[Free] 2018(May) EnsurePass Examcollection Microsoft 70-413 Dumps with VCE and PDF 101-110

Ensurepass.com : Ensure you pass the IT Exams
2018 May Microsoft Official New Released 70-413
100% Free Download! 100% Pass Guaranteed!

Designing and Implementing a Server Infrastructure

Question No: 101 HOTSPOT – (Topic 9)

Your network contains an Active Directory forest name fabrikam.com. The forest contains two domains named fabrikam.com and contoso.com. All servers run Windows Server 2012 R2.

The forest contains a DHCP server named Server1 and a DNS server named Server2.

You need to recommend a solution to ensure that any computers that are neither members of contoso.com nor fabrikam.com receive a DNS suffix of guest.fabrikam.com.

What two commands should you run? To answer, select the appropriate options in the answer area.

Ensurepass 2018 PDF and VCE

Ensurepass 2018 PDF and VCE

Answer:

Ensurepass 2018 PDF and VCE

Explanation:

Ensurepass 2018 PDF and VCE

Box 1: Add-DhcpServerv4Policy

Box 2: Fqdn NE,*.Fabrikam.com,*.contoso.com Example:

This example creates a server level policy for all foreign clients that are not members of the local domain contoso.com. The policy matches clients that have an FQDN that does not contain the value contoso.com.

Windows PowerShell

PS C:\gt; Add-DhcpServerv4Policy -Name ForeignDevices -Condition OR -Fqdn NE,*.contoso.com

Box 3: Set-DhcpServerv4DnsSetting

Box 4: -ComputerName Server2.fabrikam.com Box 5: -PolicyName ForeignDevices

Example: This example sets DNS update configuration settings for the sever policy ForeignDevices to enable DNS registration of clients under the DNS suffix guestdomain.com. The command specifies the computer, named dhcpserver.contoso.com, that runs the DHCP server service.

Windows PowerShellPS C:\gt; Set-DhcpServerv4DnsSetting -ComputerName dhcpserver.contoso.com -DnsSuffix guestdomain.com -PolicyName ForeignDevices

Note: Add-DHCPServerv4Policy

The Add-DhcpServerv4Policy cmdlet adds a new policy either at the server level or at the scope level. The policy name must be unique at the level, either server or specific scope, where the policy is added and should have at least one condition as specified by the CircuitId, ClientId, Fqdn, MACAddress, RelayAgent, RemoteId, SubscriberId, UserClass, or VendorClass parameter.

Question No: 102 – (Topic 9)

Your company has a main office. The main office is located in a building that has 10 floors.

A datacenter on the ground floor contains a Windows Server 2012 failover cluster. The failover cluster contains a DHCP server resource named DHCP1. All client computers receive their IP addresses from DHCP1. All client computers are part of the 131.107.0.0/16 IPv4 subnet.

You plan to implement changes to the network subnets to include a separate subnet for each floor of the office building. The subnets will connect by using routers.

You need to recommend changes to the DHCP infrastructure to ensure that all of the client computers can receive their IP configuration by using DHCP.

What should you recommend?

More than one answer choice may achieve the goal. Select the BEST answer.

  1. Install a remote access server on each floor. Configure a DHCP relay agent on each new DHCP server. Create a scope for each subnet on DHCP1.

  2. Install a DHCP server on each floor. Create a scope for the local subnet on each new DHCP server. Enable DHCP Failover on each new DHCP server.

  3. Configure each router to forward requests for IP addresses to DHCP1. Create a scope for each subnet on DHCP1.

  4. Configure each router to forward requests for IP addresses to DHCP1. Create a scope for the 10.0.0.0/16 subnet on DHCP1.

Answer: C Explanation:

In TCP/IP networking, routers are used to interconnect hardware and software used on different physical network segments called subnets and forward IP packets between each of the subnets. To support and use DHCP service across multiple subnets, routers connecting each subnet should comply with DHCP/ BOOTP relay agent capabilities described in RFC 1542.

Reference: Support multiple subnets with one DHCP server by configuring DHCP relay agents

http://technet.microsoft.com/en-us/library/cc771390.aspx

Question No: 103 – (Topic 9)

This question consists of two statements: One is named Assertion and the other is named Reason. Both of these statements may be may be true; both false; or one may be true, while the other may be false.

