Tips to Pass 70-413 Exam (17 to 32)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-413 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/70-413-dumps.html


Exam Code: 70-413 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Designing and Implementing a Server Infrastructure
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass 70-413 Exam.

2016 Apr 70-413 Study Guide Questions:

Q17. - (Topic 8) 

Your network contains an Active Directory domain named contoso.com. 

The domain contains the organization units (OUs) configured as shown in the following table. 


Users and computers at the company change often. 

You create a Group Policy object (GPO) named GPO6. GPO6 contains user settings. 

You need to ensure that GPO6 applies to users when they log on to the kiosk computers only. The solution must minimize administrative effort. 

What should you do? 

A. Link GPO6 to OU4 and configure loopback processing in GPO6. 

B. Link GPO6 to OU1 and configure WMI filtering on GPO3. 

C. Link GPO6 to OU1 and configure loopback processing in GPO6. 

D. Link GPO6 to OU1 and configure loopback processing in GPO5. 

Answer: A 

Explanation: Group Policy applies to the user or computer in a manner that depends on where both the user and the computer objects are located in Active Directory. However, in some cases, users may need policy applied to them based on the location of the computer object alone. You can use the Group Policy loopback feature to apply Group Policy Objects (GPOs) that depend only on which computer the user logs on to. 


Q18. - (Topic 3) 

You need to recommend a remote access solution that meets the VPN requirements. 

Which role service should you include in the recommendation? 

A. Routing 

B. Network Policy Server 

C. DirectAccess and VPN (RAS) 

D. Host Credential Authorization Protocol 

Answer: B 

Explanation: 

Scenario: 

A server that runs Windows Server 2012 will perform RADIUS authentication for all of the 

VPN connections. 

Ensure that NAP with IPSec enforcement can be configured. 

Network Policy Server 

Network Policy Server (NPS) allows you to create and enforce organization-wide network 

access policies for client health, connection request authentication, and connection request 

authorization. In addition, you can use NPS as a Remote Authentication Dial-In User 

Service 

(RADIUS) proxy to forward connection requests to a server running NPS or other RADIUS 

servers that you configure in remote RADIUS server groups. 

NPS allows you to centrally configure and manage network access authentication, 

authorization, are client health policies with the following three features: RADIUS server. 

NPS performs centralized authorization, authorization, and accounting for wireless, 

authenticating switch, remote access dial-up and virtual private network (VNP) 

connections. When you use NPS as a RADIUS server, you configure network access 

servers, such as wireless access points and VPN servers, as RADIUS clients in NPS. You 

also configure network policies that NPS uses to authorize connection requests, and you 

can configure RADIUS accounting so that NPS logs accounting information to log files on 

the local hard disk or in a Microsoft SQL Server database. 

Reference: Network Policy Server 


Q19. - (Topic 8) 

A new company registers the domain name of contoso.com. The company has a web presence on the Internet. All Internet resources have names that use a DNS suffix of contoso.com. 

A third-party hosts the Internet resources and is responsible for managing the contoso.com DNS zone on the Internet. The zone contains several hundred records. 

The company plans to deploy an Active Directory forest. 

You need to recommend an Active Directory forest infrastructure to meet the following requirements: 

. Ensure that users on the internal network can resolve the names of the company's Internet resources. 

. Minimize the amount of administrative effort associated with the addition of new Internet servers. 

What should you recommend? 

A. A forest that contains a single domain named contoso.local 

B. A forest that contains a root domain named contoso.com and another domain named contoso.local 

C. A forest that contains a root domain named contoso.com and another domain named ad.contoso.com 

D. A forest that contains a single domain named contoso.com 

Answer: C 

Explanation: Rules for Selecting a Prefix for a Registered DNS Name 

Select a prefix that is not likely to become outdated. 

Avoid names such as a business line or operating system that might change in the future. 

Generic names such as corp or ds are recommended. 

Incorrect: 

not A, not B: Using single label names or unregistered suffixes, such as .local, is not 

recommended. 


Q20. HOTSPOT - (Topic 8) 

Your network contains an Active Directory forest named northwindtraders.com. 

The client computers in the finance department run either Windows 8.1, Windows 8, or Windows 7. All of the client computers in the marketing department run Windows 8.1. 

You need to design a Network Access Protection (NAP) solution for northwindtraders.com that meets the following requirements: 

. The client computers in the finance department that run Windows 7 must have a firewall enabled and the antivirus software must be up-to-date. 

. The finance computers that run Windows 8.1 or Windows 8 must have automatic updating enabled and the antivirus software must be up-to-date. 

. The client computers in the marketing department must have automatic updating enabled and the antivirus software must be up-to-date. 

. If a computer fails to meet its requirements, the computers must be provided access to a limited set of resources on the network. 

. If a computer meets its requirements, the computer must have full access to the network. 

What is the minimum number of objects that you should create to meet the requirements? To answer, select the appropriate number for each object type in the answer area. 



