Virtual of 70-413 exam engine materials and practice for Microsoft certification for consumer, Real Success Guaranteed with Updated 70-413 pdf dumps vce Materials. 100% PASS Designing and Implementing a Server Infrastructure exam Today!
2021 Apr 70-413 Study Guide Questions:
Q1. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.
You plan to deploy DirectAccess.
The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network.
You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement.
Solution: You enable force tunneling.
Does this meet the goal?
Explanation: DirectAccess. DirectAccess allows connectivity to organizational network resources without the need for traditional virtual private network (VPN) connections.
DirectAccess allows remote users to securely access internal network file shares, Web sites, and applications without connecting to a virtual private network (VPN). An internal network is also known as a private network or intranet. DirectAccess establishes bi-directional connectivity with an internal network every time a DirectAccess-enabled computer connects to the Internet, even before the user logs on. Users never have to think about connecting to the internal network and IT administrators can manage remote computers outside the office, even when the computers are not connected to the VPN.
Q2. - (Topic 8)
Your network contains an Active Directory forest. The forest contains a single domain. The forest has five Active Directory sites. Each site is associated to two subnets.
You add a site named Site6 that contains two domain controllers. Site6 is associated to one subnet.
You need to verify whether replication to the domain controllers in Site6 completes successfully.
Which two possible commands can you use to achieve the goal? Each correct answer presents a complete solution.
C. repadmin /showattr
E. repadmin /showrepl
Explanation: B: The Get-ADReplicationUpToDatenessVectorTable cmdlet displays the highest Update Sequence Number (USN) for the specified domain controller(s). This information shows how up-to-date a replica is with its replication partners. During replication, each object that is replicated has USN and if the object is modified, the USN is incremented. The value of the USN for a given object is local to each domain controller where it has replicated are number is different on each domain controller.
E: The repadmin /showrepl command helps you understand the replication topology and replication failures. It reports status for each source domain controller from which the destination has an inbound connection object. The status report is categorized by directory partition.
Q3. - (Topic 8)
Your network contains multiple servers that run Windows Server 2012. All client computers run Windows 8.
You need to recommend a centralized solution to download the latest antivirus definitions for Windows Defender.
What should you include in the recommendation?
A. Microsoft System Center 2012 Endpoint Protection
B. Network Access Protection (NAP)
C. Microsoft System Center Essentials
D. Windows Server Update Services (WSUS)
To use WSUS to deploy Windows Defender definition updates to client computers, follow these steps:
1. Open the WSUS Administrator console, and then click Options at the top of the console.
2. Click Synchronization Options.
3. Under Products and Classifications, click Change under Products.
4. Verify that the Windows Defender check box is selected, and then click OK.
5. Under Products and Classifications, click Change under Update Classifications.
6. Verify that the Definition Updates check box is selected, and then click OK.
7. Optional Update the automatic approval rule. To do this, follow these steps:
a. At the top of the console, click Options.
b. Click Automatic Approval Options.
c. Make sure that the Automatically approve updates for installation by using the following rule check box is selected.
d. Under Approve for Installation, click Add/Remove Classification.
e. Verify that the Definition Updates check box is selected, and then click OK.
8. At the top of the console, click Options.
9. Click Synchronization Options.
10. On the taskbar on the left, click Synchronize now.
11. At the top of the console, click Updates.
12. Approve any Windows Defender updates that WSUS should deploy.
Reference: How to use Windows Server Update Services (WSUS) to deploy definition updates to computers that are running Windows Defender
Q4. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2008 R2. All domain controllers are installed on physical servers. The network contains several Hyper-V hosts.
The network contains a Microsoft System Center 2012 infrastructure.
You plan to use domain controller cloning to deploy several domain controllers that will run Windows Server 2012.
You need to recommend which changes must be made to the network infrastructure before you can use domain controller cloning.
What should you recommend?
A. Upgrade a global catalog server to Windows Server 2012. Deploy Virtual Machine Manager (VMM).
B. Upgrade a global catalog server to Windows Server 2012. Install the Windows Deployment Services server role on a server that runs Windows Server 2012.
C. Upgrade the domain controller that has the PDC emulator operations master role to Windows Server 2012. Deploy a Hyper-V host that runs Windows Server 2012.
