70 413

Microsoft 70-413
Designing and Implementing a Server Infrastructure

Version: 15.0
-
-
-
-
-
Topic 1, Leyburn Investments

Company Background

Leyburn Investments is a global financial services company. The company has 5,100 employees
based in offices in New York, London, Rome and Madrid.

The New York office is the corporate headquarters. The New York office has 3000 employees.
The London, Rome and Madrid offices each have 700 employees.

Existing Environment

Existing Active Directory Environment

The network consists of a single Active Directory forest named LeyburnInv.com. The New York
office contains the LeyburnInv.com root domain. The London, Rome and Madrid offices have
domains named London.LeyburnInv.com, Rome.LeyburnInv.com and Madrid.LeyburnInv.com
respectively.

All four domains have domain controllers running Windows Server 2008 R2. All domain controllers
are configured as DNS Servers. The forest functional level of the LeyburnInv.com forest is
Windows Server 2008.

Network Infrastructure

Each of the four offices has a high speed Internet connection. All four offices have VPN
connections to the other offices.

Each office includes the following servers:

Two physical Windows Server 2008 R2 domain controllers.
One physical Windows Server 2008 R2 DHCP server.
Four physical Windows Server 2008 R2 file servers.

Business Requirements

Planned Changes

The Rome and Madrid offices will be closed.
Active Directory user accounts, computer accounts and Group Policy Objects (GPOs) from the
Rome.LeyburnInv.com domain will be moved to the London.LeyburnInv.com domain and the
Rome.LeyburnInv.com domain will be decommissioned.
Microsoft 70-413 Exam
"Pass Any Exam. Any Time." - www.actualtests.com 2
-
-
-
-
-
-
-
-
-
-
-
The Madrid office will be moved to Barcelona. The Madrid.LeyburnInv.com domain will be
renamed to Barcelona.LeyburnInv.com.
A Windows Server IP Address Management (IPAM) server will be deployed in each office.
Ten new Windows Server 2012 Hyper-V host servers will be deployed to the New York, London
and Barcelona offices.
Active Directory Recycle Bin will be enabled in each domain.
Start Menu and Desktop folder redirection will be enabled in the Barcelona office.

Technical Requirements

Leyburn Investments has the following technical requirements:

Allow for software installation using disk imaging or virtual machine cloning
Reduce the number of physical servers by using virtualization.
Upgrade servers to Windows Server 2012.
Implement a central solution for managing virtual machines.
Deploy virtual domain controllers using virtual machine cloning.
Distribute virtual machines between Hyper-V hosts automatically according to server load.

QUESTION NO: 1

You need to enable the deployment of domain controllers using virtual machine cloning.

Which of the following would need to be done first?

A. The domain controller running the Schema Master role needs to be upgraded to Windows
Server 2012.
B. The domain controller running the Domain Naming Master role needs to be upgraded to
Windows Server 2012.
C. All domain controllers running the Infrastructure Master role need to be upgraded to Windows
Server 2012.
D. The functional level of the forest needs to be raised to Windows Server 2012.
E. All domain controllers running the PDC Emulator role need to be upgraded to Windows Server
2012.

Answer: E
Explanation:

QUESTION NO: 2

You need to enable Active Directory Recycle Bin in the domains.
Which of the following would need to be done first?

A. The functional level of the forest needs to be raised to Windows Server 2008 R2 or later.
B. The domain controller running the Schema Master role needs to be upgraded to Windows
Server 2012.
C. All domain controllers need to be upgraded to Windows Server 2012.
D. All domain controllers running the Infrastructure Master role need to be upgraded to Windows
Server 2012.

Answer: A
Explanation:

QUESTION NO: 3

Which of the following technologies should you implement to meet the technical requirement of
distributing virtual machines between Hyper-V hosts automatically according to server load?

A. Windows Network Load Balancing.
B. Microsoft System Center 2012 Virtual Machine Manager (VMM).
C. Microsoft System Center 2012 Data Protection Manager (DPM).
D. Microsoft Enterprise Desktop Virtualization (MED-V)

Answer: B
Explanation:

QUESTION NO: 4

You have created a Windows Server 2012 virtual machine configured as a domain controller.

You want to clone the virtual domain controller to create another virtual domain controller.

Which two of the following steps should you perform first? (Choose two).

A. Run the Install-ADDSDomainController PowerShell cmdlet.
B. Run the New-ADDCCloneConfigFile PowerShell cmdlet.
C. Run sysprep.exe /oobe.
D. Run dcpromo.exe /adv.
E. Place a DCCloneConfig.xml file in the %Systemroot%\NTDS folder.
F. Place an Unattend.xml file in the %Systemroot%\SYSVOL folder.
Answer: B,E
Explanation:

QUESTION NO: 5

You want to migrate the physical Windows Server 2008 R2 DHCP servers to Windows Server
2012 virtual machines.

You plan to use the Windows Server Migration Tools cmdlets in Windows PowerShell to migrate
the DHCP servers and minimize the risk of IP Address conflicts during the migration.

