• Recent Posts

  • AmazonExam

  • Braindumps

    Easy Pass Exams!
  • Testking

    Easy Pass Exams!
  • ExamCollection

    Easy Pass Exams!
  •  

    HOT 70-410 Exam VCE Dumps >> Free Download

    HOT 70-411 Exam VCE Dumps >> Free Download

    HOT 70-412 Exam VCE Dumps >> Free Download

    HOT 70-413 Exam VCE Dumps >> Free Download

    HOT 70-414 Exam VCE Dumps >> Free Download

    HOT 70-415 Exam VCE Dumps >> Free Download

    HOT 70-416 Exam VCE Dumps >> Free Download

    HOT 70-417 Exam VCE Dumps >> Free Download

    NEW 70-432 Exam VCE Dumps >> Free Download

    NEW 70-448 Exam VCE Dumps >> Free Download

    NEW 70-457 Exam VCE Dumps >> Free Download

    NEW 70-458 Exam VCE Dumps >> Free Download

    NEW 70-459 Exam VCE Dumps >> Free Download

    HOT 70-460 Exam VCE Dumps >> Free Download

    HOT 70-461 Exam VCE Dumps >> Free Download

    HOT 70-462 Exam VCE Dumps >> Free Download

    HOT 70-463 Exam VCE Dumps >> Free Download

    HOT 70-464 Exam VCE Dumps >> Free Download

    HOT 70-465 Exam VCE Dumps >> Free Download

    HOT 70-466 Exam VCE Dumps >> Free Download

    HOT 70-467 Exam VCE Dumps >> Free Download

    HOT 70-469 Exam VCE Dumps >> Free Download

    NEW 70-470 Exam VCE Dumps >> Free Download

    NEW 70-480 Exam VCE Dumps >> Free Download

    NEW 70-481 Exam VCE Dumps >> Free Download

    NEW 70-482 Exam VCE Dumps >> Free Download

    HOT 70-483 Exam VCE Dumps >> Free Download

    NEW 70-484 Exam VCE Dumps >> Free Download

    NEW 70-485 Exam VCE Dumps >> Free Download

    NEW 70-486 Exam VCE Dumps >> Free Download

    NEW 70-487 Exam VCE Dumps >> Free Download

    HOT 70-488 Exam VCE Dumps >> Free Download

    NEW 70-489 Exam VCE Dumps >> Free Download

    NEW 70-490 Exam VCE Dumps >> Free Download

    NEW 70-491 Exam VCE Dumps >> Free Download

    NEW 70-492 Exam VCE Dumps >> Free Download

    NEW 70-494 Exam VCE Dumps >> Free Download

    NEW 70-496 Exam VCE Dumps >> Free Download

    NEW 70-497 Exam VCE Dumps >> Free Download

    NEW 70-498 Exam VCE Dumps >> Free Download

    NEW 70-499 Exam VCE Dumps >> Free Download

    NEW 70-511 Exam VCE Dumps >> Free Download

    NEW 70-513 Exam VCE Dumps >> Free Download

    NEW 70-515 Exam VCE Dumps >> Free Download

    NEW 70-516 Exam VCE Dumps >> Free Download

    NEW 70-517 Exam VCE Dumps >> Free Download

    HOT 70-532 Exam VCE Dumps >> Free Download

    HOT 70-533 Exam VCE Dumps >> Free Download

    HOT 70-534 Exam VCE Dumps >> Free Download

    NEW 70-573 Exam VCE Dumps >> Free Download

    NEW 70-576 Exam VCE Dumps >> Free Download

    NEW 70-640 Exam VCE Dumps >> Free Download

    NEW 70-642 Exam VCE Dumps >> Free Download

    NEW 70-646 Exam VCE Dumps >> Free Download

    NEW 70-659 Exam VCE Dumps >> Free Download

    NEW 70-662 Exam VCE Dumps >> Free Download

    NEW 70-663 Exam VCE Dumps >> Free Download

    NEW 70-667 Exam VCE Dumps >> Free Download

    NEW 70-668 Exam VCE Dumps >> Free Download

    NEW 70-673 Exam VCE Dumps >> Free Download

    HOT 70-680 Exam VCE Dumps >> Free Download

    NEW 70-685 Exam VCE Dumps >> Free Download

    NEW 70-686 Exam VCE Dumps >> Free Download

    NEW 70-687 Exam VCE Dumps >> Free Download

    HOT 70-688 Exam VCE Dumps >> Free Download

    NEW 70-689 Exam VCE Dumps >> Free Download

    NEW 70-692 Exam VCE Dumps >> Free Download

    NEW 70-694 Exam VCE Dumps >> Free Download

    NEW 70-695 Exam VCE Dumps >> Free Download

    NEW 70-696 Exam VCE Dumps >> Free Download

    NEW 70-697 Exam VCE Dumps >> Free Download

    NEW 70-980 Exam VCE Dumps >> Free Download

    NEW 70-981 Exam VCE Dumps >> Free Download

    NEW 74-335 Exam VCE Dumps >> Free Download

    NEW 74-338 Exam VCE Dumps >> Free Download

    NEW 74-343 Exam VCE Dumps >> Free Download

    NEW 74-344 Exam VCE Dumps >> Free Download

    HOT 74-409 Exam VCE Dumps >> Free Download

    NEW 74-674 Exam VCE Dumps >> Free Download

    NEW 74-678 Exam VCE Dumps >> Free Download

    HOT 74-697 Exam VCE Dumps >> Free Download

    NEW 77-427 Exam VCE Dumps >> Free Download

  • « | Main | »

    70-413 part2

    By admin | July 26, 2016

    Tagged with:

    QUESTION 7
    Hotspot Question
    You need to design the DNS zone for App1.
    What should you do? To answer, drag the appropriate resource record to the correct DNS se Each resource record may be used once, more than once, or not at all. You may need to drag split bar between panes or scroll to view content.
    Select and Place:

    70-413 part2

    Correct Answer:

    70-413 part2

    Section: [none]
    Explanation
    Explanation/Reference:
    Scenario:
    * A line-of-business (LOB) application named App1 is deployed on LA-SVR01 and LA-SVR02.
    * App1 uses a DNS application directory partition on LA-DC01 and NY-DC01. App1 uses IPv6 for network connectivity and must resolve single-label names for resources in the woodgrovebank.com DNS zone. GlobalNames zone has been created, but the zone has not been populated with resource records.

               
               
               
               
               
               
               
               
               
               
               
               
               
               

    100% Pass:http://examsavior.com/

    Testlet 1
    Case Study 8 – Parnell Aerospace
    Overview
    Overview
    Parnell Aerospace designs materials and components that are used for commercial airlines.
    Parnell has a main office in Dallas and branch offices m Seattle, Atlanta, and New York Parnell has an Active Directory Domain Services (AD DS) domain named parnellaero.com for the Dallas and Manta offices. The forest and
    Domain functional levels are set to Windows Server 2008.
    Domain Controllers
    The domain controllers are displayed in the following table:

    70-413 part2

    The Seattle and New York offices have then own child domain named sales.parnellaero.com. The domain controllers are displayed in the following table.

    70-413 part2

    Parnell also has a number of satellite offices, without domain controllers, that act as both sales and design locations.
    Employees have the ability to walk into any office to connect to their respective domain and access the software they need.
    All servers in each office run Windows Server 2012 R2 and are 64-bit platforms. Client devices in each office run windows 7 and windows 8.1.
    Expansion
    Parnell Aerospace is expanding to Great Britain. Parnell creates the domain ukparnellaero.com for the new offices to use.
    Parnell creates a new sales office In London,
    Parnell also purchases a company in Glasgow named Flight Build that can expand Parnell’s research and design diviston. Flight Build has low security and limited bandwidth Flight Build has the domain name flightbuild.com. Flight Build has a single domain controller named FB-DC. Flight Build users use an application that must run on the domain controller
    Flight Build’s server environment contains a server that runs Windows Server 2012 R2 and has Microsoft SQL Server 2012 installed. Ports 12345, 6789, and 10111 have been assigned for System Center Virtual Machine Manager (SCVMM) connections.
    The domatn controllers for the two new offices are displayed In the following table:

     

    70-413 part2

    Business Requirements
    Accessing Data Globally
    Employees in any office, including satellite and branch offices, must be able to work securely on internal applications, independent of device, and still access all of the information they need.
    At times, a large percentage of user’s congregate in the same geography to work: on a specific task and environments need to scale quickly to meet the demands.
    Application performance
    In order to allow multiple simultaneous users to access the design application. The design application is published by using SCVMM
    Data Conformity
    All data needs to be synchronized between all offices to ensure that all users have the latest Information available
    Disaster Preparedness
    In case of natural disaster, Parnell Aerospace must be able to continue work without disruption Servers In any location must be restored rapidly.
    Expansion
    The domain flightbuild.com must be renamed to integrate it into the domain uk.parmellaero.com
    Users in the newly acquired Glasgow office report issues with long logon tunes. Parnell Aerospace must prepare a new domain controller for the logon traffic.
    Parnell plans to deploy an additional SCVMM server m the Flight Built environment.
    Sales reports
    Parnell Aerospace’s sales organization uses a large number of slaes reports that are in the Excel format. The reports are very large and accessed often throughout the day. Users report that it takes a long time to open the files, even when they are using the local network.
    Technical Requirements
    Mixed environment
    The existing environment contains Windows servers and legacy UNIX sewers. All UNIX servers run 32-bit operating systems. A Server named UNIX1 is a Fileserver.
    Sales reports
    Sales reports must be saved on an automated storage tier named Sales Reports. All file servers are equipped with both solld-state drives and standard hard-dusk drives.
    Sales Application
    A sales application in the parneraero.com domain must be accessible to users outside of the network during sales calls.
    The application ls configured by using automatic triggering of VPN connections.
    Design Application
    A design application must allow automatic logon by using VPN when users in the parnellaero.com domain are working from a location outside of the office. Users report the authentication fails.
    UK Division Sales
    Sales people in the new UK domain must be able to access a web-based sales application named UKSales that is used ln then geography by using any device including hand-held units, smart phones, and laptop computers.
    Active Directory
    The Active Directory Recycle Bin must be enabled throughout the forest.
    QUESTION 1
    You need to resolve the access issue at the newly acquired office.
    What should you do.
    A. Install a domain Controller and configure Universal Group Membership Caching.
    B. Install a domain Controller and add the Global Catalog role.
    C. Install a read-only domain controller.
    D. Install a domain controller and enable BranchCache.
    Correct Answer: C
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 2
    You need to configure access to legacy systems.
    How should you complete the relevant command? To answer, select the appropriate options in the answer area.
    Hot Area:

    70-413 part2

    Correct Answer:70-413 part2

    Section: [none] Answer should be : mount [-o nolock] \\unix1\share1 {unix1|*}
    Explanation
    Explanation/Reference:
    QUESTION 3
    This question consists of two statements: One is named Assertion and the other is named Reason. Both of these statements may be true: both may be false; or one may be true, while the other may be false.
    To answer this question, you must first evaluate whether each statement is true on its own. If both statements are true, then you must evaluate whether the Reason (the second statement) correctly explains the Assertion (the first statement). You will then select the answer from the list of answer choices that matches your evaluation of the two statements.
    Assertion:
    You can run the RENDOM command on the GIA-DC domain controller to rename the domain.
    Reason:
    The RENDOM command is installed as part of the Active Directory Domain Services role when you promote a server to the domain controller role. The command allows you to rename the domain.
    Evaluate the Assertion and Reason statements and choose the correct answer option.
    A. Both the Assertion and Reason are true. and the Reason is the correct explanation for the Assertion.
    B. Both the Assertion and Reason are true but the Reason is not the correct explanation for the Assertion.
    C. The Assertion is true, but the Reason Is false.
    D. The Assertion is false, but the Reason is true.
    E. Both the Assertion and the Reason are false.
    Correct Answer: A
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 4
    You need to give Great Britain division access to the UKSales application
    What should you set up?
    A. a border Gateway protocol
    B. a multi-tenant client-to-site VPN gateway
    C. a web application proxy
    D. a multi tenant Remote Access VPN gateway
    Correct Answer: C
    Section: [none]
    Explanation
    Explanation/Reference:
    In the section sales department UK states: The sales staff of the new domain for the United Kingdom must comply with any device, including smartphones and laptop, can access a web-based sales application named UKSales for their region. The web-based sales application UKSales is not identical to the sales application is hosted in greenwing.com domain. In the sales application domain greenwing.com is a client-server application. In order to optimize the security of access to the web-based application UKSales, a Webanwendungsproxy (reverse proxy) should be installed and configured.
    QUESTION 5
    You need to ensure that all users can launch the destgn application
    How should you complete the relevant Windows PowerShell script? To answer,select the appropiate cmdlets in the answer area.
    Hot Area:

