70-413 Royal Pack Testengine pdf
100% Actual & Verified — 100% PASS
Unlimited access to the world's largest Dumps library! Try it Free Today!https://www.exambible.com/70-413-exam/
Exam Number/Code: 70-413
Exam name: Designing and Implementing a Server Infrastructure
n questions with full explanations
Certification: Microsoft Certification
Last updated on Global synchronizing
Download of 70-413 exam question materials and software for Microsoft certification for IT professionals, Real Success Guaranteed with Updated 70-413 pdf dumps vce Materials. 100% PASS Designing and Implementing a Server Infrastructure exam Today!
2016 Apr 70-413 Study Guide Questions:
Q33. - (Topic 8)
Your network contains an Active Directory forest. The forest contains two Active Directory domains named contoso.com and child.contoso.com. The forest functional level is Windows Server 2003. The functional level of both domains is Windows Server 2008.
The forest contains three domain controllers. The domain controllers are configured as shown in the following table.
DC1 and DC2 have the DNS Server server role installed and are authoritative for both contoso.com and child.contoso.com.
The child.contoso.com domain contains a server named serverl.child.contoso.com that runs Windows Server 2012.
You plan to deploy server1.child.contoso.com as a read-only domain controller (RODC).
You run the adprep.exe /rodcprep command on DC3 and receive the following error message:
You need to identify what prevents you from successfully running Adprep /rodcprep on DC3.
What should you identify?
A. The domain functional level of child.contoso.com is set to the wrong level.
B. DC3 cannot connect to the infrastructure master on DC2.
C. DC3 cannot connect to the domain naming master on DC1.
D. The forest functional level is set to the wrong level.
Explanation: Adprep could not contact a replica…
This problem occurs when the Adprep /rodcprep command tries to contact the
infrastructure master for each application partition in the forest.
Reference: Error message when you run the "Adprep /rodcprep" command in Windows
Server 2008: "Adprep could not contact a replica for partition
Q34. - (Topic 8)
Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the DHCP Server server role installed. The network contains a Virtual Desktop Infrastructure (VDI).
All virtual machines run Windows 8.
You identify the following requirements for allocating IPv4 addresses to client computers:
All virtual desktops must have static IP addresses.
All laptop computers must receive dynamic IP addresses.
All virtual desktops must be prevented from obtaining dynamic address.
You need to recommend a DHCP solution that meets the requirements for allocating IPv4 addresses.
The solution must use the least amount of administrative effort.
What should you recommend?
More than one answer choice may achieve the goal. Select the BEST answer.
A. Configure DHCP filtering.
B. Configure DHCP policies.
C. Create two physical subnets. Connect the laptop computers to the subnet that contains Server1.
D. Create two physical subnets. Configure 802.1X authentication for each subnet.
Explanation: The DHCP Server role in Windows Server 2012 introduces a new feature
that allows you to create IPv4 policies that specify custom IP address and option
assignments for DHCP clients based on a set of conditions.
The policy based assignment (PBA) feature allows you to group DHCP clients by specific
attributes based on fields contained in the DHCP client request packet. PBA enables
targeted administration and greater control of the configuration parameters delivered to
network devices with DHCP.
Example: In a subnet which has a mix of wired and mobile computers, you might want to
assign a shorter, 4 hour lease duration to mobile computers and longer, 4 day lease
duration to wired computers.
not A: DHCP filtering provides security by filtering untrusted DHCP messages. An
untrusted message is a message that is received from outside the network or firewall, and
that can cause traffic attacks within network.
Reference: Introduction to DHCP Policies
Q35. - (Topic 3)
You need to ensure that NAP meets the technical requirements.
Which role services should you install?
A. Network Policy Server, Health Registration Authority and Host Credential Authorization Protocol
B. Health Registration Authority, Host Credential Authorization Protocol and Online Responder
C. Certification Authority, Network Policy Server and Health Registration Authority
D. Online Responder, Certification Authority and Network Policy Server
Implement Network Access Protection (NAP).
Ensure that NAP with IPSec enforcement can be configured.
* Health Registration Authority
Applies To: Windows Server 2008 R2, Windows Server 2012
Health Registration Authority (HRA) is a component of a Network Access Protection (NAP)
infrastructure that plays a central role in NAP Internet Protocol security (IPsec)
HRA obtains health certificates on behalf of NAP clients when they are compliant with
network health requirements. These health certificates authenticate NAP clients for IPsec-protected communications with other NAP clients on an intranet. If a NAP client does not
have a health certificate, the IPsec peer authentication fails and the NAP client cannot
initiate communication with other IPsec-protected computers on the network.
HRA is installed on a computer that is also running Network Policy Server (NPS) and
Information Services (IIS). If they are not already installed, these services will be added when you install HRA.
