Updated 70-413: Examcollection real testing bible from 129 to 144

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-413 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/70-413-dumps.html


70-413 Product Description:
Exam Number/Code: 70-413 vce
Exam name: Designing and Implementing a Server Infrastructure
n questions with full explanations
Certification: Microsoft Certification
Last updated on Global synchronizing

Instant Access to Free VCE Files: Microsoft 70-413 Designing and Implementing a Server Infrastructure

70-413 examcollection

Question No. 129

- (Topic 7) 

You have an IP Address Management (IPAM) server that runs Windows Server 2012 SP1. You need to integrate the IPAM server with System Center Virtual Machine Manager (SCVMM). 

Solution: You create a dedicated user account named IPAM_svc, and add it to the Local Administrators local group on the SO/MM server. 

Does this meet the goal? 

A. Yes 

B. No 

Answer:

Reference: How to integrate IPAM with SCVMM 2012 R2 


Question No. 130

HOTSPOT - (Topic 4) 

You are planning the certificates for Northwind Traders. 

You need to identify the certificate configurations required for App1. 

How should you configure the certificate request? To answer, select the appropriate 

options in the answer area. 



Answer: 



Question No. 131

- (Topic 8) 

Your company has three offices. The offices are located in New York, Chicago, and Atlanta. 

The network contains an Active Directory domain named contoso.com that has three Active Directory sites named Site1, Site2,and Site3. The New York office is located in Site1. The Chicago office is located in Site2. The Atlanta office is located in Site3. There is a local IT staff to manage the servers in each site. The current domain controllers are configured as shown in the following table. 


The company plans to open a fourth office in Montreal that will have a corresponding Active Directory site. Because of budget cuts, a local IT staff will not be established for the Montreal site. 

The Montreal site has the following requirements: 

. Users must be able to authenticate locally. 

. Users must not have the ability to log on to the domain controllers. 

. Domain account passwords must not be obtained from servers in the Montreal 

site. . Network bandwidth between the Montreal site and the other sites must be minimized. . Users in the Montreal office must have access to applications by using Remote Desktop Services (RDS). 

You need to recommend a solution for the servers in the Montreal site. 

What should you recommend? 

A. Only install a domain controller in the Montreal site that has a Server Core installation of Windows Server 2012. 

B. Install a read-only domain controller (RODC) in the New York site. 

C. Install a read-only domain controller (RODC) in the Montreal site. Install a member server in the New York site to host additional server roles. 

D. Install a domain controller in the Montreal site that has a Server Core installation of Windows Server 2012. Install a member server in the Montreal site to host additional server roles, 

Answer:


Question No. 132

HOTSPOT - (Topic 4) 

On Server2, you create a Run As Account named Account1. Account1 is associated to an Active Directory account named VMMIPAM. 

You need to implement an IPAM solution. 

What should you do? To answer, select the appropriate configuration for each server in the answer area. 



Answer: 



Question No. 133

DRAG DROP - (Topic 8) 

Your network contains an Active Directory forest named adatum.com. The forest contains a single domain. All servers run Windows Server 2012 R2. All client computers run Windows 8.1. 

The DNS zone of adatum.com is Active Directory-integrated. 

You need to implement DNSSEC to meet the following requirements: 

Ensure that the zone is signed. 

Ensure that the zone signing key (ZSK) changes every 30 days. 

Ensure that the key signing key (KSK) changes every 365 days. 

What should you do? To answer, drag the appropriate cmdlets to the correct requirements. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. 


Answer: 



Question No. 134

- (Topic 8) 

Your network contains an Active Directory domain named contoso.com. Client computers run either Windows 7 or Windows 8. 

You plan to implement several Group Policy settings that will apply only to laptop computers. 

You need to recommend a Group Policy strategy for the planned deployment. 

What should you include in the recommendation? 

More than one answer choice may achieve the goal. Select the BEST answer. 

A. Loopback processing 

B. WMI filtering 

C. Security filtering 

D. Block inheritance 

Answer:

Explanation: 

Group Policy WMI Filter – Laptop or Desktop Hardware A method to detect hardware as laptop only is to look for the presence of a battery based on the BatteryStatus property of the Win32_Battery class. By using the Win32_Battery class, we can search to see if there is a battery present. If the battery status is not equal to zero (BatteryStatus <> 0 ) then you know that it is a laptop. 

Reference: Group Policy WMI Filter – Laptop or Desktop Hardware 


Question No. 135

- (Topic 8) 

Your company has two main offices and 10 branch offices. Each office is configured as a separate Active Directory site. 

