QUESTION 31
You deploy an Active Directory domain named contoso.com to the network. The domain is configured as an Active Directory-integrated zone. All domain controllers run Windows Server 2012 and are DNS servers. You plan to deploy a child domain named operations.contoso.com. You need to recommend changes to the DNS infrastructure to ensure that users in the operations department can access the servers in the contoso.com domain.
What should you include in the recommendation?
A. A zone delegation for _msdcs.contoso.com
B. Changes to the replication scope of contoso.com
C. Changes to the replication scope of _msdcs.contoso.com
D. Changes to the replication scope of operations.contoso.com Answer:B
Answer: B
QUESTION 32
Your network contains an Active Directory domain named contoso.com. You deploy several servers that have the Remote Desktop Session Host role service installed. You have two organizational units (OUs).
The OUs are configured as shown in the following table.
GPO1 contains the Folder Redirection settings for all of the users. You need to recommend a solution to prevent the sales users’ folders from being redirected when the users log on to a Remote Desktop session.
What should you include in the recommendation?
A. From GPO2, set the loopback processing mode.
B. Apply a WMI filter to GP02.
C. Configure security filtering for GPO1.
D. From GPO1, set the loopback processing mode.
Answer: A
QUESTION 33
Your network contains an Active Directory domain named contoso.com. The functional level of the domain and the forest is Windows Server 2008 R2. All domain controllers run Windows Server 2008 R2. You plan to deploy a new line-of-business application named App1 that uses claims-based authentication. You need to recommend changes to the network to ensure that Active Directory can provide claims for App1. What should you include in the recommendation? (Each correct answer presents part of the solution.
Choose all that apply.)
A. Deploy Active Directory Lightweight Directory Services (AD LDS).
B. From the Default Domain Controllers Policy, enable the Support for Dynamic Access Control and
Kerberos armoring setting.
C. From the properties of the computer accounts of the domain controllers, enable Kerberos constrained
delegation.
D. Raise the domain functional level to Windows Server 2012.
E. Add domain controllers that run Windows Server 2012.
Answer: ABE
QUESTION 34
Your company has two divisions named Division1 and Division2. The network contains an Active Directory domain named contoso.com. The domain contains two child domains named division1.contoso.com and division2.contoso.com. The company sells division1 to another company. You need to prevent administrators in contoso.com and division2.contoso.com from gaining administrative access to the resources in division1.contoso.com.
What should you recommend?
A. Create a new tree in the forest named contoso.secure. Migrate the resources and the accounts in division1.contoso.com to contoso.secure.
B. On the domain controller accounts in division1.contoso.com, deny the Enterprise Admins group the
Allowed to Authenticate permission.
C. Create a new forest and migrate the resources and the accounts in division1.contoso.com to the new forest.
D. In division1.contoso.com, remove the Enterprise Admins group from the Domain Admins group and remove
the Enterprise Admins group from the access control list (ACL) on the division1.contoso.com domain object.
Answer: C
QUESTION 35
Your network contains an Active Directory domain named contoso.com. On several organizational units (OUs), an administrator named Admin1 plans to delegate control of custom tasks. You need to ensure that Admin1 can delegate a custom task named Task1 by using the Delegation of Control Wizard.
What should you do?
A. Add a new class to the Active Directory schema.
B. Configure a custom MMC console.
C. Modify the Delegwiz.inf file.
D. Configure a new authorization store by using Authorization Manager.
Answer: C
QUESTION 36
Your network contains an Active Directory forest. The forest contains two Active Directory domains named contoso.com and child.contoso.com. The forest functional level is Windows Server 2003. The functional level of both domains is Windows Server 2008. The forest contains three domain controllers. The domain controllers are configured as shown in the following table.
DC1 and DC2 have the DNS Server server role installed and are authoritative for both contoso.com and child.contoso.com. The child.contoso.com domain contains a server named serverl.child.contoso.com that runs Windows Server 2012. You plan to deploy server1.child.contoso.com as a read-only domain controller (RODC). You run the adprep.exe /rodcprep command on DC3 and receive the following error message:
You need to identify what prevents you from successfully running Adprep /rodcprep on DC3.
What should you identify?
A. The domain functional level of child.contoso.com is set to the wrong level.
B. DC3 cannot connect to the infrastructure master on DC2.
C. DC3 cannot connect to the domain naming master on DC1.
D. The forest functional level is set to the wrong level.
Answer: B
QUESTION 37
Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012. The forest contains an Active Directory domain. The domain contains a global security group named GPO_Admins that is responsible for managing Group Policies in the forest. A second forest named fabrikam.com contains three domains. The forest functional level is Windows Server 2003. You need to design a trust infrastructure to ensure that the GPO_Admins group can create, edit, and link Group Policies in every domain of the fabrikam.com forest. What should you include in the design? More than one answer choice may achieve the goal. Select the BEST answer.
A. A two-way forest trust
B. A one-way forest trust
C. Three external trusts
D. Three shortcut trusts
Answer: B
QUESTION 38
Your network contains an Active Directory domain named contoso.com. Client computers run either Windows 7 or Windows 8. You plan to implement several Group Policy settings that will apply only to laptop computers. You need to recommend a Group Policy strategy for the planned deployment.
What should you include in the recommendation?
More than one answer choice may achieve the goal. Select the BEST answer.
A. Loopback processing
B. WMI filtering
C. Security filtering
D. Block inheritance
Answer: B
QUESTION 39
Your network contains an Active Directory domain named contoso.com. The domain contains an organizational unit (OU) named 0U1. You have a Group Policy object (GPO) named GP01 that is linked to contoso.com. GPO1 contains custom security settings. You need to design a Group Policy strategy to meet the following requirements:
* The security settings in GPO1 must be applied to all client computers.
* Only GPO1 and other GPOs that are linked to OU1 must be applied to the client computers in OU1.
What should you include in the design?
More than one answer choice may achieve the goal. Select the BEST answer.
A. Enable the Block Inheritance option at the domain level. Enable the Enforced option on GPO1.
B. Enable the Block Inheritance option on OU1. Link GPO1 to OU1.
C. Enable the Block Inheritance option on OU1. Enable the Enforced option on GPO1.
D. Enable the Block Inheritance option on OU1. Enable the Enforced option on all of the GPOs linked to 0U1.
Answer: C
QUESTION 40
A new company registers the domain name of contoso.com. The company has a web presence on the Internet. All Internet resources have names that use a DNS suffix of contoso.com. A third-party hosts the Internet resources and is responsible for managing the contoso.com DNS zone on the Internet. The zone contains several hundred records. The company plans to deploy an Active Directory forest. You need to recommend an Active Directory forest infrastructure to meet the following requirements:
* Ensure that users on the internal network can resolve the names of the company’s Internet resources.
* Minimize the amount of administrative effort associated with the addition of new Internet servers.
What should you recommend?
A. A forest that contains a root domain named contoso.com and another domain named ad.contoso.com
B. A forest that contains a root domain named contoso.com and another domain named contoso.local
C. A forest that contains a single domain named contoso.local
D. A forest that contains a single domain named contoso.com
Answer: C
Passing Microsoft 70-413 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-413 Dump: http://www.braindump2go.com/70-413.html