Designing and Implementing a Server Infrastructure
Question No: 121 – (Topic 9)
A company has a line-of-business application named Appl that runs on an internal IIS server. Appl uses a SQL Server 2008 database that is hosted on the same server. You move the database to a dedicated SQL Server named SQL1. Users report that they can no longer access the application by using their domain credentials. You need to ensure that users can access Appl.
Solution: You configure App1 and SQL1 to use NTLM authentication. Then you restart the IIS and SQL Server services.
Does this meet the goal?
Explanation: We would need to map the Windows Identity to a SQL Server database as well.
Note: NTLM authentication is also known as integrated Windows authentication. If your application runs on a Windows-based intranet, you might be able to use Windows integrated authentication for database access. Integrated security uses the current Windows identity established on the operating system thread to access the SQL Server database. You can then map the Windows identity to a SQL Server database and permissions.
Reference: How to: Access SQL Server Using Windows Integrated Security https://msdn.microsoft.com/en-us/library/bsz5788z(v=vs.100).aspx
Question No: 122 DRAG DROP – (Topic 9)
Your network contains an Active Directory forest named adatum.com. The forest contains a single domain. All servers run Windows Server 2012 R2. All client computers run Windows 8.1.
The DNS zone of adatum.com is Active Directory-integrated.
You need to implement DNSSEC to meet the following requirements:
->Ensure that the zone is signed.
->Ensure that the zone signing key (ZSK) changes every 30 days.
->Ensure that the key signing key (KSK) changes every 365 days.
What should you do? To answer, drag the appropriate cmdlets to the correct requirements. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Box 1: Invoke-DnsServerZoneSign
The Invoke-DnsServerZoneSign cmdlet signs a Domain Name System (DNS) server zone. Box 2, Box 3: Add-DnsServerSigningKey
The Add-DnsServerSigningKey cmdlet adds a Key Signing Key (KSK) or Zone Signing Key (ZSK) key to a Domain Name System (DNS) signed zone.
The Add-DnsServerSigningKey -ZoneSignatureValidityPeriodlt;TimeSpangt;
Specifies the amount of time that signatures that cover all other record sets are valid.
Question No: 123 – (Topic 9)
A new company registers the domain name of contoso.com. The company has a web presence on the Internet. All Internet resources have names that use a DNS suffix of contoso.com.
A third-party hosts the Internet resources and is responsible for managing the contoso.com DNS zone on the Internet. The zone contains several hundred records.
The company plans to deploy an Active Directory forest.
You need to recommend an Active Directory forest infrastructure to meet the following requirements:
->Ensure that users on the internal network can resolve the names of the company#39;s Internet resources.
->Minimize the amount of administrative effort associated with the addition of new
What should you recommend?
A forest that contains a single domain named contoso.local
A forest that contains a root domain named contoso.com and another domain named contoso.local
A forest that contains a root domain named contoso.com and another domain named ad.contoso.com
A forest that contains a single domain named contoso.com
Explanation: Rules for Selecting a Prefix for a Registered DNS Name Select a prefix that is not likely to become outdated.
Avoid names such as a business line or operating system that might change in the future. Generic names such as corp or ds are recommended.
not A, not B: Using single label names or unregistered suffixes, such as .local, is not recommended.
Reference: Selecting the Forest Root Domain https://technet.microsoft.com/en-us/library/cc726016(v=ws.10).aspx
Question No: 124 – (Topic 9)
Your network contains an Active Directory forest named contoso.com. The forest is managed by using Microsoft System Center 2012.
You plan to create virtual machine templates to deploy servers by using the Virtual Machine
Manager Self-service Portal (VMMSSP).
To the Virtual Machine Manager (VMM) library, you add a VHD that has a generalized image of Windows Server 2012.
You need to identify which VMM components must be associated with the image.
Which components should you identify? (Each correct answer presents part of the solution. Choose all that apply.)
A guest OS profile
A hardware profile
A capability profile
A host profile
Answer: A,B Explanation: Profiles
VMM provides the following profiles:
(A) Guest operating system profile-A guest operating system profile defines operating system configured settings which will be applied to a virtual machine created from the template. It defines common operating system settings such as the type of operating system, the computer name, administrator password, domain name, product key, and time zone, answer file and run once file.
(B) Hardware profile-A hardware profile defines hardware configuration settings such as CPU, memory, network adapters, a video adapter, a DVD drive, a floppy drive, COM ports, and the priority given the virtual machine when allocating resources on a virtual machine host.
Not D: VMM also includes host profiles. Host profiles are not used for virtual machine creation.
They are used during the conversion of a bare-metal computer to a Hyper-V host.
Reference: Creating Profiles and Templates in VMM Overview https://technet.microsoft.com/en-us/library/jj860424.aspx
Question No: 125 – (Topic 9)
Your network contains an Active Directory domain named contoso.com. Client computers run either Windows 7 or Windows 8.
You plan to implement several Group Policy settings that will apply only to laptop computers.
You need to recommend a Group Policy strategy for the planned deployment.
What should you include in the recommendation?
More than one answer choice may achieve the goal. Select the BEST answer.
Answer: B Explanation:
Group Policy WMI Filter – Laptop or Desktop Hardware
A method to detect hardware as laptop only is to look for the presence of a battery based on the BatteryStatus property of the Win32_Battery class. By using the Win32_Battery class, we can search to see if there is a battery present. If the battery status is not equal to zero (BatteryStatus lt;gt; 0 ) then you know that it is a laptop.
Question No: 126 DRAG DROP – (Topic 9)
Your network contains an Active Directory forest named corp.contoso.com. All servers run Windows Server 2012.
