You need to recommend a trust model. What should you include in the recommendation?
A. A one-way, forest trust that has selective authentication.
B. A one-way, external trust
C. A two-way, external trust
D. A one-way, forest trust that has domain-wide authentication.
Answer: A
Explanation: As users in the Montreal office is in a separate site, and they need access to only to some of the resources, the File01 file server in New York and the File02 file server in Chicago, we should use a one-way forest trust with selective authentication.
* When you enable the selective authentication feature of a forest trust relationship, users accessing cross-forest resources from one forest cannot authenticate to a domain controller or resource server (e.g., file server, print server) in the other forest unless they
are explicitly allowed to do so. Selective authentication lessens the attack surface by restricting the quantity of authentication requests that can pass through an interforest trust.
* From case study:
/ The Montreal site will have its own forest named montreal.proseware.com.
/ Users in the Montreal office must only be allowed to access shares that are located on File01 and File02. The Montreal users must be prevented from accessing any other servers in the proseware.com forest regardless of the permissions on the resources.
Reference: http://windowsitpro.com/security/selective-authentication
Question No : 2
You manage an Active Directory Domain Services forest that contains a root domain named contoso.com and a child domain named branch.contoso.com. You have three servers named SRV01, SRV02, and SRV03. All servers run Windows Server 2012 R2.
SRV01 and SRV02 are domain controllers for the domain contoso.com. SRV03 is the domain controller for branch.contoso.com. User accounts and resources exist in both domains. All resources in branch.contoso.com are physically located in a remote branch office.The remote branch office must be configured as Read-Only Domain Controller (RODC). The solution must minimize the impact on users and the number of servers deployed in the branch office. You need to configure the environment. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Ldidfe creates, modifies, and deletes directory objects. You can also use ldifde to extend the schema, export Active Directory user and group information to other applications or services, and populate Active Directory Domain Services (AD DS) with data from other directory services.
Box 2: We decommission the domain controller SRV03
Box 3: And make it a RODC instead.
Incorrect:
We should not use an additional server SRV04.
Get Daily 70-413 Exam
Updates - 70-413 Questions with Valid Answers - Dumps
Question No : 3
Your network contains servers that run Windows Server 2012. The network contains two servers named Server1 and Server2 that are connected to a SAS storage device. The device only supports two connected computers.Server1 has the iSCSI Target Server role service installed. Ten application servers use their iSCSI Initiator to connect to virtual disks in the SAS storage device via iSCSI targets on Server1. Currently, Server2 is used only to run backup software.
You install the iSCSI Target Server role service on Server2. You need to ensure that the iSCSI targets are available if Server1 fails. Which five actions should you perform? To answer, move the five appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Question No : 4
Your network contains an Active Directory domain named contoso.com. The domain contains an organizational unit (OU) named OU1.You have a Group Policy object (GPO) named GPO1 that is linked to contoso.com. GPO1 contains custom security settings.You need to design a Group Policy strategy to meet the following requirements:
✑ The security settings in GPO1 must be applied to all client computers.
✑ Only GPO1 and other GPOs that are linked to OU1 must be applied to the client computers in OU1.
What should you include in the design?More than one answer choice may achieve the goal. Select the BEST answer.
A. Enable the Block Inheritance option at the domain level. Enable the Enforced option on GPO1.
B. Enable the Block Inheritance option on OU1. Link GPO1 to OU1.
C. Enable the Block Inheritance option on OU1. Enable the Enforced option on all of the GPOs linked to OU1.
D. Enable the Block Inheritance option on OU1. Enable the Enforced option on GPO1.
Answer: D
Explanation:
* You can block inheritance for a domain or organizational unit. Blocking inheritance prevents Group Policy objects (GPOs) that are linked to higher sites, domains, or organizational units from being automatically inherited by the child-level.
* GPO links that are enforced cannot be blocked from the parent container.
