Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Location Chicago IL, USA

Microsoft 70-413 Exam Actual Questions

The questions for 70-413 were last updated at Oct. 18, 2021.
  • Viewing page 1 out of 34 pages.
  • Viewing questions 1-10 out of 343 questions

Topic 1 - Question Set 1

Question #1 Topic 1

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
A company has a line-of-business application named App1 that runs on an internal IIS server. App1 uses a SQL Server 2008 database that is hosted on the same server. You move the database to a dedicated SQL Server named SQL1. Users report that they can no longer access the application by using their domain credentials.
You need to ensure that users can access App1.
Solution: You deploy a group policy to register all usersג€™ client devices as trusted delegates to SQL1. You instruct the users to reboot their devices.
Does this meet the goal?

  • A. Yes
  • B. No
Reveal Solution Hide Solution   Discussion  

Correct Answer: B

Question #2 Topic 1

DRAG DROP -
You have an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 and has the Remote
Access server role installed. Client computers run either Windows XP or Windows 8.
Your company has defined requirements for three departments as shown in the table.

You need to identify which remote access solution should be assigned for each group.
Which solutions should you identify for each group?
To answer, drag the appropriate solution to the correct requirements in the answer area. Each solution may be used once, more than once, or not at all.
Additionally, you may need to drag the split bar between panes or scroll to view content.
Select and Place:

Reveal Solution Hide Solution   Discussion   1

Correct Answer:

Question #3 Topic 1

A company has a single-forest and single Active Directory Domain Services domain named contoso.com. The company has offices in multiple geographic locations and manages all computing devices from a network operations center located at a main office.
You deploy physical servers and user devices by using a Windows Deployment Services (WDS) server named WDS1, and a server that runs System Center 2012
Virtual Machine Manager SP1 named VMM1.
Every three months you update the standard deployment images and push the update images to all client devices in the organization. You use multicast deployments for the servers and client devices at the remote offices. To automate the deployment process, you create an Auto-Cast multicast transmission and pre-stage client devices.
You need to ensure that client devices continue the deployment process after the first reboot and do not restart the installation.
What should you do?

  • A. Run the following command at an administrative command prompt: wdsutil /set-device [/BootProgram: boot\<arch>\pxeboot.com]
  • B. Run the following Windows PowerShell command: New-WdsClient ג€"DeviceID -PxePromptPolicy OptIn
  • C. Run the following command at an administrative command prompt: wdsutil /set-server /server:WDS1 /AllowN12ForNewClients:No
  • D. Run the following command at an administrative command prompt: wdsutil /set-server /wdsunattend /policy:enabled
Reveal Solution Hide Solution   Discussion   1

Correct Answer: C

Question #4 Topic 1

Your network contains an Active Directory domain named adatum.com.
Your company plans to open a new branch office named Branch1.
You identify the following requirements for Branch1:
✑ All Branch1 users must have a password that is a minimum of 14 characters. All other domain users must have a password that is a minimum of 12 characters.
✑ A group named Group1 must be able to reset user passwords for users in Branch1.
You need to recommend changes to the domain to support the Branch1 requirements.
What should you recommend?
More than one answer choice may achieve the goal. Select the BEST answer.

  • A. Create a new organizational unit (OU) named BranchOU and add Group1 to the Managed By attribute of BranchOU. Move the Branch1 user objects to the new OU. Create a fine-grained password policy for the Branch1 users.
  • B. Create a new organizational unit (OU) named BranchOU. Delegate the permissions for BranchOU to Group1. Move all of the Branch1 user accounts to the new OU. Create a fine-grained password policy for the Branch1 users.
  • C. Create a new forest. Migrate all of the Branch1 user objects to the new forest and add the Group1 members to the Enterprise Admins group. Configure the password policy in a Group Policy object (GPO).
  • D. Create a new child domain. Move all of the Branch1 user accounts to the new domain. Add the Group1 members to the Domain Admins group. Configure the password policy in a Group Policy object (GPO).
Reveal Solution Hide Solution   Discussion  

Correct Answer: B

Question #5 Topic 1

Your network contains an Active Directory domain named contoso.com. The domain contains three Active Directory sites. The Active Directory sites are configured as shown in the following table.

The sites connect to each other by using the site links shown in the following table.

You need to design the Active Directory site topology to meet the following requirements:
✑ Ensure that all replication traffic between Site2 and Site3 replicates through Site1 if a domain controller in Site1 is available.
✑ Ensure that the domain controllers between Site2 and Site3 can replicate if all of the domain controllers in Site1 are unavailable.
What should you do?

  • A. Delete Link1.
  • B. Delete Link3.
  • C. Create one SMTP site link between Site2 and Site3.
  • D. Modify the cost of Link2.
  • E. Disable site link bridging.
  • F. Create one site link bridge.
  • G. Create one SMTP site link between Site2 and Site3. Create one SMTP site link between Site1 and Site2
Reveal Solution Hide Solution   Discussion   1

Correct Answer: D

Question #6 Topic 1

Your company has three offices. The offices are located in New York, Chicago, and Atlanta.
The network contains an Active Directory domain named contoso.com that has three Active Directory sites named Site1, Site2, and Site3. The New York office is located in Site1. The Chicago office is located in Site2. The Atlanta office is located in Site3. There is a local IT staff to manage the servers in each site. The current domain controllers are configured as shown in the following table.

