Info For 100% 70-413 Exam Pass: PassLeader have been updated the 70-413 exam dumps and added the new exam questions, in the latest version of VCE and PDF braindumps, you will get all the new changed 70-413 exam questions, which will help you 100% passing exam, and you will get the free version of VCE Player together with your 70-413 practice tests.
QUESTION 121
Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites. You plan to deploy DirectAccess. The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network. You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement Solution: You set the ISATAP State to state disabled. Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 122
Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites. You plan to deploy DirectAccess. The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network. You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement. Solution: You enable split tunneling. Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 123
Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.
All client computers run either Windows 7 or Windows 8. Goal: You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3. Solution: You implement the 802.1x Network Access Protection (NAP) enforcement method. Does this meet the goal?
A. Yes
B. No
Answer: A
QUESTION 124
Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.
All client computers run either Windows 7 or Windows 8. The corporate security policy states that all of the client computers must have the latest security updates installed. You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3. Solution: You implement the VPN enforcement method. Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 125
Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.
All client computers run either Windows 7 or Windows 8. The corporate security policy states that all of the client computers must have the latest security updates installed. You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3. Solution: You implement the DHCP Network Access Protection (NAP) enforcement method. Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 126
Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Network Policy Server server role installed. You configure Server1 as part of a Network Access Protection (NAP) solution that uses the 802.lx enforcement method. You add a new switch to the network and you configure the switch to use 802.lx authentication. You need to ensure that only compliant client computers can access network resources through the new switch. What should you do on Server1?
A. Add the IP address of each new switch to a remediation server group.
B. Add the IP address of each new switch to the list of RADIUS clients.
C. Add the IP address of each new switch to a connection request policy as an Access Client IPv4 Address.
D. Add the IP address of each new switch to a remote RADIUS server group.
Answer: B
QUESTION 127
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain has a certification authority (CA). You create four certificate templates. The templates are configured as shown in the following table:
You install the Remote Access server role in the domain. You need to configure DirectAccess to use one-time password (OTP) authentication. What should you do? To answer, select the appropriate options in the answer area,
QUESTION 128
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com. The domain contains five servers. The servers are configured as shown in the following table.
You plan to implement Network Access Protection (NAP) with IPSec enforcement on all client computers. You need to identify on which servers you must perform the configurations for the NAP deployment. Which servers should you identify? To answer, drag the appropriate servers to the correct actions. Each server may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
QUESTION 129
Your network contains an Active Directory domain. All servers run Windows Server 2012 R2. The domain contains the servers shown in the following table.
You need to recommend which servers will benefit most from implementing data deduplication. Which servers should you recommend?
A. Server1 and Server2
B. Server1 and Server3
C. Server1 and Server4
D. Server2 and Server3
E. Server2 and Server4
F. Server3 and Server4
Answer: D
QUESTION 130
Your network contains an Active Directory forest named adatum.com. All domain controllers run Windows Server 2008 R2. The functional level of the domain and the forest is Windows Server 2008. You deploy a new Active Directory forest named contoso.com. All domain controllers run Windows Server 2012 R2. The functional level of the domain and the forest is Windows Server 2012 R2. You establish a two-way, forest trust between the forests. Both networks contain member servers that run either Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008. You plan to use the Active Directory Migration Tool 3.2 (ADMT 3.2) to migrate user accounts from adatum.com to contoso.com. SID history will be used in contoso.com and passwords will be migrated by using a Password Export Server (PES). You need to recommend which changes must be implemented to support the planned migration. Which two changes should you recommend? Each correct answer presents part of the solution.
A. In the contoso.com forest, deploy a domain controller that runs Windows Server 2008 R2.
B. In the adatum.com forest, upgrade the functional level of the forest and the domain.
C. In the contoso.com forest, downgrade the functional level of the forest and the domain.
D. In the adatum.com forest, deploy a domain controller that runs Windows Server 2012 R2.
Answer: AC
http://www.passleader.com/70-413.html
QUESTION 131
Your network contains an Active Directory forest. The forest contains a single domain. The forest has five Active Directory sites. Each site is associated to two subnets. You add a site named Site6 that contains two domain controllers. Site6 is associated to one subnet. You need to verify whether replication to the domain controllers in Site6 completes successfully. Which two possible commands can you use to achieve the goal? Each correct answer presents a complete solution.
A. Get-ADReplicationSubnet
B. Get-ADReplicationUpToDatenessVectorTable
C. repadmin /showattr
D. Get-ADReplicationSite1ink
E. repadmin /showrepl
Answer: BE
QUESTION 132
Your company has a main office and a branch office. The network contains an Active Directory domain named contoso.com. The main office contains domain controllers that run Windows Server 2012. The branch office contains a read-only domain controller (RODC) that runs Windows Server 2012. You need to recommend a solution to control which Active Directory attributes are replicated to the RODC. What should you include in the recommendation?
A. The partial attribute set
B. The filtered attribute set
C. Application directory partitions
D. Constrained delegation
Answer: B
QUESTION 133
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The forest functional level is Windows Server 2012. Your company plans to deploy an application that will provide a search interface to users in the company. The application will query the global catalog for the Employee-Number attribute. You need to recommend a solution to ensure that the application can retrieve the Employee-Number value from the global catalog. What should you include in the recommendation?
A. the Dsmod command
B. the Ldifde command
C. the Enable-ADOptionalFeaturecmdlet
D. the Csvde command
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/ee617209.aspx – Enable-AdOptionalFeature
http://technet.microsoft.com/en-us/library/ee617218.aspx – Get-ADOptionalFeature (as of W2012R2, only OptionalFeature is ActiveDirectory Recycle Bin).
