Are you worring about the 70-413 exam? With the complete collection of 70-413 exam questions and answers, GreatExam has assembled to take you through your 70-413 exam preparation. Each Q & A set will test your existing knowledge of 70-413 fundamentals, and offer you the latest training products that guarantee you passing 70-413 exam easily.
QUESTION 21
You are planning the decommissioning of research.contoso.com.
You need to ensure that an administrator named Admin5 in the research department can manage the user accounts that are migrated to contoso. com.
The solution must minimize the number of permissions assigned to Admin5.
What should you do before you migrate the user accounts?
A. Run the New-Object cmdlet, and then run the Add-ADCentralAccessPolicyMember cmdlet.
B. Create a new organizational unit (OU), and then add Admin5 to the Account Operators group.
C. Run the New-Object cmdlet, and then run the Add-ADPrincipalGroupMembership cmdlet.
D. Create a new organizational unit (OU), and then run the Delegation of Control Wizard.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/dd145344.aspx
QUESTION 22
You implement and authorize the new DHCP servers.
You import the server configurations and the scope configurations from PA1 and AM1.
You need to ensure that clients can obtain DHCP address assignments after you shut down PA1 and AM1.
The solution must meet the technical requirements.
What should you do?
A. Run the Get-DhcpServerv4Lease cmdlet and the Remove-DhcpServerv4Lease cmdlet.Run the Windows Server Migration Tools.
B. Run the Get-DhcpServerv4Lease cmdlet and the Add-DhcpServerv4Lease cmdlet.Activate the scopes.
C. Run the Get-DhcpServerv4FreeIPAddress cmdlet and the Invoke-DhcpServerv4FailoverReplication cmdlet. Run the Windows Server Migration Tools.
D. Run the Get-DhcpServerv4FreeIPAddress cmdlet and the Invoke-DhcpServerv4FailoverReplication cmdlet. Activate the scopes.
Answer: B
Explanation:
The Get-DhcpServerv4Lease cmdlet gets one or more lease records from the Dynamic Host Configuration Protocol (DHCP) server service. The Add-DhcpServerv4Lease cmdlet adds a new IPv4 address lease on the Dynamic Host Configuration Protocol (DHCP) server service.
This cmdlet is only supported for DHCP server service running on Windows Server 2012.
Case Study 3 – Litware, Inc (Question 23 – Question 34)
Overview
Litware, Inc. is a manufacturing company. The company has a main office and two branch offices. The main office is located in Seattle. The branch offices are located in Los Angeles and Boston.
Existing Environment
Active Directory
The network contains an Active Directory forest named litwareinc.com. The forest contains a child domain for each office. The child domains are named boston.litwareinc.com and la.litwareinc.com. An Active Directory site exists for each office. In each domain, all of the client computer accounts reside in an organizational unit (OU) named AllComputers and all of the user accounts reside in an OU named AllUsers. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers. The functional level of the domain and the forest is Windows Server 2008.
Network Infrastructure
The main office has the following servers:
– Five physical Hyper-V hosts that run Windows Server 2012
– Three virtual file servers that run Windows Server 2008 R2
– One physical DHCP server that runs Windows Server 2008 R2
– Ten physical application servers that run Windows Server 2012
– One virtual IP Address Management (IPAM) server that runs Windows Server 2012
– One virtual Windows Server Update Services (WSUS) server that runs Windows Server 2008 R2
– One physical domain controller and two virtual domain controllers that run Windows Server 2008 R2
Each branch office has following servers:
– One virtual file server that runs Windows Server 2008 R2
– Two physical Hyper-V hosts that run Windows Server 2012
– One physical DHCP server that runs Windows Server 2008 R2
– One physical domain controller and two virtual domain controllers that run Windows Server 2008 R2
All of the offices have a high-speed connection to the Internet.
The offices connect to each other by using T1 leased lines.
The IPAM server in the main office gathers data from the DNS servers and the DHCP servers in all of the offices.
Requirements
Planned Changes
The company plans to implement the following changes:
– Implement the Active Directory Recycle Bin.
– Implement Network Access Protection (NAP).
– Implement Folder Redirection in the Boston office only.
– Deploy an application named App1 to all of the users in the Boston office only.
– Migrate to IPv6 addressing on all of the servers in the Los Angeles office. Some application servers in the Los Angeles office will have only IPv6 addresses.
Technical Requirements
The company identifies the following technical requirements:
– Minimize the amount of administrative effort whenever possible.
