GreatExam 70-413 study guide provides you everything you will need to take your 70-413 exam. The 70-413 exam details are researched and produced by Professional Certification Experts who are constantly using industry experience to produce precise, and logical. You may get questions from different books, but logic is the key. Our Product will help you not only pass in the first try, but also save your valuable time.
QUESTION 41
Hotspot Question
You are planning the certificates for Northwind Traders.
You need to identify the certificate configurations required for App1.
How should you configure the certificate request? To answer, select the appropriate options in the answer area.
QUESTION 42
You need to implement a solution for DNS replication.
Which cmdlets should you run?
A. Set-DnsServer and Invoke-DnsServerZoneSign
B. ConvertTo-DnsServerPrimaryZone and Register-DnsServerDirectoryPartition
C. UnRegister-DnsServerDirectoryPartition and Add-DnsServerForwarder
D. Set-DnsServerDnsSecZoneSetting and Invoke-DnsServerZoneSign
Answer: C
Explanation:
Currently DNS zones are replicated to all Domain Controllers, but they should only replicate only to DC1, DC2, and DC3. We can unregister other DNS servers (RODC1) with the help of UnRegister-DnsServerDirectoryPartition cmdlet, which deregisters a Domain Name System (DNS) server from a specified DNS application directory partition.
RODC1 is still used as a DNS server, but does not receive zone replication, but it should still function as a DNS server as all computers need to resolve names by using a local DNS server. We configure RODC1 to forward DNS requests to DC1, DC2 or DC3 with the help of the Add-DnsServerForwarder command.
* Scenario. Technical Requirement related to DNS:
Ensure that all DNS zone data is encrypted when it is replicated All computers must be able to resolve names by using a local DNS server.
All DNS zones must replicate only to DC1, DC2, and DC3
QUESTION 43
Hotspot Question
You need to recommend a solution for communicating to Windows Azure services.
What should you recommend? To answer, select the appropriate options in the answer area.
Answer:
QUESTION 44
Hotspot Question
On Server2, you create a Run As Account named Account1.
Account1 is associated to an Active Directory account named VMMIPAM.
You need to implement an IPAM solution.
What should you do? To answer, select the appropriate configuration for each server in the answer area.
Answer:
QUESTION 45
Your company has a main office.
The main office is located in a building that has 10 floors.
A datacenter on the ground floor contains a Windows Server 2012 failover cluster.
The failover cluster contains a DHCP server resource named DHCP1.
All client computers receive their IP addresses from DHCP1.
All client computers are part of the 131.107.0.0/16 IPv4 subnet.
You plan to implement changes to the network subnets to include a separate subnet for each floor of the office building.
The subnets will connect by using routers.
You need to recommend changes to the DHCP infrastructure to ensure that all of the client computers can receive their IP configuration by using DHCP.
What should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.
A. Install a remote access server on each floor.
Configure a DHCP relay agent on each new DHCP server.
Create a scope for each subnet on DHCP1.
B. Install a DHCP server on each floor.
Create a scope for the local subnet on each new DHCP server.
Enable DHCP Failover on each new DHCP server.
C. Configure each router to forward requests for IP addresses to DHCP1.
Create a scope for each subnet on DHCP1.
D. Configure each router to forward requests for IP addresses to DHCP1.
Create a scope for the 10.0.0.0/16 subnet on DHCP1.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc771390.aspx
Excerpt: In TCP/IP networking, routers are used to interconnect hardware and software used on different physical network segments called subnets and forward IP packets between each of the subnets. To support and use DHCP service across multiple subnets, routers connecting each subnet should comply with DHCP/ BOOTP relay agent capabilities described in RFC 1542.
QUESTION 46
You deploy an Active Directory domain named contoso.com to the network.
The domain is configured as an Active Directory-integrated zone.
All domain controllers run Windows Server 2012 and are DNS servers.
You plan to deploy a child domain named operations.contoso.com.
You need to recommend changes to the DNS infrastructure to ensure that users in the operations department can access the servers in the contoso.com domain.
What should you include in the recommendation?
A. A zone delegation for _msdcs.contoso.com
B. Changes to the replication scope of contoso.com
C. Changes to the replication scope of _msdcs.contoso.com
D. Changes to the replication scope of operations.contoso.com Answer:B
Answer: B
Explanation:
http://support.microsoft.com/kb/255248
Manually Create a Delegation for the Child Domain on the Parent (Root) DNS Server
1. Right-click the root zone, click New Delegation, and then click Next.
2. Type the domain name for the child domain, and then click Next.
3. Add the child DNS server to host the new zone, and then click Next.
NOTE:
A domain controller that is a DNS server should have a static Transport Control Protocol/Internet Protocol (TCP/IP) address. Verify that this step is performed before you install DNS on the child domain controller. If no DNS TCP/IP address exists, DNS is installed as a root server. If you see that a “.” folder is created after you install DNS, you must remove the root configuration.
