I’ve been taking on some Microsoft certifications recently, and my latest success is passing the 70-413 exam, earning me the Microsoft Specialist. As all Microsoft certification exams, this exam covers a huge amount of information and content. As a result of this, a variety of materials and sources need to be studied in order to get the level understanding and memorization necessary to pass the exam. Now that I’ve passed the exam, I’d share that I used GreatExam 70-413 practice test.
QUESTION 141
You are designing an Active Directory forest for a company named Contoso, Ltd.
Contoso identifies the following administration requirements for the design:
– User account administration and Group Policy administration will be performed by network technicians.
– The technicians will be added to a group named OUAdmins.
– IT staff who are responsible for backing up servers will have user accounts that are members of the Backup Operators group in the domain.
– All user accounts will be located in an organizational unit (OU) named AllEmployees.
You run the Delegation of Control Wizard and assign the OUAdmins group full control to all of the objects in the AllEmployeesOU.
After delegating the required permissions, you discover that the user accounts of some of the IT staff have inconsistent permissions on the objects in AllEmployees.
You need to recommend a solution to ensure that the members of OUAdmins can manage all of the objects in AllEmployees.
What should you include in the recommendation?
A. Remove the IT staff user accounts from Backup Operators and place them in a new group.
Grant the new group the Backup files and directories user right and the Restore files and directories user right.
Enforce permission inheritance on all of the objects in the AllEmployeesOU.
B. Create separate administrator user accounts for the technicians.
Enforce permission inheritance on all of the objects in the AllEmployeesOU.
Delegate permissions to the new useraccounts.
C. Enforce permission inheritance on all of the objects in the AllEmployeesOU.
Run the Delegation of Control Wizard.
D. Move the user accounts of the technicians to a separate OU.
Enforce permission inheritance on all of the objects in the AllEmployeesOU.
Run the Delegation of Control Wizard on the AllEmployeesOU.
Answer: B
QUESTION 142
Your network contains 50 servers that run Windows Server 2003 and 50 servers that run Windows Server 2008.
You plan to implement Windows Server 2012 R2.
You need to create a report that includes the following information:
– The servers that run applications and services that can be moved to Windows Server 2012 R2
– The servers that have hardware that can run Windows Server 2012 R2
– The servers that are suitable to be converted to virtual machines hosted on Hyper- V hosts that run Windows Server 2012 R2
Solution: From an existing server, you run the Microsoft Application Compatibility Toolkit (ACT).
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 143
Your network contains an Active Directory domain named contoso.com.
The domain contains multiple sites.
You plan to deploy DirectAccess.
The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network.
You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement.
Solution: You enable force tunneling.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation:
DirectAccess allows connectivity to organizational network resources without the need for traditional virtual private network (VPN) connections.
DirectAccess allows remote users to securely access internal network file shares, Web sites, and applications without connecting to a virtual private network (VPN). An internal network is also known as a private network or intranet. DirectAccess establishes bi- directional connectivity with an internal network every time a DirectAccess-enabled computer connects to the Internet, even before the user logs on. Users never have to think about connecting to the internal network and IT administrators can manage remote computers outside the office, even when the computers are not connected to the VPN.
https://technet.microsoft.com/en-us/library/dd759144.aspx
QUESTION 144
Your network contains an Active Directory domain named contoso.com.
The domain contains three VLANs.
The VLANs are configured as shown in the following table.
All client computers run either Windows 7 or Windows 8. The corporate security policy states that all of the client computers must have the latest security updates installed.
You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1.
The solution must ensure that all other client computers connect to VLAN 3.
Solution: You implement the IPsec enforcement method.
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 145
Hotspot Question
Your network contains an Active Directory forest named northwindtraders.com.
The client computers in the finance department run either Windows 8.1, Windows 8, or Windows 7. All of the client computers in the marketing department run Windows 8.1.
You need to design a Network Access Protection (NAP) solution for northwindtraders.com that meets the following requirements:
– The client computers in the finance department that run Windows 7 must have a firewall enabled and the antivirus software must be up-to-date.
– The finance computers that run Windows 8.1 or Windows 8 must have automatic updating enabled and the antivirus software must be up-to-date.