– Ensure that NAP with IPSec enforcement can be configured.
– Rename boston.litwareinc.com domain to bos.htwareinc.com.
– Migrate the DHCP servers from the physical servers to a virtual server that runs Windows Server 2012.
– Ensure that the members of the Operators groups in all three domains can manage the IPAM server from their client computer.
VPN Requirements
You plan to implement a third-party VPN server in each office. The VPN servers will be configured as RADIUS clients. A server that runs Windows Server 2012 will perform RADIUS authentication for all of the VPN connections.
Visualization Requirements
The company identifies the following virtualization requirements:
– Virtualize the application servers.
– Ensure that the additional domain controllers for the branch offices can be deployed by using domain controller cloning.
– Automatically distribute the new virtual machines to Hyper-V hosts based on the current resource usage of the Hyper-V hosts.
Server Deployment Requirements
The company identifies the following requirements for the deployment of new servers on the network:
– Deploy the new servers over the network.
– Ensure that all of the server deployments are done by using multicast.
Security Requirements
A new branch office will open in Chicago. The new branch office will have a single read-only domain controller (RODC). Confidential attributes must not be replicated to the Chicago office.
QUESTION 23
You need to recommend a server deployment strategy for the main office that meets the server deployment requirements.
What should you recommend installing in the main office?
A. Windows Deployment Services (WDS)
B. The Windows Automated Installation Kit (Windows AIK)
C. The Express Deployment Tool (EDT)
D. The Windows Assessment and Deployment Kit (Windows ADK)
Answer: A
Explanation:
WDS is a server role that enables you to remotely deploy Windows operating systems. You can use it to set up new computers by using a network-based installation. This means that you do not have to install each operating system directly from a CD, USB drive, or DVD.
QUESTION 24
You need to implement the technical requirements for the boston.litwareinc.com domain.
Which tools should you use?
A. Gpfixup and Gpupdate
B. Rendom and Gpfixup
C. Gpupdate and Dcgpofix
D. Adprep and Rendom
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc732097(v=ws.10).aspx
QUESTION 25
You need to recommend a server virtualization strategy that meets the technical requirements and the virtualization requirements.
What should you include in the recommendation?
A. Windows Server Backup
B. The Microsoft Virtual Machine Converter
C. Microsoft System Center 2012 Virtual Machine Manager (VMM)
D. Disk2vhd
Answer: C
Explanation:
System Center Virtual Machine Manager 2012: VMM…
System Center Virtual Machine Manager 2012: VMM Gets Major Upgrade
Expanded hypervisor support, virtual application support and a myriad of other upgrades are coming in the new VMM 2012.
Paul Schnackenburg
There’s no doubt that Microsoft is making System Center Virtual Machine Manager (VMM) a key component of the System Center suite. The scope of the product is being expanded so much that it could be renamed “System Center Virtual Datacenter Manager.” The new version of VMM is currently in beta and is scheduled for release in the second half of 2011.
VMM can now do bare-metal installations on fresh hardware, create Hyper-V clusters instead of just managing them, and communicate directly with your SAN arrays to provision storage for your virtual machines (VMs). The list of supported hypervisors has also arown – it includes not only Hyper-V and VMware vSphere Hvpervisor, but
http://technet.microsoft.com/en-gb/magazine/hh300651.aspx
QUESTION 26
You need to recommend a remote access solution that meets the VPN requirements.
Which role service should you include in the recommendation?
A. Routing
B. Network Policy Server
C. DirectAccess and VPN (RAS)
D. Host Credential Authorization Protocol
Answer: B
Explanation:
Updated: March 29, 2012
Applies To: Windows Server 2008 R2, Windows Server 2012
Network Policy Server
Network Policy Server (NPS) allows you to create and enforce organization-wide network access policies for client health, connection request authentication, and connection request authorization. In addition, you can use NPS as a Remote Authentication Dial-In User Service (RADIUS) proxy to forward connection requests to a server running NPS or other RADIUS servers that you configure in remote RADIUS server groups.
NPS allows you to centrally configure and manage network access authentication, authorization, are client health policies with the following three features: RADIUS server.
NPS performs centralized authorization, authorization, and accounting for wireless, authenticating switch, remote access dial-up and virtual private network (VNP) connections. When you use NPS as a RADIUS server, you configure network access servers, such as wireless access points and VPN servers, as RADIUS clients in NPS. You also configure network policies that NPS uses to authorize connection requests, and you can configure RADIUS accounting so that NPS logs accounting information to log files on the local hard disk or in a Microsoft SQL Server database. For more information, see RADIUS Server.
http://technet.microsoft.com/en-us/library/cc732912.aspx
QUESTION 27
You need to recommend changes to the Active Directory site topology to support on the company’s planned changes.