For additional information about how to do this, click the article number below to view the article in the Microsoft Knowledge Base:
229840 DNS Server’s Root Hints and Forwarder Pages Are Unavailable
4. On the child domain DNS server, right-click My Network Places, and then click Properties.
5. Right-click the appropriate local connection, and then click Properties.
6. Under Components checked are used by this connection, click Internet Protocol (TCP/IP), and then click Properties.
7. Click Use the following DNS server addresses:, and then type the TCP/IP address of the parent (root) DNS server.
QUESTION 47
Your network contains an Active Directory domain named contoso.com.
The domain contains an IP Address Management (IPAM) server.
You plan to delegate the administration of IPAM as shown in the following table.
You need to recommend which IPAM security group must be used for each department.
The solution must minimize the number of permissions assigned to each group.
What should you recommend? To answer, drag the appropriate group to the correct department in the answer area. Each group may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content.
Answer:
QUESTION 48
Your network contains an internal network and a perimeter network.
The internal network contains an Active Directory forest named contoso.com.
The forest contains a Microsoft Exchange Server 2010 organization.
All of the domain controllers in contoso.com run Windows Server 2012.
The perimeter network contains an Active Directory forest named litware.com.
You deploy Microsoft Forefront Unified Access Gateway (UAG) to litware.com.
All of the domain controllers in litware.com run Windows Server 2012.
Some users connect from outside the network to use Outlook Web App.
You need to ensure that external users can authenticate by using client certificates.
What should you do? More than one answer choice may achieve the goal. Select the BEST answer.
A. Enable Kerberos constrained delegation in litware.com.
B. To the perimeter network, add an Exchange server that has the Client Access server role installed.
C. Enable Kerberos delegation in litware.com.
D. Deploy UAG to contoso.com.
Answer: A
QUESTION 49
Your network contains an Active Directory domain named contoso.com.
You plan to implement multiple DHCP servers.
An administrator named Admin1 will authorize the DHCP servers.
You need to ensure that Admin1 can authorize the planned DHCP servers.
To which container should you assign Admin1 permissions? To answer, select the appropriate node in the answer area.
Answer:
QUESTION 50
What method should you use to deploy servers?
A. WDS
B. AIK
C. ADK
D. EDT
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/hh974416.aspx
QUESTION 51
Your network contains an Active Directory domain named contoso.com.
All servers run either Windows Server 2008 R2 or Windows Server 2012.
Your company uses IP Address Management (IPAM) to manage multiple DHCP servers.
A user named User1 is a member of the IPAM Users group and is a member of the local Administrators group on each DHCP server.
When User1 edits a DHCP scope by using IPAM, the user receives the error message shown in the exhibit. (Click the Exhibit button.)
You need to prevent User1 from receiving the error message when editing DHCP scopes by using IPAM.
What should you do?
A. Add User1 to the DHCP Administrators group on each DHCP server.
B. Add User1 to the IPAM Administrators group.
C. Run the Set-IpamServerConfig cmdlet.
D. Run the Invoke-IpamGpoProvisioning cmdlet.
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/hh831622.aspx
IPAM Administrators: IPAM Administrators have the privileges to view all IPAM data and perform all IPAM tasks.
QUESTION 52
Your network contains an Active Directory forest named corp.contoso.com.
All servers run Windows Server 2012. The network has a perimeter network that contains servers that are accessed from the Internet by using the contoso.com namespace.
The network contains four DNS servers.
The servers are configured as shown in the following table.
All of the client computers on the perimeter network use Server1 and Server2 for name resolution.
You plan to add DNS servers to the corp.contoso.com domain.
You need to ensure that the client computers automatically use the additional name servers.
The solution must ensure that only computers on the perimeter network can resolve names in the corp.contoso.com domain.
Which DNS configuration should you implement on Server1 and Server2? To answer, drag the appropriate DNS configuration to the correct location in the answer area. Each DNS configuration may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content.
Answer:
QUESTION 53
Your network contains an Active Directory domain named contoso.com.
The domain contains multiple sites.
You plan to deploy DirectAccess.
The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network.
You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement.
What should you include in the recommendation?
