[Free] 2018(May) EnsurePass Braindumps Microsoft 70-413 Dumps with VCE and PDF 91-100

Ensurepass.com : Ensure you pass the IT Exams
2018 May Microsoft Official New Released 70-413
100% Free Download! 100% Pass Guaranteed!

Designing and Implementing a Server Infrastructure

Question No: 91 – (Topic 9)

Your company is a hosting provider that provides cloud-based services to multiple customers.

Each customer has its own Active Directory forest located in your company#39;s datacenter.

You plan to provide VPN access to each customer. The VPN solution will use RADIUS for authentication services and accounting services.

You need to recommend a solution to forward authentication and accounting messages from the perimeter network to the Active Directory forest of each customer.

What should you recommend?

More than one answer choice may achieve the goal. Select the BEST answer.

  1. One RADIUS proxy for each customer and Active Directory Federation Services (AD FS)

  2. A RADIUS server for each customer and one RADIUS proxy

  3. One RADIUS proxy and one Active Directory Lightweight Directory Services (AD LDS) instance for each customer

  4. A RADIUS server for each customer and a RADIUS proxy for each customer

Answer: B

Explanation: One RADIUS proxy and several RADIUS servers.

You want to provide RADIUS authentication and authorization for outsourced service providers and minimize intranet firewall configuration. An intranet firewall is between your perimeter network (the network between your intranet and the Internet) and intranet. By placing an NPS server on your perimeter network, the firewall between your perimeter network and intranet must allow traffic to flow between the NPS server and multiple domain controllers. By replacing the NPS server with an NPS proxy, the firewall must allow only RADIUS traffic to flow between the NPS proxy and one or multiple NPS servers within your intranet.

Ensurepass 2018 PDF and VCE

Reference: RADIUS Proxy https://msdn.microsoft.com/en-us/library/cc731320.aspx

Question No: 92 – (Topic 9)

You are designing an Active Directory forest for a company named Contoso, Ltd. Contoso identifies the following administration requirements for the design:

->User account administration and Group Policy administration will be performed by network technicians. The technicians will be added to a group named OUAdmins.

->IT staff who are responsible for backing up servers will have user accounts that

are members of the Backup Operators group in the domain.

->All user accounts will be located in an organizational unit (OU) named AllEmployees.

You run the Delegation of Control Wizard and assign the OUAdmins group full control to all of the objects in the AllEmployeesOU.

After delegating the required permissions, you discover that the user accounts of some of the IT staff have inconsistent permissions on the objects in AllEmployees.

You need to recommend a solution to ensure that the members of OUAdmins can manage all of the objects in AllEmployees.

What should you include in the recommendation?

  1. Remove the IT staff user accounts from Backup Operators and place them in a new group. Grant the new group the Backup files and directories user right and the Restore files and directories user right. Enforce permission inheritance on all of the objects in the AllEmployeesOU.

  2. Create separate administrator user accounts for the technicians. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Delegate permissions to the new user accounts.

  3. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Run the Delegation of Control Wizard.

  4. Move the user accounts of the technicians to a separate OU. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Run the Delegation of Control Wizard on the AllEmployeesOU.

Answer: A

Question No: 93 – (Topic 9)

Your network contains an Active Directory forest named contoso.com. You plan to add a new domain named child.contoso.com to the forest.

On the DNS servers in child.contoso.com, you plan to create conditional forwarders that point to the DNS servers in contoso.com.

You need to ensure that the DNS servers in contoso.com can resolve names for the servers in child.contoso.com.

What should you create on the DNS servers in contoso.com?

  1. A zone delegation

  2. A conditional forwarder

  3. A root hint

  4. A trust point

Answer: A

Explanation: Understanding Zone Delegation

Domain Name System (DNS) provides the option of dividing up the namespace into one or more zones, which can then be stored, distributed, and replicated to other DNS servers.

When you are deciding whether to divide your DNS namespace to make additional zones, consider the following reasons to use additional zones:

  • You want to delegate management of part of your DNS namespace to another location or department in your organization.