    70-413 part2 Correct Answer:70-413 part2

    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 6
    You Need to Add the Desire Functionality to the Domain
    Select and Place:

    70-413 part2

    Correct Answer:

    70-413 part2

    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 7
    You need to ensure that users can access sales reports. Which windows PowerShell cmdlet should you run?
    A. set_FilestorageTier
    B. Get-FileStorageTier
    C. Set-storageTier
    D. Get_StorageProvider
    E. Clear-FileStorageTier
    Correct Answer: A
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 8
    You need to configure the replication of user credentials for the Great Britain division.
    Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
    Select and Place:

    70-413 part2

    The answer is in a wrong order
    It should be:
     Launch the active directory users and computers applet by using domain admin credentials
     Add the existing users to the replication list and set access level to deny.
     On GLA-DC, configure the LON-DC1 account.
    Explanation/Reference:
    Drag and Drop
    You must configure the replication of credentials of the user for the area of Great Britain. What three steps will guide you in order from? (The available actions are shown in the picture. Click the Drawing button and assign the necessary three steps in the proper order at.)
    A) Insert the Password Replication Policy, the existing accounts, and configure the access level with Deny .
    B) Use the credentials of the Domain Admins and open the Active Directory Snap-In Domains and Trusts.
    C) Use the credentials of the Domain Admins and open the Active Directory Snap-In Users and Computers.
    D) Configure on EF – DC , the properties of the account of LON – DC-01 .
    E) Configure on LON – DC-01, the properties of the account of EF – DC .
    F) Insert the Password Replication Policy, the existing accounts , and configure the access level with Allow.
    Answers: C, E and F

    The answer is in a wrong order
    It should be:
     Launch the active directory users and computers applet by using domain admin credentials
     Add the existing users to the replication list and set access level to deny.
     On GLA-DC, configure the LON-DC1 account.
    Explanation/Reference:
    Drag and Drop
    You must configure the replication of credentials of the user for the area of Great Britain. What three steps will guide you in order from? (The available actions are shown in the picture. Click the Drawing button and assign the necessary three steps in the proper order at.)
    A) Insert the Password Replication Policy, the existing accounts, and configure the access level with Deny .
    B) Use the credentials of the Domain Admins and open the Active Directory Snap-In Domains and Trusts.
    C) Use the credentials of the Domain Admins and open the Active Directory Snap-In Users and Computers.
    D) Configure on EF – DC , the properties of the account of LON – DC-01 .
    E) Configure on LON – DC-01, the properties of the account of EF – DC .
    F) Insert the Password Replication Policy, the existing accounts , and configure the access level with Allow.
    Answers: C, E and F

    Question Set 1
    QUESTION 1
    Your company has a main office.
    The main office is located in a building that has 10 floors.
    A datacenter on the ground floor contains a Windows Server 2012 failover cluster. The failover cluster contains a DHCP server resource named DHCP1.
    All client computers receive their IP addresses from DHCP1. All client computers are part of the 131.107.0.0/16 IPv4 subnet.
    You plan to implement changes to the network subnets to include a separate subnet for each floor of the office building.
    The subnets will connect by using routers.
    You need to recommend changes to the DHCP infrastructure to ensure that all of the client computers can receive their IP configuration by using DHCP.
    What should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.
    A. Install a remote access server on each floor.
    Configure a DHCP relay agent on each new DHCP server. Create a scope for each subnet on DHCP1.
    B. Install a DHCP server on each floor. Create a scope for the local subnet on each new DHCP server. Enable DHCP Failover on each new DHCP server.
    C. Configure each router to forward requests for IP addresses to DHCP1. Create a scope for each subnet on DHCP1.
    D. Configure each router to forward requests for IP addresses to DHCP1. Create a scope for the 10.0.0.0/16 subnet on DHCP1.
    Correct Answer: C
    Section: [none]
    Explanation
    Explanation/Reference: http://technet.microsoft.com/en-us/library/cc771390.aspx
    Excerpt: In TCP/IP networking, routers are used to interconnect hardware and software used on different physical network segments called subnets and forward IP packets between each of the subnets. To support and use DHCP service across multiple subnets, routers connecting each subnet should comply with DHCP/ BOOTP relay agent capabilities described in RFC 1542.
    QUESTION 2
    You deploy an Active Directory domain named contoso.com to the network. The domain is configured as an Active Directory-integrated zone.
    All domain controllers run Windows Server 2012 and are DNS servers. You plan to deploy a child domain named operations.contoso.com.
    You need to recommend changes to the DNS infrastructure to ensure that users in the operations department can access the servers in the contoso.com domain.
    What should you include in the recommendation?
    A. A zone delegation for _msdcs.contoso.com
    B. Changes to the replication scope of contoso.com
    C. Changes to the replication scope of _msdcs.contoso.com
    D. Changes to the replication scope of operations.contoso.com
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    http://support.microsoft.com/kb/255248
    Manually Create a Delegation for the Child Domain on the Parent (Root) DNS Server
    1. Right-click the root zone, click New Delegation, and then click Next.
    2. Type the domain name for the child domain, and then click Next.
    3. Add the child DNS server to host the new zone, and then click Next. NOTE:
    A domain controller that is a DNS server should have a static Transport Control Protocol/Internet Protocol (TCP/IP) address. Verify that this step is performed before you install DNS on the child domain controller. If no DNS TCP/IP address exists, DNS is installed as a root server. If you see that a "." folder is created after you install DNS, you must remove the root configuration.
    For additional information about how to do this, click the article number below to view the article in the Microsoft Knowledge Base:
    229840 DNS Server’s Root Hints and Forwarder Pages Are Unavailable
    4. On the child domain DNS server, right-click My Network Places, and then click Properties.
    5. Right-click the appropriate local connection, and then click Properties.
    6. Under Components checked are used by this connection, click Internet Protocol (TCP/IP), and then click Properties.
    7. Click Use the following DNS server addresses:, and then type the TCP/IP address of the parent (root) DNS server.
    QUESTION 3
    Your network contains an internal network and a perimeter network.
    The internal network contains an Active Directory forest named contoso.com. The forest contains a Microsoft Exchange Server 2010 organization.
    All of the domain controllers in contoso.com run Windows Server 2012.
    The perimeter network contains an Active Directory forest named litware.com. You deploy Microsoft Forefront Unified Access Gateway (UAG) to litware.com. All of the domain controllers in litware.com run Windows Server 2012.
    Some users connect from outside the network to use Outlook Web App.
    You need to ensure that external users can authenticate by using client certificates.
    What should you do? More than one answer choice may achieve the goal. Select the BEST answer.
    A. Enable Kerberos constrained delegation in litware.com.
    B. To the perimeter network, add an Exchange server that has the Client Access server role installed.
    C. Enable Kerberos delegation in litware.com.
    D. Deploy UAG to contoso.com.
    Correct Answer: A
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 4
    What method should you use to deploy servers?
    A. WDS
    B. AIK
    C. ADK
    D. EDT
    Correct Answer: A
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 5
    Your network contains an Active Directory domain named contoso.com. All servers run either Windows Server 2008 R2 or Windows Server 2012.
    Your company uses IP Address Management (IPAM) to manage multiple DHCP servers.
    A user named User1 is a member of the IPAM Users group and is a member of the local Administrators group on each DHCP server.
    When User1 edits a DHCP scope by using IPAM, the user receives the error message shown in the exhibit. (Click the Exhibit button.)
    You need to prevent User1 from receiving the error message when editing DHCP scopes by using IPAM. What should you do?

    70-413 part2

    A. Add User1 to the DHCP Administrators group on each DHCP server.
    B. Add User1 to the IPAM Administrators group.
    C. Run the Set-IpamServerConfig cmdlet.
    D. Run the Invoke-IpamGpoProvisioning cmdlet.
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference: http://technet.microsoft.com/en-us/library/hh831622.aspx
    IPAM Administrators: IPAM Administrators have the privileges to view all IPAM data and perform all IPAM tasks.
    QUESTION 6
    Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.
    You plan to deploy DirectAccess.
    The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network.
    You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement.
    What should you include in the recommendation?
    A. Set the ISATAP State to state enabled.
    B. Enable split tunneling.
    C. Set the ISATAP State to state disabled.
    D. Enable force tunneling.
    Correct Answer: D
    Section: [none]
    Explanation
    Explanation/Reference:
    Explanation: http://blogs.technet.com/b/csstwplatform/archive/2009/12/15/directaccess-how-toconfigure-forcetunneling-forda-so-that-client-are-forced-to-use-ip-https.aspx
    You can configure DirectAccess clients to send all of their traffic through the tunnels to the DirectAccess server with force tunneling. When force tunneling is configured, DirectAccess clients that detect that they are on the Internet modify their IPv4 default route so that default route IPv4 traffic is not sent. With the exception of local subnet traffic, all traffic sent by the DirectAccess client is IPv6 traffic that goes through tunnels to the DirectAccess server.
    QUESTION 7
    Your network contains an Active Directory domain.
    You plan to implement a remote access solution that will contain three servers that run Windows Server 2012. The servers will be configured as shown in the following table.
    You need to ensure that all VPN connection requests are authenticated and authorized by either Server2 or Server3.
    The solution must ensure that the VPN connections can be authenticated if either Server2 or Server3 fails. What should you do?

    70-413 part2

    70-413 part2 

    A. On Server1, configure a RADIUS proxy. Add Server2 and Server3 to a failover cluster.
    B. Add Server2 and Server3 to a Network Load Balancing (NLB) cluster. On Server1, modify the Authentication settings.
    C. On Server1, configure a RADIUS proxy.
    On Server2 and Server3, add a RADIUS client.
    D. On Server2 and Server3, add a RADIUS client. On Server1, modify the Authentication settings.
    Correct Answer: D
    Section: [none]
    Explanation
    Explanation/Reference:
    Explanation:
    http://technet.microsoft.com/en-us/library/cc754033.aspx
    QUESTION 8
    Your company has a main office.
    The network contains an Active Directory domain named contoso.com.
    The main office contains a server named Server1 that runs Windows Server 2012.
    Server1 has the Remote Access server role installed and is configured to accept incoming SSTP-based VPN connections. All client computers run Windows 7.
    The company plans to open a temporary office that will contain a server named Server2 that runs Windows Server 2012 and has the DHCP Server server role installed.
    The office will also have 50 client computers and an Internet connection.
    You need to recommend a solution to provide the users in the temporary office with access to the resources in the main office.
    What should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.
    A. Use the Connection Manager Administration Kit (CMAK) to create a connection package that specifies Server1 as the target for SSTP-based VPN connections.
    Manually distribute the CMAK package to each client computer in the temporary office.
    B. Install the Remote Access server role on Server2.
    From Routing and Remote Access on Server2, add a SSTP-based VPN port. From DHCP on Server2, configure the default gateway server option.
    C. Uses the Connection Manager Administration Kit (CMAK) to create a connection package that specifies Server1 as the target for SSTP-based VPN connections.
    Use a Group Policy object (GPO) to distribute the CMAK package to each client computer in the temporary office.
    D. Install the Remote Access server role on Server2.
    From Routing and Remote Access on Server2, configure a demand-dial interface. From DHCP on Server2, configure the default gateway server option.
    Correct Answer: A
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 9
    Your network contains an Active Directory domain named contoso.com.
    The domain contains servers that run either Windows Server 2008 R2 or Windows Server 2012. All client computers on the internal network are joined to the domain.
    Some users establish VPN connections to the network by using Windows computers that do not belong to the domain.
    All client computers receive IP addresses by using DHCP.
    You need to recommend a Network Access Protection (NAP) enforcement method to meet the following requirements:
    – Verify whether the client computers have up-to-date antivirus software.
    – Provides a warning to users who have virus definitions that are out-of-date.
    – Ensure that client computers that have out-of-date virus definitions can connect to the network.
    Which NAP enforcement method should you recommend?
    A. VPN
    B. DHCP
    C. IPsec
    D. 802.1x
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference: http://technet.microsoft.com/en-us/library/cc733020(v=ws.10).aspx NAP enforcement for DHCP
    DHCP enforcement is deployed with a DHCP Network Access Protection (NAP) enforcement server component, a DHCP enforcement client component, and Network Policy Server (NPS).
    Using DHCP enforcement, DHCP servers and NPS can enforce health policy when a computer attempts to lease or renew an IP version 4 (IPv4) address.
    However, if client computers are configured with a static IP address or are otherwise configured to circumvent the use of DHCP, this enforcement method is not effective.
    QUESTION 10
    Your network contains multiple servers that run Windows Server 2012. All client computers run Windows 8.
    You need to recommend a centralized solution to download the latest antivirus definitions for Windows Defender.
    What should you include in the recommendation?
    A. Microsoft System Center 2012 Endpoint Protection
    B. Network Access Protection (NAP)
    C. Microsoft System Center Essentials
    D. Windows Server Update Services (WSUS)
    Correct Answer: D
    Section: [none]
    Explanation
    Explanation/Reference:
    Explanation:
    For those who actually doubt this answer: http://support.microsoft.com/kb/919772
    To use WSUS to deploy Windows Defender definition updates to client computers, follow these steps:
    1. Open the WSUS Administrator console, and then click Options at the top of the console.
    2. Click Synchronization Options.
    3. Under Products and Classifications, click Change under Products.
    4. Verify that the Windows Defender check box is selected, and then click OK.
    5. Under Products and Classifications, click Change under Update Classifications.
    6. Verify that the Definition Updates check box is selected, and then click OK.
    7. Optional Update the automatic approval rule. To do this, follow these steps:
    a. At the top of the console, click Options.
    b. Click Automatic Approval Options.
    c. Make sure that the Automatically approve updates for installation by using the following rule check box is selected.
    d. Under Approve for Installation, click Add/Remove Classification.
    e. Verify that the Definition Updates check box is selected, and then click OK.
    8. At the top of the console, click Options.
    9. Click Synchronization Options.
    10. On the taskbar on the left, click Synchronize now.
    11. At the top of the console, click Updates.
    12. Approve any Windows Defender updates that WSUS should deploy.
    QUESTION 11
    Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs.
    The VLANs are configured as shown in the following table. All client computers run either Windows 7 or Windows 8.
    The corporate security policy states that all of the client computers must have the latest security updates installed.
    You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1.
    The solution must ensure that all other client computers connect to VLAN 3.
    Which Network Access Protection (NAP) enforcement method should you implement?