Answer: 



Q21. - (Topic 4) 

You need to recommend an Office 365 integration solution. 

What should you include in the recommendation? 

A. Active Directory directory synchronization 

B. The Active Directory Migration Tool (ADMT) 

C. Windows Identity Foundation (WIF) 3.5 

D. The Sync Framework Toolkit 

Answer: A 

Explanation: * Scenario: Each office is configured as an Active Directory site. 


70-413 exam cram

Most recent 70-413 test question:

Q22. - (Topic 8) 

Your network contains an Active Directory forest named adatum.com. All domain controllers run Windows Server 2008 R2. The functional level of the domain and the forest is Windows Server 2008. 

You deploy a new Active Directory forest named contoso.com. All domain controllers run Windows Server 2012 R2. The functional level of the domain and the forest is Windows Server 2012 R2. 

You establish a two-way, forest trust between the forests. Both networks contain member servers that run either Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008. 

You plan to use the Active Directory Migration Tool 3.2 (ADMT 3.2) to migrate user accounts from adatum.com to contoso.com. SID history will be used in contoso.com and passwords will be migrated by using a Password Export Server (PES). 

You need to recommend which changes must be implemented to support the planned migration. 

Which two changes should you recommend? Each correct answer presents part of the solution. 

A. In the contoso.com forest, deploy a domain controller that runs Windows Server 2008 R2. 

B. In the adatum.com forest, upgrade the functional level of the forest and the domain. 

C. In the contoso.com forest, downgrade the functional level of the forest and the domain. 

D. In the adatum.com forest, deploy a domain controller that runs Windows Server 2012 R2. 

Answer: A,C 


Q23. - (Topic 7) 

You need to generate the required report 

Which tool should you use? 

A. Microsoft Deployment Toolkit (MDT) 

B. Microsoft Desktop Optimization Pack (MDOP) 

C. Microsoft Assessment and Planning Toolkit (MAP) 

D. Application Compatibility Toolkit (ACT) 

Answer: C 

Explanation: 

Scenario: Consolidation reports The company requires a report that describes the impact of consolidation. The report must provide the following information: 

.An inventory of the existing physical server environment 

.Visual charts that show the reduction of physical servers 

Reference: Microsoft Assessment and Planning (MAP) Toolkit for Hyper-V 


Q24. DRAG DROP - (Topic 8) 

Your network contains an Active Directory domain named contoso.com. The domain contains five servers. The servers are configured as shown in the following table. 


You plan to implement Network Access Protection (NAP) with IPSec enforcement on all client computers. 

You need to identify on which servers you must perform the configurations for the NAP deployment. 

Which servers should you identify? To answer, drag the appropriate servers to the correct actions. Each server may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.) 


Answer: 



Q25. - (Topic 8) 

Your network contains an internal network and a perimeter network. The internal network contains an Active Directory forest named contoso.com. The forest contains a Microsoft Exchange Server 2010 organization. All of the domain controllers in contoso.com run Windows Server 2012. 

The perimeter network contains an Active Directory forest named litware.com. 

You deploy Microsoft Forefront Unified Access Gateway (UAG) to litware.com. All of the domain controllers in litware.com run Windows Server 2012. 

Some users connect from outside the network to use Outlook Web App. 

You need to ensure that external users can authenticate by using client certificates. 

What should you do? 

More than one answer choice may achieve the goal. Select the BEST answer. 

A. To the perimeter network, add an Exchange server that has the Client Access server role installed. 

B. Deploy UAG to contoso.com. 

C. Enable Kerberos delegation in litware.com. 

D. Enable Kerberos constrained delegation in litware.com. 

Answer: D 

Explanation: Forefront TMG provides support for Kerberos constrained delegation (often abbreviated as KCD) to enable published Web servers to authenticate users by Kerberos afterForefront TMG verifies their identity by using a non-Kerberos authentication method. When used in this way, Kerberos constrained delegation eliminates the need for requiring users to provide credentials twice. 

Reference: About Kerberos constrained delegation 


Q26. HOTSPOT - (Topic 8) 

Your network contains an Active Directory domain named contoso.com. The domain contains four servers. The servers are configured as shown in the following table. 


You plan to provide users with the ability to use Workplace Join for their personal device when they connect to the internal network. 

You need to recommend a certificate configuration for the planned deployment. 

What should you include in the recommendation? To answer, select the appropriate names in the answer area. 



Answer: 



70-413 exam question

Breathing 70-413 paper:

Q27. HOTSPOT - (Topic 2) 

You need to recommend a configuration for the DHCP infrastructure. 

What should you recommend? To answer, select the appropriate options in the answer area. 



Answer: 



Q28. - (Topic 8) 

Your company has a main office that contains several servers and several users. The main office contains a file server named Server1 that runs Windows Server 2012. 

The users access a large report file that is created on Server1 each day. 

The company plans to open a new branch office. The branch office will contain only client computers. 

You need to implement a solution to reduce the amount of bandwidth used by the client computers in the branch office to download the report each day. 

