2017 May Microsoft Official New Released 70-743 Dumps in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
How to 100% pass 70-743 exam? Lead2pass provides the guaranteed 70-743 exam dumps to boost up your confidence in 70-743 exam. Successful candidates have provided their reviews about our 70-743 dumps. Now Lead2pass supplying the new version of 70-743 VCE and PDF dumps. We ensure our 70-743 exam questions are the most complete and authoritative compared with others’, which will ensure your 70-743 exam pass.
Following questions and answers are all new published by Microsoft Official Exam Center: http://www.lead2pass.com/70-743.html
QUESTION 61
In this section, you’ll see one or more sets of questions with the same scenario and problem.
Each question presents a unique solution to the problem, and you must determine whether the solution meets the stated goals. Any of the solutions might solve the problem. 
It is also possible that none of the solutions solve the problem.
Once you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear in the review screen.
Note: This question is part of a series of questions that present the same scenario. 
Each question in the series contains a unique solution. 
Determine whether the solution meets the stated goals. 
Your network contains an Active Directory domain named contoso.com. 
The domain contains a DNS server named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration.
 
You need to prevent Server1 from resolving queries from DNS clients located on Subnet4. Server1 must resolve queries from all other DNS clients
Solution: From the Security setting of each zone on Server1, you modify the permissions. 
Does this meet the goal?
A.    Yes
B.    No
Answer: B
QUESTION 62
In this section, you’ll see one or more sets of questions with the same scenario and problem.
Each question presents a unique solution to the problem, and you must determine whether the solution meets the stated goals. Any of the solutions might solve the problem. 
It is also possible that none of the solutions solve the problem.
Once you answer a question in this section, you will NOT be able to return to it. 
As a result, these questions will not appear in the review screen
Note: This question is part of a series of questions that present the same scenario. 
Each question in the series contains a unique solution. 
Determine whether the solution meets the stated goals. 
Your network contains an Active Directory domain named contoso.com. 
The domain contains a DNS server named Server1. 
All client computers run Windows 10.
On Server1, you have the following zone configuration.
 
You need to prevent Server1 from resolving queries from DNS clients located on Subnet4 Server1 must resolve queries from all other DNS clients.
Solution: From Windows Firewall with Advanced Security on Server1, you create an inbound rule. Does this meet the goal?
A.    Yes
B.    No
Answer: A
QUESTION 63
In this section, you’ll see one or more sets of questions with the same scenario and problem.
Each question presents a unique solution to the problem, and you must determine whether the solution meets the stated goals. Any of the solutions might solve the problem. 
It is also possible that none of the solutions solve the problem.
Once you answer a question in this section, you will NOT be able to return to it. 
As a result, these questions will not appear in the review screen.
Note: This question is part of a series of questions that present the same scenario. 
Each question in the series contains a unique solution. 
Determine whether the solution meets the stated goals. 
Your network contains an Active Directory domain named contoso.com. 
The domain contains a DNS server named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration.
 
You need to prevent Server1 from resolving queries from DNS clients located on Subnet4. Server1 must resolve queries from all other DNS clients.
Solution: From a Group Policy object (GPO) in the domain, you modify the Network List Manager Policies.
Does this meet the goal?
A.    Yes
B.    No
Answer: B
QUESTION 64
In this section, you’ll see one or more sets of questions with the same scenario and problem.
Each question presents a unique solution to the problem, and you must determine whether the solution meets the stated goals. Any of the solutions might solve the problem.
It is also possible that none of the solutions solve the problem.
Once you answer a question in this section, you will NOT be able to return to it. 
As a result, these questions will not appear in the review screen
Note: This question is part of a series of questions that present the same scenario. 
Each question in the series contains a unique solution. 
Determine whether the solution meets the stated goals. 
Your network contains an Active Directory domain named contoso.com. 
The domain contains a DNS server named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration.
 