    70-413 part2

    A. VPN
    B. DHCP
    C. IPsec
    D. 802.1x
    Correct Answer: D
    Section: [none]
    Explanation
    Explanation/Reference:
    Explanation: http://blogs.technet.com/b/wincat/archive/2008/08/19/network-access-protection-using-802-1x-vlan-s-or-portacls-which-is-right-for-you.aspx
    The most common method of the list is 802.1x for a variety of reasons. First, the industry has been selling 802.1x network authentication for the last 10 years. 1x gained tremendous popularity as wireless networking became prevalent in the late 90’s and early 2000’s and has been proven to be a viable solution to identifying assets and users on your network. For customers that have invested in 802.1x capable switches and access points, NAP can very easily be implemented to complement what is already in place. The Network Policy Server (NPS) role Windows Server 2008 has been dramatically improved to make 802.1x policy creation much simpler to do.
    QUESTION 12
    You have a server named Server1 that runs Windows Server 2012.
    You have a 3-TB database that will be moved to Server1.
    Server1 has the following physical disks:
    – Three 2-TB SATA disks that are attached to a single IDE controller
    – One 1-TB SATA disk that is attached to a single IDE controller
    You need to recommend a solution to ensure that the database can be moved to Server1. The solution must ensure that the database is available if a single disk fails.
    What should you include in the recommendation?
    A. Add each disk to a separate storage pool. Create a mirrored virtual disk.
    B. Add two disks to a storage pool.
    Add the other disk to another storage pool. Create a mirrored virtual disk.
    C. Add all of the disks to a single storage pool, and then create two simple virtual disks.
    D. Add all of the disks to a single storage pool, and then create a parity virtual disk.
    Correct Answer: D
    Section: [none]
    Explanation
    Explanation/Reference:
    Explanation: http://blogs.technet.com/b/askpfeplat/archive/2012/10/10/windows-server-2012-storagespaces-is-it-foryoucould-be.
    http://winsvr.wordpress.com/2013/01/22/storage-space-virtual-disk/
    Parity A parity virtual disk is similar to a hardware Redundant Array of Inexpensive Disks (RAID5). Data, along with parity information, is striped across multiple physical disks. Parity enables Storage Spaces to continue to service read and write requests even when a drive has failed. A minimum of three physical disks is required for a parity virtual disk. Note that a parity disk cannot be used in a failover cluster.
    QUESTION 13
    Your network contains an Active Directory domain named contoso.com.
    The domain contains 10 sites. The sites are located in different cities and connect to each other by using low-latency WAN links.
    In each site, you plan to implement Microsoft System Center 2012 Configuration Manager and to deploy multiple servers.
    You need to recommend which Configuration Manager component must be deployed to each site for the planned deployment.
    What should you include in the recommendation? More than one answer choice may achieve the goal. Select the BEST answer.
    A. A management point
    B. A software update point
    C. A distribution group point
    D. A secondary site server that has all of the Configuration Manager roles installed
    Correct Answer: C
    Section: [none]
    Explanation
    Explanation/Reference:
    Explanation: http://technet.microsoft.com/en-us/library/hh427335.aspx
    Distribution point groups provide a logical grouping of distribution points and collections for content distribution. A Distribution point group is not limited to distribution points from a single site, and can contain one or more distribution points from any site in the hierarchy. When you distribute content to a distribution point group, all distribution points that are members of the distribution point group receive the content.
    QUESTION 14
    Your network contains an Active Directory forest named contoso.com. The forest is managed by using Microsoft System Center 2012.
    You plan to create virtual machine templates to deploy servers by using the Virtual Machine Manager Self-service Portal (VMMSSP).
    To the Virtual Machine Manager (VMM) library, you add a VHD that has a generalized image of Windows Server 2012.
    You need to identify which VMM components must be associated with the image.
    Which components should you identify? (Each correct answer presents part of the solution. Choose all that apply.)
    A. A guest OS profile
    B. A hardware profile
    C. A capability profile
    D. A host profile
    Correct Answer: AB
    Section: [none]
    Explanation
    Explanation/Reference:
    Explanation: http://technet.microsoft.com/en-us/library/jj860424.aspx Profiles
    VMM provides the following profiles:
    Hardware profile–A hardware profile defines hardware configuration settings such as CPU, memory, network adapters, a video adapter, a DVD drive, a floppy drive, COM ports, and the priority given the virtual machine when allocating resources on a virtual machine host.
    Guest operating system profile–A guest operating system profile defines operating system configured settings which will be applied to a virtual machine created from the template. It defines common operating system settings such as the type of operating system, the computer name, administrator password, domain name, product key, and time zone, answer file and run once file.
    NOTE: VMM also includes host profiles. Host profiles are not used for virtual machine creation. They are used during the conversion of a bare-metal computer to a Hyper-V host. (http://technet.microsoft.com/en-us/library/hh368987.aspx)
    QUESTION 15
    Your network contains 50 servers that run Windows Server 2003 and 50 servers that run Windows Server 2008.
    You plan to implement Windows Server 2012.
    You need to create a report that includes the following information:
    – The servers that run applications and services that can be moved to Windows Server 2012
    – The servers that have hardware that can run Windows Server 2012
    – The servers that are suitable to be converted to virtual machines hosted on Hyper-V hosts that run Windows Server 2012
    What should you do?
    A. From an existing server, run the Microsoft Application Compatibility Toolkit (ACT).
    B. Install Windows Server 2012 on a new server, and then run the Windows Server Migration Tools.
    C. Install Windows Server 2012 on a new server, and then run Microsoft Deployment Toolkit (MDT) 2012.
    D. From an existing server, run the Microsoft Assessment and Planning (MAP) Toolkit.
    Correct Answer: D
    Section: [none]
    Explanation
    Explanation/Reference: http://technet.microsoft.com/en-us/library/bb977556.aspx
    The Microsoft Assessment and Planning Toolkit (MAP) is an agentless, automated, multi-product planning and assessment tool for quicker and easier desktop, server and cloud migrations. MAP provides detailed readiness assessment reports and executive proposals with extensive hardware and software information, and actionable recommendations to help organizations accelerate their IT infrastructure planning process, and gather more detail on assets that reside within their current environment. MAP also provides server utilization data for Hyper-V server virtualization planning; identifying server placements, and performing virtualization candidate assessments, including ROI analysis for server consolidation with Hyper-V.
    The latest version of the MAP Toolkit adds new scenarios to help you plan your IT future while supporting your current business needs. Included scenarios help you to:
    Plan your deployment of Windows 8 and Windows Server 2012 with hardware and infrastructure readiness assessments
    Assess your environment for Office 2013
    Plan your migration to Windows Azure Virtual Machines Track Lync Enterprise/Plus usage
    Size your desktop virtualization needs for both Virtual Desktop Infrastructure (VDI) and session- based virtualization using Remote Desktop Services
    Ready your information platform for the cloud with SQL Server 2012 Virtualize your existing Linux servers onto Hyper-V
    Identify opportunities to lower your virtualization costs with Hyper-V using the VMware migration assessment MAP is just one of the tools provided by the Microsoft Solution Accelerators team. The Microsoft Assessment and Planning Toolkit, Microsoft Deployment Toolkit, and Security Compliance Manager provide tested guidance and automated tools to help organizations plan, securely deploy, and manage new Microsoft technologies–easier, faster, and at less cost. All are freely available, and fully-supported by Microsoft.
    QUESTION 16
    Your network contains an Active Directory forest named contoso.com.
    You plan to automate the deployment of servers that run Windows Server 2012.
    You identify the following requirements for the deployment:
    – Update the custom images that will be used for the deployment.
    – Add custom drivers to the images that will be used for the deployment.
    – Add software packages to the images that will be used for the deployment.
    – Perform a zero touch bare-metal installation that uses Wake On LAN.
    A network consultant recommends using Windows Deployment Services (WDS) and the Windows Assessment and Deployment Kit (Windows ADK) to deploy the servers. You need to identify which requirements are achieved by using the consultant’s recommendations.
    Which requirements should you identify? (Each correct answer presents part of the solution. Choose all that apply.)
    A. Add custom drivers to the images used for the deployment.
    B. Add software packages to the images used for the deployment.
    C. Update the custom images used for the deployment.
    D. Perform a zero touch bare-metal installation that uses Wake On LAN.
    Correct Answer: ABC
    Section: [none]
    Explanation
    Explanation/Reference:
    Explanation:
    http://technet.microsoft.com/en-us/library/hh824838.aspx
    QUESTION 17
    Your network contains an Active Directory forest named contoso.com.
    You plan to deploy 200 new physical servers during the next 12 months by using Windows Deployment Services (WDS).
    You identify four server builds for the 200 servers as shown in the following table.
    You need to recommend the minimum number of images that must be created for the planned deployment. How many images should you recommend?

    70-413 part2

    A. 1
    B. 2
    C. 3
    D. 4
    Correct Answer: A
    Section: [none]
    Explanation
    Explanation/Reference:
    http://technet.microsoft.com/en-us/library/hh831764.aspx
    QUESTION 18
    Your company has a main office and four branch offices. The main office is located in London.
    The network contains an Active Directory domain named contoso.com. Each office contains one domain controller that runs Windows Server 2012.
    The Active Directory site topology is configured as shown in the exhibit. (Click the Exhibit button.)
    You discover that when a domain controller in a branch office is offline for maintenance, users in that branch office are authenticated by using the domain controllers in any of the sites.
    You need to recommend changes to Active Directory to ensure that when a domain controller in a branch office is offline, the users in that branch office are authenticated by the domain controllers in London. What should you include in the recommendation?

    70-413 part2

    A. Modify the site link costs.
    B. Modify the DC Locator DNS Records settings.
    C. Disable site link bridging.
    D. Modify the service location (SRV) records in DNS.
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    After having read several articles on the subject, I would say the correct answer for this question would be modifying the DC locator DNS record.
    Though I have never used it in any environment I worked in. But I am not sure. If anyone can clarify this one, mail me at badmuts13(a)gmail.com
    QUESTION 19
    Your network contains an Active Directory domain named contoso.com.
    The physical topology of the network is configured as shown in the exhibit. (Click the Exhibit button.) Each office contains 500 employees.
    You plan to deploy several domain controllers to each office.
    You need to recommend a site topology for the planned deployment.
    What should you include in the recommendation? More than one answer choice may achieve the goal. Select the BEST answer.

