70-413 Exam Questions - Online Test
70-413 Premium VCE File
150 Lectures, 20 Hours
Our pass rate is high to 98.9% and the similarity percentage between our 70 413 pdf study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Microsoft 70 413 exam exam in just one try? I am currently studying for the Microsoft microsoft 70 413 exam. Latest Microsoft microsoft 70 413 Test exam practice questions and answers, Try Microsoft 70 413 pdf Brain Dumps First.
Q11. - (Topic 1)
You need to recommend a solution for DHCP logging. The solution must meet the technical requirement.
What should you include in the recommendation?
A. Event subscriptions
B. IP Address Management (IPAM)
C. DHCP audit logging
D. DHCP filtering
Answer: B
Explanation: * Scenario: A central log of the IP address leases and the users associated to those leases must be created.
* Feature description IPAM in Windows Server 2012 is a new built-in framework for discovering, monitoring, auditing, and managing the IP address space used on a corporate network. IPAM provides for administration and monitoring of servers running Dynamic Host Configuration Protocol (DHCP) and Domain Name Service (DNS). IPAM includes components for:
. Automatic IP address infrastructure discover)': IPAM discovers domain controllers, DHCP servers, and DNS servers in the domains you choose. You can enable or disable management of these servers by IPAM.
. Custom IP address space display, reporting, and management: The display of IP addresses is highly customizable and detailed tracking and utilization data is available. IPv4 and IPv6 address space is organized into IP address blocks, IP address ranges, and individual IP addresses. IP addresses are assigned built-in or user-defined fields that can be used to further organize IP address space into hierarchical, logical groups.
. Audit of server configuration changes and tracking of IP address usage: Operational events are displayed for the IPAM server and managed DHCP servers. IPAM also enables IP address tracking using DHCP lease events and user logon events collected from Network Policy Server (NPS), domain controllers, and DHCP servers. Tracking is available by IP address, client ID, host name, or user name.
. Monitoring and management of DHCP and DNS services: IPAM enables automated service availability monitoring for Microsoft DHCP and DNS servers across the forest. DNS zone health is displayed, and detailed DHCP server and scope management is available using the IPAM console.
Reference: IP Address Management (IPAM) Overview
Q12. DRAG DROP - (Topic 8)
Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2008 R2.
You plan to replace the domain controllers with new servers that run Windows Server 2012. The new servers will be named DC3 and DC4.
You need to recommend a strategy to replace DC1 and DC2 with DC3 and DC4. The
solution must minimize the amount of disruption to the users.
Which three actions should you recommend?
To answer, move the appropriate three actions from the list of actions to the answer area
and arrange them in the correct order.
Answer:
Q13. - (Topic 8)
Your network contains an Active Directory forest. The forest contains two Active Directory domains named contoso.com and child.contoso.com. The forest functional level is Windows Server 2003. The functional level of both domains is Windows Server 2008.
The forest contains three domain controllers. The domain controllers are configured as shown in the following table.
DC1 and DC2 have the DNS Server server role installed and are authoritative for both contoso.com and child.contoso.com.
The child.contoso.com domain contains a server named serverl.child.contoso.com that runs Windows Server 2012.
You plan to deploy server1.child.contoso.com as a read-only domain controller (RODC).
You run the adprep.exe /rodcprep command on DC3 and receive the following error message:
You need to identify what prevents you from successfully running Adprep /rodcprep on DC3.
What should you identify?
A. The domain functional level of child.contoso.com is set to the wrong level.
B. DC3 cannot connect to the infrastructure master on DC2.
C. DC3 cannot connect to the domain naming master on DC1.
D. The forest functional level is set to the wrong level.
Answer: B
Explanation: Adprep could not contact a replica…
This problem occurs when the Adprep /rodcprep command tries to contact the
infrastructure master for each application partition in the forest.
Reference: Error message when you run the "Adprep /rodcprep" command in Windows
Server 2008: "Adprep could not contact a replica for partition
DC=DomainDnsZones,DC=Contoso,DC=com"
Q14. - (Topic 6)
You need To configure the Group Policy for salespeople.
Solution: You move all shared desktops to a separate organizational unit (OU). You create one Group Policy object (GPO) that has an AppLocker policy rule and enable loopback policy processing within the GPO. You link the GPO to the new OU.
Does this meet the goal?
A. Yes
B. No
Answer: B
Q15. - (Topic 8)
You are designing an Active Directory forest for a company named Contoso, Ltd. Contoso identifies the following administration requirements for the design:
. User account administration and Group Policy administration will be performed by
network technicians. The technicians will be added to a group named OUAdmins.
. IT staff who are responsible for backing up servers will have user accounts that are members of the Backup Operators group in the domain.
. All user accounts will be located in an organizational unit (OU) named AllEmployees.
You run the Delegation of Control Wizard and assign the OUAdmins group full control to all of the objects in the AllEmployeesOU.