What should you do? 

More than one answer choice may achieve the goal. Select the BEST answer. 

A. Install the BranchCache for network files role service on Server1. Configure the client computers to use BranchCache in hosted cache mode. 

B. Configure the offline settings of the shared folder that contains the report. 

C. Install the BranchCache for network files role service on Server1. Configure the client computers to use Branchcache in distributed mode. 

D. Enable the Background Intelligent Transfer Service (BITS) feature on Server1 and on each client computer in the branch office. Move the report to a web folder. 

Answer: C 

Explanation: 

Distributed cache mode. In this mode, branch office client computers download content from the content servers in the main office and then cache the content for other computers in the same branch office. 

Distributed cache mode does not require a server computer in the branch office. Reference: BranchCache Deployment Guide 


Q29. - (Topic 8) 

Your company plans to hire 100 sales representatives who will work remotely. 

Each sales representative will be given a laptop that will run Windows 7. A corporate image of Windows 7 will be applied to each laptop. 

While the laptops are connected to the corporate network, they will be joined to the domain. The sales representatives will not be local administrators. 

Once the laptops are configured, each laptop will be shipped by courier to a sales representative. 

The sales representative will use a VPN connection to connect to the corporate network. 

You need to recommend a solution to deploy the VPN settings for the sales representatives. The solution must meet the following requirements: 

. Ensure that the VPN settings are the same for every sales representative. 

. Ensure that when a user connects to the VPN, an application named App1 starts. 

What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer. 

A. VPN auto triggering 

B. The Add-VpnConnectioncmdlet 

C. The Connection Manager Administration Kit (CMAK) 

D. Group Policy preferences 

Answer: C 

Explanation: Connection Manager is a client network connection tool that allows a user to connect to a remote network, such as an Internet service provider (ISP), or a corporate network protected by a virtual private network (VPN) server. The Connection Manager Administration Kit (CMAK) is a tool that you can use to customize the remote connection experience for users on your network by creating predefined connections to remote servers and networks. To create and customize a connection for your users, you use the CMAK wizard. 

Reference: Connection Manager Administration Kit 


Q30. DRAG DROP - (Topic 8) 

Your network contains an Active Directory forest named contoso.com. 

Your company merges with another company that has an Active Directory forest named 

litwareinc.com. 

Each forest has one domain. 

You establish a two-way forest trust between the forests. 

The network contains three servers. The servers are configured as shown in the following table. 


You confirm that the client computers in each forest can resolve the names of the client computers in both forests. 

On dc1.litwareinc.com, you create a zone named GlobalNames. 

You need to recommend changes in both forests to ensure that the users in both forests can resolve single-label names by using the GlobalNames zone in litwareinc.com. 

Which changes should you recommend? 

To answer, drag the appropriate configuration to the correct server in the answer area. Each configuration may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content. 


Answer: 



Q31. - (Topic 4) 

You need to implement a solution for DNS replication. 

Which cmdlets should you run? 

A. Set-DnsServer and Invoke-DnsServerZoneSign 

B. ConvertTo-DnsServerPrimaryZone and Register-DnsServerDirectoryPartition 

C. UnRegister-DnsServerDirectoryPartition and Add-DnsServerForwarder 

D. Set-DnsServerDnsSecZoneSetting and Invoke-DnsServerZoneSign 

Answer: C 

Explanation: * UnRegister-DnsServerDirectoryPartition The UnRegister-DnsServerDirectoryPartition cmdlet deregisters a Domain Name System (DNS) server from a specified DNS application directory partition. After you deregister a DNS server from a DNS application directory partition, the DNS server removes itself the from the replication scope of the partition. 

* Add-DnsServerForwarder The Add-DnsServerForwarder cmdlet adds one or more forwarders to a DNS server's forwarders list. If you prefer one of the forwarders, put that forwarder first in the series of forwarder IP addresses. After you first use this cmdlet to add forwarders to a DNS server, this cmdlet adds forwarders to the end of the forwarders list. 


Q32. - (Topic 8) 

Your network contains an Active Directory domain named contoso.com. Client computers run either Windows 7 or Windows 8. 

You plan to implement several Group Policy settings that will apply only to laptop computers. 

You need to recommend a Group Policy strategy for the planned deployment. 

What should you include in the recommendation? 

More than one answer choice may achieve the goal. Select the BEST answer. 

A. Loopback processing 

B. WMI filtering 

C. Security filtering 

D. Block inheritance 

Answer: B 

Explanation: 

Group Policy WMI Filter – Laptop or Desktop Hardware A method to detect hardware as laptop only is to look for the presence of a battery based on the BatteryStatus property of the Win32_Battery class. By using the Win32_Battery class, we can search to see if there is a battery present. If the battery status is not equal to zero (BatteryStatus <> 0 ) then you know that it is a laptop. 

Reference: Group Policy WMI Filter – Laptop or Desktop Hardware 



see more Designing and Implementing a Server Infrastructure