Which PowerShell cmdlet should you run first?

A. Import-SmigServerSetting on the virtual machines.
B. Export-SmigServerSetting on the virtual machines.
C. Get-SmigServerFeature on the virtual machines.
D. Import-SmigServerSetting on the Physical servers.
E. Export-SmigServerSetting on the Physical servers.

Answer: E
Explanation:

QUESTION NO: 6

You need to plan for renaming the Madrid.LeyburnInv.com to Barcelona.LeyburnInv.com.

Which tool should you use to rename the domain?

A. Active Directory Migration Tool version 3.2 (ADMT v3.2).
B. MoveTree.exe.
C. Rendom.exe.
D. Active Directory Domains and Trusts.

Answer: C
Explanation:

QUESTION NO: 7

You need to plan for renaming the Madrid.LeyburnInv.com to Barcelona.LeyburnInv.com.

Which tool should you use to automatically correct any severed Group Policy links and invalid
UNC paths in GPOs in the renamed domain?

A. Rendom.exe.
B. Gpupdate.exe
C. Gpfixup.exe
D. Dcgpofix.exe

Answer: C
Explanation:

QUESTION NO: 8

You are planning to migrate objects from the Rome.LeyburnInv.com domain to the
London.LeyburnInv.com domain before decommissioning the Rome.LeyburnInv.com domain.

Which two of the following tools should you use to migrate the required objects as stated in the
Planned Changes? (Choose two).

A. Active Directory Lightweight Directory Services (AD LDS)
B. Active Directory Migration Tool version 3.2 (ADMT v3.2)
C. Active Directory Domains and Trusts
D. Active Directory Federation Services (AD FS)
E. Group Policy Management Console (GPMC)

Answer: B,E
Explanation:

QUESTION NO: 9

One of the planned changes is to enable Start Menu and Desktop folder redirection in the
Barcelona office.

You need to recommend a solution to meet this requirement.

What should you recommend?

A. Modify the Default Domain Controller Policy in the Barcelona.LeyburnInv.com domain.
B. Link a new Group Policy Object (GPO) to the LeyBurnInv.com domain.
C. Link a new Group Policy Object (GPO) to the Barcelona.LeyBurnInv.com domain.
D. Link a new Group Policy Object (GPO) to the each domain.

Answer: C
Explanation:

QUESTION NO: 10

One of the technical requirements states that the company wants to reduce the number of physical
servers by using virtualization. Another technical requirement is to upgrade servers to Windows
Server 2012.

You need to gather the following information about the current servers in the network:

Which physical servers meet the hardware requirements to run Windows Server 2012?

Which physical servers are suitable candidates to be converted to Hyper-V virtual machines?

Which servers run applications that can be moved to Windows Server 2012?

How can you generate a report that includes the required information?

A. By running the Microsoft Assessment and Planning (MAP) Toolkit on an existing server.
B. By running the Microsoft Deployment Toolkit (MDT) 2012 on an existing server.
C. By running Microsoft Application Compatibility Toolkit (ACT) on an existing server.
D. By running the Active Directory Migration Tool version 3.2 (ADMT v3.2) on an existing server.

Answer: A
Explanation:

QUESTION NO: 11

The IP Address Management (IPAM) servers in each office will be used to manage the local
DHCP and DNS servers. You need to delegate the administration of the IPAM servers to a
security group named IPAdmins in each domain.
You create the IPAdmins group and add the appropriate users to the groups. You need to give
the IPAdmins group the relevant permissions to manage the IPAM servers.

What should you do?

A. You should add the IPAdmins group to the IPAM Users group on the IPAM servers.
B. You should add the IPAdmins group to the IPAM Administrators group on the IPAM servers.
C. You should run the Set-IpamConfiguration PowerShell cmdlet.
D. You should run the Invoke-IpamGpoProvisioning PowerShell cmdlet.

Answer: B
Explanation:

Topic 2

2, Weyland Technical Solutions (WTS) Ltd.

Company Background

Weyland Technical Solutions is an IT company who provide hosted or managed services to small
to medium-sized companies in central USA. The company is located in a single site in Weyland,
Kansas.

The company currently has 1500 employees.

Existing Environment

Existing Active Directory Environment

The network consists of a single Windows Server 2008 R2 Active Directory Domain Services (AD
DS) domain named WTSltd.com. The forest functional level is Windows Server 2008.

The network contains four physical domain controllers. All domain controllers are configured as
DNS Servers.

Network Infrastructure

The network is divided into four subnets. All servers are located in a data center located in the
WTS site.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
The data center includes the following servers:

Four physical Windows Server 2008 R2 DHCP Servers.
Eight physical Windows Server 2008 R2 file servers.
Six physical Windows Server 2008 R2 print servers.
Four physical Windows Server 2008 R2 domain controllers.
One physical Windows Server 2008 R2 HyperV host server.

All client computers run either Windows 7 or Windows 8.

