70-413 exam questions and answers provided by GreatExam will guarantee you pass 70-413 exam, because GreatExam is the top IT Certification study training materials vendor. Many candidates have passed exam with the help of GreatExam. We offer the latest 70-413 PDF and VCE dumps with new version VCE player for free download, you can pass the exam beyond any doubt.
QUESTION 1
Your company has a remote office that contains 1,600 client computers on a single subnet.
You need to select a subnet mask for the network that will support all of the client computers.
The solution must minimize the number of unused addresses.
Which subnet mask should you select?
A. 255.255.248.0
B. 255.255.252.0
C. 255.255.254.0
D. 255.255.240.0
Answer: A
Case Study 1 – Proseware, Inc (Question 2 – Question 10)
Overview
General Overview
Proseware, Inc. is a pharmaceutical services company that has a sales department, a marketing department, an operations department, and a human resources department.
Physical Locations
Proseware has two main offices. One of the offices is located in New York. The other office is located in Chicago. The New York office uses a 172.16.1.0/24 network ID. The Chicago office uses a 192.168.1.0/24 network ID.
The offices connect to each other by using a high-bandwidth, low-latency WAN link. Each office connects directly to the Internet.
Existing Environment
The network contains an Active Directory forest named proseware.com. The forest contains two domains named proseware.com and chicago.proseware.com. All of the user accounts and the computer accounts in the New York office reside in the proseware.com domain. All of the user accounts and the computer accounts in the Chicago office reside in the chicago.proseware.com domain. All DNS zones are Active-Directory-integrated.
Each office is configured as an Active Directory site. The network ID for each office is associated to the appropriate site.
Each office contains two domain controllers. The domain controllers were recently upgraded from Windows Server 2008 R2 to Windows Server 2012 R2.
The functional level of the domain and the forest is Windows Server 2003.
The company uses Active Directory user attributes to store the personal information of its employees in custom attributes.
Existing Servers
The relevant servers are configured as shown in the following table.
All servers run Windows Server 2012 R2.
DC01 has an IPv4 scope. The starting IP address in the range is 172.16.1.100 and the ending address is 172.16.1.199.
DC03 has an IP4v scope. The starting IP address in the range is 192.168.1.100 and the ending IP address is 192.168.1.199. There are no exclusion ranges configured on DC01 or DC03.
Requirements
Planned Changes
Proseware plans to implement the following changes:
– Deploy a read-only domain controller (RODC) to the London office.
– Give users remote access to both offices by using a VPN connection from their laptop or tablet.
– If DC01 fails, ensure that the computers in the New York office can receive IP addresses within 30 minutes.
– In the New York site, deploy two 50-TB, Fibre Channel SAN disk arrays. Offloaded Data Transfer (ODX) will be used on both storage arrays. The Hyper-V hosts will use the new SANs for virtual machine storage.
– Open three additional offices in Montreal, Atlanta, and London. The offices will connect to each other by using a high-bandwidth, low-latency WAN link. Each office will connect directly to the Internet.
– For legal reasons, the Montreal site will have its own forest named montreal.proseware.com.
– The Montreal and Atlanta offices will have local IT administrators to manage the network infrastructure of their respective office. The London office will not have a local IT staff. Each office will have approximately 50 client computers.
Technical Requirements
Proseware identifies the following technical requirements:
– Users in the Montreal office must only be allowed to access shares that are located on File01 and File02. The Montreal users must be prevented from accessing any other servers in the proseware.com forest regardless of the permissions on the resources,
– Users in the New York office must be able to reconnect to the remote access VPN servers automatically. Users in the Chicago office must use SSL to connect to the remote access VPN servers.
– Domain controllers that run Windows Server 2012 R2 and Windows Server 2008 R2 must be able to be deployed to the proseware.com domain. Administrators in the New York office must be able to restore objects from the Active Directory Recycle Bin.
– The DNS servers must be prevented from overwriting the existing DNS entries that have been stored in cache.
– Each DNS server must be managed by an administrator from the same office as the DNS server.
– The required time to create new fixed virtual hard disks (VHDs) on the SANs must be minimized.
– The remote access servers must be able to restrict outgoing traffic based on IP addresses.
– All certificates must be deployed to all of the client computers by using auto- enrollment.
– All of the DHCP Server server roles must be installed on a domain controller.