What should you include in the recommendation?
A. A new site link bridge
B. A new subnet
C. A new site link
D. A new site
Answer: B
Explanation:
Sites overview
Sites in AD DS represent the physical structure, or topology, of your network. AD DS uses network topology information, which is stored in the directory as site, subnet, and site link objects, to build the most efficient replication topology. The replication topology itself consists of the set of connection objects that enable inbound replication from a source domain controller to the destination domain controller that stores the connection object.
The Knowledge Consistency Checker (KCC) creates these connection objects automatically on each domain controller.
http://technet.microsoft.com/en-us/library/cc754697.aspx
QUESTION 28
You need to recommend an IPAM management solution for the Operators groups.
The solution must meet the technical requirements.
What should you include in the recommendation?
A. Run the Invoke IpamGpoProvisioning cmdlet in all three domains. Add the computers used by the members of the Operators group to the IPAM server.
B. Modify the membership of the IPAM Administrators group and the WinRMRemoteWMIUsers_group on the IPAM server.
C. Run the Set-IpamConfiguration cmdlet on the IPAM server. Run the Invoke-IpamGpoProvisioning cmdlet in all three domains.
D. Run the Set-IpamConfiguration cmdlet and modify the membership of the WinRMRemoteWMIUsers_group on the IPAM server.
Answer: B
QUESTION 29
You need to recommend a migration strategy for the DHCP servers.
The strategy must meet the technical requirements.
Which Windows PowerShell cmdlet should you recommend running on the physical DHCP servers?
A. Receive-SmigServerData
B. Import-SmigServerSetting
C. Export-SmigServerSetting
D. Send-SmigServerData
Answer: C
Explanation:
* Scenario:
/ Main office: One physical DHCP server that runs Windows Server 2008 R2 / each branch office: One physical DHCP server that runs Windows Server 2008 R2 / The IPAM server in the main office gathers data from the DNS servers and the DHCP servers in all of the offices.
* Example:
Command Prompt: C:\PS>
Export-SmigServerSetting -Feature “DHCP” -User All -Group -Path “c:\temp\store” – Verbose
This sample command exports the Dynamic Host Configuration Protocol (DHCP) Server and all other Windows features that are required by DHCP Server.
https://technet.microsoft.com/en-us/library/dd379483%28v=ws.10%29.aspx
QUESTION 30
You need to recommend a solution that meets the security requirements.
Which schema attribute properties should you recommend modifying?
A. isCriticalSystemObject
B. searchFlags
C. schemaFlagsEx
D. isIndexed
Answer: B
Explanation:
Applies To: Windows Server 2008, Windows Server 2012
This topic includes procedures for adding an attribute to the filtered attribute set (FAS) for a readonly domain controller (RODC) and marking the attribute as confidential data. You can perform these procedures to exclude specific data from replicating to RODCs in the forest. Because the data is not replicated to any RODCs, you can be assured that the data will not be revealed to an attacker who manages to successfully compromise an RODC. In most cases, adding an attribute to the RODC FAS is completed by the developer of the application that added the attribute to the schema.
– Determine and then modify the current searchFlags value of an attribute
– Verify that an attribute is added to the RODC FAS
– Determine and then modify the current searchFlags value of an attribute
To add an attribute to an RODC FAS, you must first determine the current searchFlags value of the attribute that you want to add, and then set the following values for searchflags:
– To add the attribute to the RODC FAS, set the 10th bit to 0x200.
– To mark the attribute as confidential, set the 7th bit to 0x080.
http://technet.microsoft.com/en-us/library/cc754794(v=ws.10).aspx
QUESTION 31
You need to recommend a Group Policy strategy to support the company’s planned changes.
What should you include in the recommendation?
A. Link a Group Policy object (GPO) to the AllComputers OU in each domain.
B. Link a Group Policy object (GPO) to litwareinc.com and configure filtering.
C. Link a Group Policy object (GPO) to each domain.
D. Link a Group Policy object (GPO) to the Boston site.
Answer: D
QUESTION 32
You need to ensure that NAP meets the technical requirements.
Which role services should you install?