The main offices sites are named Site1 and Site2. Each office connects to Site1 and Site2 by using a WAN link. Each site contains a domain controller that runs Windows Server 2008. 

You are redesigning the Active Directory infrastructure. 

You plan to implement domain controllers that run Windows Server 2012 and decommission all of the domain controllers that run Windows Server 2008. 

You need to recommend a placement plan for the Windows Server 2012 domain controllers to meet the following requirements: 

. Ensure that users can log on to the domain if a domain controller or a WAN link fails. . Minimize the number of domain controllers implemented. 

What should you include in the recommendation? (Each correct answer presents part of the solution. Choose all that apply.) 

A. Read-only domain controllers (RODCs) in the branch office sites 

B. A writable domain controller in Site1 

C. A writable domain controller in Site2 

D. Writable domain controllers in the branch office sites 

Answer: A,B,C 

Explanation: A (not D) Writeable domain controllers are not needed to authenticate users at the branch offices. 


Question No. 136

- (Topic 8) 

Your network contains a Hyper-V host named Host1 that runs Windows Server 2012. Host1 contains a virtual machine named DC1. DC1 is a domain controller that runs Windows Server 2012. 

You plan to clone DC1. 

You need to recommend which steps are required to prepare DC1 to be cloned. 

What should you include in the recommendation? (Each correct answer presents part of the solution. Choose all that apply.) 

A. Run dcpromo.exe /adv. 

B. Create a file named Dccloneconfig.xml. 

C. Add DC1 to the Cloneable Domain Controllers group. 

D. Run sysprep.exe /oobe. 

E. Run New-VirtualDiskClone. 

Answer: B,C 

Explanation: 

B: DCCloneConfig.xml is an XML configuration file that contains all of the settings the cloned DC will take when it boots. This includes network settings, DNS, WINS, AD site name, new DC name and more. This file can be generated in a few different ways. 

C: There's a new group in town. It's called Cloneable Domain Controllers and you can find it in the Users container. Membership in this group dictates whether a DC can or cannot be cloned. This group has some permissions set on the domain head that should not be removed. Removing these permissions will cause cloning to fail. Also, as a best practice, DCs shouldn't be added to the group until you plan to clone and DCs should be removed from the group once cloning is complete. Cloned DCs will also end up in the Cloneable Domain Controllers group. Make sure to remove those as well. 


Question No. 137

HOTSPOT - (Topic 4) 

You need to recommend a solution for communicating to Windows Azure services. 

What should you recommend? To answer, select the appropriate options in the answer area. 



Answer: 



Question No. 138

- (Topic 2) 

You run the Get-DNSServer cmdlet on DC01 and receive the following output: 


You need to recommend changes to DC01. Which attribute should you recommend modifying? 

A. EnablePollutionProtection 

B. isReadOnly 

C. Locking Percent 

D. ZoneType 

Answer:

Explanation: * Scenario: The DNS servers must be prevented from overwriting the existing DNS entries that have been stored in cache. 

* Cache locking is configured as a percent value. For example, if the cache locking value is set to 50, then the DNS server will not overwrite a cached entry for half of the duration of the TTL. By default, the cache locking percent value is 100. This means that cached entries will not be overwritten for the entire duration of the TTL. The cache locking value is stored in the CacheLockingPercent registry key. If the registry key is not present, then the DNS server will use the default cache locking value of 100. 

Reference: DNS Cache Locking 


Question No. 139

- (Topic 2) 

You need to recommend a solution for the remote access servers. What should you include in the recommendation? 

A. Network address translation (NAT) 

B. Logging levels 

C. Packet filtering 

D. Packet tracing 

Answer:

Explanation: * Scenario: The remote access servers must be able to restrict outgoing traffic based on IP addresses. 

* Network address translation (NAT) allows you to share a connection to the public Internet through a single interface with a single public IP address. The computers on the private network use private, non-routable addresses. NAT maps the private addresses to the public address. 


Question No. 140

HOTSPOT - (Topic 8) 

Your network contains an Active Directory forest named northwindtraders.com. 

The client computers in the finance department run either Windows 8.1, Windows 8, or Windows 7. All of the client computers in the marketing department run Windows 8.1. 

You need to design a Network Access Protection (NAP) solution for northwindtraders.com that meets the following requirements: 

. The client computers in the finance department that run Windows 7 must have a firewall enabled and the antivirus software must be up-to-date. 

. The finance computers that run Windows 8.1 or Windows 8 must have automatic updating enabled and the antivirus software must be up-to-date. 

