[Free] 2018(May) EnsurePass Braindumps Microsoft 70-413 Dumps with VCE and PDF 31-40

Ensurepass.com : Ensure you pass the IT Exams
2018 May Microsoft Official New Released 70-413
100% Free Download! 100% Pass Guaranteed!

Designing and Implementing a Server Infrastructure

Question No: 31 – (Topic 3)

You need to recommend changes to the Active Directory environment to support the virtualization requirements.

What should you include in the recommendation?

  1. Raise the functional level of the domain and the forest.

  2. Upgrade the domain controller that has the domain naming master role to Windows Server 2012.

  3. Implement Administrator Role Separation.

  4. Upgrade the domain controllers that have the PDC emulator master role to Windows Server 2012.

Answer: D

Explanation: * From case study: Ensure that the additional domain controllers for the branch offices can be deployed by using domain controller cloning.

  • To support DC cloning the PDC emulator role holder must be online and available to the cloned DC and must be running Windows Server 2012.

    Reference: Virtual Domain Controller Cloning in Windows Server 2012

    https://blogs.technet.microsoft.com/askpfeplat/2012/10/01/virtual-domain-controller-cloning- in-windows-server-2012/

    Question No: 32 – (Topic 3)

    You need to ensure that NAP meets the technical requirements.

    Which role services should you install?

    1. Network Policy Server, Health Registration Authority and Host Credential Authorization Protocol

    2. Health Registration Authority, Host Credential Authorization Protocol and Online Responder

    3. Certification Authority, Network Policy Server and Health Registration Authority

    4. Online Responder, Certification Authority and Network Policy Server

    Answer: C Explanation:

  • Scenario:

    Implement Network Access Protection (NAP).

    Ensure that NAP with IPSec enforcement can be configured.

  • Health Registration Authority

    Applies To: Windows Server 2008 R2, Windows Server 2012

    Health Registration Authority (HRA) is a component of a Network Access Protection (NAP) infrastructure that plays a central role in NAP Internet Protocol security (IPsec) enforcement.

    HRA obtains health certificates on behalf of NAP clients when they are compliant with network health requirements. These health certificates authenticate NAP clients for IPsec- protected communications with other NAP clients on an intranet. If a NAP client does not have a health certificate, the IPsec peer authentication fails and the NAP client cannot initiate communication with other IPsec-protected computers on the network.

    HRA is installed on a computer that is also running Network Policy Server (NPS) and Internet

    Information Services (IIS). If they are not already installed, these services will be added when you install HRA.

    Reference: Health Registration Authority

    Question No: 33 – (Topic 3)

    You need to recommend a solution that meets the security requirements. Which schema attribute properties should you recommend modifying?

    1. isIndexed

    2. searchFlags

    3. isCriticalSystemObject

    4. schemaFlagsEx

    Answer: B Explanation:

  • Scenario: Confidential attributes must not be replicated to the Chicago office.

  • Applies To: Windows Server 2008, Windows Server 2012

  • This topic includes procedures for adding an attribute to the filtered attribute set (FAS) for a readonly domain controller (RODC) and marking the attribute as confidential data. You can perform these procedures to exclude specific data from replicating to RODCs in the forest. Because the data is not replicated to any RODCs, you can be assured that the data will not be revealed to an attacker who manages to successfully compromise an RODC. In most cases, adding an attribute to the RODC FAS is completed by the developer of the application that added the attribute to the schema.

    • Determine and then modify the current searchFlags value of an attribute

    • Verify that an attribute is added to the RODC FAS

      – Determine and then modify the current searchFlags value of an attribute

      To add an attribute to an RODC FAS, you must first determine the current searchFlags value of the attribute that you want to add, and then set the following values for searchflags:

    • To add the attribute to the RODC FAS, set the 10th bit to 0x200.

    • To mark the attribute as confidential, set the 7th bit to 0x080.

    Reference: Adding Attributes to the RODC Filtered Attribute Set http://technet.microsoft.com/en-us/library/cc754794(v=ws.10).aspx

    Question No: 34 – (Topic 3)

    You need to recommend changes to the Active Directory site topology to support on the company#39;s planned changes.

    What should you include in the recommendation?

    1. A new site

    2. A new site link bridge

    3. A new site link

    4. A new subnet

    Answer: D Explanation:

    From the Planned Changes section of the scenario we find that a migration to IPv6 addressing in the Los Angeles office will happen.

    A new subnet would be needed to implement this change.

    Incorrect:

    Not A: A new branch office will open in Chicago, and this would require a new site. However, this change is classified as Security Requirements, not as Planned Changes.

    Reference: Understanding Sites, Subnets, and Site Links http://technet.microsoft.com/en-us/library/cc754697.aspx

    Topic 4, Northwind Traders Overview

    Northwind Traders is a retail company.

