Download Designing and Implementing a Server Infrastructure.70-413.CertDumps.2018-06-24.138q.vcex

Vendor: Microsoft
Exam Code: 70-413
Exam Name: Designing and Implementing a Server Infrastructure
Date: Jun 24, 2018
File Size: 5 MB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAMFILESCOM

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator
ProfExam Discount

Demo Questions

Question 1
Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites. 
You plan to deploy DirectAccess. 
The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network. 
You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement 
Solution: You set the ISATAP State to state disabled.
Does this meet the goal?
  1. Yes
  2. No
Correct answer: B
Explanation:
With NAT64 and DNS64, the DirectAccess server now has the ability to take those client IPv6 packets and spin them down into IPv4 packets, so you can simply leave your internal network all IPv4. So back in the beginning it was standard practice to enable ISATAP globally. Today, because of the known issues, it is recommended not to use ISATAP at all, unless you have a specific reason for needing it Note: ISATAP defines a method for generating a link-local IPv6 address from an IPv4 address, and a mechanism to perform Neighbor Discovery on top of IPv4.
With NAT64 and DNS64, the DirectAccess server now has the ability to take those client IPv6 packets and spin them down into IPv4 packets, so you can simply leave your internal network all IPv4. So back in the beginning it was standard practice to enable ISATAP globally. Today, because of the known issues, it is recommended not to use ISATAP at all, unless you have a specific reason for needing it 
Note: ISATAP defines a method for generating a link-local IPv6 address from an IPv4 address, and a mechanism to perform Neighbor Discovery on top of IPv4.
Question 2
Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites. 
You plan to deploy DirectAccess. 
The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network. 
You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement. 
Solution: You enable split tunneling.
Does this meet the goal?
  1. Yes
  2. No
Correct answer: B
Explanation:
DirectAccess by default enables split tunneling. All traffic destined to the corpnet is sent over the DA IPsec tunnels, and all traffic destined for the Internet is sent directly to the Internet over the local interface. This prevents DA clients from bringing the corporate Internet connection to its knees. Is DA split tunneling really a problem? The answer is no. Why? Because the risks that exist with VPNs, where the machine can act as a router between the Internet and the corporate network is  not valid with DirectAccess. IPsec rules on the UAG server require that traffic be from an authenticated source, and all traffic between the DA client and server is protected with IPsec. Thus, in the scenario where the DA client might be configured as a router, the source of the traffic isn’t going to be the DA client, and authentication will fail – hence preventing the type of routing that VPN admins are concerned about.
DirectAccess by default enables split tunneling. All traffic destined to the corpnet is sent over the DA IPsec tunnels, and all traffic destined for the Internet is sent directly to the Internet over the local interface. This prevents DA clients from bringing the corporate Internet connection to its knees. 
Is DA split tunneling really a problem? The answer is no. 
Why? Because the risks that exist with VPNs, where the machine can act as a router between the Internet and the corporate network is  not valid with DirectAccess. IPsec rules on the UAG server require that traffic be from an authenticated source, and all traffic between the DA client and server is protected with IPsec. 
Thus, in the scenario where the DA client might be configured as a router, the source of the traffic isn’t going to be the DA client, and authentication will fail – hence preventing the type of routing that VPN admins are concerned about.
Question 3
Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table. 
   
All client computers run either Windows 7 or Windows 8. 
Goal: You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3.
Solution: You implement the 802.1x Network Access Protection (NAP) enforcement method.
Does this meet the goal?
  1. Yes
  2. No
Correct answer: A
Explanation:
NAP supports a variety of what we call enforcement methods. In the NAP space, and enforcement method is simply a term that defines the way a machine connects to a network. In NAP, these are DHCP, 802.1x (wired or wireless), VPN, IPsec, or via a Terminal Services Gateway.
NAP supports a variety of what we call enforcement methods. In the NAP space, and enforcement method is simply a term that defines the way a machine connects to a network. In NAP, these are DHCP, 802.1x (wired or wireless), VPN, IPsec, or via a Terminal Services Gateway.
Question 4
Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table. 
   
All client computers run either Windows 7 or Windows 8. 
The corporate security policy states that all of the client computers must have the latest security updates installed. 
You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3. 
Solution: You implement the VPN enforcement method.
Does this meet the goal?
  1. Yes
  2. No
Correct answer: B
Explanation:
VPN Enforcement needs to be setup in connection with NAP (Network Access Protection).
VPN Enforcement needs to be setup in connection with NAP (Network Access Protection).
Question 5
Your network contains an Active Directory domain named contoso.com. The domain contains three VLANs. The VLANs are configured as shown in the following table. 
   