Business Requirements

Planned Changes

Deploy new Windows Server 2012 Hyper-V host servers.
Implement a VPN solution for external workers.
Implement RADIUS authentication for the VPN connections.
Implement Network Access Protection (NAP).
Implement Active Directory Recycle Bin

Technical Requirements

Weyland Technical Solutions has the following technical requirements:

Migrate all servers to Windows Server 2012.
Virtualize existing physical servers where possible.
Deploy virtual domain controllers using virtual machine cloning.
DHCP IP address leases must be logged centrally.
Centrally manage Network Access Protection (NAP) policies.

QUESTION NO: 12

You are installing two Windows Server 2012 servers to function as VPN servers and one Windows
Server 2012 server to function as a RADIUS server. The RADIUS server will be configured to
authenticate VPN connections.

How should you configure the VPN servers to use the RADIUS server?

A. You should modify the authentication provider on the VPN servers.
B. You should install the Active Directory Federation Services role on the VPN servers.
C. You should add a RADIUS client on the VPN servers.
D. You should add a RADIUS proxy on the VPN servers.

Answer: A
Explanation:

QUESTION NO: 13

You are configuring the Windows Server 2012 server to function as a RADIUS server.

Which Network Policy and Access Services role service should you install on the server?

A. Host Credential Authorization Protocol
B. Health Registration Authority
C. Network Policy Server
D. Remote Access Service

Answer: C
Explanation:

QUESTION NO: 14

You have created a Windows Server 2012 virtual machine (VM) to function as a print server.

Which of the following utilities should you use to migrate the print queues from a physical print
server to a virtual print server?

A. Active Directory Migration Tool (ADMT)
B. The Print Management console.
C. IP Address Management (IPAM)
D. MoveTree.exe.
E. Windows Server Migration Tools.

Answer: B
Explanation:

QUESTION NO: 15

You are considering the use of the Data Deduplication feature of Windows Server 2012 to save
disk storage space used on the file servers.

On which of the following volumes is data deduplication supported? (Choose all that apply).

A. Remote mapped or remote mounted drives.
B. Local mounted VHD formatted with NTFS.
C. Boot or System Volumes.
D. Simple volumes formatted with NTFS.
E. Simple volumes formatted with FAT32.
F. Cluster Shared Volumes (CSV).

Answer: B,D
Explanation:

QUESTION NO: 16

One of the technical requirements states that DHCP IP address leases must be logged centrally.

Which of the following solutions can be used for logging the IP address leases and the name of
the user the IP address was leased to?

A. DHCP audit logging
B. DHCP Scope options
C. DHCP Event Log
D. IP Address Management (IPAM)

Answer: D
Explanation:

QUESTION NO: 17

After implementing Active Directory Recycle Bin, you want to perform a test restoration of a user
account. You delete an old test user account.

You restore the test user account from the Active Directory Recycle Bin. You want to replicate the
restored user account to all domain controllers in the domain while minimizing the Active Directory
replication traffic.

Which two of the following cmdlets should you run? (Choose two).
A. Get ADDomainController
B. Get-ADDomain
C. Get-ADReplicationSite
D. Set-ADUser
E. Sync-ADObject
F. Move-ADObject

Answer: A,E
Explanation:

QUESTION NO: 18

You are evaluating the deployment of virtual domain controllers using virtual machine cloning.

On which of the following virtual platforms could you clone a virtual Windows Server 2012 domain
controller? (Choose all that apply).

A. VMware VSphere ESXi 5.0.
B. Microsoft Virtual PC on Windows 7.
C. Microsoft Hyper-V on Windows 8.
D. Microsoft Hyper-V on Windows Server 2008 R2.
E. Microsoft Hyper-V on Windows Server 2012.

Answer: C,E
Explanation:

Topic 3, Mixed Questions

QUESTION NO: 19

You are configuring a network for a company that has multiple buildings in a campus layout.

The network consists of a Windows Server 2012 Active Directory Domain Services (AD DS)
domain. A single datacenter hosts most of the companys servers.

You are deploying client computers to 8 new buildings. Each building will have a separate subnet.
A router in each building will connect each subnet to the datacenter.

You want to manage IP address deployment from a single highly available DHCP server in the
datacenter. Your solution must minimize costs.

How should you configure the infrastructure? (Choose two answers).

A. Install a server in each building that runs the Routing and Remote Access Service. Configure a
DHCP Relay Agent on the servers.
B. Configure the routers to forward DHCP requests to the datacenter DHCP server.
C. Install a server running the DHCP Server role in each building. Configure the DHCP server to
forward DHCP requests to the datacenter DHCP server.
D. Configure a single DHCP scope.
E. Configure a separate DHCP scope for each building.

Answer: B,E
Explanation:

QUESTION NO: 20

You work as a Network Administrator for Testking.com. The network consists of a single Windows
Server 2012 Active Directory Domain Services (AD DS) domain named Testking.com. All servers
in the domain run Windows Server 2012.

All domain controllers are configured as DNS servers and host an Active Directory Integrated zone
for the Testking.com domain. The Testking.com DNS zone is configured to replicate to all domain
controllers in the domain.