    70-413 part2

    A. Five sites and three site links
    B. Five sites and one site link
    C. Three sites and three site links
    D. One site
    Correct Answer: A
    Section: [none]
    Explanation
    Explanation/Reference:
    Explanation: http://technet.microsoft.com/en-us/library/cc960573.aspx
    Create a site for each LAN, or set of LANs, that are connected by a high speed backbone, and assign the site a name.
    Connectivity within the site must be reliable and always available.
    This would mean 5 sites Site links are transitive, so if site A is connected to site B, and site B is connected to site C, then the KCC assumes that domain controllers in site A can communicate with domain controllers in site C. You only need to create a site link between site A and site C if there is in fact a distinct network connection between those two sites.
    This would mean 3 site links.
    So answer is "Five sites and three site links"
    QUESTION 20
    Your company has a main office and a branch office.
    The main office contains 2,000 users.
    The branch office contains 800 users.
    Each office contains three IP subnets.
    The company plans to deploy an Active Directory forest.
    You need to recommend an Active Directory infrastructure to meet the following requirements:
    – Ensure that the users are authenticated by using a domain controller in their respective office.
    – Minimize the amount of Active Directory replication traffic between the offices.
    Which Active Directory infrastructure should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.
    A. Two domains and one site
    B. Two domains and two sites
    C. One domain and two sites
    D. One domain and six sites
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    To minimize the amount of replication traffic, create 2 domains. Each domain contain one site. http://technet.microsoft.com/en-us/library/bb742457.aspx
    QUESTION 21
    Your network contains an Active Directory domain named contoso.com.
    The Active Directory site topology is configured as shown in the exhibit. (Click the Exhibit button.) DC1 and DC2 run Windows Server 2003 R2.
    All FSMO roles are located on DC2.
    You plan to deploy a read-only domain controller (RODC) to Site3.
    You need to recommend changes to the network to support the planned RODC implementation.
    What should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.

    70-413 part2

    A. To Site1, add an RODC that runs Windows Server 2012.
    B. Replace DC2 with a domain controller that runs Windows Server 2012.
    C. To Site2, add an RODC that runs Windows Server 2012.
    D. Replace DC1 with a domain controller that runs Windows Server 2012.
    Correct Answer: D
    Section: [none]
    Explanation
    Explanation/Reference:
    Explanation: http://technet.microsoft.com/en-us/library/cc772065%28v=ws.10%29.aspx
    Each RODC requires a writable domain controller running Windows Server 2008 for the same domain from which the RODC can directly replicate.
    Typically, this requires that a writable domain controller running Windows Server 2008 be placed in the nearest site in the topology.
    QUESTION 22
    Your network contains a Hyper-V host named Host1 that runs Windows Server 2012. Host1 contains a virtual machine named DC1.
    DC1 is a domain controller that runs Windows Server 2012. You plan to clone DC1.
    You need to recommend which steps are required to prepare DC1 to be cloned.
    What should you include in the recommendation? (Each correct answer presents part of the solution. Choose all that apply.)
    A. Run sysprep.exe /oobe.
    B. Run New-VirtualDiskClone.
    C. Create a file named Dccloneconfig.xml.
    D. Add DC1 to the Cloneable Domain Controllers group.
    E. Run dcpromo.exe /adv.
    Correct Answer: CD
    Section: [none]
    Explanation
    Explanation/Reference:
    Explanation: http://blogs.technet.com/b/askpfeplat/archive/2012/10/01/virtual-domain-controller-cloningin-in-windowsserver-2012.aspx
    DCCloneConfig.xml is an XML configuration file that contains all of the settings the cloned DC will take when it boots. This includes network settings, DNS, WINS, AD site name, new DC name and more. This file can be generated in a few different ways.
    There’s a new group in town. It’s called Cloneable Domain Controllers and you can find it in the Users container. Membership in this group dictates whether a DC can or cannot be cloned.
    This group has some permissions set on the domain head that should not be removed.
    Removing these permissions will cause cloning to fail. Also, as a best practice, DCs shouldn’t be added to the group until you plan to clone and DCs should be removed from the group once cloning is complete.
    Cloned DCs will also end up in the Cloneable Domain Controllers group. Make sure to remove those as well
    QUESTION 23
    Your network contains an Active Directory domain named contoso.com. Your company plans to open a branch office.
    The branch office will have 10 client computers that run Windows 8 and at least one server that runs Windows Server 2012.
    The server will host BranchCache files and manage print queues for the network print devices in the branch office.
    You need to recommend a solution to ensure that the users in the branch office can print if the branch office
    server fails.
    What should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.
    A. Printer pooling
    B. Branch Office Direct Printing
    C. A standby print server
    D. A print server cluster
    E. A secure Web Services on Devices (WSD) printer
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference: http://technet.microsoft.com/en-us/library/jj134156.aspx
    Branch Office Direct Printing can reduce Wide Area Network (WAN) usage by printing directly to a print device instead of a server print queue.
    This feature can be enabled or disabled on a per printer basis and is transparent to the user. This feature requires a print server running Windows Server 2012 and clients running Windows 8.
    It is enabled by an administrator using the Print Management Console or Windows PowerShell on the server.
    QUESTION 24
    Your company has a main office that contains several servers and several users. The main office contains a file server named Server1 that runs Windows Server 2012. The users access a large report file that is created on Server1 each day.
    The company plans to open a new branch office. The branch office will contain only client computers.
    You need to implement a solution to reduce the amount of bandwidth used by the client computers in the branch office to download the report each day.
    What should you do? More than one answer choice may achieve the goal. Select the BEST answer.
    A. Install the BranchCache for network files role service on Server1. Configure the client computers to use BranchCache in hosted cache mode.
    B. Configure the offline settings of the shared folder that contains the report.
    C. Install the BranchCache for network files role service on Server1. Configure the client computers to use Branchcache in distributed mode.
    D. Enable the Background Intelligent Transfer Service (BITS) feature on Server1 and on each client computer in the branch office.
    Move the report to a web folder.
    Correct Answer: C
    Section: [none]
    Explanation
    Explanation/Reference:
    Explanation: http://technet.microsoft.com/library/ee649232(WS.10).aspx
    Distributed cache mode. In this mode, branch office client computers download content from the content servers in the main office and then cache the content for other computers in the same branch office. Distributed cache mode does not require a server computer in the branch office.
    QUESTION 25
    Your network contains an Active Directory domain named contoso.com.
    You deploy several servers that have the Remote Desktop Session Host role service installed. You have two organizational units (OUs).
    The OUs are configured as shown in the following table.
    GPO1 contains the Folder Redirection settings for all of the users.
    You need to recommend a solution to prevent the sales users’ folders from being redirected when the users log on to a Remote Desktop session.
    What should you include in the recommendation?

    70-413 part2

    A. From GPO2, set the loopback processing mode.
    B. Apply a WMI filter to GP02.
    C. Configure security filtering for GPO1.
    D. From GPO1, set the loopback processing mode.
    Correct Answer: A
    Section: [none]
    Explanation
    Explanation/Reference:
    http://support.microsoft.com/kb/231287
    QUESTION 26
    Your network contains an Active Directory domain named contoso.com.
    The functional level of the domain and the forest is Windows Server 2008 R2. All domain controllers run Windows Server 2008 R2.
    You plan to deploy a new line-of-business application named App1 that uses claims-based authentication. You need to recommend changes to the network to ensure that Active Directory can provide claims for App1. What should you include in the recommendation? (Each correct answer presents part of the solution. Choose all that apply.)
    A. Deploy Active Directory Lightweight Directory Services (AD LDS).
    B. From the Default Domain Controllers Policy, enable the Support for Dynamic Access Control and Kerberos armoring setting.
    C. From the properties of the computer accounts of the domain controllers, enable Kerberos constrained delegation.
    D. Raise the domain functional level to Windows Server 2012.
    E. Add domain controllers that run Windows Server 2012.
    Correct Answer: BE
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 27
    Your company has two divisions named Division1 and Division2.
    The network contains an Active Directory domain named contoso.com.
    The domain contains two child domains named division1.contoso.com and division2.contoso.com. The company sells division1 to another company.
    You need to prevent administrators in contoso.com and division2.contoso.com from gaining administrative access to the resources in division1.contoso.com.
    What should you recommend?
    A. Create a new tree in the forest named contoso.secure.
    Migrate the resources and the accounts in division1.contoso.com to contoso.secure.
    B. On the domain controller accounts in division1.contoso.com, deny the Enterprise Admins group the Allowed to Authenticate permission.
    C. Create a new forest and migrate the resources and the accounts in division1.contoso.com to the new forest.
    D. In division1.contoso.com, remove the Enterprise Admins group from the Domain Admins group and remove the Enterprise Admins group from the access control list (ACL) on the division1.contoso.com domain object.
    Correct Answer: C
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 28
    Your network contains an Active Directory forest.
    The forest contains two Active Directory domains named contoso.com and child.contoso.com. The forest functional level is Windows Server 2003.
    The functional level of both domains is Windows Server 2008. The forest contains three domain controllers.
    The domain controllers are configured as shown in the following table.

    70-413 part2

    DC1 and DC2 have the DNS Server server role installed and are authoritative for both contoso.com and child.contoso.com.
    The child.contoso.com domain contains a server named serverl.child.contoso.com that runs Windows Server 2012.
    You plan to deploy server1.child.contoso.com as a read-only domain controller (RODC).
    You run the adprep.exe /rodcprep command on DC3 and receive the following error message:

    70-413 part2

    You need to identify what prevents you from successfully running Adprep /rodcprep on DC3. What should you identify?
    A. The domain functional level of child.contoso.com is set to the wrong level.
    B. DC3 cannot connect to the infrastructure master on DC2.
    C. DC3 cannot connect to the domain naming master on DC1.
    D. The forest functional level is set to the wrong level.
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 29
    Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012.
    The forest contains an Active Directory domain.
    The domain contains a global security group named GPO_Admins that is responsible for managing Group Policies in the forest.
    A second forest named fabrikam.com contains three domains. The forest functional level is Windows Server 2003.
    You need to design a trust infrastructure to ensure that the GPO_Admins group can create, edit, and link Group Policies in every domain of the fabrikam.com forest.
    What should you include in the design? More than one answer choice may achieve the goal. Select the BEST answer.
    A. A two-way forest trust
    B. A one-way forest trust
    C. Three external trusts
    D. Three shortcut trusts
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 30
    Your network contains an Active Directory domain named contoso.com. Client computers run either Windows 7 or Windows 8.
    You plan to implement several Group Policy settings that will apply only to laptop computers. You need to recommend a Group Policy strategy for the planned deployment.
    What should you include in the recommendation? More than one answer choice may achieve the goal. Select the BEST answer.
    A. Loopback processing
    B. WMI filtering
    C. Security filtering
    D. Block inheritance
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference: http://www.discoposse.com/index.php/2012/04/05/group-policy-wmi-filter-laptop-or-desktop-hardware/ Another method to detect hardware as laptop only is to look for the presence of a battery based on the BatteryStatus property of the Win32_Battery class.
    By using the Win32_Battery class, we can search to see if there is a battery present.
    If the battery status is not equal to zero ( BatteryStatus <> 0 ) then you know that it is a laptop.
    QUESTION 31
    Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the DHCP Server server role installed.
    The network contains a Virtual Desktop Infrastructure (VDI). All virtual machines run Windows 8.
    You identify the following requirements for allocating IPv4 addresses to client computers:
    – All virtual desktops must have static IP addresses.
    – All laptop computers must receive dynamic IP addresses.
    – All virtual desktops must be prevented from obtaining dynamic address.
    You need to recommend a DHCP solution that meets the requirements for allocating IPv4 addresses. The solution must use the least amount of administrative effort.
    What should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.
    A. Create two physical subnets. Configure 802.1x authentication for each subnet.
    B. Create two physical subnets. Connect the laptop computers to the subnet that contains Server1.
    C. Configure DHCP filtering.
    D. Configure DHCP policies.
    Correct Answer: C
    Section: [none]
    Explanation
    Explanation/Reference:
    Explanation:
    Policies would work too but filtering is less effort
    QUESTION 32
    Your network contains an Active Directory forest that has two domains named contoso.com and europe. contoso.com.
    The forest contains five servers.
    The servers are configured as shown in the following table.
    You plan to manage the DHCP settings and the DNS settings centrally by using IP Address Management (IPAM).
    You need to ensure that you can use IPAM to manage the DHCP and DNS settings in both domains. The solution must use the minimum amount of administrative effort.
    What should you do?