    The company has offices in Montreal and San Diego. The office in Montreal has 1,000 client computers. The office in San Diego has 100 computers. The computers in the San Diego office are often replaced. The offices connect to each other by using a slow WAN link. Each office connects directly to the Internet.

    Existing Environment

    Active Directory Environment

    The network contains an Active Directory forest named northwindtraders.com. The forest contains two domains named northwindtraders.com and west.northwindtraders.com. All servers run Windows Server 2012 R2.

    All client computers run Windows 7.

    Each office is configured as an Active Directory site. The site in the Montreal office is named Site1. The site in the San Diego office is named Site2.

    The forest contains four domain controllers. The domain controllers are configured as

    shown in the following table.

    Ensurepass 2018 PDF and VCE

    DC1, DC2, and DC3 are writable domain controllers. R0DC1 is read-only domain controller (RODC). All DNS zones are Active Directory-integrated. All zones replicate to all of the domain controllers.

    All of the computers in the San Diego office are configured to use RODC1 as their only DNS server.

    The northwindtraders.com domain contains a Group Policy object (GPO) named GPO1. GP01 is applied to all of the users in the Montreal office.

    All of the user accounts for the Montreal users are in the northwindtraders.com domain. All of the user accounts for the San Diego users are in the west.northwindtraders.com domain.

    Network Environment

    Site1 contains the member servers in the northwindtraders.com domain shown in the following table.

    Ensurepass 2018 PDF and VCE

    Server1 connects to SAN storage that supports Offloaded Data Transfer (ODX). All virtual hard disks (VHDs) are stored on the SAN.

    A web application named App1 is installed on Servers.

    Server3 has a shared folder that contains sales reports. The sales reports are read frequently by the users in both offices. The reports are generated automatically once per week by an enterprise resource planning (ERP) system.

    A perimeter network in the Montreal office contains two standalone servers. The servers are configured as shown in the following table.

    Ensurepass 2018 PDF and VCE

    The servers in the perimeter network are accessible from the Internet by using a domain name suffix of public.northwindtraders.com.

    Each administrator has a management computer that runs Windows 8.1.

    Requirements Planned Changes

    Northwind Traders plans to implement the following changes:

    On Server1, create four virtual machines that run Windows Server 2012 R2. The servers will be configured as shown in the following table.

    Ensurepass 2018 PDF and VCE

    ->Configure IP routing between Site1 and the network services that Northwind Traders hosts in Windows Azure.

    ->Place a domain controller for the northwindtraders.com domain in Windows Azure.

    ->Upgrade all of the computers in the Montreal office to Windows 8.1.

    ->Purchase a subscription to Microsoft Office 365.

    ->Configure a web application proxy on Server6.

    ->Configure integration between VMM and IPAM.

    ->Apply GPO1 to all of the San Diego users.

    ->Connect Site1 to Windows Azure.

    Technical Requirements

    Northwind Traders must meet the following technical requirements:

    ->All virtual machines must use ODX.

    ->Users must be able to access App1 from the Internet.

    ->GPO1 must not be applied to computers that run Windows 8.1.

    ->All DNS zones must replicate only to DC1, DC2, and DC3.

    ->All computers must be able to resolve names by using a local DNS server.

    ->If a WAN link fails, users must be able to access all of the sales reports.

    ->The credentials for accessing Windows Azure must be permanently stored.

    ->The on-premises network must be connected to Windows Azure by using Server4.

    ->The administrators must be able to manage Windows Azure by using Windows PowerShell.

    ->The number of servers and services deployed in the San Diego office must be minimized.

    ->Active Directory queries for the objects in the forest must not generate WAN traffic, whenever possible.

    Security Requirements

    Northwind Traders identifies the following security requirements:

    ->Ensure that all DNS zone data is encrypted when it is replicated.

    ->Minimize the number of permissions assigned to users and administrators, whenever possible. Prevent an Active Directory Domain Services (AD DS) attribute named SSNumber from replicating to Site2.

    ->Ensure that users can use their northwindtraders.com user account to access the resources hosted in Office 365.

    ->Prevent administrators from being required to re-enter their credentials when they manage Windows Azure from approved management computers.

    Question No: 35 HOTSPOT – (Topic 4)

    You are evaluating the virtual machine environment.

    In the table below, identify which virtual machines currently support ODX and which virtual machines require a configuration change to support ODX. Make only one selection in each row.

    Ensurepass 2018 PDF and VCE

    Answer:

    Ensurepass 2018 PDF and VCE

    Explanation:

    Ensurepass 2018 PDF and VCE

    • VM1 uses IDE and does not support ODX. The other VMs are ok.