The company has a development department. Company developers create custom software to be
used by all company employees.

You need to create a child domain named Dev.Testking.com. The domain will be used by
developers to test their software. The Dev.Testking.com will include Windows Server 2012
domain controllers, Windows 7 client computers and user accounts.

Developers need to be able to access servers in the Testking.com domain while logged in to the
Dev.Testking.com domain.

How can you ensure that Dev.Testking.com users can resolve the names of servers in the
Testking.com domain?

A. By configuring a primary zone for the Testking.com domain on a domain controller in the
Dev.Testking.com domain.
B. By modifying the replication scope of the Testking.com domain.
C. By modifying the replication scope of the Dev.Testking.com domain.
D. By configuring a primary zone for the Dev.Testking.com on a domain controller in the
Testking.com domain.

Answer: B
Explanation:

QUESTION NO: 21

You work for a company named Testking.com. Your role of Network Administrator includes the
management of the companys Windows 2012 Active Directory Domain Services (AD DS) domain.

You are configuring an IP Address Management (IPAM) server in the network. The IPAM server
will be used to manage the DHCP and DNS servers in the network.

A user named Mia works in the IT department. Mia will help in the administration of the IPAM
server. You need to assign Mia the appropriate permissions on the IPAM server.

Company security policy states that all users must be assigned the minimum permissions
necessary to perform their required tasks.

Which IPAM security group has the minimum permissions to view all information in server
discovery, IP address space, and server management?

A. IPAM Users
B. IPAM multi-server management (MSM) administrators
C. IPAM address space management (ASM) administrators
D. IPAM IP Audit Administrators
E. IPAM Administrators

Answer: A
Explanation:


QUESTION NO: 22



A user named Clive works in the IT department. Clive will help in the administration of the IPAM
server. You need to assign Clive the appropriate permissions on the IPAM server.


Which IPAM security group has the minimum permissions to view IP address tracking information?

A. IPAM Users

Answer: D
Explanation:

QUESTION NO: 23



A user named Myles works in the IT department. Myles will help in the administration of the IPAM
server. You need to assign Myles the appropriate permissions on the IPAM server.


Which IPAM security group has the minimum permissions to create an IP Address Block?

A. IPAM Users

Answer: C
Explanation:

QUESTION NO: 24


You plan to configure additional DHCP servers in the network. You need to delegate the ability to
authorize DHCP servers to a non-enterprise administrator.

You open Active Directory Sites and Services and view the Services Node.

How can you assign the necessary permissions to authorize DHCP servers?

A. By delegating control of the Claims Configuration container.
B. By delegating control of the NetServices container.
C. By delegating control of the Public Key Services container.
D. By delegating control of the RRAS container.

Answer: B
Explanation:

QUESTION NO: 25

You work as a Network Administrator at Testking.com. The network consists of a single Windows
on the network run Windows Server 2012 and all client computers run Windows 7 Professional.

The company has started working on a project involving a partner company named Weyland
Industries. The Weyland Industries network consists of a single Windows Server 2012 Active
Directory Domain Services (AD DS) domain named WeylandIndustries.com. A two-way forest
trust relationship exists between the domain networks of Testking.com and
WeylandIndustries.com.

Users in both domains can resolve the names of resources in the other domain.

You need to implement single-label names in the Testking.com domain. Users in both domains
will need to resolve single-label names in the Testking.com domain.

You enable GlobalNames support on a domain controller in the Testking.com domain and create a
DNS zone named GlobalNames.

Which two of the following actions should you perform? (Choose two)

A. Create a GlobalNames service location record on a domain controller in the Testking.com
domain.
B. Create a GlobalNames service location record on a domain controller in the
WeylandIndustries.com domain.
C. Configure a conditional forwarder in the WeylandIndustries.com domain.
D. Enable GlobalNames support in the WeylandIndustries domain.
E. Configure a DNS Stub zone in the WeylandIndustries.com domain.

Answer: B,D
Explanation:

QUESTION NO: 26


You use IP Address Management (IPAM) on a Windows Server 2012 server named TK-IPAM1 to
manage the DHCP and DNS servers in the network.

You add a Technician named John to the local administrators group on a DHCP server named TK-
DHCP1. John logs in locally to TK-DHCP1 and successfully modifies a DHCP scope.

John attempts to modify another DHCP scope on TK-DHCP1 by using IPAM. However, he
receives the following error:

One of more IPAM database errors occurred. Run the IPAM configuration task to synchronize
the database with newly applied settings on managed servers.

You verify that John is a member of the IPAM Users group on TK-IPAM1.

How can you enable John to use IPAM to modify DHCP scopes?

A. By running the Export-IpamAddress PowerShell cmdlet on TK-IPAM1.
B. By adding John to the IPAM Audit Administrators group on TK-IPAM1
C. By adding John to the DHCP Administrators group on TK-DHCP1.
D. By adding John to the IPAM Administrators group on TK-IPAM1.

