70-413 questions pool(129 to 144) for consumer: Mar 2016 Edition

70-413 Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library! Try it Free Today!

Get it now →

Product Description:
Exam Number/Code: 70-413
Exam name: Designing and Implementing a Server Infrastructure
n questions with full explanations
Certification: Microsoft Certification
Last updated on Global synchronizing

Free Certification Real IT 70-413 Exam pdf Collection

Real of 70-413 practice exam materials and braindump for Microsoft certification for consumer, Real Success Guaranteed with Updated 70-413 pdf dumps vce Materials. 100% PASS Today!

2016 Mar 70-413 Study Guide Questions:

Q129. - (Topic 8) 

Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the DHCP Server server role installed. 

All of the client computers that are in a subnet named Subnet1 receive their IP address configurations from Server1. 

You plan to add another DHCP server named Server2 to Subnet1. 

You need to recommend changes to the DHCP infrastructure to ensure that the client computers continue to receive IP addressing information if a single DHCP server fails. 

What should you do? 

More than one answer choice may achieve the goal. Select the BEST answer. 

A. Create a Network Load Balancing (NLB) cluster. 

B. Configure Failover for the scope. 

C. Create a DHCP failover cluster. 

D. Create a split scope. 

Answer: B 

Explanation: 

One of the great features in Windows Server 2012 R2 is the DHCP failover for Microsoft DHCP scopes. Failover is where the environment suffers an outage of a service which triggers the failover of that service function to a secondary server or site. The assumption for most failover configurations is that the primary server is completely unavailable. 



Q130. - (Topic 2) 

You run the Get-DNSServer cmdlet on DC01 and receive the following output: 


You need to recommend changes to DC01. Which attribute should you recommend modifying? 

A. EnablePollutionProtection 

B. isReadOnly 

C. Locking Percent 

D. ZoneType 

Answer: C 

Explanation: * Scenario: The DNS servers must be prevented from overwriting the existing DNS entries that have been stored in cache. 

* Cache locking is configured as a percent value. For example, if the cache locking value is set to 50, then the DNS server will not overwrite a cached entry for half of the duration of the TTL. By default, the cache locking percent value is 100. This means that cached entries will not be overwritten for the entire duration of the TTL. The cache locking value is stored in the CacheLockingPercent registry key. If the registry key is not present, then the DNS server will use the default cache locking value of 100. 

Reference: DNS Cache Locking 


Q131. - (Topic 8) 

Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites. 

You plan to deploy DirectAccess. 

The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network. 

You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement. 

Solution: You enable force tunneling. 

Does this meet the goal? 

A. Yes 

B. No 

Answer: A 

Explanation: DirectAccess. DirectAccess allows connectivity to organizational network resources without the need for traditional virtual private network (VPN) connections. 

DirectAccess allows remote users to securely access internal network file shares, Web sites, and applications without connecting to a virtual private network (VPN). An internal network is also known as a private network or intranet. DirectAccess establishes bi-directional connectivity with an internal network every time a DirectAccess-enabled computer connects to the Internet, even before the user logs on. Users never have to think about connecting to the internal network and IT administrators can manage remote computers outside the office, even when the computers are not connected to the VPN. 


Q132. - (Topic 8) 

Your network contains an Active Directory forest named contoso.com. The forest contains five domains. You need to ensure that the CountryCode attribute is replicated to the global catalog. 

What should you do? 

A. Modify the schema partition. 

B. Create and modify an application partition. 

C. Modify the configuration partition. 

D. Modify the domain partitions. 

Answer: A 

Explanation: Directory Partition Subtrees 

Every domain controller contains the following three directory partitions: 

* Schema Contains the Schema container, which stores class and attribute definitions for all existing 

and possible Active Directory objects in cn=schema,cn=configuration,dc= forestRootDomain . Updates to this container are replicated to all domain controllers in the forest. You can view the contents of the Schema container in the Active Directory Schema console. 

* Configuration 

* Domain 

Reference: Directory Partitions 


Q133. - (Topic 3) 

You need to recommend a remote access solution that meets the VPN requirements. 

Which role service should you include in the recommendation? 

A. Routing 

B. Network Policy Server 

C. DirectAccess and VPN (RAS) 

D. Host Credential Authorization Protocol 

Answer: B 

Explanation: 

Scenario: 

A server that runs Windows Server 2012 will perform RADIUS authentication for all of the 

VPN connections. 

Ensure that NAP with IPSec enforcement can be configured. 