Reference: Health Registration Authority
Q36. HOTSPOT - (Topic 4)
On Server2, you create a Run As Account named Account1. Account1 is associated to an Active Directory account named VMMIPAM.
You need to implement an IPAM solution.
What should you do? To answer, select the appropriate configuration for each server in the answer area.
Q37. - (Topic 8)
Your company has a main office, ten regional datacenters and 100 branch offices. You are designing the site topology for an Active Directory forest named contoso.com. The forest will contain the following servers:
* In each regional datacenter and in the main office, a domain controller that runs Windows
* In each branch office, a file server that runs Windows Server 2012
You have a shared folder that is accessed by using the path \\contoso.com\shares\software. The folder will be replicated to a local file server in each branch office by using Distributed File System (DFS) replication.
You need to recommend an Active Directory site design to meet the following requirements:
* Ensure that users in the branch offices will be authenticated by a domain controller in the closest regional datacenter.
* Ensure that users automatically connect to the closest file server when they access \\contoso.com\shares\software.
How many Active Directory sites should you recommend?
Most recent 70-413 dumps:
Q38. - (Topic 3)
You need to recommend changes to the Active Directory environment to support the virtualization requirements.
What should you include in the recommendation?
A. Raise the functional level of the domain and the forest.
B. Upgrade the domain controller that has the domain naming master role to Windows Server 2012.
C. Implement Administrator Role Separation.
D. Upgrade the domain controllers that have the PDC emulator master role to Windows Server 2012.
Explanation: From case study:
* Ensure that the additional domain controllers for the branch offices can be deployed by using domain controller cloning.
Q39. - (Topic 6)
You need To configure the Group Policy for salespeople.
Solution: You move all shared desktops to a separate organizational unit (OU). You create one Group Policy object (GPO) that has an AppLocker policy rule and enable loopback policy processing within the GPO. You link the GPO to the new OU.
Does this meet the goal?
Q40. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.
You plan to deploy DirectAccess.
The network security policy states that when client computers connect to the corporate
network from the Internet, all of the traffic destined for the Internet must be routed through
the corporate network.
You need to recommend a solution for the planned DirectAccess deployment that meets
the security policy requirement.
Solution: You enable split tunneling.
Does this meet the goal?
Explanation: DirectAccess by default enables split tunneling. All traffic destined to the corpnet is sent over the DA IPsec tunnels, and all traffic destined for the Internet is sent directly to the Internet over the local interface. This prevents DA clients from bringing the corporate Internet connection to its knees.
is DA split tunneling really a problem? The answer is no.
Why? Because the risks that exist with VPNs, where the machine can act as a router between the Internet and the corporate network is not valid with DirectAccess. IPsec rules on the UAG server require that traffic be from an authenticated source, and all traffic between the DA client and server is protected with IPsec.
Thus, in the scenario where the DA client might be configured as a router, the source of the traffic isn’t going to be the DA client, and authentication will fail – hence preventing the type of routing that VPN admins are concerned about.
Reference: Why Split Tunneling is Not a Security Issue with DirectAccess
Q41. DRAG DROP - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains five servers. The servers are configured as shown in the following table.
You plan to implement Network Access Protection (NAP) with IPSec enforcement on all client computers.
You need to identify on which servers you must perform the configurations for the NAP deployment.
Which servers should you identify? To answer, drag the appropriate servers to the correct actions. Each server may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Q42. - (Topic 8)
A company has a line-of-business application named Appl that runs on an internal IIS server. Ap1l uses a SQL Server 2008 database that is hosted on the same server. You move the database to a dedicated SQL Server named SQL1. Users report that they can no longer access the application by using their domain credentials. You need to ensure that users can access Appl.
Solution: You configure App1 and SQL1 to use NTLM authentication. Then you restart the IIS and SQL Server services.
Does this meet the goal?
Certified 70-413 simulations:
Q43. - (Topic 1)
You need to recommend which changes must be implemented to the network before you can deploy the new web application.
What should you include in the recommendation?
A. Change the forest functional level to Windows Server 2008 R2.
B. Upgrade the DNS servers to Windows Server 2012.
C. Change the functional level of both the domains to Windows Server 2008 R2.
D. Upgrade the domain controllers to Windows Server 2012.
The domain controllers run Windows Server 2008 R2.
The company is migrating to Windows Server 2012.
Q44. - (Topic 4)
You need to implement a solution for DNS replication.
Which cmdlets should you run?