  • You want to divide one large zone into smaller zones to distribute traffic loads among multiple servers, improve DNS name resolution performance, or create a more-fault- tolerant DNS environment.

  • You want to extend the namespace by adding numerous subdomains at once, for example, to accommodate the opening of a new branch or site.

    Reference: Understanding Zone Delegation https://technet.microsoft.com/en-us/library/cc771640.aspx

    Question No: 94 – (Topic 9)

    Your network contains an Active Directory domain named contoso.com.

    You deploy several servers that have the Remote Desktop Session Host role service installed.

    You have two organizational units (OUs). The OUs are configured as shown in the following table.

    Ensurepass 2018 PDF and VCE

    GPO1 contains the Folder Redirection settings for all of the users.

    You need to recommend a solution to prevent the sales users#39; folders from being redirected when the users log on to a Remote Desktop session.

    What should you include in the recommendation?

    1. FromGPO2, set the loopback processing mode.

    2. From GPO1, set the loopback processing mode.

    3. Configure security filtering for GPO1.

    4. Apply a WMI filter to GPO2.

    Answer: A Explanation:

    Group Policy applies to the user or computer in a manner that depends on where both the user and the computer objects are located in Active Directory. However, in some cases, users may need policy applied to them based on the location of the computer object alone. You can use the Group Policy loopback feature to apply Group Policy Objects (GPOs) that depend only on which computer the user logs on to.

    Reference: Loopback processing of Group Policy https://support.microsoft.com/en-us/kb/231287

    Question No: 95 – (Topic 9)

    Your network contains an Active Directory domain named contoso.com. The domain contains an organizational unit (OU) named OU1.

    You have a Group Policy object (GPO) named GPO1 that is linked to contoso.com. GPO1 contains custom security settings.

    You need to design a Group Policy strategy to meet the following requirements:

    ->The security settings in GPO1 must be applied to all client computers.

    ->Only GPO1 and other GPOs that are linked to OU1 must be applied to the client computers in OU1.

    What should you include in the design?

    More than one answer choice may achieve the goal. Select the BEST answer.

    1. Enable the Block Inheritance option at the domain level. Enable the Enforced option on GPO1.

    2. Enable the Block Inheritance option on OU1. Link GPO1 to OU1.

    3. Enable the Block Inheritance option on OU1. Enable the Enforced option on all of the GPOs linked to OU1.

    4. Enable the Block Inheritance option on OU1. Enable the Enforced option on GPO1.

    Answer: D

    Explanation: * You can block inheritance for a domain or organizational unit. Blocking inheritance prevents Group Policy objects (GPOs) that are linked to higher sites, domains, or organizational units from being automatically inherited by the child-level.

  • GPO links that are enforced cannot be blocked from the parent container.

Question No: 96 – (Topic 9)

Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites. You plan to deploy DirectAccess.

The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network.

You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement.

What should you include in the recommendation?

  1. Set the ISATAP State to state enabled.

  2. Enable split tunneling.

  3. Set the ISATAP State to state disabled.

  4. Enable force tunneling.

Answer: D Explanation:

You can configure DirectAccess clients to send all of their traffic through the tunnels to theDirectAccess server with force tunneling. When force tunneling is configured,

DirectAccess clients that detect that they are on the Internet modify their IPv4 default route so that default route IPv4 traffic is not sent. With the exception of local subnet traffic, all traffic sent by the DirectAccess client is IPv6 traffic that goes through tunnels to the DirectAccess server.

Question No: 97 – (Topic 9)

Your company, which is named Contoso, Ltd., has a main office and two branch offices. The main office is located in North America. The branch offices are located in Asia and Europe.

You plan to design an Active Directory forest and domain infrastructure.

You need to recommend an Active Directory design to meet the following requirements:

  • The contact information of all the users in the Europe office must not be visible to the users in the other offices.

  • The administrators in each office must be able to control the user settings and the computer settings of the users in their respective office.

The solution must use the least amount of administrative effort. What should you include in the recommendation?