– Only one DHCP server in each site must lease IP addresses at any given time.
– DHCP traffic must not cross site boundaries.
– RODCs must not contain personal user information.
QUESTION 2
You need to recommend a trust model.
What should you include in the recommendation?
A. A one-way, forest trust that has selective authentication.
B. A one-way, external trust
C. A two-way, external trust
D. A one-way, forest trust that has domain-wide authentication.
Answer: A
Explanation:
From case study:
Users in the Montreal office must only be allowed to access shares that are located on File01 and File02. The Montreal users must be prevented from accessing any other servers in the proseware.com forest regardless of the permissions on the resources.
QUESTION 3
Hotspot Question
You need to recommend a configuration for the DHCP infrastructure.
What should you recommend? To answer, select the appropriate options in the answer area.
Answer:
QUESTION 4
Drag and Drop Question
You need to recommend the VPN protocols for Proseware.
What should you recommend? To answer, drag the appropriate VPN protocols to the correct offices. Each protocol may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content,
Answer:
QUESTION 5
Hotspot Question
You need to recommend a storage configuration for the Hyper-V hosts.
What should you recommend? To answer, select the appropriate options in the answer area.
Answer:
QUESTION 6
You need to recommend a deployment method for Proseware.
What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.
A. a WDS Deployment server and Multicast transmissions
B. a WDS Deployment server and Unicast transmissions
C. a WDS Transport server and Multicast transmissions
D. a WDS Transport server and Unicast transmissions
Answer: A
Explanation:
A WDS deployment server is appropriate in this scenario with three offices that will have 50 new clients each. As the WAN links are fast the computers can be deployed through multicast.
Incorrect:
Not B: As the offices are connected through high-bandwidth, low-latency WAN links unicast is not necessary.
Not C, Not D: As each office only will have 50 client computers, a small network, a deployment through a WDS transport server is not required.
https://technet.microsoft.com/en-us/library/hh831764.aspx
QUESTION 7
You need to recommend a solution for the remote access servers.
What should you include in the recommendation?
A. Network address translation (NAT)
B. Logging levels
C. Packet filtering
D. Packet tracing
Answer: C
Explanation:
Scenario: The remote access servers must be able to restrict outgoing traffic based on IP addresses.
Packet filtering can be used to restrict outgoing traffic with the help of an output filter.
Note: Packet filtering consists of creating a series of definitions called filters, which define for the router what types of traffic are allowed or disallowed on each interface. Filters can be set for incoming and outgoing traffic.
* Input filters define what inbound traffic on that interface the router is allowed to route or process.
* Output filters define what traffic the router is allowed to send from that interface.
Incorrect:
Not A: NAT is not able to restrict outgoing traffic. NAT supports static filters can be added to the private interface to protect against threats from internal clients.
https://technet.microsoft.com/en-us/library/Cc754895(v=WS.10)
QUESTION 8
Drag and Drop Question
You need to recommend changes for the Active Directory infrastructure.
What should you recommend? To answer, drag the appropriate domain and forest functional levels for proseware.com to the correct locations. Each functional level may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
QUESTION 9
You run the Get-DNSServercmdlet on DC01 and receive the following output:
You need to recommend changes to DC01.
Which attribute should you recommend modifying?
A. EnablePollutionProtection
B. isReadOnly
C. Locking Percent
D. ZoneType
Answer: C
Explanation:
* Scenario: The DNS servers must be prevented from overwriting the existing DNS entries that have been stored in cache.
* Cache locking is configured as a percent value. For example, if the cache locking value is set to 50, then the DNS server will not overwrite a cached entry for half of the duration of the TTL. By default, the cache locking percent value is 100. This means that cached entries will not be overwritten for the entire duration of the TTL. The cache locking value is stored in the CacheLockingPercent registry key. If the registry key is not present, then the DNS server will use the default cache locking value of 100.
https://technet.microsoft.com/en-us/library/ee649148%28v=ws.10%29.aspx
QUESTION 10
You need to recommend a solution for the RODC
Which attribute should you include in the recommendation?