2018 70-413 Real
Exam Questions - Microsoft 70-413 Real Dumps Dumps4Download.us
Question No : 5
Your network contains an Active Directory domain named contoso.com. You plan to implement multiple DHCP servers.
An administrator named Admin1 will authorize the DHCP servers. You need to ensure that Admin1 can authorize the planned DHCP servers. To which container should you assign Admin1 permissions? To answer, select the appropriate node in the answer area.
Answer:
Explanation:
Authorization of DHCP server can only be performed by a domain user that has permissions to create objects in the Net services container in Active Directory. See how to delegate permissions to do this in active directory.
Question No : 6
You manage a server infrastructure for a software development company. There are 30 physical servers distributed across 4 subnets, and one Microsoft Hyper-V cluster that can run up to 100 virtual machines (VMs). You configure the servers to receive the IP address from a DHCP server named SERVER1 that runs Microsoft Windows Server 2012 R2. You assign a 30-day duration to all DHCP leases. Developers create VMs in the environment to test new software. They may create VMs several times each week. Developers report that some new VMs cannot acquire IP address. You observe that the DHCP scope is full and delete non-existent devices manually. All physical servers must keep their current DHCP lease configuration.
You need to ensure that the DHCP lease duration for VMs is 8 hours.What should you configure?
A. 4 server-level Allow filters
B. 1 server-level DHCP policy
C. 1 scope-level DHCP policy
D. 4 scope-level exclusion ranges
Answer: B
Explanation: We should use a server level DHCP policy as they apply to all DHCP clients.
Note: Polices can apply at the server level or the scope level. Server level policies are processed for all DHCP client requests received by the server. Scope level policies are processed only for DHCP client requests that apply to a specific scope.
Reference: Introduction to DHCP Policies
https://technet.microsoft.com/en-us/library/dn425039.aspx
[Prepare your
Microsoft 70-483] Exam In Just One Day with Valid Dumps Provided By
Dumps4download.us
Question No : 7
Your network contains 50 servers that run Windows Server 2003 and 50 servers that run Windows Server 2008. You plan to implement Windows Server 2012.You need to create a report that includes the following information:
✑ The servers that run applications and services that can be moved to Windows Server 2012
✑ The servers that have hardware that can run Windows Server 2012
✑ The servers that are suitable to be converted to virtual machines hosted on HyperV hosts that run Windows Server 2012
What should you do?
A. From an existing server, run the Microsoft Application Compatibility Toolkit (ACT).
B. Install Windows Server 2012 on a new server, and then run the Windows Server Migration Tools.
C. Install Windows Server 2012 on a new server, and then run Microsoft Deployment Toolkit (MDT) 2012.
D. From an existing server, run the Microsoft Assessment and Planning (MAP) Toolkit.
Answer: D
Explanation:
The Microsoft Assessment and Planning Toolkit (MAP) is an agentless, automated, multiproduct planning and assessment tool for quicker and easier desktop, server and cloud migrations. MAP provides detailed readiness assessment reports and executive proposals with extensive hardware and software information, and actionable recommendations to help organizations accelerate their IT infrastructure planning process, and gather more detail on assets that reside within their current environment. MAP also provides server utilization data for Hyper-V server virtualization planning; identifying server placements, and performing virtualization candidate assessments, including ROI analysis for server consolidation with Hyper-V.The latest version of the MAP Toolkit adds new scenarios to help you plan your IT future while supporting your current business needs. Included scenarios help you to:Plan your deployment of Windows 8 and Windows Server 2012 with hardware and infrastructure readiness assessments Assess your environment for Office 2013 Plan your migration to Windows Azure Virtual Machines Track Lync Enterprise/Plus usage Size your desktop virtualization needs for both Virtual Desktop Infrastructure (VDI) and session based virtualization using Remote Desktop Services Ready your information platform for the cloud with SQL Server 2012 Virtualize your existing Linux servers onto Hyper-V Identify opportunities to lower your virtualization costs with Hyper-V using the VMware migration assessment MAP is just one of the tools provided by the Microsoft Solution Accelerators team. The Microsoft Assessment and Planning Toolkit, Microsoft Deployment Toolkit, and Security Compliance Manager provide tested guidance and automated tools to help organizations plan, securely deploy, and manage new Microsoft technologies—easier, faster, and at less cost. All are freely available, and fully-supported by Microsoft.