A. Network Policy Server, Health Registration Authority and Host Credential Authorization Protocol
B. Health Registration Authority, Host Credential Authorization Protocol and Online Responder
C. Certification Authority, Network Policy Server and Health Registration Authority
D. Online Responder, Certification Authority and Network Policy Server Answer:C
Answer: C
Explanation:
Health Registration Authority
Applies To: Windows Server 2008 R2, Windows Server 2012
Health Registration Authority (HRA) is a component of a Network Access Protection (NAP) infrastructure that plays a central role in NAP Internet Protocol security (IPsec) enforcement.
HRA obtains health certificates on behalf of NAP clients when they are compliant with network health requirements. These health certificates authenticate NAP clients for Ipsecprotected communications with other NAP clients on an intranet. If a NAP client does not have a health certificate, the IPsec peer authentication fails and the NAP client cannot initiate communication with other IPsec-protected computers on the network.
HRA is installed on a computer that is also running Network Policy Server (NPS) and Internet Information Services (IIS). If they are not already installed, these services will be added when you install HRA.
http://technet.microsoft.com/en-us/library/cc732365.aspx
QUESTION 33
You need to recommend a change to the Active Directory environment to support the company’s planned changes.
What should you include in the recommendation?
A. Upgrade the domain controllers that have the PDC emulator master role to Windows Server 2012.
B. Raise the functional level of the domain and the forest.
C. Implement Administrator Role Separation.
D. Upgrade the domain controller that has the domain naming master role to Windows Server 2012.
Answer: B
Explanation:
From case study:
* Implement the Active Directory Recycle Bin.
QUESTION 34
You need to recommend changes to the Active Directory environment to support the visualization requirements.
What should you include in the recommendation?
A. Raise the functional level of the domain and the forest.
B. Implement Administrator Role Separation.
C. Upgrade the domain controllers that have the PDC emulator master role to Windows Server 2012.
D. Upgrade the domain controller that has the domain naming master role to Windows Server 2012.
Answer: C
Explanation:
From case study:
* Ensure that the additional domain controllers for the branch offices can be deployed by using domain controller cloning.
Case Study 4 – Northwind Traders (Question 35 – Question 44)
Overview
Northwind Traders is a retail company.
The company has offices in Montreal and San Diego. The office in Montreal has 1,000 client computers. The office in San Diego has 100 computers. The computers in the San Diego office are often replaced. The offices connect to each other by using a slow WAN link. Each office connects directly to the Internet.
Existing Environment
Active Directory Environment
The network contains an Active Directory forest named northwindtraders.com.
The forest contains two domains named northwindtraders.com and west.northwindtraders.com.
All servers run Windows Server 2012 R2.
All client computers run Windows 7.
Each office is configured as an Active Directory site.
The site in the Montreal office is named Site1.
The site in the San Diego office is named Site2.
The forest contains four domain controllers.
The domain controllers are configured as shown in the following table.
DC1, DC2, and DC3 are writable domain controllers. R0DC1 is read-only domain controller (RODC). All DNS zones are Active Directory-integrated.
All zones replicate to all of the domain controllers.
All of the computers in the San Diego office are configured to use RODC1 as their only DNS server.
The northwindtraders.com domain contains a Group Policy object (GPO) named GPO1. GP01 is applied to all of the users in the Montreal office. All of the user accounts for the Montreal users are in the northwindtraders.com domain. All of the user accounts for the San Diego users are in the west.northwindtraders.com domain.
Network Environment
Site1 contains the member servers in the northwindtraders.com domain shown in the following table.
Server1 connects to SAN storage that supports Offloaded Data Transfer (ODX). All virtual hard disks (VHDs) are stored on the SAN.
A web application named App1 is installed on Servers.
Server3 has a shared folder that contains sales reports. The sales reports are read frequently by the users in both offices. The reports are generated automatically once per week by an enterprise resource planning (ERP) system.
A perimeter network in the Montreal office contains two standalone servers.
The servers are configured as shown in the following table.
The servers in the perimeter network are accessible from the Internet by using a domain name suffix of public.northwindtraders.com.
Each administrator has a management computer that runs Windows 8.1.
Requirements
Planned Changes
Northwind Traders plans to implement the following changes:
On Server1, create four virtual machines that run Windows Server 2012 R2.
The servers will be configured as shown in the following table.
– Configure IP routing between Site1 and the network services that Northwind Traders hosts in Windows Azure.
– Place a domain controller for the northwindtraders.com domain in Windows Azure.
– Upgrade all of the computers in the Montreal office to Windows 8.1.