    70-413 part2 

    A. Upgrade DCE1 and DCE2 to Windows Server 2012, and then install the IP Address Management (IPAM) Server feature.
    Run the Invoke-IpamGpoProvisioning cmdlet for each domain.
    B. Upgrade DCE1 and DCE2 to Windows Server 2012, and then install the IP Address Management (IPAM) Server feature.
    Run the Set-IpamConfiguration cmdlet for each domain.
    C. Upgrade DC1 and DC2 to Windows Server 2012, and then install the IP Address Management (IPAM) Server feature.
    Run the Set-IpamConfiguration cmdlet for each domain.
    D. Upgrade DC1 and DC2 to Windows Server 2012, and then install the IP Address Management (IPAM) Server feature.
    Run the Invoke-IpamGpoProvisioning cmdlet for each domain.
    Correct Answer: A
    Section: [none]
    Explanation
    Explanation/Reference:
    Invoke-IpamGpoProvisioning
    Creates and links group policies in the specified domain for provisioning required access settings on the servers managed by the computer running the IP Address Management (IPAM) server. http://technet.microsoft.com/en-us/library/jj553805.aspx
    Set-IpamConfiguration
    Sets the configuration for the computer running the IP Address Management (IPAM) server, including the TCP port number over which the computer running the IPAM Remote Server Administration Tools (RSAT) client connects with the computer running the IPAM server. http://technet.microsoft.com/en-us/library/jj590816.aspx
    QUESTION 33
    Your company, which is named Contoso, Ltd., has a main office and two branch offices. The main office is located in North America.
    The branch offices are located in Asia and Europe.
    You plan to design an Active Directory forest and domain infrastructure.
    You need to recommend an Active Directory design to meet the following requirements:
    – The contact information of all the users in the Europe office must not be visible to the users in the other offices.
    – The administrators in each office must be able to control the user settings and the computer settings of the users in their respective office.
    – The solution must use the least amount of administrative effort.
    What should you include in the recommendation?
    A. One forest that contains three domains
    B. One forest that contains one domain
    C. Three forests that each contain one domain
    D. Two forests that each contain one domain
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    Explanation:
    The solution must use the least amount of administrative effort.
    http://www.informit.com/articles/article.aspx?p=32080&seqNum=5
    QUESTION 34
    Your network contains an Active Directory forest named contoso.com.
    You plan to deploy 200 Hyper-V hosts by using Microsoft System Center 2012 Virtual Machine Manager (VMM) Service Pack 1 (SP1).
    You add a PXE server to the fabric.
    You need to identify which objects must be added to the VMM library for the planned deployment. What should you identify? (Each correct answer presents part of the solution. Choose all that apply.)
    A. A host profile
    B. A capability profile
    C. A hardware profile
    D. A generalized image
    E. A service template
    Correct Answer: AD
    Section: [none]
    Explanation
    Explanation/Reference:
    Explanation:
    Templates and profiles are used to standardize the creation of virtual machines and services.
    These configurations are stored in the VMM database but are not represented by physical configuration files. There are several new types of templates and profiles in VMM, most of which are used for service creation. There are also host profiles, used for deploying a Hyper-V host from a bare-metal computer, and capability profiles, used to specify the capabilities of virtual machines on each type of supported hypervisor when virtual machines are deployed to a private cloud.
    Note:
    – host profile:
    A Virtual Machine Manager library resource that contains hardware and operating system configuration settings to convert a bare-metal computer to a managed Hyper-V host.
    – capability profile:
    A Virtual Machine Manager library resource that defines which resources (for example, number of processors or maximum memory) are available to a virtual machine that is created in a private cloud.
    – Incorrect: service template:
    A Virtual Machine Manager library resource that contains the configuration settings used to deploy each tier of a service.
    Reference:Technical Documentation for System Center2012 Virtual Machine Manager
    QUESTION 35
    You plan to deploy multiple servers in a test environment by using Windows Deployment Services (WDS). You need to identify which network services must be available in the test environment to deploy the servers. Which network services should you identify? (Each correct answer presents part of the solution.Choose ail that apply.)
    A. DHCP
    B. Active Directory Domain Services (AD DS)
    C. DNS
    D. Active Directory Lightweight Directory Services (AD LDS)
    E. WINS
    F. Network Policy Server (NPS)
    Correct Answer: A and C
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 36
    Your network contains an Active Directory forest named contoso.com. The forest is managed by using Microsoft System Center 2012.
    Web developers must be able to use a self-service portal to request the deployment of virtual machines based on predefined templates.
    The requests must be approved by an administrator before the virtual machines are deployed. You need to recommend a solution to deploy the virtual machines.
    What should you include in the recommendation? More than one answer choice may achieve the goal. Select the BEST answer.
    A. A Virtual Machine Manager (VMM) service template, a Service Manager service offering, and an Orchestrator runbook
    B. A Virtual Machine Manager (VMM) service template, an Operations Manager dashboard, and an Orchestrator runbook
    C. A Service Manager service offering, an Orchestrator runbook, and Configuration Manager packages
    D. A Service Manager service offering, an Orchestrator runbook, and an Operations Manager dashboard
    Correct Answer: A
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 37
    You have a server named Server1 that runs Windows Server 2012. Server1 has the DNS Server server role installed.
    You need to recommend changes to the DNS infrastructure to protect the cache from cache poisoning attacks. What should you configure on Server1?
    A. DNS devolution
    B. DNS Security Extensions (DNSSEC)
    C. DNS cache locking
    D. The global query block list
    Correct Answer: C
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 38
    Your network contains an Active Directory domain named contoso.com.
    All client computers run either Windows 7 or Windows 8.
    Some users work from customer locations, hotels, and remote sites.
    The remote sites often have firewalls that limit connectivity to the Internet.
    You need to recommend a VPN solution for the users.
    Which protocol should you include in the recommendation?
    A. L2TP/IPSec
    B. PPTP
    C. IKEV2
    D. SSTP
    Correct Answer: D
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 39
    Your network contains an Active Directory domain named contoso.com. Your company has 100 users in the sales department.
    Each sales user has a domain-joined laptop computer that runs either Windows 7 or Windows 8. The sales users rarely travel to the company’s offices to connect directly to the corporate network.
    You need to recommend a solution to ensure that you can manage the sales users’ laptop computers when the users are working remotely.
    What solution should you include in the recommendation?
    A. Deploy a Microsoft System Center 2012 Service Manager infrastructure.
    B. Deploy the Remote Access server role on a server on the internal network.
    C. Deploy the Network Policy and Access Services server role on a server on the internal network.
    D. Deploy a Microsoft System Center 2012 Operations Manager infrastructure.
    Correct Answer: A
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 40
    Your network contains an Active Directory forest named contoso.com. The forest contains five domains.
    You need to ensure that the CountryCode attribute is replicated to the global catalog. What should you do?
    A. Modify the configuration partition.
    B. Create and modify an application partition.
    C. Modify the schema partition.
    D. Modify the domain partitions.
    Correct Answer: C
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 41
    Your network contains an Active Directory domain named contoso.com.
    All servers run Windows Server 2008 R2. All domain controllers are installed on physical servers. The network contains several Hyper-V hosts.
    The network contains a Microsoft System Center 2012 infrastructure.
    You plan to use domain controller cloning to deploy several domain controllers that will run Windows Server 2012.
    You need to recommend which changes must be made to the network infrastructure before you can use domain controller cloning.
    What should you recommend?
    A. Upgrade the domain controller that has the infrastructure master operations master role to Windows Server 2012.
    Install the Windows Deployment Services server role on a server that runs Windows Server 2012.
    B. Upgrade the domain controller that has the PDC emulator operations master role to Windows Server 2012. Deploy a Hyper-V host that runs Windows Server 2012.
    C. Upgrade a global catalog server to Windows Server 2012.
    Install the Windows Deployment Services server role on a server that runs Windows Server 2012.
    D. Upgrade a global catalog server to Windows Server 2012. Deploy Virtual Machine Manager (VMM).
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 42
    Your network contains 50 servers that run Windows Server 2003 and 50 servers that run Windows Server 2008.
    You plan to implement Windows Server 2012 R2.
    You need to create a report that includes the following information:
    – The servers that run applications and services that can be moved to Windows Server 2012 R2
    – The servers that have hardware that can run Windows Server 2012 R2
    – The servers that are suitable to be converted to virtual machines hosted on Hyper-V hosts that run Windows Server 2012 R2
    Solution: You install Windows Server 2012 R2 on a new server, and then you run Microsoft Deployment Toolkit (MDT) 2012.
    Does this meet the goal?
    A. Yes
    B. No
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 43
    Your network contains 50 servers that run Windows Server 2003 and 50 servers that run Windows Server 2008.
    You plan to implement Windows Server 2012 R2.
    You need to create a report that includes the following information:
    – The servers that run applications and services that can be moved to Windows Server 2012 R2
    – The servers that have hardware that can run Windows Server 2012 R2
    – The servers that are suitable to be converted to virtual machines hosted on Hyper-V hosts that run Windows Server 2012 R2
    Solution: You install Windows Server 2012 R2 on a new server, and then you run the Windows Server Migration Tools.
    Does this meet the goal?
    A. Yes
    B. No
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 44
    Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.
    You plan to deploy DirectAccess.
    The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network.
    You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement
    Solution: You set the ISATAP State to state disabled. Does this meet the goal?
    A. Yes
    B. No
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 45
    Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.
    You plan to deploy DirectAccess.
    The network security policy states that when client computers connect to the corporate network from the
    Internet, all of the traffic destined for the Internet must be routed through the corporate network.
    You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement.
    Solution: You enable split tunneling. Does this meet the goal?
    A. Yes
    B. No
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 46
    Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs.
    The VLANs are configured as shown in the following table. All client computers run either Windows 7 or Windows 8.
    Goal: You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1.
    The solution must ensure that all other client computers connect to VLAN 3.
    Solution: You implement the 802.1x Network Access Protection (NAP) enforcement method. Does this meet the goal?

    70-413 part2

    A. Yes
    B. No
    Correct Answer: A
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 47
    Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs.
    The VLANs are configured as shown in the following table. All client computers run either Windows 7 or Windows 8.
    The corporate security policy states that all of the client computers must have the latest security updates installed.
    You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1.
    The solution must ensure that all other client computers connect to VLAN 3. Solution: You implement the VPN enforcement method.
    Does this meet the goal?

    70-413 part2

    A. Yes
    B. No
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 48
    Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs.
    The VLANs are configured as shown in the following table. All client computers run either Windows 7 or Windows 8.
    The corporate security policy states that all of the client computers must have the latest security updates installed.
    You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1.
    The solution must ensure that all other client computers connect to VLAN 3.
    Solution: You implement the DHCP Network Access Protection (NAP) enforcement method. Does this meet the goal?

    70-413 part2

    A. Yes
    B. No
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 49
    Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Network Policy Server server role installed.
    You configure Server1 as part of a Network Access Protection (NAP) solution that uses the 802.lx enforcement
    method,
    You add a new switch to the network and you configure the switch to use 802.lx authentication.
    You need to ensure that only compliant client computers can access network resources through the new switch.
    What should you do on Server1?
    A. Add the IP address of each new switch to a remediation server group.
    B. Add the IP address of each new switch to the list of RADIUS clients.
    C. Add the IP address of each new switch to a connection request policy as an Access Client IPv4 Address.
    D. Add the IP address of each new switch to a remote RADIUS server group.
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 50
    Your network contains an Active Directory domain. All servers run Windows Server 2012 R2.
    The domain contains the servers shown in the following table.
    You need to recommend which servers will benefit most from implementing data deduplication. Which servers should you recommend?