To answer this question, you must first evaluate whether each statement is true on its own.

If both statements are true, then you must evaluate whether the Reason (the second statement) correctly explains the Assertion (the first statement). You will then select the answer from the list of answer choices that matches your evaluation of the two statements.

You plan to migrate users between two Active Directory Domain Services domains in different forests.

You run the following command from an administrative command prompt:

Ensurepass 2018 PDF and VCE

Assertion:

Users will have uninterrupted access to the resources in the source domain during the migration.

Reason:

The Netdom command configures a two-way trust between the source and target domains to ensure that users can access both environments for the entire length of the migration phase.

Evaluate the Assertion and Reason statements and choose the correct answer option.

  1. Both the Assertion and Reason are true, and the Reason is the correct explanation for the Assertion.

  2. Both the Assertion and Reason are true, but the Reason is not the correct explanation for the Assertion.

  3. The Assertion is true, but The Reason is false.

  4. The Assertion is false, but the Reason is true.

  5. Both the Assertion and the Reason are false.

Answer: C

Explanation: The assertion is true as the /quarantine:No option is used any SID for authorization data that netdom trust returns during authentication is accepted.

The reason is false as the /twoway parameter is not used. The /twoway parameter is to

establish a two-way trust relationship rather than a one-way trust relationship.

Note: The Netdom trust command establishes, verifies, or resets a trust relationship between domains.

Reference: Netdom trust

https://technet.microsoft.com/en-us/library/cc835085.aspx

Question No: 104 – (Topic 9)

You are the administrator for a large company. You plan to implement servers in the environment that do not use local hard drives.

You need to recommend a supported storage solution. Which technology should you recommend?

  1. Clustered NAS

  2. Cloud storage

  3. USB flash drive

  4. iSCSISAN

  5. Cloud Storage

Answer: D

Question No: 105 – (Topic 9)

Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012.

The forest contains an Active Directory domain. The domain contains a global security group named GPO_Admins that is responsible for managing Group Policies in the forest.

A second forest named fabrikam.com contains three domains. The forest functional level is Windows Server 2003.

You need to design a trust infrastructure to ensure that the GPO_Admins group can create, edit, and link Group Policies in every domain of the fabrikam.com forest.

What should you include in the design?

More than one answer choice may achieve the goal. Select the BEST answer.

  1. A two-way forest trust

  2. A one-way forest trust

  3. Three external trusts

  4. Three shortcut trusts

Answer: B

Explanation: A one-way trust is a unidirectional authentication path created between two domains. In a one-way trust between Domain A and Domain B, users in Domain A can access resources in Domain B. However, users in Domain B cannot access resources in Domain A. In this question Domain A would be contoso.com, which has the GPO_Admins group, and Domain B would the fabrikam.com domain, to which the GPO_Admins should have access.

Reference: How Domain and Forest Trusts Work https://technet.microsoft.com/en-us/library/cc773178(v=ws.10).aspx

Question No: 106 DRAG DROP – (Topic 9)

Your network contains an Active Directory domain named contoso.com. The domain contains an IP Address Management (IPAM) server.

You plan to delegate the administration of IPAM as shown in the following table.

Ensurepass 2018 PDF and VCE

You need to recommend which IPAM security group must be used for each department.

The solution must minimize the number of permissions assigned to each group. What should you recommend?

To answer, drag the appropriate group to the correct department in the answer area. Each group may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content.

Ensurepass 2018 PDF and VCE

Answer:

Ensurepass 2018 PDF and VCE

Explanation:

Box 1:

Ensurepass 2018 PDF and VCE

Box 2:

Ensurepass 2018 PDF and VCE

Box 3:

Ensurepass 2018 PDF and VCE

  • IPAM IP Audit Administrators: Members of this group have IPAM Users privileges and can perform IPAM common management tasks and can view IP address tracking information.

  • IPAM Users: Members of this group can view all information in server discovery, IP address space, and server management. They can view IPAM and DHCP server operational events, but cannot view IP address tracking information.