A. systemFlags
B. searchFlags
C. policy-Replication-Flags
D. flags
Answer: B
Explanation:
You can modify the searchFlags value for a read-only domain controller (RODC) to indicate confidential data on order to exclude specific data from replicating to RODCs in the forest. This meets the requirement as it is stated that RODCs must not contain personal user information.
https://technet.microsoft.com/en-us/library/cc754794(v=ws.10).aspx
Case Study 2 – Contoso Ltd, Case A (Question 11 – Question 22)
Overview
Contoso, Ltd., is a healthcare company in Europe that has 2,000 users.
The company is migrating to Windows Server 2012.
The company has two main offices and two branch offices. The main offices are located in Paris and Amsterdam. One of the branch offices is a sales office located in Berlin. The other branch office is a research office located in Brussels.
The offices connect to each other by using a WAN link.
Current Environment
Active Directory
The network contains an Active Directory forest named contoso.com. An Active Directory site exists for each office.
The forest contains a child domain named research.contoso.com.
The functional level of both the domains is Windows Server 2008.
In each site, there are two domain controllers for the contoso.com domain and two domain controllers for the research.contoso.com domain. The domain controllers run Windows Server 2008 R2.
All of the domain controllers are global catalog servers.
The FSMO roles were not moved since the domains were deployed.
Network Infrastructure
All servers run Windows Server 2008 R2.
Each user has a laptop computer that runs Windows 7.
The company has 10 print servers. Each print server contains several shared printers.
The company has 10 file servers that have the following disk configurations:
– A simple volume named C that is the System and Boot volume and is formatted NTFS
– A mounted virtual hard disk (VHD) named DATA that is formatted NTFS
– A simple volume named D that is formatted FAT32
– A simple volume named E that is formatted NTFS
– A Clustered Shared Volume (CSV)
The Paris office contains a server named PA1. The Amsterdam office contains a server named AMI. Both servers have the following server roles installed:
– DNS Server
– DHCP Server
– Remote Access
The DNS servers are configured to use the DNS servers of the company’s Internet Service Provider (ISP) as forwarders.
Users often work remotely. The users access the internal network by using an SSTP-based VPN connection.
Requirements
Planned Changes
The company plans to implement the following changes:
– Create a child domain named sales.contoso.com. Only the domain controllers in sales.contoso.com will host a zone for the sales.contoso.com domain. The domain controllers in sales.contoso.com will run Windows Server 2012. The client computers in sales.contoso.com will use the sales.contoso.com domain controllers as their DNS servers.
– Implement two servers in the Amsterdam office and two servers in the Paris office to replace PA1 and AMI. These new servers will run Windows Server 2012 and will not have shared storage.
– Decommission the research.contoso.com domain. All of the users and the Group Policy objects (GPOs) in research.contoso.com will be migrated to contoso.com.
– Migrate the existing print queues to virtualized instances of Windows Server 2012.
– Migrate the file servers to new servers that run Windows Server 2012.
– Implement RADIUS authentication for VPN connections.
– Deploy Windows Server 2012 to all new servers.
Technical Requirements
The company identifies following technical requirements:
– All changes to Group Policies must be logged.
– Network Access Protection (NAP) policies must be managed centrally.
– Core networking services in each office must be redundant if a server fails.
– The possibility of IP address conflicts during the DHCP migration must be minimized.
– A central log of the IP address leases and the users associated to those leases must be created.
– All of the client computers must be able to resolve internal names and internet names.
– Administrators in the Paris office need to deploy a series of desktop restrictions to the entire company by using Group Policy.
– The new sales.contoso.com domain will contain a web application that will access data from a Microsoft SQL Server located in the contoso.com domain. The web application must use integrated Windows authentication. Users’ credentials must be passed from the web applications to the SQL Server.
QUESTION 11
You are planning the migration of research.contoso.com.
You need to identify which tools must be used to perform the migration.
Which tools should you identify?
A. Active Directory Migration Tool version 3.2 (ADMT v3.2) and Group Policy Management Console (GPMC)
B. Active Directory Federation Services (AD FS) and Microsoft Federation GatewayC. Active Directory Migration Tool version 3.2 (ADMT v3.2) and Active Directory Federation Services (AD FS)
D. Active Directory Lightweight Directory Services (AD LDS) and Group Policy Management Console (GPMC)
Answer: A
QUESTION 12
You need to recommend a management solution for the GPOs.
The solution must meet the technical requirements.
What should you include in the recommendation?