Answer: D
Explanation:

QUESTION NO: 27


A Windows Server 2012 server named TK-DHCP1 is configured as a DHCP server. TK-DHCP1
contains a single DHCP scope and assigns IP configurations to all client computers in the network.

You want to provide redundancy for the DHCP infrastructure so that client computers continue to
receive IP configurations in the event of a DHCP server failure.

You plan to configure a second DHCP server named TK-DHCP2.

You need to decide the best way to configure the DHCP infrastructure. Your solution must
minimize costs and minimize administrative effort.

Which of the following solutions should you implement?

A. You should split the DHCP scope between the two DHCP servers.
B. You should configure Network Load Balancing (NLB) between the two servers.
C. You should configure DHCP Failover between the two servers.
D. You should install a hardware load balancer.
E. You should configure DNS Round Robin.

Answer: C
Explanation:

QUESTION NO: 28


Several company Sales users often work away from the office.

You plan to implement DirectAccess to enable the Sales users to access resources within the
corporate network while working away from the office.

You want to ensure that when Sales users are connected using DirectAccess, all traffic is sent
over the DirectAccess connection. Traffic destined for the corporate network must go over the
DirectAccess connection and traffic destined to the Internet must also go over the DirectAccess
connection.

What should you do?

A. You should configure Split Tunneling.
B. You should configure Force Tunneling.
C. You should disable Intra-Site Automatic Tunnel Addressing Protocol (ISATAP).
D. You should modify the default gateway setting on the client computers.

Answer: B
Explanation:

QUESTION NO: 29


A Windows Server 2012 server named TK-NPS1 runs the Network Policy Server (NPS) role.

You plan to implement a VPN solution to enable external users to connect to resources within the
corporate network.

You install a Windows Server 2012 server named TK-VPN1 and install the Routing and Remote
Access role on the server.

You need to configure the environment so that VPN connection requests are authenticated on TK-
NPS1.

Which two of the following steps should you perform? (Choose two answers).

A. Add a RADIUS client on TK-VPN1.
B. Add a RADIUS client on TK-NPS1.
C. Add a RADIUS proxy on TK-VPN1.
D. Add a RADIUS proxy on TK-NPS1.
E. Modify the authentication settings on TK-VPN1.
F. Modify the authentication settings on TK-NPS1.

Answer: B,E
Explanation:

QUESTION NO: 30


All client computers within the network are assigned IP addresses from a DHCP server.

A Windows Server 2012 server named TK-NPS1 runs the Network Policy Server (NPS) role.

corporate network. All VPN connections will be assigned an IP address from the DHCP server.

Some external users will connect to the VPN from their home computers that are not members of
the domain.

You need to configure Network Access Protection (NAP) to ensure that network access is
restricted for internal and external client computers that do not have antivirus software or have out-
of-date virus definitions.

What should you do?

A. You should configure NAP Enforcement for 802.1X on TK-NPS1.
B. You should configure NAP Enforcement for VPN on TK-NPS1.
C. You should configure NAP Enforcement for DHCP on TK-NPS1.
D. You should configure NAP Enforcement for Terminal Services on TK-NPS1.
E. You should configure NAP Enforcement for IPSec Communications on TK-NPS1.

Answer: C
Explanation:

QUESTION NO: 31


corporate network. You install a Windows Server 2012 server running the Routing and Remote
Access (RRAS) role.

Some external users will connect to the VPN using domain-joined portable computers while other
users will connect from their home computers that are not members of the domain.

The client computers run a mix of Windows XP, Windows 7 or Windows 8.

You need to implement a solution to configure all client computers with the appropriate settings to
connect to the VPN.

You install the Connection Manager Administration Kit (CMAK).

Which two of the following actions should you perform next? (Choose two).

A. Configure a RemoteApp application package.
B. Configure a Connection Profile package.
C. Publish the package in a Group Policy Object (GPO).
D. Publish the package in an Extranet Web Site.
E. Configure a logon script to install the package.

Answer: B,D
Explanation:


QUESTION NO: 32

All servers in the network run Windows Server 2012. All client computers run either Windows 7 or
Windows 8.

All client computers run Windows Defender. Currently all client computers are configured to
download the latest Windows Defender antivirus definitions every night.

You want to implement a centralized solution for the management of the Windows Defender
updates. Your solution must reduce the bandwidth used for downloading the updates and
minimize costs.

What should you use to manage the Windows Defender antivirus definitions?

A. Microsoft System Center 2012 Operations Manager
B. Windows Server Update Services (WSUS)
C. Microsoft System Center 2012 Endpoint Protection
D. Microsoft System Center 2012 Configuration Manager

Answer: B
Explanation:

QUESTION NO: 33

All servers in the network run Windows Server 2012. All client computers run either Windows 7 or
Windows 8.

You are implementing Network Access Protection (NAP) in the network. You need to create a
policy that allows only client computers that have up-to-date security patches to connect to
network servers and the Internet. All non-compliant client computers should only be able to
connect to a server running Window Server Update Services (WSUS) to download the required
updates.