Reference: Microsoft Assessment and Planning Toolkit
https://msdn.microsoft.com/en-us/library/bb977556.aspx
Question No : 8
Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the DHCP Server server role installed. The network contains a Virtual Desktop Infrastructure (VDI). All virtual machines run Windows 8.You identify the following requirements for allocating IPv4 addresses to client computers:All virtual desktops must have static IP addresses.All laptop computers must receive dynamic IP addresses.All virtual desktops must be prevented from obtaining dynamic address.You need to recommend a DHCP solution that meets the requirements for allocating IPv4 addresses.The solution must use the least amount of administrative effort.What should you recommend?More than one answer choice may achieve the goal. Select the BEST answer.
A. Configure DHCP filtering.
B. Configure DHCP policies.
C. Create two physical subnets. Connect the laptop computers to the subnet that contains Server1.
D. Create two physical subnets. Configure 802.1X authentication for each subnet.
Answer: B
Explanation:
The DHCP Server role in Windows Server 2012 introduces a new feature that allows you to create IPv4 policies that specify custom IP address and option assignments for DHCP clients based on a set of conditions. The policy based assignment (PBA) feature allows you to group DHCP clients by specific attributes based on fields contained in the DHCP client request packet. PBA enables targeted administration and greater control of the configuration parameters delivered to network devices with DHCP.
Example: In a subnet which has a mix of wired and mobile computers, you might want to assign a shorter, 4 hour lease duration to mobile computers and longer, 4 day lease duration to wired computers.
Incorrect:
not A: DHCP filtering provides security by filtering untrusted DHCP messages. An untrusted message is a message that is received from outside the network or firewall, and that can cause traffic attacks within network.
Reference: Introduction to DHCP Policies
https://technet.microsoft.com/en-us/library/dn425039.aspx
Make Your Exam
Preparation With Dumps4download.us Smart Verified Dumps
Question No : 9
Your network contains an Active Directory forest named corp.contoso.com. All servers run Windows Server 2012.The network has a perimeter network that contains servers that are accessed from the Internet by using the contoso.com namespace.The network contains four DNS servers. The servers are configured as shown in the following table.
All of the client computers on the perimeter network use Server1 and Server2 for name resolution. You plan to add DNS servers to the corp.contoso.com domain. You need to ensure that the client computers automatically use the additional name servers. The solution must ensure that only computers on the perimeter network can resolve names in the corp.contoso.com domain.Which DNS configuration should you implement on Server1 and Server2? To answer, drag the appropriate DNS configuration to the correct location in the answer area. Each DNS configuration may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content.
Answer:
Explanation:
* stub zone
A Stub Zones allows an organization to resolve names to a private namespace or speed up name resolution to a public namespace without the use of Conditional Forwarders or Secondary Zones. DNS Stub Zones in each domain will be configured to forward request for the other organization name space to a DNS server that is authoritative. All other names needing resolved will use the default name resolution method.
Question No : 10
Your network contains 50 servers that run Windows Server 2003 and 50 servers that run Windows Server 2008.You plan to implement Windows Server 2012 R2.You need to create a report that includes the following information:
✑ The servers that run applications and services that can be moved to Windows
Server 2012 R2
✑ The servers that have hardware that can run Windows Server 2012 R2
✑ The servers that are suitable to be converted to virtual machines hosted on HyperV
hosts that run Windows Server 2012 R2
Solution: You install Windows Server 2012 R2 on a new server, and then you run the Windows Server Migration Tools. Does this meet the goal?
A. Yes
B. No
Answer: B
