In Site2, you plan to deploy 50 Hyper-V hosts. 

You need to recommend a solution to deploy the Hyper-V hosts by using VMM. The solution must minimize the amount of traffic between Site1 and Site2 during deployment. 

What should you recommend? 

A. On Server4, install VMM. From the Virtual Machine Manager console, add Server1 as a PXE server and add Server4 as a library server. 

B. On Server4/ install VMM. From the Virtual Machine Manager console, add Server1 as a PXE server and a library server. 

C. On Server4, install WDS. From the Virtual Machine Manager console, add Server4 as a PXE server and a library server. 

D. On Server4, install WDS. From the Virtual Machine Manager console, add Server4 as a PXE server and add Server1 as a library server. 

Answer: C 


Q116. - (Topic 8) 

Your company has a main office. The main office is located in a building that has 10 floors. 

A datacenter on the ground floor contains a Windows Server 2012 failover cluster. The failover cluster contains a DHCP server resource named DHCP1. All client computers receive their IP addresses from DHCP1. All client computers are part of the 131.107.0.0/16 IPv4 subnet. 

You plan to implement changes to the network subnets to include a separate subnet for each floor of the office building. The subnets will connect by using routers. 

You need to recommend changes to the DHCP infrastructure to ensure that all of the client computers can receive their IP configuration by using DHCP. 

What should you recommend? 

More than one answer choice may achieve the goal. Select the BEST answer. 

A. Install a remote access server on each floor. Configure a DHCP relay agent on each new DHCP server. Create a scope for each subnet on DHCP1. 

B. Install a DHCP server on each floor. Create a scope for the local subnet on each new DHCP server. Enable DHCP Failover on each new DHCP server. 

C. Configure each router to forward requests for IP addresses to DHCP1. Create a scope for each subnet on DHCP1. 

D. Configure each router to forward requests for IP addresses to DHCP1. Create a scope for the 10.0.0.0/16 subnet on DHCP1. 

Answer: C 

Explanation: 

Excerpt: In TCP/IP networking, routers are used to interconnect hardware and software used on different physical network segments called subnets and forward IP packets between each of the subnets. To support and use DHCP service across multiple subnets, routers connecting each subnet should comply with DHCP/ BOOTP relay agent capabilities described in RFC 1542. 

Reference: Support multiple subnets with one DHCP server by configuring DHCP relay agents 

http://technet.microsoft.com/en-us/library/cc771390.aspx 


Q117. - (Topic 1) 

You are planning the decommissioning of research.contoso.com. 

You need to ensure that an administrator named Admin5 in the research department can manage the user accounts that are migrated to contoso.com. The solution must minimize the number of permissions assigned to Admin5. 

What should you do before you migrate the user accounts? 

A. Run the New-Object cmdlet, and then run the Add-ADPrincipalGroupMembershipcmdlet. 

B. Create a new organizational unit (OU), and then add Admin5 to the Account Operators group. 

C. Create a new organizational unit (OU), and then run the Delegation of Control Wizard. 

D. Run the New-Object cmdlet, and then run the Add-ADCentralAccessPolicyMembercmdlet. 

Answer: C 

Explanation: 

* Scenario: Decommission the research.contoso.com domain. All of the users and the Group Policy objects (GPOs) in research.contoso.com will be migrated to contoso.com. 

Reference: Delegation of Control Wizard 

http://technet.microsoft.com/en-us/library/dd145344.aspx 


70-413 practice test

Renovate 70-413 simulations:

Q118. - (Topic 8) 

Your network contains an Active Directory domain named contoso.com. The functional level of the domain and the forest is Windows Server 2008 R2. 

All domain controllers run Windows Server 2008 R2. 

You plan to deploy a new line-of-business application named App1 that uses claims-based authentication. 

You need to recommend changes to the network to ensure that Active Directory can provide claims for App1. 

What should you include in the recommendation? (Each correct answer presents part of the solution. Choose all that apply.) 