The network has a perimeter network that contains servers that are accessed from the Internet by using the contoso.com namespace.
The network contains four DNS servers. The servers are configured as shown in the following table.
All of the client computers on the perimeter network use Server1 and Server2 for name resolution.
You plan to add DNS servers to the corp.contoso.com domain.
You need to ensure that the client computers automatically use the additional name servers. The solution must ensure that only computers on the perimeter network can resolve names in the corp.contoso.com domain.
Which DNS configuration should you implement on Server1 and Server2?
To answer, drag the appropriate DNS configuration to the correct location in the answer area. Each DNS configuration may be used once, more than once, or not at all.
Additionally, you may need to drag the split bar between panes or scroll to view content.
* stub zone
A Stub Zones allows an organization to resolve names to a private namespace or speed up name resolution to a public namespace without the use of Conditional Forwarders or Secondary Zones.
DNS Stub Zones in each domain will be configured to forward request for the other organization name space to a DNS server that is authoritative. All other names needing resolved will use the default name resolution method.
Question No: 127 DRAG DROP – (Topic 9)
Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2008 R2.
You plan to replace the domain controllers with new servers that run Windows Server 2012. The new servers will be named DC3 and DC4.
You need to recommend a strategy to replace DC1 and DC2 with DC3 and DC4. The solution must minimize the amount of disruption to the users.
Which three actions should you recommend?
To answer, move the appropriate three actions from the list of actions to the answer area and arrange them in the correct order.
Box 1: Install the Active Directory Domain Services role on DC3 and DC4. Box 2: Run the AD Services Config Wizard on DC3 and DC4.
Box 3: dcpromo on DC1 and DC2.
* Step 1-2:
AD DS can be installed in Windows Server 2012 by using the Add Roles Wizard in Server
Manager, followed by the Active Directory Domain Services Configuration Wizard, which is new beginning in Windows Server 2012.
*Step 3: dcpromo
Installs and removes Active Directory Domain Services (AD DS). In this case we want to remove AD DS from DC1 and DC2.
Question No: 128 – (Topic 9)
Your network contains an Active Directory domain. All servers run Windows Server 2012 R2.
The domain contains the servers shown in the following table.
You need to recommend which servers will benefit most from implementing data deduplication.
Which servers should you recommend?
Server1 and Server2
Server1 and Server3
Server1 and Server4
Server2 and Server3
Server2 and Server4
Server3 and Server4
Explanation: * Server 2: Data deduplication involves finding and removing duplication within data without compromising its fidelity or integrity. The goal is to store more data in less space by segmenting files into small variable-sized chunks (32-128 KB), identifying duplicate chunks, and maintaining a single copy of each chunk. Redundant copies of the
chunk are replaced by a reference to the single copy. The chunks are compressed and then organized into special container files in the System Volume Information folder
* Server 3: In Windows Server 2012 R2, Data Deduplication can be installed on a scale-out file server and used to optimize live VHDs for VDI workloads.
Reference: What#39;s New in Data Deduplication in Windows Server
Question No: 129 DRAG DROP – (Topic 9)
You manage a Network Policy Server (NPS) infrastructure that contains four servers named NPSPRX01, NPS01, NPS02, and NPS03. All servers run Microsoft Windows Server 2012 R2. NPSPRX01 is configured as an NPS proxy. NPS01, NPS02, and NPS03 are members of a remote RADIUS server group named GR01. GR01 is configured as shown below:
You need to ensure that authentication requests are identified even when a server is unavailable.
If a given server is unavailable, which percentage of authentication requests will another
server manage? To answer, drag the appropriate value to the correct scenario. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Box 1: 95%
Box 2: 5%
Box 3: 0%
Box 4: 0%
* From the exhibit we have: NPS01: weight 30, priority: 5
NPS02: weight 50, priority: 90
NPS03: weight 20, priority: 5
Box 3: If NPS03 is unavailable it cannot handle any requests.Box 4: NPS04 is not mentioned in this question.
Priority. Priority specifies the order of importance of the RADIUS server to the NPS proxy server. Priority level must be assigned a value that is an integer, such as 1, 2, or 3. The lower the number, the higher priority the NPS proxy gives to the RADIUS server. For example, if the RADIUS server is assigned the highest priority of 1, the NPS proxy sends
connection requests to the RADIUS server first; if servers with priority 1 are not available, NPS then sends connection requests to RADIUS servers with priority 2, and so on. You can assign the same priority to multiple RADIUS servers, and then use the Weight setting to load balance between them.
Weight. NPS uses this Weight setting to determine how many connection requests to send to each group member when the group members have the same priority level. Weight setting must be assigned a value between 1 and 100, and the value represents a percentage of 100 percent. For example, if the remote RADIUS server group contains two members that both have a priority level of 1 and a weight rating of 50, the NPS proxy forwards 50 percent of the connection requests to each RADIUS server.
Question No: 130 DRAG DROP – (Topic 9)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2008. Server1 is configured as an enterprise certification authority (CA).
You back up all of the data on Server1, and then export the private and public keys of the CA.
You plan to replace Server1 with a new member server that was purchased recently.
You need to identify which actions must be performed on the new server to restore the certificate services of Server1.
Which three actions should you identify?
To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Box 1: We will need the Active Directory Certificate Services role to import the key, and later restore the certificate services database.
Box 2: Import the private key with the help of the AD CS Configuration Wizard.
The private key will be needed in the next step when you restore the certificate services registry settings and the certificate services database.
Box 3: Restore the certificate services registry settings and the certificate services database-
100% Ensurepass Free Download!
–Download Free Demo:70-413 Demo PDF
100% Ensurepass Free Guaranteed!
–Download 2018 EnsurePass 70-413 Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|