A. Set the ISATAP State to state enabled.
B. Enable split tunneling.
C. Set the ISATAP State to state disabled.
D. Enable force tunneling.
Answer: D
Explanation:
http://blogs.technet.com/b/csstwplatform/archive/2009/12/15/directaccess-how-toconfigure-forcetunneling-forda-so-that-client-are-forced-to-use-ip-https.aspx
You can configure DirectAccess clients to send all of their traffic through the tunnels to the DirectAccess server with force tunneling. When force tunneling is configured, DirectAccess clients that detect that they are on the Internet modify their IPv4 default route so that default route IPv4 traffic is not sent. With the exception of local subnet traffic, all traffic sent by the DirectAccess client is IPv6 traffic that goes through tunnels to the DirectAccess server.
QUESTION 54
Your network contains an Active Directory domain.
You plan to implement a remote access solution that will contain three servers that run Windows Server 2012.
The servers will be configured as shown in the following table.
You need to ensure that all VPN connection requests are authenticated and authorized by either Server2 or Server3.
The solution must ensure that the VPN connections can be authenticated if either Server2 or Server3 fails.
What should you do?
A. On Server1, configure a RADIUS proxy.
Add Server2 and Server3 to a failover cluster.
B. Add Server2 and Server3 to a Network Load Balancing (NLB) cluster.
On Server1, modify the Authentication settings.
C. On Server1, configure a RADIUS proxy.
On Server2 and Server3, add a RADIUS client.
D. On Server2 and Server3, add a RADIUS client.
On Server1, modify the Authentication settings.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc754033.aspx
QUESTION 55
Your company has a main office.
The network contains an Active Directory domain named contoso.com.
The main office contains a server named Server1 that runs Windows Server 2012.
Server1 has the Remote Access server role installed and is configured to accept incoming SSTP-based VPN connections. All client computers run Windows 7.
The company plans to open a temporary office that will contain a server named Server2 that runs Windows Server 2012 and has the DHCP Server server role installed.
The office will also have 50 client computers and an Internet connection.
You need to recommend a solution to provide the users in the temporary office with access to the resources in the main office.
What should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.
A. Use the Connection Manager Administration Kit (CMAK) to create a connection package
that specifies Server1 as the target for SSTP-based VPN connections.
Manually distribute the CMAK package to each client computer in the temporary office.
B. Install the Remote Access server role on Server2.
From Routing and Remote Access on Server2, add a SSTP-based VPN port.
From DHCP on Server2, configure the default gateway server option.
C. Uses the Connection Manager Administration Kit (CMAK) to create a connection package
that specifies Server1 as the target for SSTP-based VPN connections.
Use a Group Policy object (GPO) to distribute the CMAK package to each client computer
in the temporary office.
D. Install the Remote Access server role on Server2.
From Routing and Remote Access on Server2, configure a demand-dial interface.
From DHCP on Server2, configure the default gateway server option.
Answer: A
Explanation:
Site-to-Site connections cannot use SSTP. So B and D can be crossed off.
In all likelihood they are asking about CMAK, since CMAK is used for simplifying the deployment of VPN client-connection setup. With CMAK we create the VPN profile in executable file format, and then distribute it to the clients.
The client users then simply double-click the executable in order to connect.
So we have two options left.. A and C…
Since C utilizes Group policy, we can cross it off our list of possible answers too because the remote clients aren’t connected to the domain yet, or don’t have a connection to a domain controller even if they are, so the GPO settings can’t be sent to the machines.
The only answer left is A… it meets the criteria, its pretty darn simple to do, and it utilizes a MS utility that they probably intend to highlight with a question like this (CMAK).
QUESTION 56
Your network contains an Active Directory domain named contoso.com.
The domain contains servers that run either Windows Server 2008 R2 or Windows Server 2012. All client computers on the internal network are joined to the domain. Some users establish VPN connections to the network by using Windows computers that do not belong to the domain.
All client computers receive IP addresses by using DHCP.
You need to recommend a Network Access Protection (NAP) enforcement method to meet the following requirements:
– Verify whether the client computers have up-to-date antivirus software.
– Provides a warning to users who have virus definitions that are out-of-date.
– Ensure that client computers that have out-of-date virus definitions can connect to the network.
Which NAP enforcement method should you recommend?
A. VPN
B. DHCP
C. IPsec
D. 802.1x
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc733020(v=ws.10).aspx
NAP enforcement for DHCP
DHCP enforcement is deployed with a DHCP Network Access Protection (NAP) enforcement server component, a DHCP enforcement client component, and Network Policy Server (NPS).
Using DHCP enforcement, DHCP servers and NPS can enforce health policy when a computer attempts to lease or renew an IP version 4 (IPv4) address. However, if client computers are configured with a static IP address or are otherwise configured to circumvent the use of DHCP, this enforcement method is not effective.
