Ensurepass

QUESTION 41
Your network contains an Active Directory domain named contoso.com.
You deploy several servers that have the Remote Desktop Session Host role service installed.
You have two organizational units (OUs). The OUs are configured as shown in the following table.
GPO1 contains the Folder Redirection settings for all of the users.
You need to recommend a solution to prevent the sales users’ folders from being redirected when the users log on to a Remote Desktop session.
What should you include in the recommendation?
A. From GPO2, set the loopback processing mode.
B. Apply a WMI filter to GP02.
C. Configure security filtering for GPO1.
D. From GPO1, set the loopback processing mode.
Correct Answer: A

QUESTION 42
Your network contains an Active Directory domain named contoso.com.
The functional level of the domain and the forest is Windows Server 2008 R2.
All domain controllers run Windows Server 2008 R2.
You plan to deploy a new line-of-business application named App1 that uses claims-based authentication. You need to recommend changes to the network to ensure that Active Directory can provide claims for
App1.
What should you include in the recommendation?
(Each correct answer presents part of the solution. Choose all that apply.)
A. Deploy Active Directory Lightweight Directory Services (AD LDS).
B. From the Default Domain Controllers Policy, enable the Support for Dynamic Access Control and
Kerberos armoring setting.
C. From the properties of the computer accounts of the domain controllers, enable Kerberos constrained delegation.
D. Raise the domain functional level to Windows Server 2012.
E. Add domain controllers that run Windows Server 2012.
Correct Answer: BDE

QUESTION 43
Your company has two divisions named Division1 and Division2.
The network contains an Active Directory domain named contoso.com.
The domain contains two child domains named division1.contoso.com and division2.contoso.com.
The company sells Division1 to another company.
You need to prevent administrators in contoso.com and division2.contoso.com from gaining administrative access to the resources in division1.contoso.com.
What should you recommend?
A. Create a new tree in the forest named contoso.secure. Migrate the resources and the accounts in division1.contoso.com to contoso.secure.
B. On the domain controller accounts in division1.contoso.com, deny the Enterprise Admins group the
Allowed to Authenticate permission.
C. Create a new forest and migrate the resources and the accounts in division1.contoso.com to the new forest.
D. In division1.contoso.com, remove the Enterprise Admins group from the Domain Admins group and remove the Enterprise Admins group from the access control list (ACL) on the division1.contoso.com domain object.
Correct Answer: C

QUESTION 44
Your network contains an Active Directory domain named contoso.com.
On several organizational units (OUs), an administrator named Admin1 plans to delegate control of custom tasks.
You need to ensure that Admin1 can delegate a custom task named Task1 by using the Delegation of
Control Wizard.
What should you do?
A. Add a new class to the Active Directory schema.
B. Configure a custom MMC console.
C. Modify the Delegwiz.inf file.
D. Configure a new authorization store by using Authorization Manager.
Correct Answer: C

QUESTION 45
Your network contains an Active Directory forest.
The forest contains two Active Directory domains named contoso.com and child.contoso.com.
The forest functional level is Windows Server 2003. The functional level of both domains is Windows
Server 2008.
The forest contains three domain controllers. The domain controllers are configured as shown in the following table.
DC1 and DC2 have the DNS Server server role installed and are authoritative for both contoso.com and child.contoso.com.
The child.contoso.com domain contains a server named serverl.child.contoso.com that runs Windows
Server 2012.
You plan to deploy server1.child.contoso.com as a read-only domain controller (RODC).
You run the adprep.exe /rodcprep command on DC3 and receive the following error message:
You need to identify what prevents you from successfully running Adprep /rodcprep on DC3. What should you identify?
A. The domain functional level of child.contoso.com is set to the wrong level.
B. DC3 cannot connect to the infrastructure master on DC2.
C. DC3 cannot connect to the domain naming master on DC1.
D. The forest functional level is set to the wrong level.
Correct Answer: B

Download the Ensurepass Latest 2013 70-413 Pass4Sure Free Tests to pass 70-413 Exam.

Comments are closed.