2013 Latest MCSA 70-417 Exam Questions 46-50

Ensurepass

QUESTION 46
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named dc1.contoso.com.
You discover that the Default Domain Policy Group Policy objects (GPOs) and the Default Domain
Controllers Policy GPOs were deleted.
You need to recover the Default Domain Policy and the Default Domain Controllers Policy GPOs. What should you run?
A. dcgpofix.exe /target:domain
B. dcgpofix.exe /target:both
C. gpfixup.exe /oldnb:contoso/newnb:dc1
D. gpfixup.exe /dc:dc1.contoso.com
Correct Answer: B
Section: DC, AD, GPO & FSMO roles
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/cc739095(v=ws.10).aspx

QUESTION 47
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012.
Server1 has the Network Policy Server role service installed.
You plan to configure Server1 as a Network Access Protection (NAP) health policy server for VPN
enforcement by using the Configure NAP wizard.
You need to ensure that you can configure the VPN enforcement method on Server1 successfully. What should you install on Server1 before you run the Configure NAP wizard?
A. The Remote Access server role B. A system health validator (SHV) C. A computer certificate
D. The Host Credential Authorization Protocol (HCAP)
Correct Answer: C
Section: Network (DNS, DHCP, NIC teaming, IPAM, VPN, NAP, DirectAccess…) Explanation
Explanation/Reference:
http://technet.microsoft.com/fr-fr/library/dd314165%28v=ws.10%29.aspx
Configure Policies for VPN Enforcement
The NAP health policy server uses the Network Policy Server (NPS) role service with configured network policies, health policies, and system health validators (SHVs) to evaluate client health based on administrator-defined requirements. Based on the results of this evaluation, NPS instructs the virtual private network (VPN) server to provide full access to compliant NAP client computers and to restrict access to noncompliant client computers when NAP is deployed using full enforcement mode.
Remarque Before performing this procedure, you must install a certificate for Protected Extensible Authentication Protocol (PEAP) authentication. For more information, see Install a Computer Certificate for PEAP.
================= When running the wizard:

QUESTION 48
Your network contains an Active Directory domain named contoso.com. All client computers run Windows
8.
Your company has users who work from home. Some of the home users have desktop computers. Other home users have laptop computers.
All of the computers are joined to the domain.
All of the computer accounts are members of a group named Group1.
Currently, the home users access the corporate network by using a PPTP VPN.
You implement DirectAccess by using the default configuration and you specify Group1 as the
DirectAccess client group.
The home users who have desktop computers report that they cannot use DirectAccess to access the corporate network.
The home users who have laptop computers report that they can use DirectAccess to access the corporate network.
You need to ensure that the home users who have desktop computers can access the network by using
DirectAccess.
What should you modify?
A. The WMI filter for Direct Access Client Settings GPO
B. The conditions of the Connections to Microsoft Routing and Remote Access server policy
C. The membership of the RAS and IAS Servers group
D. The security settings of the computer accounts for the desktop computers
Correct Answer: A
Section: Network (DNS, DHCP, NIC teaming, IPAM, VPN, NAP, DirectAccess…) Explanation
Explanation/Reference:
The default settings includes creating a GPO that has a WMI filter for laptops only.

QUESTION 49
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com.
All of the DNS servers in both of the domains run Windows Server 2012. The network contains two servers named Server1 and Server2.
Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link.
Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com. You need to configure Server1 to support the resolution of names in fabrikam.com.
The solution must ensure that users in contoso.com can resolve names in fabrikam.com if the WAN link fails.
What should you do on Server1? A. Create a stub zone.
B. Create a secondary zone.
C. Add a forwarder.
D. Create a conditional forwarder.
Correct Answer: B
Section: Network (DNS, DHCP, NIC teaming, IPAM, VPN, NAP, DirectAccess…) Explanation
Explanation/Reference:
to me none of the answers is correct !
indeed, in spite of the correct comment below, zones here are AD-integrated zones, so no secondary zone is possible (and so far there’s nothing new about that in 2012)
but let’s say that a secondary zone is the only answer that meets the WAN link failure requirement.
so let’s imagine that they imply the modification of the zone type on Server2 to a standard primary zone first
(before configuring a secondary zone on server1)
=========
OLD EXPLANATIONS
http://technet.microsoft.com/en-us/library/cc771898(v=ws.10).aspx
Stub zone doesn’t host the records themselves
Forwarder and conditional forwarders simply give instructions on where to forward DNS requests to.

QUESTION 50
Your network contains an Active Directory domain named contoso.com. The domain contains a Web server named www.contoso.com. The Web server is available on the Internet.
You implement DirectAccess by using the default configuration. You need to ensure that users never attempt to connect to www.contoso.com by using DirectAccess.
The solution must not prevent the users from using DirectAccess to access other resources in contoso. com.
Which settings should you configure in a Group Policy object (GPO)? A. Network Connections
B. DirectAccess Client Experience Settings
C. DNS Client
D. Name Resolution Policy
Correct Answer: D
Section: Network (DNS, DHCP, NIC teaming, IPAM, VPN, NAP, DirectAccess…) Explanation
Explanation/Reference:
doubt about the requirement “The solution must not prevent the users from using DirectAccess to access other resources in contoso.com. ”
does NRPT allow this?
http://www.techrepublic.com/blog/10things/10-things-you-should-know-about-directaccess/1371
================
Notice this could have been Network connection :
BUT “The solution must not prevent the users from using DirectAccess to access other resources in contoso.com”

Download Ensurepass Latest 2013 MCSA 70-417 Real Exam Questions , help you to pass exam 100%.