QUESTION 134
Your company has three offices. The offices are located in New York, Chicago, and Atlanta. The network contains an Active Directory domain named contoso.com that has three Active Directory sites named Site1, Site2,and Site3. The New York office is located in Site1. The Chicago office is located in Site2. The Atlanta office is located in Site3. There is a local IT staff to manage the servers in each site. The current domain controllers are configured as shown in the following table.
The company plans to open a fourth office in Montreal that will have a corresponding Active Directory site. Because of budget cuts, a local IT staff will not be established for the Montreal site. The Montreal site has the following requirements:
– Users must be able to authenticate locally.
– Users must not have the ability to log on to the domain controllers.
– Domain account passwords must not be obtained from servers in the Montreal site.
– Network bandwidth between the Montreal site and the other sites must be minimized.
– Users in the Montreal office must have access to applications by using Remote Desktop Services (RDS).
You need to recommend a solution for the servers in the Montreal site. What should you recommend?
A. Only install a domain controller in the Montreal site that has a Server Core installation of Windows Server 2012.
B. Install a read-only domain controller (RODC) in the New York site.
C. Install a read-only domain controller (RODC) in the Montreal site. Install a member server in the New York site to host additional server roles.
D. Install a domain controller in the Montreal site that has a Server Core installation of Windows Server 2012. Install a member server in the Montreal site to host additional server roles,
Answer: C
QUESTION 135
Hotspot Question
Your network contains an Active Directory forest name fabrikam.com. The forest contains two domains named fabrikam.com and contoso.com. All servers run Windows Server 2012 R2. The forest contains a DHCP server named Server1 and a DNS server named Server2. You need to recommend a solution to ensure that any computers that are neither members of contoso.com nor fabrikam.com receive a DNS suffix of guest.fabrikam.com. What two commands should you run? To answer, select the appropriate options in the answer area.
QUESTION 136
Your company has three offices. The offices are located in Montreal, Toronto, and Vancouver. The network contains two Active Directory forests named contoso.com and adatum.com. The contoso.com forest contains one domain. The adatum.com forest contains two domains. All of the servers in adatum.com are located in the Toronto office. The servers in contoso.com are located in the Montreal and Vancouver offices. All of the servers in both of the forests run Windows Server 2012 R2. A two-way, forest trusts exists between the forests. Each office contains DHCP servers and DNS servers. You are designing an IP Address Management (IPAM) solution to manage the network. You need to recommend a solution for the placement of IPAM servers to manage all of the DHCP servers and all of the DNS servers in both of the forests. The solution must minimize the number of IPAM servers deployed. What should you recommend?
A. One IPAM server in each office
B. One IPAM server in the Montreal office and one IPAM server in the Toronto office
C. One IPAM server in the Toronto office
D. Two IPAM servers in the Toronto office and one IPAM server in the Montreal office
E. Two IPAM servers in the Toronto office, one IPAM server in the Montreal office, and one IPAM server in the Vancouver office
Answer: B
QUESTION 137
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain and two sites named Montreal and Vancouver. Montreal contains an IP Address Management (IPAM) server named Server1 that is used to manage all of the DHCP servers and the DNS servers in the site. Vancouver contains several DHCP servers and several DNS servers. In Vancouver, you install the IP Address Management (IPAM) Server feature on a server named Server2. You need to recommend which configurations must be performed to ensure that the DHCP servers and the DNS servers in Vancouver are managed by Server2. What should you recommend?
A. Replicate the IPAM database from Server1 to Server2. On Server2, change the manageability status of the DNS servers and the DHCP servers in Vancouver.
B. Replicate the IPAM database from Server1 to Server2. On Server1, change the manageability status of the DNS servers and the DHCP servers in Vancouver.
C. From Server2, run the Invoke-IpamGpoProvisioningcmdlet. On Server2, change the manageability status of the DNS servers and the DHCP servers in Vancouver.
D. From Server1, run the Invoke-IpamGpoProvisioningcmdlet. On Server1, change the manageability status of the DNS servers and the DHCP servers in Vancouver.
Answer: C
QUESTION 138
Hotspot Question
You have a domain controller that hosts an Active Directory-integrated zone. On the domain controller, you run the following cmdlet:
PS C:\> Get-DnsServerScavenging
NoRefreshlnterval:2.00:00:00
Refreshlnterval:3.00:00:00
Scavenginglnterval:4.00:00:00
ScavengingState:True
LastScavengeTime:1/30/2014 9:10:36 AM
Use the drop-down menus to select the answer choice that completes each statement.
QUESTION 139
Your network contains an Active Directory domain named contoso.com. The domain contains the organization units (OUs) configured as shown in the following table.
Users and computers at the company change often. You create a Group Policy object (GPO) named GPO6. GPO6 contains user settings. You need to ensure that GPO6 applies to users when they log on to the kiosk computers only. The solution must minimize administrative effort. What should you do?
A. Link GPO6 to OU4 and configure loopback processing in GPO6.
B. Link GPO6 to OU1 and configure WMI filtering on GPO3.
C. Link GPO6 to OU1 and configure loopback processing in GPO6.
D. Link GPO6 to OU1 and configure loopback processing in GPO5.
Answer: A
QUESTION 140
Hotspot Question
Your network contains an Active Directory forest named contoso.com. The forest contains one domain. All domain controllers run Windows Server 2012. The functional level of the forest and the domain is Windows Server 2012. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.
In the forest, you plan to add a new domain controller that runs Windows Server 2012 R2. You need to prepare the environment before you add the new domain controller. Which domain controllers must be available to run each command? To answer, select the appropriate domain controllers in the answer area.