|Exam Name||:||Designing and Implementing a Server Infrastructure|
|Questions and Answers||:||263 Q & A|
|Updated On||:||February 23, 2018|
|PDF Download Mirror||:||70-413 Brain Dump|
|Get Full Version||:||Pass4sure 70-413 Full Version|
Creates and links group policies in the specified domain for provisioning required access settings on the servers managed by the computer running the IPAM server.
Your network contains an Active Directory forest named contoso.com. You plan to deploy
200 Hyper-V hosts by using Microsoft System Center 2012 Virtual Machine Manager (VMM) Service Pack 1 (SP1). You add a PXE server to the fabric. You need to identify which objects must be added to the VMM library for the planned deployment. What should you identify? (Each correct answer presents part of the solution. Choose all that apply.)
A host profile
A capability profile
A hardware profile
A generalized image
A service template
Templates and profiles are used to standardize the creation of virtual machines and services. These configurations are stored in the VMM database but are not represented by physical
(D) There are several new types of templates and profiles in VMM, most of which are used for service creation.
(A) There are also host profiles, used for deploying a Hyper-V host from a bare-metal computer, and capability profiles, used to specify the capabilities of virtual machines on each type of supported hypervisor when virtual machines are deployed to a private cloud.
A Virtual Machine Manager library resource that contains hardware and operating system configuration settings to convert a bare-metal computer to a managed Hyper-V host.
A Virtual Machine Manager library resource that defines which resources (for example, number of processors or maximum memory) are available to a virtual machine that is created in a private cloud.
Your network contains an Active Directory forest name fabrikam.com. The forest contains two domains named fabrikam.com and contoso.com. All servers run Windows Server 2012 R2. The forest contains a DHCP server named Server1 and a DNS server named Server2. You need to recommend a solution to ensure that any computers that are neither members of contoso.com nor fabrikam.com receive a DNS suffix of guest.fabrikam.com. What two
commands should you run? To answer, select the appropriate options in the answer area.
Your network contains an Active Directory forest named northwindtraders.com. The client computers in the finance department run either Windows 8.1, Windows 8, or Windows 7. All of the client computers in the marketing department run Windows 8.1. You need to design a Network Access Protection (NAP) solution for northwindtraders.com that meets the following requirements:
✑ The client computers in the finance department that run Windows 7 must have a firewall enabled and the antivirus software must be up-to-date.
✑ The finance computers that run Windows 8.1 or Windows 8 must have automatic updating enabled and the antivirus software must be up-to-date.
✑ The client computers in the marketing department must have automatic updating enabled and the antivirus software must be up-to-date.
✑ If a computer fails to meet its requirements, the computers must be provided access to a limited set of resources on the network.
✑ If a computer meets its requirements, the computer must have full access to the network. What is the minimum number of objects that you should create to meet the requirements? To
answer, select the appropriate number for each object type in the answer area.
Your company has a main office and a branch office. The network contains an Active Directory domain named contoso.com. The main office contains domain controllers that run Windows Server 2012. The branch office contains a read-only domain controller (RODC) that runs Windows Server 2012. You need to recommend a solution to control which Active
Directory attributes are replicated to the RODC. What should you include in the recommendation?
The partial attribute set
The filtered attribute set
Application directory partitions
RODC filtered attribute set
Some applications that use AD DS as a data store might have credential-like data (such as passwords, credentials, or encryption keys) that you do not want to be stored on an RODC in case the RODC is compromised.
For these types of applications, you can dynamically configure a set of attributes in the schema for domain objects that will not replicate to an RODC. This set of attributes is called the RODC filtered attribute set. Attributes that are defined in the RODC filtered attribute set are not allowed to replicate to any RODCs in the forest.
AD DS: Read-Only Domain Controllers
Your company plans to deploy a remote access solution to meet the following requirements:
✑ Ensure that client computers that are connected to the Internet can be managed remotely without requiring that the user log on.
✑ Ensure that client computers that run Windows Vista or earlier can connect remotely.
✑ Ensure that non-domain-joined computers can connect remotely by using TCP port 443. You need to identify which remote access solutions meet the requirements. Which solutions
should you identify?
To answer, drag the appropriate solution to the correct requirement in the answer area. Each solution may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content.
Your network contains 50 servers that run Windows Server 2003 and 50 servers that run Windows Server 2008. You plan to implement Windows Server 2012 R2. You need to create a report that includes the following information:
✑ The servers that run applications and services that can be moved to Windows Server 2012 R2
✑ The servers that have hardware that can run Windows Server 2012 R2
✑ The servers that are suitable to be converted to virtual machines hosted on Hyper- V hosts that run Windows Server 2012 R2
Solution: From an existing server, you run the Microsoft Application Compatibility Toolkit
(ACT). Does this meet the goal?