    • ID requirements include:

    Must be connected by using one of the following protocols: iSCSI

    Fibre Channel

    Fibre Channel over Ethernet Serial Attached SCSI (SAS)

    Note: Windows Offloaded Data Transfer (ODX) functionality in Windows maximizes an enterprise’s investment in intelligent storage arrays by enabling the arrays to directly transfer data within or between compatible storage devices, bypassing the host computer.

    Question No: 36 HOTSPOT – (Topic 4)

    You are planning the certificates for Northwind Traders.

    You need to identify the certificate configurations required for App1.

    How should you configure the certificate request? To answer, select the appropriate options in the answer area.

    Ensurepass 2018 PDF and VCE

    Ensurepass 2018 PDF and VCE

    Answer:

    Ensurepass 2018 PDF and VCE

    Explanation:

    Ensurepass 2018 PDF and VCE

    Box 1: App1.public.northwindtraders.com

    * From the scenario:

    Users must be able to access App1 from the Internet.

    The servers in the perimeter network are accessible from the Internet by using a domain name suffix of public.northwindtraders.com.

    Configure a web application proxy on Server6.

    Box 2: Server Authentication

    Certificates that server programs use to authenticate themselves to clients

    • From the scenario:

      Configure a web application proxy on Server6.

      Question No: 37 – (Topic 4)

      You need to recommend a solution for the replication of Active Directory. What should you recommend modifying?

      1. The Active Directory Schema

      2. The properties of Site1

      3. The RODC1 computer account

      4. The properties of Site2

      Answer: A

      Explanation: An AD Schema can be configured to prevent specific information from being replicated. You add an attribute to the RODC filtered attribute set, and then mark it as confidential.

    • Scenario: Prevent an Active Directory Domain Services (AD DS) attribute named SSNumber from replicating to Site2.

    Reference: Appendix D: Steps to Add an Attribute to the RODC Filtered Attribute Set https://technet.microsoft.com/en-us/library/cc772331(v=ws.10).aspx

    Question No: 38 – (Topic 4)

    You need to recommend an Office 365 integration solution. What should you include in the recommendation?

    1. Active Directory directory synchronization

    2. The Active Directory Migration Tool (ADMT)

    3. Windows Identity Foundation (WIF) 3.5

    4. The Sync Framework Toolkit

    Answer: A

    Explanation: * Scenario: Each office is configured as an Active Directory site.

    Reference: Synchronizing your directory with Office 365 is easy https://blogs.office.com/2014/04/15/synchronizing-your-directory-with-office-365-is-easy/

    Question No: 39 HOTSPOT – (Topic 4)

    You need to recommend a solution for communicating to Windows Azure services.

    What should you recommend? To answer, select the appropriate options in the answer area.

    Ensurepass 2018 PDF and VCE

    Ensurepass 2018 PDF and VCE

    Answer:

    Ensurepass 2018 PDF and VCE

    Question No: 40 – (Topic 4)

    You need to implement a solution for DNS replication. Which cmdlets should you run?

    1. Set-DnsServer and Invoke-DnsServerZoneSign

    2. ConvertTo-DnsServerPrimaryZone and Register-DnsServerDirectoryPartition

    3. UnRegister-DnsServerDirectoryPartition and Add-DnsServerForwarder

    4. Set-DnsServerDnsSecZoneSetting and Invoke-DnsServerZoneSign

    Answer: C

    Explanation: Currently DNS zones are replicated to all Domain Controllers, but they should only replicate only to DC1, DC2, and DC3. We can unregister other DNS servers (RODC1) with the help of UnRegister-DnsServerDirectoryPartition cmdlet, which deregisters a Domain Name System (DNS) server from a specified DNS application directory partition.

    RODC1 is still used as a DNS server, but does not receive zone replication, but it should still function as a DNS server as all computers need to resolve names by using a local DNS server. We configure RODC1 to forward DNS requests to DC1, DC2 or DC3 with the help of the Add-DnsServerForwarder command.

    * Scenario. Technical Requirement related to DNS:

    Ensure that all DNS zone data is encrypted when it is replicated

    All computers must be able to resolve names by using a local DNS server All DNS zones must replicate only to DC1, DC2, and DC3

    Reference: UnRegister-DnsServerDirectoryPartition, Add-DnsServerForwarder

    100% Ensurepass Free Download!
    Download Free Demo:70-413 Demo PDF
    100% Ensurepass Free Guaranteed!
    Download 2018 EnsurePass 70-413 Full Exam PDF and VCE

    EnsurePass ExamCollection Testking
    Lowest Price Guarantee Yes No No
    Up-to-Dated Yes No No
    Real Questions Yes No No
    Explanation Yes No No
    PDF VCE Yes No No
    Free VCE Simulator Yes No No
    Instant Download Yes No No

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.