You divide the network into three VLANs. You place the WSUS server in one VLAN. You place
all client computers in another VLAN. You then place all network servers into a third VLAN. Only
the third VLAN can connect to the Internet.

You need to restrict client computers access to either the VLAN containing the WSUS server or
the VLAN containing the other network servers according to their security update policy
compliance.

You need to configure a Network Access Protection (NAP) enforcement method.

Which NAP enforcement method should you use?

A. You should configure NAP Enforcement for 802.1X.
B. You should configure NAP Enforcement for VPN.
C. You should configure NAP Enforcement for DHCP.
D. You should configure NAP Enforcement for Terminal Services.
E. You should configure NAP Enforcement for IPSec Communications.

Answer: A
Explanation:

QUESTION NO: 34

All servers in the network run Windows Server 2012.

The network includes a Windows Server 2012 server named TK-File1. TK-File1 runs the File and
Storage Services server role.

You need to increase the file storage space on TK-File1. You attach four new physical hard disks
to TK-File1.

You need to configure the disks to ensure that no data is lost in the event of a single disk failure
while maximizing the storage space that can be used on the disks.

How should you configure the disks?

A. Create two storage pools each with two physical disks then create a storage space using the
mirror option.
B. Create a single storage pool using all four disks then create a storage space using the mirror
option.
C. Create a single storage pool using all four disks then create a storage space using the parity
option.
D. Create four storage pools each with one physical disk then create a storage space using the
parity option.

Answer: C
Explanation:

QUESTION NO: 35

Server 2012 Active Directory Domain Services (AD DS) domain named Testking.com. The
company has a main office and four branch offices. All offices are connected to each other by
reliable WAN links. All servers in the domain run Windows Server 2012.

The main office contains 5,000 computers. The branch offices each contain 400 computers.

You are planning to deploy Microsoft System Center 2012 Configuration Manager (SCCM) to
enable the centralized management of all computers on the network. You plan to install new
servers in each office to run SCCM components.

The main office will be configured as the Central Administration Site. You need to deploy the
appropriate SCCM component to the branch offices.

Which SCCM component is recommended in this scenario?

A. A primary site server running all SCCM roles.
B. A secondary site server running all SCCM roles.
C. A management point server.
D. A distribution point.

Answer: D
Explanation:

QUESTION NO: 36

You have recently implemented Microsoft System Center 2012 Virtual Machine Manager to
manage Windows Server 2012 Hyper-V host servers.

You are configuring Virtual Machine Manager Self-service Portal (VMMSSP) to enable the
deployment of Windows Server 2012 Virtual Machines (VMs).

You need to create to create a virtual machine template to deploy the Windows Server 2012 VMs.

Which three of the following components must be included in the VM template? (Choose three).

A. A Host Profile.
B. A Guest OS Profile.
C. A Hardware Profile.
D. An Application Profile.
E. A VHD.

Answer: B,C,E
Explanation:

QUESTION NO: 37

management of the companys Active Directory Domain Services (AD DS) domain.

You have recently upgraded the companys Windows Server 2008 R2 servers to Windows Server
2012. You now plan to deploy additional Windows Server 2012 servers.

You plan to use the Windows Assessment and Deployment Kit (Windows ADK) suite of tools and
the Windows Deployment Services (WDS) server role for the management and deployment of
server images to new servers.

By using Windows ADK and WDS, which of the following will you NOT be able to achieve?

A. You will not be able to add software packages to the server deployment images.
B. You will not be able to add drivers to the server deployment images.
C. You will not be able to perform Wake On LAN zero touch installations on bare-metal servers.
D. You will not be able modify the server deployment images.

Answer: C
Explanation:

QUESTION NO: 38


You are configuring Windows Deployment Services (WDS) to deploy 80 new Windows Server
2012 servers.

You plan to deploy 40 servers running the Full Installation of Windows Server 2012 and 40 servers
running the Server Core installation of Windows Server 2012.

Some servers running the full installation will be configured as Domain Controllers running the
Active Directory Domain Services and DNS Server roles.

The remaining servers running the full installation will be configured as file servers running the File
and Storage Services role.

Some servers running the server core installation will be configured virtual machine host servers
running the Hyper-V role.

The remaining servers running the server core installation will be configured as web servers
running the Web Server (IIS) role.

Which of the following describes the minimum number of images you need to create to deploy the
servers?

A. Two images in total - one image for the Full Installations and one image for the Server Core
Installations.
B. Two images in total - one image for the Domain Controllers and one image for all other
installations.
C. Three images in total - one image for the Domain Controllers, one image for the other Full
Installations and one image for the Server Core Installations.
D. Four images in total - one image for each server role configuration.
E. One image in total for all configurations.

Answer: E
Explanation:


QUESTION NO: 39


A Windows Server 2012 server named TK-Array1 is connected to an external disk storage array.
TK-Array1 runs the iSCSI Target Server role service.

You are configuring a new Windows Server 2012 file server named TK-File06. You need to
configure an area of storage on the storage array to appear as a local disk on TK-File06.

Which two of the following actions should you perform? (Choose two).