    70-413 part2 

    A. Server1 and Server2
    B. Server1 and Server3
    C. Server1 and Server4
    D. Server2 and Server3
    E. Server2 and Server4
    F. Server3 and Server4
    Correct Answer: D
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 51
    Your network contains an Active Directory forest named adatum.com.
    All domain controllers run Windows Server 2008 R2.
    The functional level of the domain and the forest is Windows Server 2008.
    You deploy a new Active Directory forest named contoso.com.
    All domain controllers run Windows Server 2012 R2.
    The functional level of the domain and the forest is Windows Server 2012 R2. You establish a two-way, forest trust between the forests.
    Both networks contain member servers that run either Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008.
    You plan to use the Active Directory Migration Tool 3.2 (ADMT 3.2) to migrate user accounts from adatum.com to contoso.com.
    SID history will be used in contoso.com and passwords will be migrated by using a Password Export Server (PES).
    You need to recommend which changes must be implemented to support the planned migration. Which two changes should you recommend? Each correct answer presents part of the solution.
    A. In the contoso.com forest, deploy a domain controller that runs Windows Server 2008 R2.
    B. In the adatum.com forest, upgrade the functional level of the forest and the domain.
    C. In the contoso.com forest, downgrade the functional level of the forest and the domain.
    D. In the adatum.com forest, deploy a domain controller that runs Windows Server 2012 R2.
    Correct Answer: AC
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 52
    Your network contains an Active Directory forest. The forest contains a single domain.
    The forest has five Active Directory sites. Each site is associated to two subnets.
    You add a site named Site6 that contains two domain controllers. Site6 is associated to one subnet.
    You need to verify whether replication to the domain controllers in Site6 completes successfully.
    Which two possible commands can you use to achieve the goal? Each correct answer presents a complete solution.
    A. Get-ADReplicationSubnet
    B. Get-ADReplicationUpToDatenessVectorTable
    C. repadmin /showattr
    D. Get-ADReplicationSite1ink
    E. repadmin /showrepl
    Correct Answer: BE
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 53
    Your company has a main office and a branch office.
    The network contains an Active Directory domain named contoso.com. The main office contains domain controllers that run Windows Server 2012.
    The branch office contains a read-only domain controller (RODC) that runs Windows Server 2012.
    You need to recommend a solution to control which Active Directory attributes are replicated to the RODC. What should you include in the recommendation?
    A. The partial attribute set
    B. The filtered attribute set
    C. Application directory partitions
    D. Constrained delegation
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 54
    Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
    The forest functional level is Windows Server 2012.
    Your company plans to deploy an application that will provide a search interface to users in the company. The application will query the global catalog for the Employee-Number attribute.
    You need to recommend a solution to ensure that the application can retrieve the Employee-Number value from the global catalog.
    What should you include in the recommendation?
    A. the Dsmod command
    B. the Ldifde command
    C. the Enable-ADOptionalFeaturecmdlet
    D. the Csvde command
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    Explanation:
    http://technet.microsoft.com/en-us/library/ee617209.aspx
    – Enable-AdOptionalFeature http://technet.microsoft.com/en-us/library/ee617218.aspx
    – Get-ADOptionalFeature (as of W2012R2, only OptionalFeature is ActiveDirectory Recycle Bin).
    QUESTION 55
    Your company has three offices.
    The offices are located in New York, Chicago, and Atlanta.
    The network contains an Active Directory domain named contoso.com that has three Active Directory sites named Site1, Site2,and Site3.
    The New York office is located in Site1. The Chicago office is located in Site2. The Atlanta office is located in Site3.
    There is a local IT staff to manage the servers in each site.
    The current domain controllers are configured as shown in the following table.
    The company plans to open a fourth office in Montreal that will have a corresponding Active Directory site. Because of budget cuts, a local IT staff will not be established for the Montreal site.
    The Montreal site has the following requirements:
    – Users must be able to authenticate locally.
    – Users must not have the ability to log on to the domain controllers.
    – Domain account passwords must not be obtained from servers in the Montreal site.
    – Network bandwidth between the Montreal site and the other sites must be minimized.
    – Users in the Montreal office must have access to applications by using Remote Desktop Services (RDS).
    You need to recommend a solution for the servers in the Montreal site.
    What should you recommend?

    70-413 part2

    A. Only install a domain controller in the Montreal site that has a Server Core installation of Windows Server 2012.
    B. Install a read-only domain controller (RODC) in the New York site.
    C. Install a read-only domain controller (RODC) in the Montreal site.
    Install a member server in the New York site to host additional server roles.
    D. Install a domain controller in the Montreal site that has a Server Core installation of Windows Server 2012. Install a member server in the Montreal site to host additional server roles,
    Correct Answer: C
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 56
    Your company has three offices.
    The offices are located in Montreal, Toronto, and Vancouver.
    The network contains two Active Directory forests named contoso.com and adatum.com. The contoso.com forest contains one domain. The adatum.com forest contains two domains. All of the servers in adatum.com are located in the Toronto office.
    The servers in contoso.com are located in the Montreal and Vancouver offices. All of the servers in both of the forests run Windows Server 2012 R2.
    A two-way, forest trusts exists between the forests. Each office contains DHCP servers and DNS servers.
    You are designing an IP Address Management (IPAM) solution to manage the network.
    You need to recommend a solution for the placement of IPAM servers to manage all of the DHCP servers and all of the DNS servers in both of the forests.
    The solution must minimize the number of IPAM servers deployed. What should you recommend?
    A. One IPAM server in each office
    B. One IPAM server in the Montreal office and one IPAM server in the Toronto office
    C. One IPAM server in the Toronto office
    D. Two IPAM servers in the Toronto office and one IPAM server in the Montreal office
    E. Two IPAM servers in the Toronto office, one IPAM server in the Montreal office, and one IPAM server in the Vancouver office
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 57
    Your network contains an Active Directory forest named contoso.com.
    The forest contains a single domain and two sites named Montreal and Vancouver.
    Montreal contains an IP Address Management (IPAM) server named Server1 that is used to manage all of the DHCP servers and the DNS servers in the site.
    Vancouver contains several DHCP servers and several DNS servers.
    In Vancouver, you install the IP Address Management (IPAM) Server feature on a server named Server2. You need to recommend which configurations must be performed to ensure that the DHCP servers and the DNS servers in Vancouver are managed by Server2.
    What should you recommend?
    A. Replicate the IPAM database from Server1 to Server2.
    On Server2, change the manageability status of the DNS servers and the DHCP servers in Vancouver.
    B. Replicate the IPAM database from Server1 to Server2.
    On Server1, change the manageability status of the DNS servers and the DHCP servers in Vancouver.
    C. From Server2, run the Invoke-IpamGpoProvisioningcmdlet.
    On Server2, change the manageability status of the DNS servers and the DHCP servers in Vancouver.
    D. From Server1, run the Invoke-IpamGpoProvisioningcmdlet.
    On Server1, change the manageability status of the DNS servers and the DHCP servers in Vancouver.
    Correct Answer: C
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 58
    Your network contains an Active Directory domain named contoso.com.
    The domain contains the organization units (OUs) configured as shown in the following table. Users and computers at the company change often.
    You create a Group Policy object (GPO) named GPO6. GPO6 contains user settings.
    You need to ensure that GPO6 applies to users when they log on to the kiosk computers only. The solution must minimize administrative effort.
    What should you do?

    70-413 part2 

    A. Link GPO6 to OU4 and configure loopback processing in GPO6.
    B. Link GPO6 to OU1 and configure WMI filtering on GPO3.
    C. Link GPO6 to OU1 and configure loopback processing in GPO6.
    D. Link GPO6 to OU1 and configure loopback processing in GPO5.
    Correct Answer: A
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 59
    You are designing an Active Directory forest for a company named Contoso, Ltd.
    Contoso identifies the following administration requirements for the design:
    – User account administration and Group Policy administration will be performed by network technicians.
    – The technicians will be added to a group named OUAdmins.
    – IT staff who are responsible for backing up servers will have user accounts that are members of the Backup Operators group in the domain.
    – All user accounts will be located in an organizational unit (OU) named AllEmployees.
    You run the Delegation of Control Wizard and assign the OUAdmins group full control to all of the objects in the AllEmployeesOU.
    After delegating the required permissions, you discover that the user accounts of some of the IT staff have inconsistent permissions on the objects in AllEmployees.
    You need to recommend a solution to ensure that the members of OUAdmins can manage all of the objects in AllEmployees.
    What should you include in the recommendation?
    A. Remove the IT staff user accounts from Backup Operators and place them in a new group.
    Grant the new group the Backup files and directories user right and the Restore files and directories user right.
    Enforce permission inheritance on all of the objects in the AllEmployeesOU.
    B. Create separate administrator user accounts for the technicians.
    Enforce permission inheritance on all of the objects in the AllEmployeesOU. Delegate permissions to the new useraccounts.
    C. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Run the Delegation of Control Wizard.
    D. Move the user accounts of the technicians to a separate OU.
    Enforce permission inheritance on all of the objects in the AllEmployeesOU. Run the Delegation of Control Wizard on the AllEmployeesOU.
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 60
    Your network contains 50 servers that run Windows Server 2003 and 50 servers that run Windows Server 2008.
    You plan to implement Windows Server 2012 R2.
    You need to create a report that includes the following information:
    – The servers that run applications and services that can be moved to Windows Server 2012 R2
    – The servers that have hardware that can run Windows Server 2012 R2
    – The servers that are suitable to be converted to virtual machines hosted on Hyper- V hosts that run Windows Server 2012 R2
    Solution: From an existing server, you run the Microsoft Application Compatibility Toolkit (ACT). Does this meet the goal?
    A. Yes
    B. No
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 61
    Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.
    You plan to deploy DirectAccess.
    The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network.
    You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement.
    Solution: You enable force tunneling. Does this meet the goal?
    A. Yes
    B. No
    Correct Answer: A
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 62
    Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs.
    The VLANs are configured as shown in the following table. All client computers run either Windows 7 or Windows 8.
    The corporate security policy states that all of the client computers must have the latest security updates installed.
    You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1.
    The solution must ensure that all other client computers connect to VLAN 3. Solution: You implement the IPsec enforcement method.
    Does this meet the goal?

    70-413 part2 

    A. Yes
    B. No
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 63
    You have a System Center 2012 R2 Virtual Machine Manager (VMM) infrastructure that manages five Hyper-V hosts.
    The Hyper-V hosts are not clustered.
    You have a virtual machine template that deploys a base image of Windows Server 2012 R2. No role services or features are enabled in the base image.
    You need to deploy a virtual machine named VM1 that is based on the virtual machine template. VM1 will be deployed as part of a service.
    VM1 must have the Web Server (IIS) server role installed.
    The solution must not require modifications to the virtual machine template or the base image.
    What are two possible profile types that achieve the goal? Each correct answer presents a complete solution.
    A. Capability
    B. Application
    C. Guest OS
    D. Hardware
    E. Physical Computer
    Correct Answer: BC
    Section: [none]
    Explanation
    Explanation/Reference:
    Explanation:
    How to Create and Deploy a Virtual Machine from a Template
    http://technet.microsoft.com/en-us/library/hh882403.aspx
    QUESTION 64
    Your company plans to hire 100 sales representatives who will work remotely. Each sales representative will be given a laptop that will run Windows 7.
    A corporate image of Windows 7 will be applied to each laptop.
    While the laptops are connected to the corporate network, they will be joined to the domain. The sales representatives will not be local administrators.
    Once the laptops are configured, each laptop will be shipped by courier to a sales representative. The sales representative will use a VPN connection to connect to the corporate network.
    You need to recommend a solution to deploy the VPN settings for the sales representatives. The solution must meet the following requirements:
    – Ensure that the VPN settings are the same for every sales representative.
    – Ensure that when a user connects to the VPN, an application named App1 starts.
    What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.
    A. VPN auto triggering
    B. The Add-VpnConnectioncmdlet
    C. The Connection Manager Administration Kit (CMAK)
    D. Group Policy preferences
    Correct Answer: C
    Section: [none]
    Explanation
    Explanation/Reference:
    Explanation:
    If you use the Measureup tests it says Add-VpnConnection can be used on Windows 7 but I have tried on several machines and it just isn’t there in Powershelll so either Measureup are just repeating what Microsoft has told them or they are wrong.
    QUESTION 65
    Your company has two main offices and 10 branch offices. Each office is configured as a separate Active Directory site. The main offices sites are named Site1 and Site2.
    Each office connects to Site1 and Site2 by using a WAN link.
    Each site contains a domain controller that runs Windows Server 2008. You are redesigning the Active Directory infrastructure.
    You plan to implement domain controllers that run Windows Server 2012 and decommission all of the domain controllers that run Windows Server 2008.
    You need to recommend a placement plan for the Windows Server 2012 domain controllers to meet the following requirements:
    – Ensure that users can log on to the domain if a domain controller or a WAN link fails.
    – Minimize the number of domain controllers implemented.
    What should you include in the recommendation? (Each correct answer presents part of the solution. Choose all that apply.)
    A. Read-only domain controllers (RODCs) in the branch office sites
    B. A writable domain controller in Site1
    C. A writable domain controller in Site2
    D. Writable domain controllers in the branch office sites
    Correct Answer: BC
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 66
    Your network contains an Active Directory domain named contoso.com. Your company has an enterprise root certification authority (CA) named CA1.
    You plan to deploy Active Directory Federation Services (AD FS) to a server named Serverl. The company purchases a Microsoft Office 365 subscription.
    You plan register the company’s SMTP domain for Office 365 and to configure single sign-on for all users. You need to identify which certificate or certificates are required for the planned deployment.
    Which certificate or certificates should you identify? (Each correct answer presents a complete solution. Choose all that apply.)
    A. a server authentication certificate that is issued by a trusted third-party root CA and that contains the subject name serverl.contoso.com
    B. a server authentication certificate that is issued by CA1 and that contains the subject name Server1
    C. a server authentication certificate that is issued by a trusted third-party root CA and that contains the subject name Server1
    D. a server authentication certificate that is issued by CA1 and that contains the subject name serverl.contoso.com
    E. self-signed server authentication certificates for serverl.contoso.com
    Correct Answer: DE
    Section: [none]
    Explanation
    Explanation/Reference:
    Explanation: Use the full name.
    The subject name is commonly represented by using an X.500 or Lightweight Directory Access Protocol (LDAP) format.
    QUESTION 67
    Your network contains a server named Server1 that runs Windows Server 2012. Server1 is configured as a Hyper-V host. Server1 hosts a virtual machine named VM1. VM1 is configured as a file server that runs Windows Server 2012.
    VM1 connects to a shared storage device by using the iSCSI Initiator.
    You need to back up the files and the folders in the shared storage used by VM1. The solution must ensure that open files are included in the backup.
    What should you do?
    A. From Hyper-V Manager, create a snapshot of VM1.
    B. From Server1, perform a backup by using Windows Server Backup.
    C. From VM1, perform a backup by using Windows Server Backup.
    D. From Microsoft System Center 2012 Virtual Machine Manager (VMM), create a copy of VM1.
    Correct Answer: C
    Section: [none] Explanation
    Explanation/Reference:
    Explanation:
    Backing Up Hyper-V Virtual Machines Using Windows Server Backup
    http://blogs.msdn.com/b/taylorb/archive/2008/08/20/backing-up-hyper-v-virtual-machines-using-windowsserver-backup.aspx
    QUESTION 68
    Your network contains an Active Directory domain named contoso.com. You deploy Active Directory Certificate Services (AD CS).
    Your company, which is named Contoso, Ltd., has a partner company named Fabrikam, Inc. Fabrikam also deploys AD CS. Contoso and Fabrikam plan to exchange signed and encrypted email messages.
    You need to ensure that the client computers in both Contoso and Fabrikam trust each other’s email certificates.
    The solution must prevent other certificates from being trusted.
    What should you do? More than one answer choice may achieve the goal. Select the BEST answer.
    A. Implement an online responder in each company.
    B. Exchange the root certification authority (CA) certificates of both companies, and then deploy the certificates to the Trusted Root Certification Authorities store by using Group Policy objects (GPOs).
    C. Exchange the root certification authority (CA) certificates of both companies, and then deploy the certificates to the Enterprise Trust store by using Group Policy objects (GPOs).
    D. Implement cross-certification in each company.
    Correct Answer: D
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 69
    Your network contains an Active Directory domain named contoso.com.
    The network contains a server named Server1 that has the Hyper-V server role installed. Server1 hosts a virtual machine named VM1.
    You deploy a new standalone server named Server2. You install the Hyper-V server role on Server2.
    Another administrator named Admin1 plans to create a replica of VM1 on Server2. You need to ensure that Admin1 can configure Server2 to receive a replica of VM1. To which group should you add Admin1?
    A. Server Operators
    B. Domain Admins
    C. Hyper-V Administrators
    D. Replicator
    Correct Answer: C
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 70
    Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
    The domain contains a server named Server1 that runs Windows Server 2012 R2.
    You need to ensure that when users log on to Server1, their user account is added automatically to a local group named Group1 during the log on process.
    Which Group Policy settings should you modify?
    A. Restricted Groups
    B. Security Options
    C. User Rights Assignment
    D. Preferences
    Correct Answer: D
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 71
    Your network contains an Active Directory domain named contoso.com.
    The domain contains three Active Directory sites.
    The Active Directory sites are configured as shown in the following table.