A. Microsoft Desktop Optimization Pack (MDOP)
B. Microsoft System Center 2012 Operations Manager
C. Microsoft System Center 2012 Data Protection Manager (DPM)
D. Microsoft Baseline Security Analyzer (MBSA)
Answer: A
Explanation:
Microsoft Advanced Group Policy Management (AGPM) extends the capabilities of the Group Policy Management Console (GPMC) to provide comprehensive change control and improved management for Group Policy Objects (GPOs). AGPM is available as part of the Microsoft Desktop Optimization Pack (MDOP) for Software Assurance
http://technet.microsoft.com/en-us/library/dd420466.aspx
QUESTION 13
You need to recommend a solution for DHCP logging.
The solution must meet the technical requirement.
What should you include in the recommendation?
A. Event subscriptions
B. IP Address Management (IPAM)
C. DHCP audit logging
D. DHCP filtering
Answer: B
Explanation:
Feature description
IPAM in Windows Server 2012 is a new built-in framework for discovering, monitoring, auditing, and managing the IP address space used on a corporate network. IPAM provides for administration and monitoring of servers running Dynamic Host Configuration Protocol (DHCP) and Domain Name Service (DNS). IPAM includes components for:
– Automatic IP address infrastructure discover)’: IPAM discovers domain controllers, DHCP servers, and DNS servers in the domains you choose. You can enable or disable management of these servers by IPAM.
– Custom IP address space display, reporting, and management: The display of IP addresses is highly customizable and detailed tracking and utilization data is available. IPv4 and IPv6 address space is organized into IP address blocks, IP address ranges, and individual IP addresses. IP addresses are assigned built-in or user-defined fields that can be used to further organize IP address space into hierarchical, logical groups.
– Audit of server configuration changes and tracking of IP address usage: Operational events are displayed for the IPAM server and managed DHCP servers. IPAM also enables IP address tracking using DHCP lease events and user logon events collected from Network Policy Server (NPS), domain controllers, and DHCP servers. Tracking is available by IP address, client ID, host name, or user name.
– Monitoring and management of DHCP and DNS services: IPAM enables automated service availability monitoring for Microsoft DHCP and DNS servers across the forest. DNS zone health is displayed, and detailed DHCP server and scope management is available using the IPAM console.
http://technet.microsoft.com/en-us/library/hh831353.aspx
QUESTION 14
You are evaluating the implementation of data deduplicatton on the planned Windows Server 2012 file servers.
The planned servers will have the identical disk configurations as the current servers.
You need to identify which volumes can be enabled for data deduplication.
Which volumes should you identify? (Each correct answer presents part of the solution. Choose all that apply.)
A. C
B. D
C. E
D. The CSV
E. DATA
Answer: CE
Explanation:
It slices, it dices, and it cleans your floors!
Well, the Data Deduplication feature doesn’t do everything in this version. It is only available in certain Windows Server 2012 editions and has some limitations. Deduplication was built for
NTFS data volumes and it does not support boot or system drives and cannot be used with Cluster Shared Volumes (CSV). We don’t support deduplicating live VMs or running SQL databases. See how to determine which volumes are candidates for deduplication on Technet.
http://blogs.technet.com/b/filecab/archive/2012/05/21/introduction-to-data-deduplication-in-windowsserver-2012.aspx
http://blogs.technet.com/b/uspartner_ts2team/archive/2012/10/08/data-deduplication-in-windows-server-2012.aspx
QUESTION 15
You need to recommend which changes must be implemented to the network before you can deploy the new web application.
What should you include in the recommendation?
A. Upgrade the DNS servers to Windows Server 2012.
B. Upgrade the domain controllers to Windows Server 2012.
C. Change the forest functional level to Windows Server 2008 R2.
D. Change the functional level of both the domains to Windows Server 2008 R2.
Answer: B
QUESTION 16
You need to recommend changes to the DNS environment that support the implementation of the sales. contoso.com domain.
The solution must ensure that the users in all of the domains can resolve both Internet names and the names of the servers in all of the internal domains.
What should you recommend?
A. On the DNS servers in contoso.com, create a zone delegation in the contoso.com zone. On the DNS servers in sales.contoso.com, add a forwarder to the contoso.com DNS servers.
B. On the DNS servers in contoso.com, configure a reverse lookup zone. On the DNS servers in sales.contoso.com, configure a conditional forwarder to contoso.com.