A. Set-DnsServer and Invoke-DnsServerZoneSign
B. ConvertTo-DnsServerPrimaryZone and Register-DnsServerDirectoryPartition
C. UnRegister-DnsServerDirectoryPartition and Add-DnsServerForwarder
D. Set-DnsServerDnsSecZoneSetting and Invoke-DnsServerZoneSign
Explanation: * UnRegister-DnsServerDirectoryPartition The UnRegister-DnsServerDirectoryPartition cmdlet deregisters a Domain Name System (DNS) server from a specified DNS application directory partition. After you deregister a DNS server from a DNS application directory partition, the DNS server removes itself the from the replication scope of the partition.
* Add-DnsServerForwarder The Add-DnsServerForwarder cmdlet adds one or more forwarders to a DNS server's forwarders list. If you prefer one of the forwarders, put that forwarder first in the series of forwarder IP addresses. After you first use this cmdlet to add forwarders to a DNS server, this cmdlet adds forwarders to the end of the forwarders list.
Q45. - (Topic 2)
You need to recommend a solution for the RODC.
Which attribute should you include in the recommendation?
Explanation: * Scenario: Deploy a read-only domain controller (RODC) to the London office
* The read-only domain controller (RODC) filtered attribute set (FAS) is a set of attributes of the Active Directory schema that is not replicated to an RODC. If you have data that you do not want to be replicated to an RODC in case it is stolen, you can add these attributes to the RODC FAS. If you add the attributes to the RODC FAS before you deploy the first RODC, the attributes are never replicated to any RODC.
/ To decide which attributes to add to the RODC FAS, review any schema extensions that have been performed in your environment and determine whether they contain credential-like data or not. In other words, you can exclude from consideration any attributes that are part of the base schema, and review all other attributes. Base schema attributes have the.systemFlags.attribute value 16 (0x10) set.
Reference: Customize the RODC Filtered Attribute Set
Q46. - (Topic 8)
You manage a server infrastructure for a software development company. There are 30 physical servers distributed across 4 subnets, and one Microsoft Hyper-V cluster that can run up to 100 virtual machines (VMs). You configure the servers to receive the IP address from a DHCP server named SERVER1 that runs Microsoft Windows Server 2012 R2. You assign a 30-day duration to all DHCP leases.
Developers create VMs in the environment to test new software. They may create VMs several times each week.
Developers report that some new VMs cannot acquire IP address. You observe that the DHCP scope is full and delete non-existent devices manually. All physical servers must keep their current DHCP lease configuration.
You need to ensure that the DHCP lease duration for VMs is 8 hours.
What should you configure?
A. 4 server-level Allow filters
B. 1 server-level DHCP policy
C. 1 scope-level DHCP policy
D. 4 scope-level exclusion ranges
Q47. - (Topic 8)
A company has offices in multiple geographic locations. The sites have high-latency, low-bandwidth connections. You need to implement a multisite Windows Deployment Services (WDS) topology for deploying standard client device images to all sites.
Solution: At each site, you install a WDS Server. You apply the same configuration settings to each WDS Server. You configure Distributed File Server Replication (DFSR) to synchronize install images.
Does this meet the goal?
Q48. - (Topic 8)
You deploy an Active Directory domain named contoso.com to the network. The domain is configured as an Active Directory-integrated zone. All domain controllers run Windows Server
2012 and are DNS servers.
You plan to deploy a child domain named operations.contoso.com.
You need to recommend changes to the DNS infrastructure to ensure that users in the operations department can access the servers in the contoso.com domain.
What should you include in the recommendation?
A. A zone delegation for _msdcs.contoso.com
B. Changes to the replication scope of contoso.com
C. Changes to the replication scope of _msdcs.contoso.com
D. Changes to the replication scope of operations.contoso.com
Manually Create a Delegation for the Child Domain on the Parent (Root) DNS Server
1. Right-click the root zone, click New Delegation, and then click Next.
2. Type the domain name for the child domain, and then click Next.
3. Add the child DNS server to host the new zone, and then click Next. NOTE: A domain controller that is a DNS server should have a static Transport Control Protocol/Internet Protocol (TCP/IP) address. Verify that this step is performed before you install DNS on the child domain controller. If no DNS TCP/IP address exists, DNS is installed as a root server. If you see that a "." folder is created after you install DNS, you must remove the root configuration. For additional information about how to do this, click the article number below to view the article in the Microsoft Knowledge Base: 229840 DNS Server's Root Hints and Forwarder Pages Are Unavailable
4. On the child domain DNS server, right-click My Network Places, and then click Properties.
5. Right-click the appropriate local connection, and then click Properties.
6. Under Components checked are used by this connection, click Internet Protocol (TCP/IP), and then click Properties.
7. Click Use the following DNS server addresses:, and then type the TCP/IP address of the parent (root) DNS server.
Reference: How To Create a Child Domain in Active Directory and Delegate the DNS Namespace to the Child Domain
see more 70-413 - Designing and Implementing a Server Infrastructure