    70-413 part2

    The sites connect to each other by using the site links shown in the following table.image

    You need to design the Active Directory site topology to meet the following requirements:
    – Ensure that all replication traffic between Site2 and Site3 replicates through Site1 if a domain controller in Site1 is available.
    – Ensure that the domain controllers between Site2 and Site3 can replicate if all of the domain controllers in Site1 are unavailable.
    What should you do?
    A. Delete Link1.
    B. Delete Link2.
    C. Delete Link3.
    D. Disable site link bridging.
    E. Create one site link bridge.
    F. Modify the cost of Link2.
    G. Create one SMTP site link between Site2 and Site3.
    H. Create one SMTP site link between Site1 and Site3. Create one SMTP site link between Site1 and Site2.
    Correct Answer: F
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 72
    Your company has a main office and a branch office.
    The network contains an Active Directory domain named contoso.com. The domain contains three domain controllers.
    The domain controllers are configured as shown in the following table.

    70-413 part2

    The domain contains two global groups.
    The groups are configured as shown in the following table.

    70-413 part2 

    You need to ensure that the RODC is configured to meet the following requirements:
    – Cache passwords for all of the members of Branch1Users.
    – Prevent the caching of passwords for the members of Helpdesk.
    What should you do?
    A. Modify the membership of the Denied RODC Password Replication group.
    B. Install the BranchCache feature on RODC1.
    C. Modify the delegation settings of RODC1.
    D. Create a Password Settings object (PSO) for the Helpdesk group.
    Correct Answer: A
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 73
    You have a computer configured and need to take an image of it to use as the reference image for deployments.
    What type of boot image do you need to create to obtain the image?
    A. Preinstallation image
    B. Capture image
    C. Discover image
    D. Virtualization image
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 74
    You have configured a deployment and began the deployment to a client computer and want the client computer to boot from the hard drive after installation.
    Which command creates this configuration?
    A. wdsutil /set-client /bootdevice:hd
    B. sysprep /client-boot-reset:yes
    C. wdsutil /set-server /resetbootprogram:yes
    D. sysprep /set-client /primaryboot:hd
    Correct Answer: C
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 75
    You need to edit an image to change its configuration. The first step is to mount the image. What tool would you use?
    A. Deployment Image Servicing and Management (DISM)
    B. Windows Deployment Services (WDS)
    C. Windows Image Administration
    D. Advanced Image Kit (AIK)
    Correct Answer: A
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 76
    When WDS and DHCP operate on the same server, which DHCP option needs to be configured for WDS?
    A. Option 31
    B. Option 60
    C. Boot Option 4
    D. WDS Server Option
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 77
    Two modes of operation are available when deploying WDS.
    Which of the following are not included in those modes? (Choose two.)
    A. Deployment
    B. Image Response
    C. Transport
    D. Capture
    Correct Answer: AC
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 78
    You’re deploying Windows Server 2012 using WDS and have multiple locations that need an image, so you need to configure a multisite topology. Which of the following steps is key when working with a multisite topology?
    A. Configuring boot order so that the correct deployment server is chosen
    B. Prestaging the client within WDS on the correct server
    C. Configuring the correct image for the location chosen
    D. Using multicast to ensure the most effective use of bandwidth
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 79
    Your company is a hosting provider that provides cloud-based services to multiple customers. Each customer has its own Active Directory forest located in your company’s datacenter. You plan to provide VPN access to each customer.
    The VPN solution will use RADIUS for authentication services and accounting services.
    You need to recommend a solution to forward authentication and accounting messages from the perimeter network to the Active Directory forest of each customer.
    What should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.
    A. A RADIUS server for each customer and one RADIUS proxy
    B. A RADIUS server for each customer and a RADIUS proxy for each customer
    C. One RADIUS proxy and one Active Directory Lightweight Directory Services (AD LDS) instance for each customer
    D. One RADIUS proxy for each customer and Active Directory Federation Services (AD FS)
    Correct Answer: A
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 80
    Your network contains an Active Directory domain named contoso.com.
    The domain contains three Active Directory sites.
    The Active Directory sites are configured as shown in the following table.

    70-413 part2 The sites connect to each other by using the site links shown in the following table.70-413 part2

    You need to design the Active Directory site topology to meet the following requirements:
    – Ensure that all replication traffic between Site2 and Site3 replicates through Site1 if a domain controller in Site1 is available.
    – Ensure that the domain controllers between Site2 and Site3 can replicate if all of the domain controllers in Site1 are unavailable.
    What should you do?
    A. Delete Link2.
    B. Disable site link bridging.
    C. Delete Link3.
    D. Create one site link bridge.
    Correct Answer: A
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 81
    Your company has a main office and a branch office.
    The network contains an Active Directory domain named contoso.com.
    The domain contains three domain controllers.
    The domain controllers are configured as shown in the following table.

    70-413 part2

    What should you do?
    A. Create a Password Settings object (PSO) for the Helpdesk group.
    B. Install the BranchCache feature on RODC1.
    C. Modify the password replication policy of RODC1.
    D. Modify the delegation settings of RODC1.
    Correct Answer: C
    Section: [none]
    Explanation
    Explanation/Reference:
    http://technet.microsoft.com/en-us/library/cc730883%28v=ws.10%29.aspx
    QUESTION 82
    Your company has a main office, ten regional datacenters; and 100 branch offices. You are designing the site topology for an Active Directory forest named contoso.com. The forest will contain the following servers:
    – In each regional datacenter and in the main office, a domain controller that runs Windows Server
    – In each branch office, a file server that runs Windows Server 2012
    You have a shared folder that is accessed by using the path \\contoso.com\shares\software.
    The folder will be replicated to a local file server in each branch office by using Distributed File System (DFS) replication.
    You need to recommend an Active Directory site design to meet the following requirements:
    – Ensure that users in the branch offices will be authenticated by a domain controller in the closest regional datacenter.
    – Ensure that users automatically connect to the closest file server when they access \\contoso.com\shares\software.
    How many Active Directory sites should you recommend?
    A. 1
    B. 10
    C. 11
    D. 111
    Correct Answer: D
    Section: [none]
    Explanation
    Explanation/Reference:
    Explanation:
    As each branch office will have its own subnet and each site will have a subnet range associated with it. The regional datacentre subnet will also fall within the scope of the site subnet range. Therefore branch office PCs will become site aware and linked with their regional datacentre via site/subnet association.
    As Authentication will occur at the DC in the same site (As long as the DC is online of course) The users will authenticate at their closest regional datacentre
    As DFS is site aware and has the ability to set referral ordering you can force each client to refer to its local DFS file server in its own site and as there are no file servers in the regional datacentres this means the local branch file server will be chosen.
    QUESTION 83
    Your company has a main office and a branch office.
    The network contains an Active Directory domain named contoso.com.
    The domain contains three domain controllers.
    The domain controllers are configured as shown in the following table.

    70-413 part2

    The domain contains two global groups.
    The groups are configured as shown in the following table.