Network Policy Server 

Network Policy Server (NPS) allows you to create and enforce organization-wide network 

access policies for client health, connection request authentication, and connection request 

authorization. In addition, you can use NPS as a Remote Authentication Dial-In User 

Service 

(RADIUS) proxy to forward connection requests to a server running NPS or other RADIUS 

servers that you configure in remote RADIUS server groups. 

NPS allows you to centrally configure and manage network access authentication, 

authorization, are client health policies with the following three features: RADIUS server. 

NPS performs centralized authorization, authorization, and accounting for wireless, 

authenticating switch, remote access dial-up and virtual private network (VNP) 

connections. When you use NPS as a RADIUS server, you configure network access 

servers, such as wireless access points and VPN servers, as RADIUS clients in NPS. You 

also configure network policies that NPS uses to authorize connection requests, and you 

can configure RADIUS accounting so that NPS logs accounting information to log files on 

the local hard disk or in a Microsoft SQL Server database. 

Reference: Network Policy Server 


70-413 exam answers

Updated 70-413 download:

Q134. - (Topic 3) 

You need to recommend a server deployment strategy for the main office that meets the server deployment requirements. 

What should you recommend installing in the main office? 

A. Windows Deployment Services (WDS) 

B. The Windows Automated Installation Kit (Windows AIK) 

C. The Express Deployment Tool (EDT) 

D. The Windows Assessment and Deployment Kit (Windows ADK) 

Answer: A 

Explanation: WDS is a server role that enables you to remotely deploy Windows operating systems. You can use it to set up new computers by using a network-based installation. 

This means that you do not have to install each operating system directly from a CD, USB drive, or DVD. 

Reference: What's New in Windows Deployment Services in Windows Server 


Q135. - (Topic 8) 

Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table. 


All client computers run either Windows 7 or Windows 8. 

The corporate security policy states that all of the client computers must have the latest security updates installed. 

You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3. 

Which Network Access Protection (NAP) enforcement method should you implement? 

A. VPN 

B. DHCP 

C. IPsec 

D. 802.1x 

Answer: D 

Explanation: 

The most common method of the list is 802.1x for a variety of reasons. First, the industry has been selling 802.1x network authentication for the last 10 years. 1x gained tremendous popularity as wireless networking became prevalent in the late 90's and early 2000's and has been proven to be a viable solution to identifying assets and users on your network. For customers that have invested in 802.1x capable switches and access points, NAP can very easily be implemented to complement what is already in place. The Network Policy Server (NPS) role Windows Server 2008 has been dramatically improved to make 802.1x policy creation much simpler to do. 

Reference: Network Access Protection Using 802.1x VLAN’s or Port ACLs – Which is right for you? 


Q136. - (Topic 8) 

Your company has a main office and a branch office. 

The network contains an Active Directory domain named contoso.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table. 


The domain contains two global groups. The groups are configured as shown in the following table. 


You need to ensure that the RODC is configured to meet the following requirements: 

. Cache passwords for all of the members of Branch1Users. 

. Prevent the caching of passwords for the members of Helpdesk. 

What should you do? 

A. Modify the membership of the Denied RODC Password Replication group. 

B. Install the BranchCache feature on RODC1. 

C. Modify the delegation settings of RODC1. 

D. Create a Password Settings object (PSO) for the Helpdesk group. 

Answer: A 

Explanation: Password Replication Policy Allowed and Denied lists 

Two new built-in groups are introduced in Windows Server 2008 Active Directory domains to support RODC operations. These are the Allowed RODC Password Replication Group and Denied RODC Password Replication Group. These groups help implement a default Allowed List and Denied List for the RODC Password Replication Policy. By default, the two groups are respectively added to the msDS-RevealOnDemandGroup and msDS-NeverRevealGroup Active Directory attributes. 

Reference: Password Replication Policy 


Q137. HOTSPOT - (Topic 8) 

You have a domain controller that hosts an Active Directory-integrated zone. 

On the domain controller, you run the following cmdlet: 

PS C:\> Get-DnsServerScavenging 

NoRefreshInterval:2.00:00:00 RefreshInterval:3.00:00:00 ScavengingInterval:4.00:00:00 ScavengingState:True LastScavengeTime:1/30/2014 9:10:36 AM 

Use the drop-down menus to select the answer choice that completes each statement. 



Answer: 



Q138. - (Topic 8) 

You plan to deploy serverl.child.contoso.com as a read-only domain controller (RODC). 

You run the adprep.exe /rodcprep command on DC3 and receive the following error message: 


You need to identify what prevents you from successfully running Adprep /rodcprep on DC3. 

What should you identify? 