  • IPAM ASM Administrators: IPAM address space management (ASM) administrators have IPAM Users privileges and can perform IPAM common management tasks and IP address space tasks.

Question No: 107 – (Topic 9)

Your company has a main office and a branch office.

The network contains an Active Directory domain named contoso.com. The main office contains domain controllers that run Windows Server 2012. The branch office contains a read-only domain controller (RODC) that runs Windows Server 2012.

You need to recommend a solution to control which Active Directory attributes are replicated to the RODC.

What should you include in the recommendation?

  1. The partial attribute set

  2. The filtered attribute set

  3. Application directory partitions

  4. Constrained delegation

Answer: B

Explanation: RODC filtered attribute set

Some applications that use AD DS as a data store might have credential-like data (such as passwords, credentials, or encryption keys) that you do not want to be stored on an RODC in case the RODC is compromised.

For these types of applications, you can dynamically configure a set of attributes in the schema for domain objects that will not replicate to an RODC. This set of attributes is called the RODC filtered attribute set. Attributes that are defined in the RODC filtered attribute set are not allowed to replicate to any RODCs in the forest.

Reference: AD DS: Read-Only Domain Controllers https://technet.microsoft.com/en-us/library/cc732801(v=ws.10).aspx

Question No: 108 DRAG DROP – (Topic 9)

Your network contains an Active Directory forest named contoso.com.

Your company merges with another company that has an Active Directory forest named litwareinc.com.

Each forest has one domain.

You establish a two-way forest trust between the forests.

The network contains three servers. The servers are configured as shown in the following table.

Ensurepass 2018 PDF and VCE

You confirm that the client computers in each forest can resolve the names of the client computers in both forests.

On dc1.litwareinc.com, you create a zone named GlobalNames.

You need to recommend changes in both forests to ensure that the users in both forests can resolve single-label names by using the GlobalNames zone in litwareinc.com.

Which changes should you recommend?

To answer, drag the appropriate configuration to the correct server in the answer area. Each configuration may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content.

Ensurepass 2018 PDF and VCE

Answer:

Ensurepass 2018 PDF and VCE

Explanation:

Ensurepass 2018 PDF and VCE

Deploying a GlobalNames zone

The specific steps for deploying a GlobalNames zone can vary somewhat, depending on the AD DS topology of your network.

Step 1: Create the GlobalNames zone

Step 2(Box 1, box 3) : Enable GlobalNames zone support

The GlobalNames zone is not available to provide name resolution until GlobalNames zone support is explicitly enabled by using the following command on every authoritative DNS server in the forest:

dnscmd lt;ServerNamegt; /config /enableglobalnamessupport 1 Step 3:Replicate the GlobalNames zone

Step 4: Populate the GlobalNames zone

Step 5 (box 2) : Publish the location of the GlobalNames zone in other forests

If you want DNS clients in other forests to use the GlobalNames zone for resolving names, add service location (SRV) resource records to the forest-wide DNS application partition, using the service name _globalnames._msdcs and specifying the FQDN of the DNS server that hosts the GlobalNames zone.

Question No: 109 – (Topic 9)

Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.

Ensurepass 2018 PDF and VCE

All client computers run either Windows 7 or Windows 8.

The corporate security policy states that all of the client computers must have the latest security updates installed.

You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure

that all other client computers connect to VLAN 3. Solution: You implement the IPsec enforcement method. Does this meet the goal?

  1. Yes

  2. No

Answer: B

Explanation: As VLAN is used we would have to use 802.1x NAP enforcement.

Reference: Where to Place a Remediation Server https://msdn.microsoft.com/en-us/library/dd125342(v=ws.10).aspx

Question No: 110 – (Topic 9)

Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.

Ensurepass 2018 PDF and VCE

All client computers run either Windows 7 or Windows 8.

The corporate security policy states that all of the client computers must have the latest security updates installed.

You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3.

Solution: You implement the VPN enforcement method.

Does this meet the goal?

  1. Yes

  2. No

Answer: B

Explanation: VPN Enforcement need to be setup in connection with NAP (Network Access Protection).

100% Ensurepass Free Download!
Download Free Demo:70-413 Demo PDF
100% Ensurepass Free Guaranteed!
70-413 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.