    70-413 part2 

    You need to ensure that the RODC is configured to meet the following requirements:
    – Cache passwords for all of the members of Branch1Users.
    – Prevent the caching of passwords for the members of Helpdesk.
    What should you do?
    A. Create a Password Settings object (PSO) for the Helpdesk group.
    B. Install the BranchCache feature on RODC1.
    C. Modify the membership of the Allowed RODC Password Replication group of RODC1.
    D. Modify the membership of the Denied RODC Password Replication group of RODC1.
    Correct Answer: C
    Section: [none]
    Explanation
    Explanation/Reference:
    Explanation:
    http://technet.microsoft.com/en-us/library/cc730883%28v=ws.10%29.aspx
    QUESTION 84
    Your company has a main office and 20 branch offices.
    All of the offices connect to each other by using a WAN link.
    The network contains an Active Directory forest named contoso.com. The forest contains a domain for each office.
    The forest root domain contains all of the server resources.
    Each branch office contains two domain controllers for the branch office domain and one domain controller for the contoso.com domain.
    Each branch office has a support technician who is responsible for managing the accounts of their respective office only.
    You recently updated all of the WAN links to high-speed WAN links.
    You need to recommend changes to the Active Directory infrastructure to meet the following requirements:
    – Reduce the administrative overhead of moving user accounts between the offices.
    – Ensure that the support technician in each office can manage the user accounts of their respective office.
    What should you include in the recommendation? More than one answer choice may achieve the goal. Select the BEST answer.
    A. Create shortcut trusts between each child domain.
    In the main office, add a domain controller to each branch office domain.
    B. Create a new child domain named corp.contoso.com.
    Create a shortcut trust between each child domain and corp.contoso.com.
    C. Move all of the user accounts of all the branch offices to the forest root domain. Decommission all of the child domains.
    D. Create a new forest root domain named contoso.local.
    Move all of the user accounts of all the branch offices to the new forest root domain. Decommission all of the child domains.
    Correct Answer: C
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 85
    When creating a Scheduled Cast multicast deployment, with which of the following methods can you begin deployment?
    A. At a future time and/or when a threshold of clients request an image
    B. At a future time and/or when the server comes online
    C. Immediately or at a scheduled time
    D. When the client threshold is set to met or daily
    Correct Answer: A
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 86
    You’re configuring a split-scope DHCP scenario between two servers.
    What’s the recommended percentage for a DHCP split scope configuration?
    A. 60/40
    B. 70/30
    C. 80/20
    D. 50/50
    Correct Answer: C
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 87
    You need to move the DHCP database. Assuming a standard Windows directory and Program Files path structure and that you’ve changed the path in the DHCP Manager, what’s the default path where the DHCP database is found?
    A. C:\Windows\system32\dhcp
    B. C:\Program Files\Microsoft\DHCP\Data
    C. C:\Windows\system32\DHCP\Data
    D. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DHCP
    Correct Answer: A
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 88
    While implementing split scope, you notice that the secondary server is responding to numerous DHCP requests first.
    What’s the best way to handle this situation?
    A. Increase the split ratio so that the secondary server has more IP addresses from the scope.
    B. Introduce a delay for DHCP offers from the secondary using the DHCP management console.
    C. Reduce the load on the primary server so that it can respond faster.
    D. Place the secondary DHCP server on a different network segment to introduce a delay in the response.
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 89
    You need to grant access for viewing audit information within IPAM.
    To which group should you add a user to, to grant that user the minimum level of permission for this task?
    A. IPAM Users
    B. IPAM IP Address Audit Admins
    C. IPAM Administrators
    D. IPAM IP Audit Administrators
    Correct Answer: D
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 90
    When provisioning IPAM servers using GPOs, servers are discovered.
    After configuring them to be managed in IPAM, what command do you need to run on the server to be managed?
    A. Invoke-IpamAudit /server <ipam-servername> /domain
    B. gpupdate /reset
    C. Invoke-IpamAudit /server <ipam-servername> /configure
    D. gpupdate /force
    Correct Answer: D
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 91
    Your network contains an Active Directory domain named contoso.com.
    The domain contains an organizational unit (OU) named OU1.
    You have a Group Policy object (GPO) named GP01 that is linked to contoso.com.
    GPO1 contains custom security settings.
    You need to design a Group Policy strategy to meet the following requirements:
    – The security settings in GPO1 must be applied to all client computers.
    – Only GPO1 and other GPOs that are linked to OU1 must be applied to the client computers in OU1.
    What should you include in the design? More than one answer choice may achieve the goal. Select the BEST answer.
    A. Enable the Block Inheritance option at the domain level. Enable the Enforced option on GPO1.
    B. Enable the Block Inheritance option on OU1. Link GPO1 to OU1.
    C. Enable the Block Inheritance option on OU1. Enable the Enforced option on GPO1.
    D. Enable the Block Inheritance option on OU1. Enable the Enforced option on all of the GPOs linked to OU1.
    Correct Answer: C
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 92
    A new company registers the domain name of contoso.com. The company has a web presence on the Internet.
    All Internet resources have names that use a DNS suffix of contoso.com.
    A third- party hosts the Internet resources and is responsible for managing the contoso.com DNS zone on the Internet.
    The zone contains several hundred records.
    The company plans to deploy an Active Directory forest.
    You need to recommend an Active Directory forest infrastructure to meet the following requirements:
    – Ensure that users on the internal network can resolve the names of the company’s Internet resources.
    – Minimize the amount of administrative effort associated with the addition of new Internet servers.
    What should you recommend?
    A. A forest that contains a root domain named contoso.com and another domain named ad.contoso.com
    B. A forest that contains a root domain named contoso.com and another domain named contoso.local
    C. A forest that contains a single domain named contoso.local
    D. A forest that contains a single domain named contoso.com
    Correct Answer: C
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 93
    Your network contains an Active Directory domain named contoso.com.
    The domain contains four computers that are configured as shown in the following table. You plan to use domain controller cloning.
    You need to identify on which computers you can clone domain controllers that run Windows Server 2012. Which computers should you identify? (Each correct answer presents part of the solution. Choose all that apply.)

    70-413 part2

    A. Server1
    B. Server2
    C. Server3
    D. Client1
    Correct Answer: AD
    Section: [none]
    Explanation
    Explanation/Reference:
    DC cloning can be done from either Hyper-V on Server 2012 and Hyper-V on Windows 8
    QUESTION 94
    Your network contains an Active Directory domain named contoso.com.
    On several organizational units (OUs), an administrator named Admin1 plans to delegate control of custom tasks.
    You need to ensure that Admin1 can delegate a custom task named Task1 by using the Delegation of Control Wizard.
    What should you do?
    A. Add a new class to the Active Directory schema.
    B. Configure a custom MMC console.
    C. Modify the Delegwiz.inf file.
    D. Configure a new authorization store by using Authorization Manager.
    Correct Answer: C
    Section: [none]
    Explanation
    Explanation/Reference:
    Explanation:
    http://support.microsoft.com/kb/308404
    QUESTION 95
    Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the DHCP Server server role installed.
    All of the client computers that are in a subnet named Subnet1 receive their IP address configurations from Server1.
    You plan to add another DHCP server named Server2 to Subnet1.
    You need to recommend changes to the DHCP infrastructure to ensure that the client computers continue to receive IP addressing information if a single DHCP server fails.
    What should you do? More than one answer choice may achieve the goal. Select the BEST answer.
    A. Create a Network Load Balancing (NLB) cluster.
    B. Configure Failover for the scope.
    C. Create a DHCP failover cluster.
    D. Create a split scope.
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    Explanation: http://blogs.technet.com/b/keithmayer/archive/2012/10/28/step-by-step-scoping-out-the-new-dhcpfailover-inwindows-server-2012-31-days-of-favorite-features-part-28-of-31.aspx#.UQhW-b-jbK0

    70-413 part2

    QUESTION 96
    Your network contains an Active Directory forest named contoso.com.
    The forest contains one domain.
    Your company plans to open a new division named Division1.
    A group named Division1Admins will administer users and groups for Division1.
    You identify the following requirements for Division1:
    – All Division1 users must have a complex password that is 14 characters.
    – Division1Admins must be able to manage the user accounts for Division1.
    – Division1Admins must be able to create groups, and then delete the groups that they create.
    – Division1Admins must be able to reset user passwords and force a password change at the next logon for all Division1 users.
    You need to recommend changes to the forest to support the Division1 requirements.
    What should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.
    A. Create a new child domain named divisionl.contoso.com. Move all of the Division1 user accounts to the new domain. Add the Division1Admin members to the Domain Admins group. Configure the password policy in a Group Policy object (GPO).
    B. In the forest, create a new organizational unit (OU) named Division1 and add Division1Admins to the Managed By attribute of the new OU.
    Move the Division1 user objects to the new OU.
    Create a fine-grained password policy for the Division1 users.
    C. Create a new forest. Migrate all of the Division1 user objects to the new forest and add the Division1Admins members to the Enterprise Admins group.
    Configure the password policy in a Group Policy object (GPO).
    D. In the forest, create a new organizational unit (OU) named Division1 and delegate permissions for the OU to the Division1Admins group.
    Move all of the Division1 user accounts to the new OU. Create a fine-grained password policy for the Division1 users.
    Correct Answer: D
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 97
    Your company has a main office and four branch offices. The main office is located in London.
    The network contains an Active Directory domain named contoso.com. The network is configured as shown in the exhibit. (Click the Exhibit button.) Each office contains several servers that run Windows Server 2012.
    In each branch office, you plan to deploy an additional 20 servers that will run Windows Server 2012. Some of the servers will have a Server Core Installation of Windows Server 2012.
    You identify the following requirements for the deployment of the new servers:
    – Operating system images must be administered centrally.
    – The operating system images must be deployed by using PXE.
    – The WAN traffic caused by the deployment of each operating system must be minimized.
    You need to recommend a solution for the deployment of the new servers.
    What should you recommend?

    70-413 part2

    A. Deploy Windows Deployment Services (WDS) in each office.
    Replicate the images by using Distributed File System (DFS) Replication.
    B. Deploy Windows Deployment Services (WDS) in each office. Copy the images by using BranchCache.
    C. Deploy Windows Deployment Services (WDS) in the main office only. Copy the images by using BranchCache.
    D. Deploy Windows Deployment Services (WDS) in the main office only. Replicate the images by using Distributed File System (DFS) Replication.
    Correct Answer: A
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 98
    Your network contains an Active Directory domain named contoso.com.
    The domain contains a Microsoft System Center 2012 infrastructure. The domain contains two sites named Site1 and Site2.
    The sites connect to each other by using a 1-Mbps WAN link. The sites contain four servers.
    The servers are configured as shown in the following table. In Site2, you plan to deploy 50 Hyper-V hosts.
    You need to recommend a solution to deploy the Hyper-V hosts by using VMM.
    The solution must minimize the amount of traffic between Site1 and Site2 during deployment. What should you recommend?

    70-413 part2

    A. On Server4, install VMM.
    From the Virtual Machine Manager console, add Server1 as a PXE server and add Server4 as a library server.
    B. On Server4/ install VMM.
    From the Virtual Machine Manager console, add Server1 as a PXE server and a library server.
    C. On Server4, install WDS.
    From the Virtual Machine Manager console, add Server4 as a PXE server and a library server.
    D. On Server4, install WDS.
    From the Virtual Machine Manager console, add Server4 as a PXE server and add Server1 as a library server.
    Correct Answer: C
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 99
    Your network contains an Active Directory forest named contoso.com. You plan to add a new domain named child.contoso.com to the forest.
    On the DNS servers in child.contoso.com, you plan to create conditional forwarders that point to the DNS servers in contoso.com.
    You need to ensure that the DNS servers in contoso.com can resolve names for the servers in child. contoso.com.
    What should you create on the DNS servers in contoso.com?
    A. A root hint
    B. A zone delegation
    C. A conditional forwarder
    D. A trust point
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 100
    A company has a line-of-business application named App1 that runs on an internal IIS server. App1 uses a SQL Server 2008 database that is hosted on the same server.
    You move the database to a dedicated SQL Server named SQL1.
    Users report that they can no longer access the application by using their domain credentials. You need to ensure that users can access Appl.
    Solution: You configure App1 and SQL1 to use NTLM authentication. Then you restart the IIS and SQL Server services.
    Does this meet the goal?
    A. Yes
    B. No
    Correct Answer: B
    Section: [none]
    Explanation
    Explanation/Reference:
    QUESTION 101
    A company has a line-of-business application named App1 that runs on an internal IIS server. App1 uses a SQL Server 2008 database that is hosted on the same server.
    You move the database to a dedicated SQL Server named SQL1.
    Users report that they can no longer access the application by using their domain credentials. You need to ensure that users can access App1.
    Solution: You configure Kerberos-constrained delegation and then run the following command from an administrative command prompt:
    setspn-a MSSQLsvc/SQLl:1433 <domain>\<sql_service>
    Does this meet the goal?
    A. Yes
    B. No
    Correct Answer: A
    Section: [none]
    Explanation
    Explanation/Reference:
    Question 101a.
    App1 uses a SQL Server 2008 database that is hosted on the same server. You move the database to a dedicated SQL Server named SQL1. Users report that they can no longer access the application by using their domain credentials. You need to ensure that users can access App1. Solution: You configure Kerberos-constrained delegation and then run the following command from an administrative command prompt:
    setspn -a http/App1 <domain>\<app_service> Does this meet the goal? A. Yes B. No
    The answer is NO.

      ES TK PS AT OB
     

    Examsavior

    Test King

    Pass4sure

    Actual Tests

    Other Brands

    Customer Reviews 5stars 1star 1star 1star 1star
     

    $89.99

    $124.99

    $125.99

    $189.00

    $29.99~$49.99

    Up-To-Dated Available NotAvailable NotAvailable NotAvailable NotAvailable
    Real Questions & Answers Available NotAvailable NotAvailable NotAvailable NotAvailable
    Correct All Error Available NotAvailable NotAvailable NotAvailable NotAvailable
    Premium VCE Dumps Available NotAvailable NotAvailable NotAvailable NotAvailable
    Free VCE Simulator Available NotAvailable NotAvailable NotAvailable NotAvailable
    Unlimited After One Time Purchasing Available NotAvailable NotAvailable NotAvailable NotAvailable
    Instant Download Available NotAvailable NotAvailable NotAvailable NotAvailable
    Printable PDF Dumps Available NotAvailable NotAvailable NotAvailable NotAvailable
    100% Pass Guarantee Available NotAvailable NotAvailable NotAvailable NotAvailable
    100% Money Back Available NotAvailable NotAvailable NotAvailable NotAvailable

    100% Pass:http://examsavior.com/

    115 Total Views 1 Views Today

    Topics: Microsoft | Comments Off on 70-413 part2

    Tagged with:

    Comments are closed.