You need to prevent Server1 from resolving queries from DNS clients located on Subnet4. Server1 must resolve queries from all other DNS clients.
Solution: From Windows PowerShell on Server1, you run the Add-DnsServerTrustAnchor cmdtel.
Does this meet the goal?
A.    Yes
B.    No
Answer: B
Explanation:
The Add-DnsServerTrustAnchor command adds a trust anchor to a DNS server. A trust anchor (or trust “point”) is a public cryptographic key for a signed zone. Trust anchors must be configured on every non-authoritative DNS server that will attempt to validate DNS data. Trust Anchors have no direct relation to DSSEC validation.
References:
https://technet.microsoft.com/en-us/library/jj649932.aspx
https://technet.microsoft.com/en-us/library/dn593672(v=ws.11).aspx
QUESTION 65
In this section, you’ll see one or more sets of questions with the same scenario and problem.
Each question presents a unique solution to the problem, and you must determine whether the solution meets the stated goals. Any of the solutions might solve the problem.
It is also possible that none of the solutions solve the problem.
Once you answer a question in this section, you will NOT be able to return to it. 
As a result, these questions will not appear in the review screen.
Note: This question is part of a series of questions that present the same scenario. 
Each question in the series contains a unique solution. Determine whether the solution meets the stated goals. 
Your network contains an Active Directory domain named contoso.com. 
The domain contains a DNS server named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration.
 
You need to prevent Server1 from resolving queries from DNS clients located on Subnet4.
Server1 must resolve queries from all other DNS clients.
Solution: From Windows PowerShell on Server1, you run the Export-DnsServerDnsSecPublicKey cmdlet.
Does this meet the goal?
A.    Yes
B.    No
Answer: B
QUESTION 66
In this section, you’ll see one or more sets of questions with the same scenario and problem.
Each question presents a unique solution to the problem, and you must determine whether the solution meets the stated goals.
Any of the solutions might solve the problem.
It is also possible that none of the solutions solve the problem.
Once you answer a question in this section, you will NOT be able to return to it.
As a result. These questions will not appear in the review screen.
Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution Determine whether the solution meets the stated goals.
Your network contains an Active Directory forest named contoso.com. 
The forest contains a member server named Server1 that runs Windows Server 2016.
All domain controllers run Windows Server 2012 R2.
Contoso com has the following configuration.
 
You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device registration.
You need to configure Active Directory to support the planned deployment. 
Solution: You raise the forest functional level to Windows Server 2012 R2.
Does this meet the goal?
A.    Yes
B.    No
Answer: B
Explanation:
Windows Server 2016 Domain controller is required for Device Registration for Servers that run Windows Server 2016.
References: https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/operations/configure-device-based-conditional-access-on-premises
QUESTION 67
Your Network contains oneActive Directory domain named contoso.com.
You pilot DirectAccess on the network.
During the pilot deployment, you enable DirectAccess only for a group Contoso\Test Computers.
Ones the pilot is complete, you need to enable DirectAccess for all the client computers in the domain.
What should you do?
A.    From Windows PowerShell, run the Ser-DAClient cmdlet.
B.    From Windows PowerShell, run the Ser-DirectAccess cmdlet.
C.    From Active Directory Users and Computers, modify the membership of the Windows Authorization Access Group.
D.    From Group Policy Management, modify the security filtering of an object named Direct Access Client Setting Group Policy.
Answer: D
QUESTION 68
You have a server named Server1.
You enable BitLocker Drive Encryption (BitLocker) on Server1. 
You need to change the password for the Trusted Platform Module (TPM) chip.
What should you run on Server1?
A.    Initialize-Tpm
B.    Import-TpmOwnerAuth
C.    repair-bde.exe
D.    bdehdcfg-exe
Answer: B
QUESTION 69
Server1 download update from microsoft update.
You have Server2 that must syncronize update from Server1.
Have firewall separate between Server1 and Server2.
Which port should to open on Server2 to syncronize ?
A.    80
B.    443
C.    3389
D.    8530
Answer: D
QUESTION 70
Active Directory Recycle Bin is enabled.
You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1 an hour ago.
You need to restore the membership of Group1.
What should you do?
A.    Perform tombstone reanimation.
B.    Export and import data by using Dsamain.
C.    Perform a non-authoritative restore.
D.    Recover the items by using Active Directory Recycle Bin.
Answer: D
QUESTION 71
In this section, you’ll see one or more sets of questions with the same scenario and problem.
Each question presents a unique solution to the problem, and you must determine whether the solution meets the stated goals. Any of the solutions might solve the problem.
It is also possible that none of the solutions solve the problem.
Once you answer a question in this section, you will NOT be able to return to it. 
As a result, these questions will not appear in the review screen.
Note: This question is part of a series of questions that present the same scenario. 
Each question in the series contains a unique solution. Determine whether the solution meets the stated goals. 
Your network contains an Active Directory domain named contoso.com. 
The domain contains a DNS server named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration
 