The company plans to open a fourth office in Montreal that will have a corresponding Active Directory site. Because of budget cuts, a local IT staff will not be established for the Montreal site.
The Montreal site has the following requirements:
✑ Users must be able to authenticate locally.
Users must not have the ability to log on to the domain controllers.

✑ Domain account passwords must not be obtained from servers in the Montreal site.
✑ Network bandwidth between the Montreal site and the other sites must be minimized.
✑ Users in the Montreal office must have access to applications by using Remote Desktop Services (RDS).
You need to recommend a solution for the servers in the Montreal site.
What should you recommend?

  • A. Only install a domain controller in the Montreal site that has a Server Core installation of Windows Server 2012
  • B. Install a read-only domain-controller (RODC) in the Montreal site. Install a member server in the Montreal site to host additional server roles.
  • C. Only install a read-only domain controller (RODC) in the Montreal site.
  • D. Install a domain controller in the Montreal site that has a Server Core installation of Windows Server 2012. Install a member server in the Montreal site to host additional server roles.
  • E. Install a domain controller in the Montreal site that has a Server Core installation of Windows Server 2012. Install a member server in the New York site to host additional server roles.
  • F. Install a read-only domain controller (RODC) in the Montreal site. Install a member server in the New York site to host additional server roles.
  • G. Install a read-only domain-controller (RODC) in the Montreal site. Install a member server the Montreal site to host additional server roles.
  • H. Install a read-only domain controller (RODC) in the New York site.
  • I. Only install a domain controller in the New York site that has a Server Core installation of Windows Server 2012.
Reveal Solution Hide Solution   Discussion  

Correct Answer: F
A local RODC in the new Montreal site would meet the requirements.
Incorrect:
A domain controller is not required in the Montreal site.
We should place a new RODC in the new Montreal site, not in the New York site.

Question #7 Topic 1

Your network contains 50 servers that run Windows Server 2008 Service Pack 2 (SP2) and 50 servers that run Windows Server 2008 R2.
You plan to implement Windows Server 2012 R2.
You need to create a report that includes the following information:
✑ The servers that run applications and services that can be moved to Windows Server 2012 R2
The servers that have hardware that can run Windows Server 2012 R2

✑ The servers that are suitable to be converted to virtual machines hosted on Hyper-V hosts that run Windows Server 2012 R2
Solution: You install Windows Server 2012 R2 on a new server, and then you run the Windows Server Migration Tools. Does this meet the goal?

  • A. Yes
  • B. No
Reveal Solution Hide Solution   Discussion  

Correct Answer: B

Question #8 Topic 1

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.
You plan to deploy DirectAccess.
The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network.
You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement
Solution: You set the ISATAP State to state disabled.
Does this meet the goal?

  • A. Yes
  • B. No
Reveal Solution Hide Solution   Discussion  

Correct Answer: B
With NAT64 and DNS64, the DirectAccess server now has the ability to take those client IPv6 packets and spin them down into IPv4 packets, so you can simply leave your internal network all IPv4. So back in the beginning it was standard practice to enable ISATAP globally. Today, because of the known issues, it is recommended not to use ISATAP at all, unless you have a specific reason for needing it
Note: ISATAP defines a method for generating a link-local IPv6 address from an IPv4 address, and a mechanism to perform Neighbor Discovery on top of IPv4.

Question #9 Topic 1

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.
You plan to deploy DirectAccess.
The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network.
You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement.
Solution: You enable split tunneling.
Does this meet the goal?

  • A. Yes
  • B. No
Reveal Solution Hide Solution   Discussion  

Correct Answer: B
DirectAccess by default enables split tunneling. All traffic destined to the corpnet is sent over the DA IPsec tunnels, and all traffic destined for the Internet is sent directly to the Internet over the local interface. This prevents DA clients from bringing the corporate Internet connection to its knees.
Is DA split tunneling really a problem? The answer is no.
Why? Because the risks that exist with VPNs, where the machine can act as a router between the Internet and the corporate network is not valid with
DirectAccess. IPsec rules on the UAG server require that traffic be from an authenticated source, and all traffic between the DA client and server is protected with
IPsec.
Thus, in the scenario where the DA client might be configured as a router, the source of the traffic isnג€™t going to be the DA client, and authentication will fail ג€" hence preventing the type of routing that VPN admins are concerned about.

Question #10 Topic 1

Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.

All client computers run either Windows 7 or Windows 8.
Goal: You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1.
The solution must ensure that all other client computers connect to VLAN 3.
Solution: You implement the 802.1x Network Access Protection (NAP) enforcement method.
Does this meet the goal?

  • A. Yes
  • B. No
Reveal Solution Hide Solution   Discussion   2

Correct Answer: A
NAP supports a variety of what we call enforcement methods. In the NAP space, and enforcement method is simply a term that defines the way a machine connects to a network. In NAP, these are DHCP, 802.1x (wired or wireless), VPN, IPsec, or via a Terminal Services Gateway.


SaveCancel