– The client computers in the marketing department must have automatic updating enabled and the antivirus software must be up-to-date.
– If a computer fails to meet its requirements, the computers must be provided access to a limited set of resources on the network.
– If a computer meets its requirements, the computer must have full access to the network.
What is the minimum number of objects that you should create to meet the requirements? To answer, select the appropriate number for each object type in the answer area.
Answer:
QUESTION 146
You have a System Center 2012 R2 Virtual Machine Manager (VMM) infrastructure that manages five Hyper-V hosts.
The Hyper-V hosts are not clustered.
You have a virtual machine template that deploys a base image of Windows Server 2012 R2.
No role services or features are enabled in the base image.
You need to deploy a virtual machine named VM1 that is based on the virtual machine template.
VM1 will be deployed as part of a service.
VM1 must have the Web Server (IIS) server role installed.
The solution must not require modifications to the virtual machine template or the base image.
What are two possible profile types that achieve the goal? Each correct answer presents a complete solution.
A. Capability
B. Application
C. Guest OS
D. Hardware
E. Physical Computer
Answer: BC
Explanation:
How to Create and Deploy a Virtual Machine from a Template
http://technet.microsoft.com/en-us/library/hh882403.aspx
QUESTION 147
Your company plans to hire 100 sales representatives who will work remotely.
Each sales representative will be given a laptop that will run Windows 7.
A corporate image of Windows 7 will be applied to each laptop.
While the laptops are connected to the corporate network, they will be joined to the domain.
The sales representatives will not be local administrators.
Once the laptops are configured, each laptop will be shipped by courier to a sales representative.
The sales representative will use a VPN connection to connect to the corporate network.
You need to recommend a solution to deploy the VPN settings for the sales representatives.
The solution must meet the following requirements:
– Ensure that the VPN settings are the same for every sales representative.
– Ensure that when a user connects to the VPN, an application named App1 starts.
What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.
A. VPN auto triggering
B. The Add-VpnConnectioncmdlet
C. The Connection Manager Administration Kit (CMAK)
D. Group Policy preferences
Answer: C
Explanation:
If you use the Measureup tests it says Add-VpnConnection can be used on Windows 7 but I have tried on several machines and it just isn’t there in Powershelll so either Measureup are just repeating what Microsoft has told them or they are wrong.
QUESTION 148
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
The domain contains four servers.
The servers are configured as shown in the following table.
You plan to provide users with the ability to use Workplace Join for their personal device when they connect to the internal network.
You need to recommend a certificate configuration for the planned deployment.
What should you include in the recommendation? To answer, select the appropriate names in the answer area.
Answer:
QUESTION 149
Drag and Drop Question
Your network contains an Active Directory forest named adatum.com.
The forest contains a single domain. All servers run Windows Server 2012 R2.
All client computers run Windows 8.1.
The DNS zone of adatum.com is Active Directory-integrated.
You need to implement DNSSEC to meet the following requirements:
– Ensure that the zone is signed.
– Ensure that the zone signing key (ZSK) changes every 30 days.
– Ensure that the key signing key (KSK) changes every 365 days.
What should you do? To answer, drag the appropriate cmdlets to the correct requirements. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
QUESTION 150
Your company has two main offices and 10 branch offices.
Each office is configured as a separate Active Directory site.
The main offices sites are named Site1 and Site2.
Each office connects to Site1 and Site2 by using a WAN link.
Each site contains a domain controller that runs Windows Server 2008.
You are redesigning the Active Directory infrastructure.
You plan to implement domain controllers that run Windows Server 2012 and decommission all of the domain controllers that run Windows Server 2008.
You need to recommend a placement plan for the Windows Server 2012 domain controllers to meet the following requirements:
– Ensure that users can log on to the domain if a domain controller or a WAN link fails.
– Minimize the number of domain controllers implemented.
What should you include in the recommendation? (Each correct answer presents part of the solution. Choose all that apply.)
A. Read-only domain controllers (RODCs) in the branch office sites
B. A writable domain controller in Site1
C. A writable domain controller in Site2
D. Writable domain controllers in the branch office sites
Answer: BCD
QUESTION 151
Hotspot Question
You run the ldifde command and receive the following output:
The command completes successfully.