D. Upgrade the domain controller that has the infrastructure master operations master role to Windows Server 2012. Install the Windows Deployment Services server role on a server that runs Windows Server 2012.
Explanation: The clone domain controller uses the security context of the source domain controller (the domain controller whose copy it represents) to contact the Windows Server 2012 Primary Domain Controller (PDC) emulator operations master role holder (also known as flexible single master operations, or FSMO). The PDC emulator must be running Windows Server 2012, but it does not have to be running on a hypervisor.
Reference: Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100)
Q5. - (Topic 8)
You have a server named Server1 that runs Windows Server 2012.
You have a 3-TB database that will be moved to Server1.
Server1 has the following physical disks:
. Three 2-TB SATA disks that are attached to a single IDE controller . One 1-TB SATA disk that is attached to a single IDE controller
You need to recommend a solution to ensure that the database can be moved to Server1. The solution must ensure that the database is available if a single disk fails.
What should you include in the recommendation?
A. Add each disk to a separate storage pool. Create a mirrored virtual disk.
B. Add two disks to a storage pool. Add the other disk to another storage pool. Create a mirrored virtual disk.
C. Add all of the disks to a single storage pool, and then create two simple virtual disks.
D. Add all of the disks to a single storage pool, and then create a parity virtual disk.
Parity A parity virtual disk is similar to a hardware Redundant Array of Inexpensive Disks (RAID5). Data, along with parity information, is striped across multiple physical disks. Parity enables Storage Spaces to continue to service read and write requests even when a drive has failed. A minimum of three physical disks is required for a parity virtual disk. Note that a parity disk cannot be used in a failover cluster.
Avant-garde 70-413 exam cram:
Q6. - (Topic 8)
Your network contains an Active Directory forest. The forest contains two Active Directory domains named contoso.com and child.contoso.com. The forest functional level is Windows Server 2003. The functional level of both domains is Windows Server 2008.
The forest contains three domain controllers. The domain controllers are configured as shown in the following table.
DC1 and DC2 have the DNS Server server role installed and are authoritative for both contoso.com and child.contoso.com.
The child.contoso.com domain contains a server named serverl.child.contoso.com that runs Windows Server 2012.
You plan to deploy server1.child.contoso.com as a read-only domain controller (RODC).
You run the adprep.exe /rodcprep command on DC3 and receive the following error message:
You need to identify what prevents you from successfully running Adprep /rodcprep on DC3.
What should you identify?
A. The domain functional level of child.contoso.com is set to the wrong level.
B. DC3 cannot connect to the infrastructure master on DC2.
C. DC3 cannot connect to the domain naming master on DC1.
D. The forest functional level is set to the wrong level.
Explanation: Adprep could not contact a replica…
This problem occurs when the Adprep /rodcprep command tries to contact the
infrastructure master for each application partition in the forest.
Reference: Error message when you run the "Adprep /rodcprep" command in Windows
Server 2008: "Adprep could not contact a replica for partition
Q7. - (Topic 8)
Your network contains an Active Directory forest that has two domains named contoso.com and europe.contoso.com. The forest contains five servers. The servers are configured as shown in the following table.
You plan to manage the DHCP settings and the DNS settings centrally by using IP Address Management (IPAM).
You need to ensure that you can use IPAM to manage the DHCP and DNS settings in both domains. The solution must use the minimum amount of administrative effort.
What should you do?
A. Upgrade DCE1 and DCE2 to Windows Server 2012, and then install the IP Address Management (IPAM) Server feature. Run the Set-IpamConfiguration cmdlet for each domain.
B. Upgrade DCE1 and DCE2 to Windows Server 2012, and then install the IP Address Management (IPAM) Server feature. Run the Invoke-IpamGpoProvisioning cmdlet for each domain.
C. Upgrade DC1 and DC2 to Windows Server 2012, and then install the IP Address Management (IPAM) Server feature. Run the Invoke-IpamGpoProvisioning cmdlet for each domain.
D. Upgrade DC1 and DC2 to Windows Server 2012, and then install the IP Address Management (IPAM) Server feature. Run the Set-IpamConfiguration cmdlet for each domain.
Explanation: * Upgrade the Windows 2003 Servers.