. The client computers in the marketing department must have automatic updating enabled and the antivirus software must be up-to-date. 

. If a computer fails to meet its requirements, the computers must be provided access to a limited set of resources on the network. 

. If a computer meets its requirements, the computer must have full access to the network. 

What is the minimum number of objects that you should create to meet the requirements? To answer, select the appropriate number for each object type in the answer area. 



Answer: 



Question No. 141

- (Topic 1) 

You need to recommend a solution for DHCP logging. The solution must meet the technical requirement. 

What should you include in the recommendation? 

A. Event subscriptions 

B. IP Address Management (IPAM) 

C. DHCP audit logging 

D. DHCP filtering 

Answer:

Explanation: * Scenario: A central log of the IP address leases and the users associated to those leases must be created. 

* Feature description IPAM in Windows Server 2012 is a new built-in framework for discovering, monitoring, auditing, and managing the IP address space used on a corporate network. IPAM provides for administration and monitoring of servers running Dynamic Host Configuration Protocol (DHCP) and Domain Name Service (DNS). IPAM includes components for: 

. Automatic IP address infrastructure discover)': IPAM discovers domain controllers, DHCP servers, and DNS servers in the domains you choose. You can enable or disable management of these servers by IPAM. 

. Custom IP address space display, reporting, and management: The display of IP addresses is highly customizable and detailed tracking and utilization data is available. IPv4 and IPv6 address space is organized into IP address blocks, IP address ranges, and individual IP addresses. IP addresses are assigned built-in or user-defined fields that can be used to further organize IP address space into hierarchical, logical groups. 

. Audit of server configuration changes and tracking of IP address usage: Operational events are displayed for the IPAM server and managed DHCP servers. IPAM also enables IP address tracking using DHCP lease events and user logon events collected from Network Policy Server (NPS), domain controllers, and DHCP servers. Tracking is available by IP address, client ID, host name, or user name. 

. Monitoring and management of DHCP and DNS services: IPAM enables automated service availability monitoring for Microsoft DHCP and DNS servers across the forest. DNS zone health is displayed, and detailed DHCP server and scope management is available using the IPAM console. 

Reference: IP Address Management (IPAM) Overview 


Question No. 142

HOTSPOT - (Topic 8) 

Your network contains an Active Directory domain named contoso.com. The domain contains four servers. The servers are configured as shown in the following table. 


You plan to provide users with the ability to use Workplace Join for their personal device when they connect to the internal network. 

You need to recommend a certificate configuration for the planned deployment. 

What should you include in the recommendation? To answer, select the appropriate names in the answer area. 



Answer: 



Question No. 143

- (Topic 8) 

Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table. 


All client computers run either Windows 7 or Windows 8. 

Goal: You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3. 

Solution: You implement the 802.1x Network Access Protection (NAP) enforcement method. 

Does this meet the goal? 

A. Yes 

B. No 

Answer:

Explanation: NAP supports a variety of what we call enforcement methods. In the NAP space, and enforcement method is simply a term that defines the way a machine connects to a network. In NAP, these are DHCP, 802.1x (wired or wireless), VPN, IPsec, or via a Terminal Services Gateway. 


Question No. 144

- (Topic 8) 

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2008 R2. All domain controllers are installed on physical servers. The network contains several Hyper-V hosts. 

The network contains a Microsoft System Center 2012 infrastructure. 

You plan to use domain controller cloning to deploy several domain controllers that will run Windows Server 2012. 

You need to recommend which changes must be made to the network infrastructure before you can use domain controller cloning. 

What should you recommend? 

A. Upgrade a global catalog server to Windows Server 2012. Deploy Virtual Machine Manager (VMM). 

B. Upgrade a global catalog server to Windows Server 2012. Install the Windows Deployment Services server role on a server that runs Windows Server 2012. 

C. Upgrade the domain controller that has the PDC emulator operations master role to Windows Server 2012. Deploy a Hyper-V host that runs Windows Server 2012. 

D. Upgrade the domain controller that has the infrastructure master operations master role to Windows Server 2012. Install the Windows Deployment Services server role on a server that runs Windows Server 2012. 

Answer:

Explanation: The clone domain controller uses the security context of the source domain controller (the domain controller whose copy it represents) to contact the Windows Server 2012 Primary Domain Controller (PDC) emulator operations master role holder (also known as flexible single master operations, or FSMO). The PDC emulator must be running Windows Server 2012, but it does not have to be running on a hypervisor. 

Reference: Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100)