A. The domain functional level of child.contoso.com isset to the wrong level. 

B. DC3 cannot connect to the domain naming master on DC1. 

C. The forest functional level is set to the wrong level. 

D. DC3 cannot connect to the infrastructure master onDC2. 

Answer: D 

Explanation: Adprep could not contact a replica… 

This problem occurs when the Adprep /rodcprep command tries to contact the 

infrastructure master for each application partition in the forest. 

Reference: Error message when you run the "Adprep /rodcprep" command in Windows 

Server 2008: "Adprep could not contact a replica for partition 

DC=DomainDnsZones,DC=Contoso,DC=com" 


70-413 vce

Top Quality 70-413 free exam:

Q139. - (Topic 8) 

Your network contains an Active Directory forest. The forest contains a single domain. The forest has five Active Directory sites. Each site is associated to two subnets. 

You add a site named Site6 that contains two domain controllers. Site6 is associated to one subnet. 

You need to verify whether replication to the domain controllers in Site6 completes successfully. 

Which two possible commands can you use to achieve the goal? Each correct answer presents a complete solution. 

A. Get-ADReplicationSubnet 

B. Get-ADReplicationUpToDatenessVectorTable 

C. repadmin /showattr 

D. Get-ADReplicationSite1ink 

E. repadmin /showrepl 

Answer: B,E 

Explanation: B: The Get-ADReplicationUpToDatenessVectorTable cmdlet displays the highest Update Sequence Number (USN) for the specified domain controller(s). This information shows how up-to-date a replica is with its replication partners. During replication, each object that is replicated has USN and if the object is modified, the USN is incremented. The value of the USN for a given object is local to each domain controller where it has replicated are number is different on each domain controller. 

E: The repadmin /showrepl command helps you understand the replication topology and replication failures. It reports status for each source domain controller from which the destination has an inbound connection object. The status report is categorized by directory partition. 


Q140. - (Topic 8) 

You plan to simplify the organizational unit (OU) structure for a company. You must consolidate all member servers in the domain to a single OU named MemberServers. 

You must apply Group Policy settings for servers that meet the following criteria: 

Server operating systems: Windows Server 2012 

Server hardware platform: 64-bit 

Server memory: less than 16 GB of RAM 

Solution: You create a WMI filter action that includes the following query: 


Does this meet the goal? 

A. Yes 

B. No 

Answer: B 


Q141. - (Topic 8) 

You have a System Center 2012 R2 Virtual Machine Manager (VMM) infrastructure that manages five Hyper-V hosts. The Hyper-V hosts are not clustered. 

You have a virtual machine template that deploys a base image of Windows Server 2012 R2. No role services or features are enabled in the base image. 

You need to deploy a virtual machine named VM1 that is based on the virtual machine template. 

VM1 will be deployed as part of a service. VM1 must have the Web Server (IIS) server role installed. The solution must not require modifications to the virtual machine template or the base image. 

What are two possible profile types that achieve the goal? Each correct answer presents a complete solution. 

A. Capability 

B. Application 

C. Guest OS 

D. Hardware 

E. Physical Computer 

Answer: A,C 

Explanation: A: In Capability, you must select a capability profile that is supported by the private cloud. C:guest OS profile 

* define Windows Operating System specialization values for the virtual machine. 

*On the Configure Operating System page, configure the guest operating system settings. If you have an existing guest operating system profile that you want to use, in the Guest OS profile list, click the guest operating system profile that you want to use. After you configure the guest operating system settings, click Next. 


Q142. DRAG DROP - (Topic 8) 

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2008. Server1 is configured as an enterprise certification authority (CA). 

You back up all of the data on Server1, and then export the private and public keys of the CA. 

You plan to replace Server1 with a new member server that was purchased recently. 

You need to identify which actions must be performed on the new server to restore the certificate services of Server1. 

Which three actions should you identify? 

To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order. 


Answer: 



Q143. HOTSPOT - (Topic 8) 

Your network contains an Active Directory domain named contoso.com. 

The domain has a certification authority (CA). You create four certificate templates. The templates are configured as shown in the following table: 


You install the Remote Access server role in the domain. 

You need to configure DirectAccess to use one-time password (OTP) authentication. 

What should you do? To answer, select the appropriate options in the answer area, 



Answer: 



Q144. HOTSPOT - (Topic 4) 

You need to recommend a solution for communicating to Windows Azure services. 

What should you recommend? To answer, select the appropriate options in the answer area. 



Answer: 




see more 70-413 - Designing and Implementing a Server Infrastructure