All client computers run either Windows 7 or Windows 8. 
The corporate security policy states that all of the client computers must have the latest security updates installed. 
You need to implement a solution to ensure that only the client computers that have all of the required security updates installed can connect to VLAN 1. The solution must ensure that all other client computers connect to VLAN 3. 
Solution: You implement the DHCP Network Access Protection (NAP) enforcement method.
Does this meet the goal?
  1. Yes
  2. No
Correct answer: A
Explanation:
Implementing DHCP NAP to Enforce WSUS Updates
Implementing DHCP NAP to Enforce WSUS Updates
Question 6
Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Network Policy Server server role installed. 
You configure Server1 as part of a Network Access Protection (NAP) solution that uses the 802.lx enforcement method, 
You add a new switch to the network and you configure the switch to use 802.lx authentication. 
You need to ensure that only compliant client computers can access network resources through the new switch. 
What should you do on Server1?
  1. Add the IP address of each new switch to a remediation server group.
  2. Add the IP address of each new switch to the list of RADIUS clients.
  3. Add the IP address of each new switch to a connection request policy as an Access Client IPv4 Address.
  4. Add the IP address of each new switch to a remote RADIUS server group.
Correct answer: B
Explanation:
802.1X and RADIUS-compliant APs (Acess Points), when they are deployed in a RADIUS infrastructure with a RADIUS server such as an NPS server, are called RADIUS clients.
802.1X and RADIUS-compliant APs (Acess Points), when they are deployed in a RADIUS infrastructure with a RADIUS server such as an NPS server, are called RADIUS clients.
Question 7
Your network contains an Active Directory domain named contoso.com. 
Your company has 100 users in the sales department. Each sales user has a domain-joined laptop computer that runs either Windows 7 or Windows 8. The sales users rarely travel to the company's offices to connect directly to the corporate network. 
You need to recommend a solution to ensure that you can manage the sales users' laptop computers when the users are working remotely. 
What solution should you include in the recommendation?
  1. Deploy the Remote Access server role on a server on the internal network.
  2. Deploy the Network Policy and Access Services server role on a server on the internal network.
  3. Deploy a Microsoft System Center 2012 Service Manager infrastructure.
  4. Deploy a Microsoft System Center 2012 Operations Manager infrastructure.
Correct answer: A
Explanation:
The question is asking what you should INCLUDE in your recommendation; it is not asking for the complete solution.
The question is asking what you should INCLUDE in your recommendation; it is not asking for the complete solution.
Question 8
Your network contains an Active Directory domain. All servers run Windows Server 2012 R2. 
The domain contains the servers shown in the following table. 
   
 
You need to recommend which servers will benefit most from implementing data deduplication. 
Which servers should you recommend?
  1. Server1 and Server2
  2. Server1 and Server3
  3. Server1 and Server4
  4. Server2 and Server3
  5. Server2 and Server4
  6. Server3 and Server4
Correct answer: D
Explanation:
* Server 2: Data deduplication involves finding and removing duplication within data without compromising its fidelity or integrity. The goal is to store more data in less space by segmenting files into small variable-sized chunks (32–128 KB), identifying duplicate chunks, and maintaining a single copy of each chunk. Redundant copies of the chunk are replaced by a reference to the single copy. The chunks are compressed and then organized into special container files in the System Volume Information folder* Server 3: In Windows Server 2012 R2, Data Deduplication can be installed on a scale-out file server and used to optimize live VHDs for VDI workloads.
* Server 2: Data deduplication involves finding and removing duplication within data without compromising its fidelity or integrity. The goal is to store more data in less space by segmenting files into small variable-sized chunks (32–128 KB), identifying duplicate chunks, and maintaining a single copy of each chunk. Redundant copies of the chunk are replaced by a reference to the single copy. The chunks are compressed and then organized into special container files in the System Volume Information folder
* Server 3: In Windows Server 2012 R2, Data Deduplication can be installed on a scale-out file server and used to optimize live VHDs for VDI workloads.
Question 9
Your network contains an Active Directory forest named adatum.com. All domain controllers run Windows Server 2008 R2. The functional level of the domain and the forest is Windows Server 2008. 
You deploy a new Active Directory forest named contoso.com. All domain controllers run Windows Server 2012 R2. The functional level of the domain and the forest is Windows Server 2012 R2. 
You establish a two-way, forest trust between the forests. Both networks contain member servers that run either Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008. 
You plan to use the Active Directory Migration Tool 3.2 (ADMT 3.2) to migrate user accounts from adatum.com to contoso.com. SID history will be used in contoso.com and passwords will be migrated by using a Password Export Server (PES). 
You need to recommend which changes must be implemented to support the planned migration. 
Which two changes should you recommend? Each correct answer presents part of the solution.
  1. In the contoso.com forest, deploy a domain controller that runs Windows Server 2008 R2.
  2. In the adatum.com forest, upgrade the functional level of the forest and the domain.
  3. In the contoso.com forest, downgrade the functional level of the forest and the domain.
  4. In the adatum.com forest, deploy a domain controller that runs Windows Server 2012 R2.
Correct answer: AC
Question 10
Your network contains an Active Directory forest named contoso.com. 
You plan to automate the deployment of servers that run Windows Server 2012. 
You identify the following requirements for the deployment:
  • Update the custom images that will be used for the deployment. 
  • Add custom drivers to the images that will be used for the deployment. 
  • Add software packages to the images that will be used for the deployment. 
  • Perform a zero touch bare-metal installation that uses Wake On LAN. 
A network consultant recommends using Windows Deployment Services (WDS) and the Windows Assessment and Deployment Kit (Windows ADK) to deploy the servers. 
You need to identify which requirements are achieved by using the consultant's recommendations. 
Which requirements should you identify? (Each correct answer presents part of the solution. Choose all that apply.)
  1. Update the custom images used for the deployment.
  2. Add software packages to the images used for the deployment.
  3. Perform a zero touch bare-metal installation that uses Wake On LAN.
  4. Add custom drivers to the images used for the deployment.
Correct answer: AD
Explanation:
Microsoft Deployment Toolkit 2010 MDT 2010 requires Windows AIK for Windows. Manage your images, from adding/removing drivers to easily swapping out the operating system you would like to deploy.
Microsoft Deployment Toolkit 2010 
MDT 2010 requires Windows AIK for Windows. 
Manage your images, from adding/removing drivers to easily swapping out the operating system you would like to deploy.
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!