C. On the DNS servers in contoso.com, configure a conditional forwarder to sales.contoso.com. On the DNS servers in sales.contoso.com, configure a reverse zone.
D. On the DNS servers in contoso.com, add a conditional forwarder to the sales.contoso.com zone.
E. On the DNS servers in sales.contoso.com, add a forwarder to the DNS servers of the company’s ISP.
Answer: A
QUESTION 17
You are planning the implementation of two new servers that will be configured as RADIUS servers.
You need to recommend which configuration must be performed on the VPN servers.
The solution must meet the technical requirements.
What should you do on each VPN server?
A. Install the Health Registration Authority role service.
B. Add a RADIUS client.
C. Enable DirectAccess.
D. Modify the authentication provider.
Answer: D
QUESTION 18
After the planned upgrade to Windows Server 2012, you restore a user account from the Active Directory Recycle Bin.
You need to replicate the restored user account as quickly as possible.
Which cmdlets should you run?
A. Get-ADReplicationSite and Set-ADReplicationConnection
B. Get-ADReplicationAttributeMetadata and Compare-Object
C. Get-ADReplicationUpToDatenessVectorTable and Set-ADReplicationSite
D. Get ADDomainController and Sync-ADObject
Answer: D
Explanation:
The Get-ADDomainController cmdlet gets the domain controllers specified by the parameters.
You can get domain controllers by setting the Identity, Filter or Discover parameters. The Identity parameter specifies the domain controller to get. You can identify a domain controller by its GUID, IPV4Address, global IPV6Address, or DNS host name. You can also identify a domain controller by the name of the server object that represents the domain controller, the Distinguished Name (DN) of the NTDS settings object or the server object, the GUID of the NTDS settings object or the server object under the configuration partition, or the DN of the computer object that represents the domain controller. You can also set the Identity parameter to a domain controller object variable, such as $<localDomainControllerObject>, or pass a domain controller object through the pipeline to the Identity parameter.
To search for and retrieve more than one domain controller, use the Filter parameter. The Filter parameter uses the PowerShell Expression Language to write query strings for Active Directory.
PowerShell Expression Language syntax provides rich type conversion support for value types received by the Filter parameter. For more information about the Filter parameter syntax, see
about_ActiveDirectory_Filter. You cannot use an LDAP query string with this cmdlet. To get a domain controller by using the discover mechanism of DCLocator, use the Discover parameter. You can provide search criteria by setting parameters such as Service, SiteName,
DomainName, NextClosestSite, AvoidSelf, and ForceDiscover.
http://technet.microsoft.com/en-us/library/hh852293.aspx
Detailed Description
The Sync-ADObject cmdlet replicates a single object between any two domain controllers that have partitions in common. The two domain controllers do not need to be direct replication partners. It can also be used to populate passwords in a read-only domain controller (RODC) cache.
http://technet.microsoft.com/en-us/library/hh852296.aspx
QUESTION 19
You implement a new virtualized print server that runs Windows Server 2012.
You need to migrate the print queues.
Which tool should you use?
A. Windows Server Migration Tools
B. Active Directory Migration Tool (ADMT)
C. Print Management
D. Computer Management
Answer: C
Explanation:
To manage the migration process, use one of the following:
– The Printer Migration Wizard, which you access through Print Management, a snap-in in
– Microsoft Management Console (MMC).
– The Printbrm.exe command-line tool.
You can perform the migration locally or remotely, and from either a client computer or server.
Important
As a best practice, run the Printer Migration Wizard or Printbrm.exe from a computer running
Windows Server 2012
http://technet.microsoft.com/en-us/library/jj134150.aspx
QUESTION 20
You need to recommend a fault-tolerant solution for the VPN.
The solution must meet the technical requirements.
What should you include in the recommendation?
A. DirectAccess
B. Failover Clustering
C. Network adapter teaming
D. Network Load Balancing (NLB)
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/hh831698.aspx
GreatExam is the leader in supplying candidates with current and up-to-date training materials for Microsoft certification and exam preparation. Comparing with others, our 70-413 exam questions are more authoritative and complete. We offer the latest 70-413 PDF and VCE dumps with new version VCE player for free download, and the new 70-413 practice test ensures your exam 100% pass.