A. From the properties of the computer accounts of the domain controllers, enable Kerberos constrained delegation. 

B. From the Default Domain Controllers Policy, enable the Support for Dynamic Access Control and Kerberos armoring setting. 

C. Deploy Active Directory Lightweight Directory Services (AD LDS). 

D. Raise the domain functional level to Windows Server 2012. 

E. Add domain controllers that run Windows Server 2012. 

Answer: B,E 

Explanation: E: You must perform several steps to enable claims in Server 2012 AD. First, you must upgrade the forest schema to Server 2012. You can do so manually through Adprep, but Microsoft strongly recommends that you add the AD DS role to a new Server 2012 server or upgrade an existing DC to Server 2012. 

B: Once AD can support claims, you must enable them through Group Policy: 

. From the Start screen on a system with AD admin rights, open Group Policy Management and select the Domain Controllers Organizational Unit (OU) in the domain in which you wish to enable claims. 

. Right-click the Default Domain Controllers Policy and select Edit. 

. In the Editor window, drill down to Computer Configuration, Policies, Administrative 

Templates, System, and KDC (Key Distribution Center). . Open.KDC support for claims, compound authentication, and Kerberos armoring. . Select the Enabled radio button..Supported.will appear under.Claims, compound 

authentication for Dynamic Access Control and Kerberos armoring options 


Reference: Enable Claims Support in Windows Server 2012 Active Directory 


Q119. - (Topic 1) 

You need to recommend a management solution for the GPOs. The solution must meet the technical requirements. What should you include in the recommendation? 

A. Microsoft Baseline Security Analyzer (MBSA) 

B. Microsoft Desktop Optimization Pack (MDOP) 

C. Microsoft System Center 2012 Operations Manager 

D. Microsoft System Center 2012 Data Protection Manager (DPM) 

Answer: B 

Explanation: 

* Scenario: 

/ All changes to Group Policies must be logged. 

/ Administrators in the Paris office need to deploy a series of desktop restrictions to the 

entire company by using Group Policy. 

* Microsoft Desktop Optimization Pack 

Windows Vista Enterprise helps global organizations and enterprises with complex IT 

infrastructures lower IT costs, reduce risk, and stay connected. The Microsoft Desktop 

Optimization Pack for Software Assurance further extends this value by reducing 

application deployment costs, enabling delivery of applications as services, and allowing for 

better management and control of enterprise desktop environments. Together these 

technologies deliver a highly cost-effective and flexible Windows desktop management 

solution. 

What is the Microsoft Desktop Optimization Pack? 

The Microsoft Desktop Optimization Pack (MDOP) for Software Assurance is an add-on 

subscription license available to Software Assurance customers. It uses innovative 

technologies to help reduce the total cost of ownership (TCO) of the Windows desktop by 

accelerating operating system and application management and enhancing IT 

responsiveness and end-user uptime. It will enable you to better control the desktop, 

accelerate and simplify desktop deployments and management, and create a dynamic 

infrastructure by turning software into centrally managed services. 

MDOP facilitates accelerated deployment and manageability of Windows through these 

innovative technologies— available only to Windows Software Assurance customers. 

Reference: Microsoft Desktop Optimization Pack 

URL: http://technet.microsoft.com/en-us/library/cc507880.aspx 


Q120. - (Topic 8) 

Your network contains an Active Directory forest named contoso.com. 

You plan to deploy 200 Hyper-V hosts by using Microsoft System Center 2012 Virtual Machine Manager (VMM) Service Pack 1 (SP1). 

You add a PXE server to the fabric. 

You need to identify which objects must be added to the VMM library for the planned deployment. 

What should you identify? (Each correct answer presents part of the solution. Choose all that apply.) 

A. A host profile 

B. A capability profile 

C. A hardware profile 

D. A generalized image 

E. A service template 

Answer: A,D 

Explanation: Templates and profiles are used to standardize the creation of virtual 

machines and services. 

These configurations are stored in the VMM database but are not represented by physical 

configuration files. 

 (D) 

There are several new types of templates and profiles in VMM, most of which are used for service creation. 