With the ACT, you can:
Analyze your portfolio of applications, websites, and computers
Evaluate operating system deployments, the impact of operating system updates, and your compatibility with websites
Centrally manage compatibility evaluators and configuration settings Rationalize and organize applications, websites, and computers Prioritize application compatibility efforts with filtered reporting
Add and manage issues and solutions for your enterprise-computing environment Deploy automated mitigations to known compatibility issues
Send and receive compatibility information from the Microsoft Compatibility Exchange
Your network contains an internal network and a perimeter network. The internal network contains an Active Directory forest named contoso.com. The forest contains a Microsoft Exchange Server 2010 organization. All of the domain controllers in contoso.com run Windows Server 2012. The perimeter network contains an Active Directory forest named litware.com. You deploy Microsoft Forefront Unified Access Gateway (UAG) to litware.com. All of the domain controllers in litware.com run Windows Server 2012. Some users connect from outside the network to use Outlook Web App. You need to ensure that external users can authenticate by using client certificates. What should you do? More than one answer choice may achieve the goal. Select the BEST answer.
To the perimeter network, add an Exchange server that has the Client Access server role installed.
Deploy UAG to contoso.com.
Enable Kerberos delegation in litware.com.
Enable Kerberos constrained delegation in litware.com.
Forefront TMG provides support for Kerberos constrained delegation (often abbreviated as KCD) to enable published Web servers to authenticate users by Kerberos afterForefront
TMG verifies their identity by using a non-Kerberos authentication method. When used in this way, Kerberos constrained delegation eliminates the need for requiring users to provide credentials twice.
About Kerberos constrained delegation
Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.
All client computers run either Windows 7 or Windows 8. The corporate security policy states that all of the client computers must have the latest security updates installed. You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3. Solution: You implement the DHCP Network Access Protection (NAP) enforcement method. Does this meet the goal?
Implementing DHCP NAP to Enforce WSUS Updates
A company has offices in multiple geographic locations. The sites have high-latency, low- bandwidth connections. You need to implement a multisite Windows Deployment Services (WDS) topology for deploying standard client device images to all sites. Solution: At each site, you create a multicast deployment. You pre-stage the client images that you plan to deploy and point them to the local WDS server. Does this meet the goal?
Your network contains an Active Directory domain. All servers run Windows Server 2012 R2. The domain contains the servers shown in the following table.
You need to recommend which servers will benefit most from implementing data de duplication. Which servers should you recommend?
Server1 and Server2
Server1 and Server3
Server1 and Server4
Server2 and Server3
Server2 and Server4
Server3 and Server4
Server 2: Data deduplication involves finding and removing duplication within data without compromising its fidelity or integrity. The goal is to store more data in less space by segmenting files into small variable-sized chunks (32–128 KB), identifying duplicate chunks, and maintaining a single copy of each chunk. Redundant copies of the chunk are replaced by a reference to the single copy. The chunks are compressed and then organized into special container files in the System Volume Information folder
Server 3: In Windows Server 2012 R2, Data Deduplication can be installed on a scale-out file server and used to optimize live VHDs for VDI workloads.
What's New in Data Deduplication in Windows Server
A company has a line-of-business application named App1 that runs on an internal IIS server. App1 uses a SQL Server 2008 database that is hosted on the same server. You move the database to a dedicated SQL Server named SQL1. Users report that they can no longer access the application by using their domain credentials. You need to ensure that users can access App1. Solution: You configure Kerberos-constrained delegation and then run the following command from an administrative command prompt: setspn-a MSSQLsvc/SQLl:1433 <domain>\<sql_service> Does this meet the goal?
You are designing an Active Directory forest for a company named Contoso, Ltd. Contoso identifies the following administration requirements for the design:
✑ User account administration and Group Policy administration will be performed by network technicians. The technicians will be added to a group named OUAdmins.
✑ IT staff who are responsible for backing up servers will have user accounts that are members of the Backup Operators group in the domain.
✑ All user accounts will be located in an organizational unit (OU) named AllEmployees. You run the Delegation of Control Wizard and assign the OUAdmins group full control to all
of the objects in the AllEmployeesOU.
After delegating the required permissions, you discover that the user accounts of some of the IT staff have inconsistent permissions on the objects in AllEmployees.
You need to recommend a solution to ensure that the members of OUAdmins can manage all of the objects in AllEmployees. What should you include in the recommendation?
Remove the IT staff user accounts from Backup Operators and place them in a new group. Grant the new group the Backup files and directories user right and the Restore files and directories user right. Enforce permission inheritance on all of the objects in the AllEmployeesOU.
Create separate administrator user accounts for the technicians. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Delegate permissions to the new user accounts.
Enforce permission inheritance on all of the objects in the AllEmployeesOU. Run the Delegation of Control Wizard.
Move the user accounts of the technicians to a separate OU. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Run the Delegation of Control Wizard on the AllEmployeesOU.