A. Configure a Storage Pool on TK-Array1.
B. Install the iSCSI Initiator Service on TK-File06.
C. Install the iSCSI Target Server role service on TK-File06.
D. Create an iSCSI Target on TK-Array1.
E. Create an iSCSI Target on TK-File06.

Answer: B,D
Explanation:

QUESTION NO: 40

Server 2012 Active Directory Domain Services (AD DS) domain named Testking.com.

The company has a main office in New York and branch offices in Miami, Dallas and Seattle. The
branch offices all connect to the main office by fast WAN links. An Active Directory Site exists for
each location. All servers in the domain run Windows Server 2012.

Each branch office has a single domain controller. The main office has eight domain controllers.

The domain controller in the Miami office is taken offline to have the hardware upgraded. You
discover that users logging in in the Miami office are being authenticated by the Seattle office
domain controller.

You need to ensure that branch office users are authenticated by main office domain controllers in
the event of a branch office domain controller going offline.

What should you do?

A. You should disable site link bridging.
B. You should modify the DNS service location (SRV) records for the branch office domain
controllers.
C. You should configure the DC Locator DNS records not registered by the DCs setting for the
branch office domain controllers.
D. You should configure the DC Locator DNS records not registered by the DCs setting for the
main office domain controllers.

Answer: C
Explanation:

QUESTION NO: 41

You have been hired to deploy an Active Directory forest for a new company.

The company has three offices. Each office has two subnets connected by a router. Each office
has 1000 employees. The three offices connect to each other using slow WAN links.

Your Active Directory design must minimize Active Directory replication traffic over the WAN links.
You also need to ensure that users in each office are authenticated by a domain controller in the
local office.

What should you include in your Active Directory design? (Choose two)

A. One Active Directory domain.
B. Three Active Directory domains.
C. Six Active Directory domains.
D. One Active Directory site.
E. Three Active Directory sites.
F. Six Active Directory sites.

Answer: B,E
Explanation:

QUESTION NO: 42

Server 2003 R2 Active Directory domain named Testking.com. All servers in the domain run
Windows Server 2003 R2.

The company has a main office in London. A domain controller named TK-LonDC1 in the London
office runs all the FSMO roles.

A branch office in Madrid is connected to the main office by a reliable WAN link. A server named
TK-MadDC1 is configured as a domain controller in the Madrid office.

The company plans to open a branch office in Barcelona. The Barcelona office connects to the
Madrid office by a reliable WAN link.

An Active Directory site exists for each of the three offices.

You plan to install a read-only domain controller (RODC) in the Barcelona office.

What would you need to do before you can deploy an RODC in the Barcelona office?

A. Replace TK-LonDC1 with a Windows Server 2012 domain controller.
B. Configure a site link between the Barcelona and London sites.
C. Replace TK-MadDC1 with a Windows Server 2012 domain controller.
D. Enable site link bridging in the Madrid site.

Answer: C
Explanation:

QUESTION NO: 43


You are configuring a Windows Server 2012 server named TK-Branch1 for a new branch office.
The branch office has a WAN connection to the main office. 20 users work in the branch office
and all have Windows 8 client computers.

The branch office has four network print devices. One of the functions of TK-Branch1 will be to
host shared printers for the branch office print devices.

You need to ensure that users in the branch office can still print if TK-Branch1 fails or is taken
offline for maintenance.

What should you configure?

A. Internet Printing.
B. Client-Side Rendering (CSR).
C. Printer pooling.
D. Branch Office Direct Printing.

Answer: D
Explanation:

QUESTION NO: 44

company has a main office and a branch office. The two offices are connected by a slow WAN
link.

All servers run Windows Server 2012 and all client computers run Windows 7 Professional. All
servers are located in the main office.

The main office contains a Windows Server 2012 server named TK-File1. TK-File1 runs the File
Services role and hosts shared folders for the main office users and the branch office users.

You experience problems with the WAN link due to the excessive bandwidth being used by branch
office client computers accessing files on TK-File1.

Which two of the following actions should you perform to minimize the bandwidth used by branch
office client computers accessing files on TK-File1? (Choose two).

A. Disable File Sharing on TK-File1.
B. Configure BranchCache on TK-File1.
C. Configure the Distributed File System (DFS) role on TK-File1.
D. Enable BranchCache is hosted cache mode on the branch office client computers.
E. Enable BranchCache is distributed cache mode on the branch office client computers.
Answer: B,E
Explanation:

QUESTION NO: 45


You want to delegate control of a custom task on several organizational units (OUs) to a user
named Mia. However you discover that the custom task that you want to delegate is not listed in
the list of tasks.

How can you add the custom task to the list of available tasks to delegate?

A. By adding Mia to the Schema Admins group in the domain.
B. By modifying the Active Directory Schema by adding a new class.
C. By adding an Administrative Template to the Central Policy Definitions Store.
D. By adding the custom task to the Delegwiz.inf file.

Answer: D
Explanation:

QUESTION NO: 46

You work as a Network Administrator at Testking.com. The network consists of a single Active
Directory Domain Services (AD DS) forest. The functional level of the forest is Windows Server
2003.