– Purchase a subscription to Microsoft Office 365.
– Configure a web application proxy on Server6.
– Configure integration between VMM and IPAM.
– Apply GPO1 to all of the San Diego users.
– Connect Site1 to Windows Azure.
Technical Requirements
Northwind Traders must meet the following technical requirements:
– All virtual machines must use ODX.
– Users must be able to access App1 from the Internet.
– GPO1 must not be applied to computers that run Windows 8.1.
– All DNS zones must replicate only to DC1, DC2, and DC3.
– All computers must be able to resolve names by using a local DNS server.
– If a WAN link fails, users must be able to access all of the sales reports.
– The credentials for accessing Windows Azure must be permanently stored.
– The on-premises network must be connected to Windows Azure by using Server4.
– The administrators must be able to manage Windows Azure by using Windows PowerShell.
– The number of servers and services deployed in the San Diego office must be minimized.
– Active Directory queries for the objects in the forest must not generate WAN traffic, whenever possible.
Security Requirements
Northwind Traders identifies the following security requirements:
– Ensure that all DNS zone data is encrypted when it is replicated.
– Minimize the number of permissions assigned to users and administrators, whenever possible.
– Prevent an Active Directory Domain Services (AD DS) attribute named SSNumber from replicating to Site2.
– Ensure that users can use their northwindtraders.com user account to access the resources hosted in Office 365.
– Prevent administrators from being required to re-enter their credentials when they manage Windows Azure from approved management computers.
QUESTION 35
You need to recommend an Office 365 integration solution.
What should you include in the recommendation?
A. Active Directory directory synchronization
B. The Active Directory Migration Tool (ADMT)
C. Windows Identity Foundation (WIF) 3.5
D. The Sync Framework Toolkit
Answer: A
Explanation:
* Scenario: Each office is configured as an Active Directory site.
https://blogs.office.com/2014/04/15/synchronizing-your-directory-with-office-365-is-easy/
QUESTION 36
You need to recommend a solution for the sales reports.
What should you include in the recommendation?
A. BranchCache in distributed cache mode
B. Offline files
C. BranchCache in hosted cache mode
D. Distributed File System (DFS)
Answer: A
Explanation:
Branch Office is connected to the main office via a slow WAN link. Users must access sales report even if WAN link fails.
Since there are no servers in San Diego and number of servers in SD must be minimized , DFS and Branch Cache Hosted server are not good solutions nor is it good to implement Synchronization of Offline Files accross a slow WAN link. only viable option is to implement Branch Cache Distributed mode.
QUESTION 37
Hotspot Question
You are evaluating the virtual machine environment.
In the table below, identify which virtual machines currently support ODX and which virtual machines require a configuration change to support ODX.
Make only one selection in each row.
Answer:
QUESTION 38
You need to recommend a solution for GPO1.
What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.
A. In west.northwindtraders.com, create a copy of GPO1 and link the new GPO to Site2.Apply a WMI filter to the new GPO.
B. In west.northwindtraders.com, create a copy of GPO1 and link the new GPO to west.northwindtraders.com. Configure security filtering on the new GPO.
C. Link GPO1 to west.northwindtraders.com and configure security filtering on GPO1.
D. Link GPO1 to Site2 and apply a WMI filter to GPO1.
Answer: A
Explanation:
http://blogs.technet.com/b/musings_of_a_technical_tam/archive/2012/02/13/understanding-the-structure-of-a-group-policy-object.aspx
QUESTION 39
You need to recommend a solution for the replication of Active Directory.
What should you recommend modifying?
A. The Active Directory Schema
B. The properties of Site1
C. The RODC1 computer account
D. The properties of Site2
Answer: A
Explanation:
An AD Schema can be configured to prevent specific information from being replicated.
You add an attribute to the RODC filtered attribute set, and then mark it as confidential.
* Scenario: Prevent an Active Directory Domain Services (AD DS) attribute named SSNumber from replicating to Site2.
https://technet.microsoft.com/en-us/library/cc772331(v=ws.10).aspx
QUESTION 40
Drag and Drop Question
You need to recommend a solution for managing Windows Azure.
Which three actions should you recommend performing in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
At GreatExam, we are positive that our Microsoft 70-413 preparation material with questions and answers PDF provide most in-depth solutions for individuals that are preparing for the Microsoft 70-413 exam. Our updated 70-413 braindumps will allow you the opportunity to know exactly what to expect on the exam day and ensure that you can pass the exam beyond any doubt.