Use the drop-down menus to select the answer choice that completes each statement.
Answer:
QUESTION 152
You’re deploying Windows Server 2012 using WDS and have multiple locations that need an image, so you need to configure a multisite topology.
Which of the following steps is key when working with a multisite topology?
A. Configuring boot order so that the correct deployment server is chosen
B. Prestaging the client within WDS on the correct server
C. Configuring the correct image for the location chosen
D. Using multicast to ensure the most effective use of bandwidth
Answer: B
QUESTION 153
When creating a Scheduled Cast multicast deployment, with which of the following methods can you begin deployment?
A. At a future time and/or when a threshold of clients request an image
B. At a future time and/or when the server comes online
C. Immediately or at a scheduled time
D. When the client threshold is set to met or daily
Answer: A
QUESTION 154
You’re configuring a split-scope DHCP scenario between two servers.
What’s the recommended percentage for a DHCP split scope configuration?
A. 60/40
B. 70/30
C. 80/20
D. 50/50
Answer: C
QUESTION 155
You need to move the DHCP database. Assuming a standard Windows directory and Program Files path structure and that you’ve changed the path in the DHCP Manager, what’s the default path where the DHCP database is found?
A. C:\Windows\system32\dhcp
B. C:\Program Files\Microsoft\DHCP\Data
C. C:\Windows\system32\DHCP\Data
D. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DHCP
Answer: A
QUESTION 156
While implementing split scope, you notice that the secondary server is responding to numerous DHCP requests first.
What’s the best way to handle this situation?
A. Increase the split ratio so that the secondary server has more IP addresses from the scope.
B. Introduce a delay for DHCP offers from the secondary using the DHCP management console.
C. Reduce the load on the primary server so that it can respond faster.
D. Place the secondary DHCP server on a different network segment to introduce a delay in the response.
Answer: B
QUESTION 157
You need to grant access for viewing audit information within IPAM.
To which group should you add a user to, to grant that user the minimum level of permission for this task?
A. IPAM Users
B. IPAM IP Address Audit Admins
C. IPAM Administrators
D. IPAM IP Audit Administrators
Answer: D
QUESTION 158
When provisioning IPAM servers using GPOs, servers are discovered.
After configuring them to be managed in IPAM, what command do you need to run on the server to be managed?
A. Invoke-IpamAudit /server <ipam-servername> /domain
B. gpupdate /reset
C. Invoke-IpamAudit /server <ipam-servername> /configure
D. gpupdate /force
Answer: D
QUESTION 159
Your network contains an Active Directory domain named contoso.com.
The domain contains 10 sites. The sites are located in different cities and connect to each other by using low-latency WAN links. In each site, you plan to implement Microsoft System Center 2012 Configuration Manager and to deploy multiple servers.
You need to recommend which Configuration Manager component must be deployed to each site for the planned deployment.
What should you include in the recommendation? More than one answer choice may achieve the goal. Select the BEST answer.
A. A management point
B. A software update point
C. A distribution group point
D. A secondary site server that has all of the Configuration Manager roles installed
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/hh427335.aspx
Distribution point groups provide a logical grouping of distribution points and collections for content distribution.
A Distribution point group is not limited to distribution points from a single site, and can contain one or more distribution points from any site in the hierarchy. When you distribute content to a distribution point group, all distribution points that are members of the distribution point group receive the content.
QUESTION 160
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2008.
Server1 is configured as an enterprise certification authority (CA).
You back up all of the data on Server1, and then export the private and public keys of the CA.
You plan to replace Server1 with a new member server that was purchased recently.
You need to identify which actions must be performed on the new server to restore the certificate services of Server1.
Which three actions should you identify? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
GreatExam 70-413 dumps and 70-413 practice test which contain almost 100% correct answers are tested and approved by senior Microsoft lecturers and experts. They have been devoting themselves to providing candidates with the best 70-413 study materials to make sure what they get are valuable. Comparing with others, GreatExam 70-413 exam questions are more authoritative and complete.