  1. One forest that contains three domains

  2. Three forests that each contain one domain

  3. Two forests that each contain one domain

  4. One forest that contains one domain

Answer: D

Explanation: The most basic of all Active Directory structures is the single domain model; this type of domain structure comes with one major advantage over the other models: simplicity. A single security boundary defines the borders of the domain, and all objects are located within that boundary. The establishment of trust relationships between other domains is not necessary, and implementation of technologies such as Group Policies is made easier by the simple structure.

Question No: 98 – (Topic 9)

Your network contains an Active Directory forest named adatum.com. All domain controllers run Windows Server 2008 R2. The functional level of the domain and the forest is Windows Server 2008.

You deploy a new Active Directory forest named contoso.com. All domain controllers run Windows Server 2012 R2. The functional level of the domain and the forest is Windows Server 2012 R2.

You establish a two-way, forest trust between the forests. Both networks contain member servers that run either Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008.

You plan to use the Active Directory Migration Tool 3.2 (ADMT 3.2) to migrate user accounts from adatum.com to contoso.com. SID history will be used in contoso.com and passwords will be migrated by using a Password Export Server (PES).

You need to recommend which changes must be implemented to support the planned migration.

Which two changes should you recommend? Each correct answer presents part of the solution.

  1. In the contoso.com forest, deploy a domain controller that runs Windows Server 2008 R2.

  2. In the adatum.com forest, upgrade the functional level of the forest and the domain.

  3. In the contoso.com forest, downgrade the functional level of the forest and the domain.

  4. In the adatum.com forest, deploy a domain controller that runs Windows Server 2012 R2.

Answer: A,C

Question No: 99 – (Topic 9)

Your company has a main office that contains several servers and several users. The main office contains a file server named Server1 that runs Windows Server 2012.

The users access a large report file that is created on Server1 each day.

The company plans to open a new branch office. The branch office will contain only client computers.

You need to implement a solution to reduce the amount of bandwidth used by the client computers in the branch office to download the report each day.

What should you do?

More than one answer choice may achieve the goal. Select the BEST answer.

  1. Install the BranchCache for network files role service on Server1. Configure the client computers to use BranchCache in hosted cache mode.

  2. Configure the offline settings of the shared folder that contains the report.

  3. Install the BranchCache for network files role service on Server1. Configure the client computers to use Branchcache in distributed mode.

  4. Enable the Background Intelligent Transfer Service (BITS) feature on Server1 and on each client computer in the branch office. Move the report to a web folder.

Answer: C Explanation:

Distributed cache mode. In this mode, branch office client computers download content from the content servers in the main office and then cache the content for other computers in the same branch office.

Distributed cache mode does not require a server computer in the branch office.

Reference: BranchCache Deployment Guide https://technet.microsoft.com/en-us/library/ee649232(v=ws.10).aspx

Question No: 100 – (Topic 9)

Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.

Ensurepass 2018 PDF and VCE

All client computers run either Windows 7 or Windows 8.

The corporate security policy states that all of the client computers must have the latest security updates installed.

You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3.

Which Network Access Protection (NAP) enforcement method should you implement?

  1. VPN

  2. DHCP

  3. IPsec

D. 802.1x

Answer: D Explanation:

The most common method of the list is 802.1x for a variety of reasons. First, the industry has been selling 802.1x network authentication for the last 10 years. 1x gained tremendous popularity as wireless networking became prevalent in the late 90#39;s and early 2000#39;s and has been proven to be a viable solution to identifying assets and users on your network.

For customers that have invested in 802.1x capable switches and access points, NAP can very easily be implemented to complement what is already in place. The Network Policy Server (NPS) role

Windows Server 2008 has been dramatically improved to make 802.1x policy creation much simpler to do.

Reference: Network Access Protection Using 802.1x VLAN’s or Port ACLs – Which is right for you?

http://blogs.technet.com/b/wincat/archive/2008/08/19/network-access-protection-using-802- 1x-vlan-s-or-port-acls-which-is-right-for-you.aspx

100% Ensurepass Free Download!
Download Free Demo:70-413 Demo PDF
100% Ensurepass Free Guaranteed!
Download 2018 EnsurePass 70-413 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.