QUESTION 125
Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.
All client computers run either Windows 7 or Windows 8. The corporate security policy states that all of the client computers must have the latest security updates installed.
You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3.
Solution: You implement the DHCP Network Access Protection (NAP) enforcement method.
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 126
Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Network Policy Server server role installed.
You configure Server1 as part of a Network Access Protection (NAP) solution that uses the 802.lx enforcement method,
You add a new switch to the network and you configure the switch to use 802.lx authentication. You need to ensure that only compliant client computers can access network resources through the new switch.
What should you do on Server1?
A. Add the IP address of each new switch to a remediation server group.
B. Add the IP address of each new switch to the list of RADIUS clients.
C. Add the IP address of each new switch to a connection request policy as an Access Client IPv4 Address.
D. Add the IP address of each new switch to a remote RADIUS server group.
Answer: B
QUESTION 127
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain has a certification authority (CA). You create four certificate templates. The templates are configured as shown in the following table,
You install the Remote Access server role in the domain. You need to configure DirectAccess to use one-time password (OTP) authentication. What should you do? To answer, select the appropriate options in the answer area,
Answer:
QUESTION 128
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com. The domain contains five servers. The servers are configured as shown in the following table.
You plan to implement Network Access Protection (NAP) with IPSec enforcement on all client computers.
You need to identify on which servers you must perform the configurations for the NAP deployment.
Which servers should you identify? To answer, drag the appropriate servers to the correct actions. Each server may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Answer:
QUESTION 129
Your network contains an Active Directory domain. All servers run Windows Server 2012 R2.
The domain contains the servers shown in the following table.
You need to recommend which servers will benefit most from implementing data deduplication.
Which servers should you recommend?
A. Server1 and Server2
B. Server1 and Server3
C. Server1 and Server4
D. Server2 and Server3
E. Server2 and Server4
F. Server3 and Server4
Answer: D
QUESTION 130
Your network contains an Active Directory forest named adatum.com. All domain controllers run Windows Server 2008 R2. The functional level of the domain and the forest is Windows Server 2008.
You deploy a new Active Directory forest named contoso.com. All domain controllers run Windows Server 2012 R2. The functional level of the domain and the forest is Windows Server 2012 R2.
You establish a two-way, forest trust between the forests. Both networks contain member servers that run either Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008.
You plan to use the Active Directory Migration Tool 3.2 (ADMT 3.2) to migrate user accounts from adatum.com to contoso.com. SID history will be used in contoso.com and passwords will be migrated by using a Password Export Server (PES).
You need to recommend which changes must be implemented to support the planned migration.
Which two changes should you recommend? Each correct answer presents part of the solution.
A. In the contoso.com forest, deploy a domain controller that runs Windows Server 2008 R2.
B. In the adatum.com forest, upgrade the functional level of the forest and the domain.
C. In the contoso.com forest, downgrade the functional level of the forest and the domain.
D. In the adatum.com forest, deploy a domain controller that runs Windows Server 2012 R2.
Answer: AC
QUESTION 131
Your network contains an Active Directory forest. The forest contains a single domain. The forest has five Active Directory sites. Each site is associated to two subnets.
You add a site named Site6 that contains two domain controllers. Site6 is associated to one subnet.
You need to verify whether replication to the domain controllers in Site6 completes successfully.
Which two possible commands can you use to achieve the goal? Each correct answer presents a complete solution.
A. Get-ADReplicationSubnet
B. Get-ADReplicationUpToDatenessVectorTable
C. repadmin /showattr
D. Get-ADReplicationSite1ink
E. repadmin /showrepl
Answer: BE
QUESTION 132
Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com. The main office contains domain controllers that run Windows Server 2012. The branch office contains a read-only domain controller (RODC) that runs Windows Server 2012.
You need to recommend a solution to control which Active Directory attributes are replicated to the RODC.
What should you include in the recommendation?
A. The partial attribute set
B. The filtered attribute set
C. Application directory partitions
D. Constrained delegation
Answer: B
QUESTION 133
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The forest functional level is Windows Server 2012.
Your company plans to deploy an application that will provide a search interface to users in the company. The application will query the global catalog for the Employee-Number attribute.
You need to recommend a solution to ensure that the application can retrieve the Employee-Number value from the global catalog.
What should you include in the recommendation?
A. the Dsmod command
B. the Ldifde command
C. the Enable-ADOptionalFeaturecmdlet
D. the Csvde command
Answer: B
QUESTION 134
Your company has three offices. The offices are located in New York, Chicago, and Atlanta.
The network contains an Active Directory domain named contoso.com that has three Active Directory sites named Site1, Site2,and Site3. The New York office is located in Site1. The Chicago office is located in Site2. The Atlanta office is located in Site3. There is a local IT staff to manage the servers in each site. The current domain controllers are configured as shown in the following table.
The company plans to open a fourth office in Montreal that will have a corresponding Active Directory site. Because of budget cuts, a local IT staff will not be established for the Montreal site.
The Montreal site has the following requirements:
– Users must be able to authenticate locally.
– Users must not have the ability to log on to the domain controllers.
– Domain account passwords must not be obtained from servers in the Montreal site.
– Network bandwidth between the Montreal site and the other sites must be minimized.
– Users in the Montreal office must have access to applications by using Remote Desktop Services (RDS).
You need to recommend a solution for the servers in the Montreal site.
What should you recommend?
A. Only install a domain controller in the Montreal site that has a Server Core installation of Windows
Server 2012.
B. Install a read-only domain controller (RODC) in the New York site.
C. Install a read-only domain controller (RODC) in the Montreal site. Install a member server in the
New York site to host additional server roles.
D. Install a domain controller in the Montreal site that has a Server Core installation of Windows Server 2012.
Install a member server in the Montreal site to host additional server roles,
Answer: C
Passing Microsoft 70-413 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-413 Dump