The forest contains several domains. All domain controllers in the forest run Windows Server
2008 or Windows Server 2008 R2. The functional level of each domain is Windows Server 2008.

You plan to deploy Windows Server 2012 Read Only Domain Controllers (RODCs) in a domain.
You run the adprep.exe /rodcprep command on a domain controller but receive the following error
message:

Adprep could not contact a replica for partition DC=DomainDnsZones,DC=Testking,DC=com

Adprep failed the operation on partition DC=DomainDnsZones,DC= Testking,DC=com Skipping to
next partition.

Adprep could not contact a replica for partition DC=ForestDnsZones,DC= Testking,DC=com

Adprep encountered an LDAP error. Error code: 0x0. Server extended error code: 0x0, Server
error message: (null).

Adprep failed the operation on partition DC=ForestDnsZones,DC= Testking,DC=com Skipping to
next partition.

Adprep completed with errors. Not all partitions are updated.

What should you do to resolve the error message?

A. You should raise the forest functional level to Windows Server 2008.
B. You should upgrade the domain controller hosting the Schema Master FSMO role to Windows
Server 2012.
C. You should raise the domain functional level of the domain in which you want to deploy the
RODC to Windows Server 2008 R2.
D. You should ensure that the domain controller on which you are running the Adprep /rodcprep
command can connect to the domain controller hosting the Infrastructure Master FSMO role in
each domain.

Answer: D
Explanation:

QUESTION NO: 47

functional level of the Testking.com domain and forest is Windows Server 2012.

You plan to create a second Active Directory forest for development purposes. The development
forest will contain several domains. The functional level of the development forest is Windows
Server 2003.

You need to configure Active Directory trusts to ensure that the Domain Admins group in the
Testking.com domain can manage group policy objects (GPOs) in all the domains in the
development forest. The number of trusts should be minimized.

How should you configure the trusts?

A. You should configure a one-way shortcut trust between every development domain and the
Testking.com domain.
B. You should configure a one-way external trust between the root domain in the development
forest and the Testking.com domain.
C. You should configure a one-way forest trust where the development forest trusts the
Testking.com forest.
D. You should configure a one-way forest trust where the Testking.com forest trusts the
development forest.
E. You should configure a two-way forest trust.

Answer: C
Explanation:

QUESTION NO: 48


Users in the domain have either portable laptop computers that they can take away from the office
or desktop computers that cannot be removed from the network. All client computers have
computer accounts located in an organizational unit (OU) named ClientsOU.

You need to enforce stricter security policies on the laptop computers than on the desktop
computers.

You configure a group policy object (GPO) with the required security settings for the laptops.

How can you ensure that the GPO is applied only to laptop computers?

A. By applying a WMI filter.
B. By modifying the permissions of the GPO.
C. By configuring loopback processing.
D. By modifying the GPO order of precedence.

Answer: A
Explanation:

QUESTION NO: 49


Users in the domain have portable laptop computers that run Windows 7. Client computers have
computer accounts spread across several organizational units (OUs).

Several group policy objects (GPOs) are applied at the domain level. A GPO named
AllClientsGPO contains settings that should be applied to the client computers.

The company opens a new Research department. All client computers in the Research
department have computer accounts in an OU named ResearchClients.

You configure a GPO named ResearchClientsGPO that has security settings for the client
computers in the Research department. You link the GPO to the Research OU.

You need to ensure that only AllClientsGPO and ResearchClientsGPO are applied to the client
computers in the Research department. No other GPOs linked at the domain level should apply to
the client computers in the Research department.

Which two of the following actions should you perform? (Choose two).

A. Select the Block Inheritance option on the ResearchClients OU.
B. Link ResearchClientsGPO to the domain.
C. Disable the domain-level link for AllClientsGPO and link it to the ResearchClients OU.
D. Enable the Enforced option on ResearchClientsGPO.
E. Enable the Enforced option on AllClientsGPO.

Answer: A,E
Explanation:

QUESTION NO: 50

You are deploying an Active Directory network for a company named Testking.com. The company
has an Internet accessible website named www.testking.com. The Testking.com domain is hosted
by the companys ISP. The Testking.com DNS zone contains many records for Internet
accessible resources.

You need to design an Active Directory infrastructure. You need to plan Active Directory forest
and domain names with a DNS infrastructure that enables users to resolve the names of Internet
resources that use the Testking.com DNS suffix.

Administrative effort associated with the management of DNS records should be minimized.

How should you configure the Active Directory?

A. You should create a single-domain forest named Testking.com.
B. You should create a single-domain forest named Testking.local.
C. You should create a forest with a root domain named Testking.local and a subdomain named
Testking.com.
D. You should create a forest with a root domain named Testking.com and a subdomain named
AD.Testking.com.

Answer: B
Explanation:


70 413

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

70 413

Uploaded by

Copyright:

Available Formats

Microsoft 70-413

Designing and Implementing a Server Infrastructure

You might also like