* Invoke-IpamGpoProvisioning Creates and links group policies in the specified domain for provisioning required access settings on the servers managed by the computer running the IP Address Management (IPAM) server.
Sets the configuration for the computer running the IP Address Management (IPAM)
server, including the TCP port number over which the computer running the IPAM Remote
Server Administration Tools (RSAT) client connects with the computer running the IPAM
Q8. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The functional level of the domain and the forest is Windows Server 2008 R2.
All domain controllers run Windows Server 2008 R2.
You plan to deploy a new line-of-business application named App1 that uses claims-based authentication.
You need to recommend changes to the network to ensure that Active Directory can provide claims for App1.
What should you include in the recommendation? (Each correct answer presents part of the solution. Choose all that apply.)
A. From the properties of the computer accounts of the domain controllers, enable Kerberos constrained delegation.
B. From the Default Domain Controllers Policy, enable the Support for Dynamic Access Control and Kerberos armoring setting.
C. Deploy Active Directory Lightweight Directory Services (AD LDS).
D. Raise the domain functional level to Windows Server 2012.
E. Add domain controllers that run Windows Server 2012.
Explanation: E: You must perform several steps to enable claims in Server 2012 AD. First, you must upgrade the forest schema to Server 2012. You can do so manually through Adprep, but Microsoft strongly recommends that you add the AD DS role to a new Server 2012 server or upgrade an existing DC to Server 2012.
B: Once AD can support claims, you must enable them through Group Policy:
. From the Start screen on a system with AD admin rights, open Group Policy Management and select the Domain Controllers Organizational Unit (OU) in the domain in which you wish to enable claims.
. Right-click the Default Domain Controllers Policy and select Edit.
. In the Editor window, drill down to Computer Configuration, Policies, Administrative
Templates, System, and KDC (Key Distribution Center). . Open.KDC support for claims, compound authentication, and Kerberos armoring. . Select the Enabled radio button..Supported.will appear under.Claims, compound
authentication for Dynamic Access Control and Kerberos armoring options
Reference: Enable Claims Support in Windows Server 2012 Active Directory
Q9. HOTSPOT - (Topic 8)
Your network contains an Active Directory domain named contoso.com.
The domain has a certification authority (CA). You create four certificate templates. The templates are configured as shown in the following table:
You install the Remote Access server role in the domain.
You need to configure DirectAccess to use one-time password (OTP) authentication.
What should you do? To answer, select the appropriate options in the answer area,
Q10. - (Topic 3)
You need to recommend a migration strategy for the DHCP servers. The strategy must meet the technical requirements.
Which Windows PowerShell cmdlet should you recommend running on the physical DHCP servers?
Explanation: * Scenario: / Main office: One physical DHCP server that runs Windows Server 2008 R2 / each branch office: One physical DHCP server that runs Windows Server 2008 R2 / The IPAM server in the main office gathers data from the DNS servers and the DHCP servers in all of the offices.
Command Prompt: C:PS>
Export-SmigServerSetting -Feature "DHCP" -User All -Group -Path "c:tempstore" -Verbose
This sample command exports the Dynamic Host Configuration Protocol (DHCP) Server and all other Windows features that are required by DHCP Server.
Actual 70-413 cram:
Q11. - (Topic 8)
A company has a line-of-business application named Appl that runs on an internal IIS server. Ap1l uses a SQL Server 2008 database that is hosted on the same server. You move the database to a dedicated SQL Server named SQL1. Users report that they can no longer access the application by using their domain credentials. You need to ensure that users can access Appl.
Solution: You configure App1 and SQL1 to use NTLM authentication. Then you restart the IIS and SQL Server services.
Does this meet the goal?
Q12. - (Topic 2)
You need to recommend a solution for the RODC.
Which attribute should you include in the recommendation?
Explanation: * Scenario: Deploy a read-only domain controller (RODC) to the London office
* The read-only domain controller (RODC) filtered attribute set (FAS) is a set of attributes of the Active Directory schema that is not replicated to an RODC. If you have data that you do not want to be replicated to an RODC in case it is stolen, you can add these attributes to the RODC FAS. If you add the attributes to the RODC FAS before you deploy the first RODC, the attributes are never replicated to any RODC.
