Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Microsoft 70-413

Microsoft 70-413 Exam Practice Questions (P. 4)

  • Full Access (337 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #31
Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com. The main office contains domain controllers that run Windows Server 2012. The branch office contains a read-only domain controller (RODC) that runs Windows Server 2012.
You need to recommend a solution to control which Active Directory attributes are replicated to the RODC.
What should you include in the recommendation?
  1. A
    The partial attribute set
  2. B
    The filtered attribute set
  3. C
    Application directory partitions
  4. D
    Constrained delegation

Correct Answer:
B
RODC filtered attribute set -
Some applications that use AD DS as a data store might have credential-like data (such as passwords, credentials, or encryption keys) that you do not want to be stored on an RODC in case the RODC is compromised.
For these types of applications, you can dynamically configure a set of attributes in the schema for domain objects that will not replicate to an RODC. This set of attributes is called the RODC filtered attribute set. Attributes that are defined in the RODC filtered attribute set are not allowed to replicate to any RODCs in the forest.
Reference:
AD DS: Read-Only Domain Controllers
https://technet.microsoft.com/en-us/library/cc732801(v=ws.10).aspx

Question #32
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The forest functional level is
Windows Server 2012.
Your company plans to deploy an application that will provide a search interface to users in the company. The application will query the global catalog for the
Employee-Number attribute.
You need to recommend a solution to ensure that the application can retrieve the Employee-Number value from the global catalog.
What should you include in the recommendation?
  1. A
    the Dsmod command
  2. B
    the Ldifde command
  3. C
    the Set-User cmdlet
  4. D
    the Csvde command

Correct Answer:
B
Ldifde creates, modifies, and deletes directory objects. You can also use ldifde to extend the schema, export Active Directory user and group information to other applications or services, and populate Active Directory Domain Services (AD DS) with data from other directory services.
Ldifde -l <LDAPAttributeList>
Sets the list of attributes to return in the results of an export query. If you do not specify this parameter, the search returns all attributes.
Reference:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc731033(v=ws.11)#:~:text=Ldifde%20is%20a%
20command%2Dline,from%20an%20elevated%20command%20prompt.

Question #33
Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.

The domain contains two global groups. The groups are configured as shown in the following table.

You need to ensure that the RODC is configured to meet the following requirements:
✑ Cache passwords for all of the members of Branch1Users.
✑ Prevent the caching of passwords for the members of Helpdesk.
What should you do?
  1. A
    Modify the membership of the Denied RODC Password Replication group.
  2. B
    Install the BranchCache feature on RODC1.
  3. C
    Modify the delegation settings of RODC1.
  4. D
    Create a Password Settings object (PSO) for the Helpdesk group.

Correct Answer:
A
Password Replication Policy Allowed and Denied lists
Two new built-in groups are introduced in Windows Server 2008 Active Directory domains to support RODC operations. These are the Allowed RODC Password
Replication Group and Denied RODC Password Replication Group.
These groups help implement a default Allowed List and Denied List for the RODC Password Replication Policy. By default, the two groups are respectively added to the msDS-RevealOnDemandGroup and msDS-NeverRevealGroup Active Directory attributes.
Reference:

Password Replication Policy -
https://technet.microsoft.com/en-us/library/cc730883(v=ws.10).aspx

Question #34
Your network contains an Active Directory forest named contoso.com. The forest contains five domains. You need to ensure that the CountryCode attribute is replicated to the global catalog.
What should you do?
  1. A
    Modify the schema partition.
  2. B
    Create and modify an application partition.
  3. C
    Modify the configuration partition.
  4. D
    Modify the domain partitions.

Correct Answer:
A
Directory Partition Subtrees -
Every domain controller contains the following three directory partitions:
✑ Schema
Contains the Schema container, which stores class and attribute definitions for all existing and possible Active Directory objects in cn=schema,cn=configuration,dc= forestRootDomain . Updates to this container are replicated to all domain controllers in the forest. You can view the contents of the Schema container in the Active Directory Schema console.
✑ Configuration
✑ Domain
After an attribute Schema object is created, marking an additional attribute to replicate to the Global Catalog causes a full replication (also known as a "full sync") of all objects to the Global Catalog.
Reference:
How to Modify Attributes That Replicate to the Global Catalog https://support.microsoft.com/en-us/kb/248717

Question #35
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.

All client computers run Windows 10.
The corporate security policy states that all of the client computers must have the latest security updates installed.
You need to implement a solution to ensure that the client computers can only connect to VLAN 2 if they have all of the required security updates installed.
Solution: You implement the 802.1x Network Access Protection (NAP) enforcement method.
Does this meet the goal?
  1. A
    Yes
  2. B
    No

Correct Answer:
A

Question #36
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table.