After delegating the required permissions, you discover that the user accounts of some of the IT staff have inconsistent permissions on the objects in AllEmployees.
You need to recommend a solution to ensure that the members of OUAdmins can manage all of the objects in AllEmployees.
What should you include in the recommendation?
A. Remove the IT staff user accounts from Backup Operators and place them in a new group. Grant the new group the Backup files and directories user right and the Restore files and directories user right. Enforce permission inheritance on all of the objects in the AllEmployeesOU.
B. Create separate administrator user accounts for the technicians. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Delegate permissions to the new user accounts.
C. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Run the Delegation of Control Wizard.
D. Move the user accounts of the technicians to a separate OU. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Run the Delegation of Control Wizard on the AllEmployeesOU.
Answer: C
Q16. - (Topic 8)
You have a server named Server1 that runs Windows Server 2012. Server1 has the DNS Server server role installed.
You need to recommend changes to the DNS infrastructure to protect the cache from cache poisoning attacks.
What should you configure on Server1?
A. DNS cache locking
B. The global query block list
C. DNS Security Extensions (DNSSEC)
D. DNS devolution
Answer: A
Explanation: Ache locking is a new feature available if your DNS server is running Windows Server 2008 R2. When you enable cache locking, the DNS server will not allow cached records to be overwritten for the duration of the time to live (TTL) value. Cache locking provides for enhanced security against cache poisoning attacks.
Q17. - (Topic 8)
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2008 R2. All domain controllers are installed on physical servers. The network contains several Hyper-V hosts.
The network contains a Microsoft System Center 2012 infrastructure.
You plan to use domain controller cloning to deploy several domain controllers that will run Windows Server 2012.
You need to recommend which changes must be made to the network infrastructure before you can use domain controller cloning.
What should you recommend?
A. Upgrade a global catalog server to Windows Server 2012. Deploy Virtual Machine Manager (VMM).
B. Upgrade a global catalog server to Windows Server 2012. Install the Windows Deployment Services server role on a server that runs Windows Server 2012.
C. Upgrade the domain controller that has the PDC emulator operations master role to Windows Server 2012. Deploy a Hyper-V host that runs Windows Server 2012.
D. Upgrade the domain controller that has the infrastructure master operations master role to Windows Server 2012. Install the Windows Deployment Services server role on a server that runs Windows Server 2012.
Answer: C
Explanation: The clone domain controller uses the security context of the source domain controller (the domain controller whose copy it represents) to contact the Windows Server 2012 Primary Domain Controller (PDC) emulator operations master role holder (also known as flexible single master operations, or FSMO). The PDC emulator must be running Windows Server 2012, but it does not have to be running on a hypervisor.
Reference: Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100)
Q18. - (Topic 4)
You need to recommend an Office 365 integration solution.
What should you include in the recommendation?
A. Active Directory directory synchronization
B. The Active Directory Migration Tool (ADMT)
C. Windows Identity Foundation (WIF) 3.5
D. The Sync Framework Toolkit
Answer: A
Explanation: * Scenario: Each office is configured as an Active Directory site.
Q19. - (Topic 3)
You need to recommend changes to the Active Directory environment to support the virtualization requirements.
What should you include in the recommendation?
A. Raise the functional level of the domain and the forest.
B. Upgrade the domain controller that has the domain naming master role to Windows Server 2012.
C. Implement Administrator Role Separation.
D. Upgrade the domain controllers that have the PDC emulator master role to Windows Server 2012.
Answer: D
Explanation: From case study:
* Ensure that the additional domain controllers for the branch offices can be deployed by using domain controller cloning.
Q20. - (Topic 2)
You run the Get-DNSServer cmdlet on DC01 and receive the following output:
You need to recommend changes to DC01. Which attribute should you recommend modifying?
A. EnablePollutionProtection
B. isReadOnly
C. Locking Percent
D. ZoneType
Answer: C
Explanation: * Scenario: The DNS servers must be prevented from overwriting the existing DNS entries that have been stored in cache.
* Cache locking is configured as a percent value. For example, if the cache locking value is set to 50, then the DNS server will not overwrite a cached entry for half of the duration of the TTL. By default, the cache locking percent value is 100. This means that cached entries will not be overwritten for the entire duration of the TTL. The cache locking value is stored in the CacheLockingPercent registry key. If the registry key is not present, then the DNS server will use the default cache locking value of 100.
Reference: DNS Cache Locking
- All About 100% Correct 70-467 vce
- Most up-to-date 70-417 Exam Study Guides With New Update Exam Questions
- Actual 70-744 Study Guides 2021
- how many questions of 70-697 exam?
- 10 Tips For Improved 70-534 pdf
- High quality AZ-100 Exam Dumps 2021
- how many questions of 70-346 braindumps?
- What Printable MS-203 Dumps Questions Is
- Refined 70-742 Study Guides 2021
- The Down to date Guide To 70-347 exam dumps