QUESTION 57
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2012.
Server1 resides in the perimeter network and has the Remote Access server role installed.
Some users have laptop computers that run Windows 7 and are joined to the domain.
Some users work from home by using their home computers.
The home computers run either Windows XP, Windows Vista/ Windows 7, or Windows 8.
You need to configure the computers for remote access.
Which three actions should you perform? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
QUESTION 58
Your network contains multiple servers that run Windows Server 2012.
All client computers run Windows 8.
You need to recommend a centralized solution to download the latest antivirus definitions for Windows Defender.
What should you include in the recommendation?
A. Microsoft System Center 2012 Endpoint Protection
B. Network Access Protection (NAP)
C. Microsoft System Center Essentials
D. Windows Server Update Services (WSUS)
Answer: D
Explanation:
For those who actually doubt this answer:
http://support.microsoft.com/kb/919772
To use WSUS to deploy Windows Defender definition updates to client computers, follow these steps:
1. Open the WSUS Administrator console, and then click Options at the top of the console.
2. Click Synchronization Options.
3. Under Products and Classifications, click Change under Products.
4. Verify that the Windows Defender check box is selected, and then click OK.
5. Under Products and Classifications, click Change under Update Classifications.
6. Verify that the Definition Updates check box is selected, and then click OK.
7. Optional Update the automatic approval rule. To do this, follow these steps:
a. At the top of the console, click Options.
b. Click Automatic Approval Options.
c. Make sure that the Automatically approve updates for installation by using the following rule check box is selected.
d. Under Approve for Installation, click Add/Remove Classification.
e. Verify that the Definition Updates check box is selected, and then click OK.
8. At the top of the console, click Options.
9. Click Synchronization Options.
10. On the taskbar on the left, click Synchronize now.
11. At the top of the console, click Updates.
12. Approve any Windows Defender updates that WSUS should deploy.
QUESTION 59
Your network contains an Active Directory domain named contoso.com.
The domain contains three VLANs.
The VLANs are configured as shown in the following table.
All client computers run either Windows 7 or Windows 8.
The corporate security policy states that all of the client computers must have the latest security updates installed.
You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1.
The solution must ensure that all other client computers connect to VLAN 3.
Which Network Access Protection (NAP) enforcement method should you implement?
A. VPN
B. DHCP
C. IPsec
D. 802.1x
Answer: D
Explanation:
http://blogs.technet.com/b/wincat/archive/2008/08/19/network-access-protection-using-802-1x-vlan-s-or-portacls-which-is-right-for-you.aspx
The most common method of the list is 802.1x for a variety of reasons. First, the industry has been selling 802.1x network authentication for the last 10 years. 1x gained tremendous popularity as wireless networking became prevalent in the late 90’s and early 2000’s and has been proven to be a viable solution to identifying assets and users on your network. For customers that have invested in 802.1x capable switches and access points, NAP can very easily be implemented to complement what is already in place. The Network Policy Server (NPS) role Windows Server 2008 has been dramatically improved to make 802.1x policy creation much simpler to do.
QUESTION 60
You have a server named Server1 that runs Windows Server 2012.
You have a 3-TB database that will be moved to Server1.
Server1 has the following physical disks:
– Three 2-TB SATA disks that are attached to a single IDE controller
– One 1-TB SATA disk that is attached to a single IDE controller
You need to recommend a solution to ensure that the database can be moved to Server1.
The solution must ensure that the database is available if a single disk fails.
What should you include in the recommendation?
A. Add each disk to a separate storage pool.
Create a mirrored virtual disk.
B. Add two disks to a storage pool.
Add the other disk to another storage pool.
Create a mirrored virtual disk.
C. Add all of the disks to a single storage pool, and then create two simple virtual disks.
D. Add all of the disks to a single storage pool, and then create a parity virtual disk.
Answer: D
Explanation:
http://blogs.technet.com/b/askpfeplat/archive/2012/10/10/windows-server-2012-storagespaces-is-it-foryoucould-be.
http://winsvr.wordpress.com/2013/01/22/storage-space-virtual-disk/
Parity A parity virtual disk is similar to a hardware Redundant Array of Inexpensive Disks (RAID5). Data, along with parity information, is striped across multiple physical disks. Parity enables Storage Spaces to continue to service read and write requests even when a drive has failed. A minimum of three physical disks is required for a parity virtual disk. Note that a parity disk cannot be used in a failover cluster.
The 70-413 PDF dumps and 70-413 practice test with free VCE player are available on GreatExam now. Get a complete hold of them through GreatExam to give your career a boost and start earning your Microsoft certification today!
Comments are closed.