/ To decide which attributes to add to the RODC FAS, review any schema extensions that have been performed in your environment and determine whether they contain credential-like data or not. In other words, you can exclude from consideration any attributes that are part of the base schema, and review all other attributes. Base schema attributes have the.systemFlags.attribute value 16 (0x10) set.
Reference: Customize the RODC Filtered Attribute Set
Q13. DRAG DROP - (Topic 8)
You manage a server named WAP01 that has the Web Application Proxy feature deployed. You deploy a web application named WebApp1 to a server named WEB01. WAP01 and WEB01 both run Microsoft Windows Server 2012 R2 and are members of the Active Directory Domain Services (AD DS) domain named corp.contoso.com.
You have the following requirements:
. WebApp1 must be available internally at URL https://webappl.corp.contoso.com by using Kerberos authentication.
. WebApp1 must be available externally at URL https://webappl.contoso.net by using Active Directory Federation Services (AD FS) authentication.
You need to configure computer accounts.
How should you complete the relevant Windows PowerShell commands? To answer, drag the appropriate Windows PowerShell segment to the correct location. Each Windows PowerShell segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Q14. - (Topic 3)
You need to recommend a server virtualization strategy that meets the technical requirements and the virtualization requirements.
What should you include in the recommendation?
A. Windows Server Backup
B. The Microsoft Virtual Machine Converter
C. Microsoft System Center 2012 Virtual Machine Manager (VMM)
Virtualize the application servers.
Automatically distribute the new virtual machines to Hyper-V hosts based on the current
resource us The main office has the following servers:
Five physical Hyper-V hosts that run Windows Server 2012age of the Hyper-V hosts.
* System Center Virtual Machine Manager 2012: VMM Gets Major Upgrade Expanded hypervisor support, virtual application support and a myriad of other upgrades are coming in the new VMM 2012.
There's no doubt that Microsoft is making System Center Virtual Machine Manager (VMM) a key component of the System Center suite. The scope of the product is being expanded so much that it could be renamed "System Center Virtual Datacenter Manager." The new version of VMM is currently in beta and is scheduled for release in the second half of 2011. VMM can now do bare-metal installations on fresh hardware, create Hyper-V clusters instead of just managing them, and communicate directly with your SAN arrays to provision storage for your virtual machines (VMs). The list of supported hypervisors has also arown—it includes not only Hyper-V and VMware vSphere Hvpervisor, but
Reference: System Center Virtual Machine Manager 2012: VMM Gets Major Upgrade
Q15. - (Topic 8)
Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012.
The forest contains an Active Directory domain. The domain contains a global security group named GPO_Admins that is responsible for managing Group Policies in the forest.
A second forest named fabrikam.com contains three domains. The forest functional level is Windows Server 2003.
You need to design a trust infrastructure to ensure that the GPO_Admins group can create, edit, and link Group Policies in every domain of the fabrikam.com forest.
What should you include in the design?
More than one answer choice may achieve the goal. Select the BEST answer.
A. A two-way forest trust
B. A one-way forest trust
C. Three external trusts
D. Three shortcut trusts
Q16. - (Topic 8)
This question consists of two statements: One is named Assertion and the other Is named Reason. Both of these statements may be true; both may be false; or one may be true, while the other may be false.
To answer this question, you must first evaluate whether each statement is true on its own. If both statements are true, then you must evaluate whether the Reason (the second statement) correctly explains the Assertion (the first statement). You will then select the answer from the list of answer choices that matches your evaluation of the two statements.
DHCP failover clustering provides load balancing when you use multiple DHCP servers to distribute IP addresses to the network clients. Clients can renew their IP leases even if some of the DCHP servers become unavailable. DHCP failover clustering supports stateless and stateful IPv4 and IPv6 IP addresses, as well as DHCP policies and filtering.
The cluster health monitoring mechanism ensures the fault tolerance of the DCHP service and all configured DHCP settings. It also protects the DHCP database from failures and corruptions.
Evaluate the Assertion and Reason statements and choose the correct answer option.
A. Both the Assertion and Reason are true, and the Reason is the correct explanation for the Assertion
B. Both the Assertion and Reason are true, but the Reason is not the correct explanation for the Assertion.
C. The Assertion is true, but the Reason is false.
D. The Assertion is false, but the Reason is true.
E. Both the Assertion and the Reason are false.