 (A) 

There are also host profiles, used for deploying a Hyper-V host from a bare-metal computer, and capability profiles, used to specify the capabilities of virtual machines on each type of supported hypervisor when virtual machines are deployed to a private cloud. 

Note: 

* host profile: 

A Virtual Machine Manager library resource that contains hardware and operating system 

configuration settings to convert a bare-metal computer to a managed Hyper-V host. 

*capability profile: 

A Virtual Machine Manager library resource that defines which resources (for example, 

number of processors or maximum memory) are available to a virtual machine that is 

created in a private cloud. 


Q121. - (Topic 8) 

Your company is a hosting provider that provides cloud-based services to multiple customers. 

Each customer has its own Active Directory forest located in your company's datacenter. 

You plan to provide VPN access to each customer. The VPN solution will use RADIUS for authentication services and accounting services. 

You need to recommend a solution to forward authentication and accounting messages from the perimeter network to the Active Directory forest of each customer. 

What should you recommend? 

More than one answer choice may achieve the goal. Select the BEST answer. 

A. One RADIUS proxy for each customer and Active Directory Federation Services (AD FS) 

B. A RADIUS server for each customer and one RADIUS proxy 

C. One RADIUS proxy and one Active Directory Lightweight Directory Services (AD LDS) instance for each customer 

D. A RADIUS server for each customer and a RADIUS proxy for each customer 

Answer: B 

Explanation: RADIUS proxy You want to provide RADIUS authentication and authorization for outsourced service providers and minimize intranet firewall configuration. An intranet firewall is between your perimeter network (the network between your intranet and the Internet) and intranet. By placing an NPS server on your perimeter network, the firewall between your perimeter network and intranet must allow traffic to flow between the NPS server and multiple domain controllers. By replacing the NPS server with an NPS proxy, the firewall must allow only RADIUS traffic to flow between the NPS proxy and one or multiple NPS servers within your intranet. 



Q122. - (Topic 8) 

Your network contains an Active Directory forest named contoso.com. The forest contains one domain. 

Your company plans to open a new division named Division1. A group named Division1Admins will administer users and groups for Division1. 

You identify the following requirements for Division1: 

All Division1 users must have a complex password that is 14 characters. 

Division1Admins must be able to manage the user accounts for Division1. 

Division1Admins must be able to create groups, and then delete the groups that 

they create. 

Division1Admins must be able to reset user passwords and force a password 

change at the next logon for all Division1 users. 

You need to recommend changes to the forest to support the Division1 requirements. 

What should you recommend? 

More than one answer choice may achieve the goal. Select the BEST answer. 

A. In the forest create a new organizational unit (OU) named Division1 and delegate permissions for the OU to the Division1Admins group. Move all of the Division1 user accounts to the new OU. Create a fine-grained password policy for the Division1 users. 

B. Create a new child domain named divisionl.contoso.com. Move all of the Division1 user accounts to the new domain. Add the Division1Admin members to the Domain Admins group. Configure the password policy in a Group Policy object (GPO). 

C. Create a new forest. Migrate all of the Division1 user objects to the new forest and add the Division1Admins members to the Enterprise Admins group. Configure the password policy in a Group Policy object (GPO). 

D. In the forest create a new organizational unit (OU) named Division1 and add Division1Admins to the Managed By attribute of the new OU. Move the Division1 user objects to the new OU. Create a fine-grained password policy for the Division1 users. 

Answer: A 


70-413 sample question

High value 70-413 sample question:

Q123. - (Topic 3) 

You need to recommend a change to the Active Directory environment to support the company's planned changes. 

What should you include in the recommendation? 

A. Raise the functional level of the domain and the forest. 

B. Implement Administrator Role Separation. 

C. Upgrade the domain controllers that have the PDC emulator master role to Windows Server 2012. 

D. Upgrade the domain controller that has the domain naming master role to Windows Server 2012. 

Answer: A 

Explanation: 

* Scenario: 

The functional level of the domain and the forest is Windows Server 2008. 

Implement the Active Directory Recycle Bin. 