All client computers run Windows 10.
The corporate security policy states that all of the client computers must have the latest security updates installed.
You need to implement a solution to ensure that only the client computers can only connect to VLAN 2 if they have all of the required security updates installed.
Solution: You implement the DHCP Network Access Protection (NAP) enforcement method.
Does this meet the goal?
  1. A
    Yes
  2. B
    No

Correct Answer:
B

Question #37
HOTSPOT -
Your network contains an Active Directory forest name fabrikam.com. The forest contains two domains named fabrikam.com and contoso.com. All servers run
Windows Server 2012 R2.
The forest contains a DHCP server named Server1 and a DNS server named Server2.
You need to recommend a solution to ensure that any computers that are neither members of contoso.com nor fabrikam.com receive a DNS suffix of guest.fabrikam.com.
What two commands should you run? To answer, select the appropriate options in the answer area.
Hot Area:


Correct Answer:

 * Add-DHCPServerv4Policy
The Add-DhcpServerv4Policy cmdlet adds a new policy either at the server level or at the scope level. The policy name must be unique at the level, either server or specific scope, where the policy is added and should have at least one condition as specified by the CircuitId, ClientId, Fqdn, MACAddress, RelayAgent,
RemoteId, SubscriberId, UserClass, or VendorClass parameter.
Reference:
https://docs.microsoft.com/en-us/powershell/module/dhcpserver/set-dhcpserverv4dnssetting?view=win10-ps

Question #38
Your company has three offices. The offices are located in Montreal, Toronto, and Vancouver.
The network contains two Active Directory forests named contoso.com and adatum.com. The contoso.com forest contains one domain. The adatum.com forest contains two domains. All of the servers in adatum.com are located in the Toronto office. The servers in contoso.com are located in the Montreal and Vancouver offices. All of the servers in both of the forests run Windows Server 2012 R2.
A two-way, forest trusts exists between the forests.
Each office contains DHCP servers and DNS servers.
You are designing an IP Address Management (IPAM) solution to manage the network.
You need to recommend a solution for the placement of IPAM servers to manage all of the DHCP servers and all of the DNS servers in both of the forests. The solution must minimize the number of IPAM servers deployed.
What should you recommend?
  1. A
    One IPAM server in each office
  2. B
    One IPAM server in the Montreal office and one IPAM server in the Toronto office
  3. C
    One IPAM server in the Toronto office
  4. D
    Two IPAM servers in the Toronto office and one IPAM server in the Montreal office
  5. E
    Two IPAM servers in the Toronto office, one IPAM server in the Montreal office, and one IPAM server in the Vancouver office

Correct Answer:
B
There are three general methods to deploy IPAM servers:
✑ Distributed: An IPAM server deployed at every site in an enterprise.
✑ Centralized: One IPAM server in an enterprise.
✑ Hybrid: A central IPAM server deployed with dedicated IPAM servers at each site.
Reference:
IP Address Management (IPAM) Overview
https://technet.microsoft.com/en-us/library/hh831353.aspx

Question #39
You have a server named Server1 that runs Windows Server 2012. Server1 has the DNS Server server role installed.
You need to recommend changes to the DNS infrastructure to protect the cache from cache poisoning attacks.
What should you configure on Server1?
  1. A
    DNS cache locking
  2. B
    The global query block list
  3. C
    DNS Security Extensions (DNSSEC)
  4. D
    DNS devolution

Correct Answer:
A
Cache locking is a new feature available if your DNS server is running Windows Server 2008 R2. When you enable cache locking, the DNS server will not allow cached records to be overwritten for the duration of the time to live (TTL) value. Cache locking provides for enhanced security against cache poisoning attacks.
Reference:

DNS Cache Locking -
https://technet.microsoft.com/en-us/library/ee683892(v=ws.10).aspx

Question #40
DRAG DROP -
Your network contains an Active Directory forest named contoso.com.
Your company merges with another company that has an Active Directory forest named litwareinc.com.
Each forest has one domain.
You establish a two-way forest trust between the forests.
The network contains three servers. The servers are configured as shown in the following table.

You confirm that the client computers in each forest can resolve the names of the client computers in both forests.
On dc1.litwareinc.com, you create a zone named GlobalNames.
You need to recommend changes in both forests to ensure that the users in both forests can resolve single-label names by using the GlobalNames zone in litwareinc.com.
Which changes should you recommend?
To answer, drag the appropriate configuration to the correct server in the answer area. Each configuration may be used once, more than once, or not at all.
Additionally, you may need to drag the split bar between panes or scroll to view content.
Select and Place:


Correct Answer:

 Deploying a GlobalNames zone -
The specific steps for deploying a GlobalNames zone can vary somewhat, depending on the AD DS topology of your network.
Step 1: Create the GlobalNames zone
Step 2(Box 1, box 3): Enable GlobalNames zone support
The GlobalNames zone is not available to provide name resolution until GlobalNames zone support is explicitly enabled by using the following command on every authoritative DNS server in the forest: dnscmd <ServerName> /config /enableglobalnamessupport 1
Step 3: Replicate the GlobalNames zone
Step 4: Populate the GlobalNames zone
Step 5 (box 2): Publish the location of the GlobalNames zone in other forests
If you want DNS clients in other forests to use the GlobalNames zone for resolving names, add service location (SRV) resource records to the forest-wide DNS application partition, using the service name _globalnames._msdcs and specifying the FQDN of the DNS server that hosts the GlobalNames zone.

Previous Questions Next Questions

All Pages