Q124. - (Topic 6) 

You need to plan the migration of App1. What should you do? 

A. Install App1 on drive C. Move all of the data that supports App1 to drive D. 

B. Expand the size of drive C Install App1 and all of the data that supports the app on drive C 

C. Install App1 on drive D. Move all of the data that supports App1 to an additional data drive. 

D. Install App1 on drive C. Move all of the data that supports App1 to an additional data drive. 

Answer: C 


Q125. DRAG DROP - (Topic 5) 

You need to design the file management solution. 

What should you do? To answer, drag the appropriate technology to the correct office. Each technology may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. 


Answer: 



Q126. - (Topic 8) 

Your company plans to hire 100 sales representatives who will work remotely. 

Each sales representative will be given a laptop that will run Windows 7. A corporate image of Windows 7 will be applied to each laptop. 

While the laptops are connected to the corporate network, they will be joined to the domain. The sales representatives will not be local administrators. 

Once the laptops are configured, each laptop will be shipped by courier to a sales representative. 

The sales representative will use a VPN connection to connect to the corporate network. 

You need to recommend a solution to deploy the VPN settings for the sales representatives. The solution must meet the following requirements: 

. Ensure that the VPN settings are the same for every sales representative. 

. Ensure that when a user connects to the VPN, an application named App1 starts. 

What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer. 

A. VPN auto triggering 

B. The Add-VpnConnectioncmdlet 

C. The Connection Manager Administration Kit (CMAK) 

D. Group Policy preferences 

Answer: C 

Explanation: Connection Manager is a client network connection tool that allows a user to connect to a remote network, such as an Internet service provider (ISP), or a corporate network protected by a virtual private network (VPN) server. The Connection Manager Administration Kit (CMAK) is a tool that you can use to customize the remote connection experience for users on your network by creating predefined connections to remote servers and networks. To create and customize a connection for your users, you use the CMAK wizard. 

Reference: Connection Manager Administration Kit 


Q127. - (Topic 8) 

Your network contains an Active Directory domain named contoso.com. 

The domain contains the organization units (OUs) configured as shown in the following table. 


Users and computers at the company change often. 

You create a Group Policy object (GPO) named GPO6. GPO6 contains user settings. 

You need to ensure that GPO6 applies to users when they log on to the kiosk computers only. The solution must minimize administrative effort. 

What should you do? 

A. Link GPO6 to OU4 and configure loopback processing in GPO6. 

B. Link GPO6 to OU1 and configure WMI filtering on GPO3. 

C. Link GPO6 to OU1 and configure loopback processing in GPO6. 

D. Link GPO6 to OU1 and configure loopback processing in GPO5. 

Answer: A 

Explanation: Group Policy applies to the user or computer in a manner that depends on where both the user and the computer objects are located in Active Directory. However, in some cases, users may need policy applied to them based on the location of the computer object alone. You can use the Group Policy loopback feature to apply Group Policy Objects (GPOs) that depend only on which computer the user logs on to. 


Q128. HOTSPOT - (Topic 8) 

Your network contains an Active Directory forest named northwindtraders.com. 

The client computers in the finance department run either Windows 8.1, Windows 8, or Windows 7. All of the client computers in the marketing department run Windows 8.1. 

You need to design a Network Access Protection (NAP) solution for northwindtraders.com that meets the following requirements: 

. The client computers in the finance department that run Windows 7 must have a firewall enabled and the antivirus software must be up-to-date. 

. The finance computers that run Windows 8.1 or Windows 8 must have automatic updating enabled and the antivirus software must be up-to-date. 

. The client computers in the marketing department must have automatic updating enabled and the antivirus software must be up-to-date. 

. If a computer fails to meet its requirements, the computers must be provided access to a limited set of resources on the network. 

. If a computer meets its requirements, the computer must have full access to the network. 

What is the minimum number of objects that you should create to meet the requirements? To answer, select the appropriate number for each object type in the answer area. 



Answer: 




see more 70-413 - Designing and Implementing a Server Infrastructure