You need to ensure that all of the client computers in the domain perform DNSSEC validation for the fabrikam.com namespace.
Solution: From a Group Policy object (GPO) in the domain, you add a rule to the Name Resolution Policy Table (NRPT).
Does this meet the goal?
A.    Yes
B.    No
Answer: A
Explanation:
The NRPT stores configurations and settings that are used to deploy DNS Security Extensions (DNSSEC), and also stores information related to DirectAccess, a remote access technology.
Note: The Name Resolution Policy Table (NRPT) is a new feature available in Windows Server 2008 R2. The NRPT is a table that contains rules you can configure to specify DNS settings or special behavior for names or namespaces. When performing DNS name resolution, the DNS Client service checks the NRPT before sending a DNS query. If a DNS query or response matches an entry in the NRPT, it is handled according to settings in the policy. Queries and responses that do not match an NRPT entry are processed normally.
References: https://technet.microsoft.com/en-us/library/ee649207(v=ws.10).aspx
QUESTION 72
Note: This question is part of a series of questions that use the same similar answer choices.
An answer choice may be correct for more than one question in the series.
Each question is independent of the other questions in this series. 
Information and details provided in a question apply only to that question.
You have a Hyper-V host named Server1 that runs Windows Server 2016. 
Server1 has a virtual machine that uses a virtual hard disK (VHD) named disk1.vhdx.
You receive the following warning message from Event Viewer: 
“One or more virtual hard disks have a physical sector size that is smaller than the physical sector size of the storage on which the virtual hard disk file is located.”
You need to resolve the problem that causes the warning message.
What should you run?
A.    the Mount-VHD cmdlet
B.    the Diskpart command
C.    the Set-VHD cmdlet
D.    the Set-VM cmdlet
E.    the Set-VMHost cmdlet
F.    the Set-VMProcessor cmdlet
G.    the Install-Windows Feature cmdlet
H.    the Optimize-VHD cmdlet
Answer: C
Explanation:
Issue
One or more virtual hard disks have a physical sector size that is smaller than the physical sector size of the storage on which the virtual hard disk file is located.
Resolution
Do one of the following:
* Perform a storage migration to move the virtual hard disk to a new physical system
* Use a registry setting to enable a VHD-format virtual hard disk to report a physical sector size of 4k
* Use Windows PowerShell or WMI to enable a VHDX-format virtual hard disk to report a specific sector size
The Set-VHD cmdlet sets the ParentPath or PhysicalSectorSizeBytes properties of a virtual hard disk. The two properties must be set in separate operations.
The Set-VHD -PhysicalSectorSizeBytes parameter specifies the physical sector size, in bytes. Valid values are 512 and 4096. This parameter is supported only on a VHDX-format disk that is not attached when the operation is initiated.
References:
https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/best-practices-analyzer/avoid-using-virtual-hard-disks-with-sector-size-less-than-size-of-physical
https://technet.microsoft.com/en-us/library/hh848561.aspx
QUESTION 73
You have an Active Directory domain that contains several Hyper-V hosts that run Windows Server 2016. 
You plan to deploy network virtualization and to centrally manage Datacenter Firewall policies. 
Which component must you install for the planned deployment?
A.    the Routing role service
B.    the Canary Network Diagnostics feature
C.    the Network Controller server role
D.    the Data Center Bridging feature
Answer: C
Explanation:
Using Windows PowerShell, the REST API, or a management application, you can use Network Controller to manage the following physical and virtual network infrastructure:
* Datacenter Firewall
This Network Controller feature allows you to configure and manage allow/deny firewall Access Control rules for your workload VMs for both East/West and North/South network traffic in your datacenter. The firewall rules are plumbed in the vSwitch port of workload VMs, and so they are distributed across your workload in the datacenter. Using the Northbound API, you can define the firewall rules for both incoming and outgoing traffic from the workload VM. 
You can also configure each firewall rule to log the traffic that was allowed or denied by the rule.
* Hyper-V VMs and virtual switches
* Remote Access Service (RAS) Multitenant Gateways, Virtual Gateways, and gateway pools
* Load Balancers
References: https://technet.microsoft.com/en-us/library/dn859239.aspx
QUESTION 74
You have a virtual machine named VM1 that runs Windows Server 2016. 
VM1 hosts a service that requires high network throughput.
VM1 has a virtual network adapter that connects to a Hyper-V switch named vSwitch1. vSwitch1 has one network adapter. The network adapter supports Remote Direct Memory Access (RMDA), the single root I/O virtualization (SR-IOV) interface, Quality of Service (QoS), and Receive Side Scaling (RSS). 
You need to ensure that the traffic from VM1 can be processed by multiple networking processors. Which Windows PowerShell command should you run in the host of VM1?
A.    Set-NetAdapterRss
B.    Set-NetAdapterRdma
C.    Set-NetAdapterSriov
D.    Set-NetAdapterQoS
Answer: A
Explanation:
The Set-NetAdapterRss cmdlet sets the receive side scaling (RSS) properties on a network adapter. RSS is a scalability technology that distributes the receive network traffic among multiple processors by hashing the header of the incoming packet. Without RSS Windows Server 2012/2016; network traffic is received on the first processor which can quickly reach full utilization limiting receive network throughput. Many properties can be configured using the parameters to optimize the performance of RSS. The selection of the processors to use for RSS is an important aspect of load balancing. Most of the parameters for this cmdlet help to determine the processors used by RSS.
QUESTION 75
You have a server named Server1 that runs Windows Server 2016. Server1 is a Hyper-V host that hosts a virtual machine named VM1.
Server1 has three network adapter cards that are connected to virtual switches named vSwitch1, vSwitch2 and vSwitch3.
You configure NIC Teaming on VM1 as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that VM1 will retain access to the network if a physical network adapter card fails on Server1.
What should you do?
A.    From Hyper-V Manager on Server1, modify the settings of VM1.
B.    From Windows PowerShell on VM1, run the Set-VmNetworkAdapterTeamMapping cmdlet.
C.    From Windows PowerShell on Server1, run the Set-VmNetworkAdapterFailoverConfiguration cmdlet.
D.    From Windows PowerShell on Server1, run the Set-VmSwitch cmdlet.
Answer: A
QUESTION 76
You have a server named Server1 that runs Windows Server 2016. 
You plan to deploy Internet Information Services (IIS) in a Windows container.
You need to prepare Server1 for the planned deployment.
Which three actions should you perform? Each correct answer presents part of the solution.
A.    Install the Container feature.
B.    Install Docker.
C.    Install the Base Container Images.
D.    Install the Web Server role.
E.    Install the Hyper-V server role.
Answer: ABC
Explanation:
Step 1 (A): The container feature needs to be enabled before working with Windows containers. To do so run the following command in an elevated PowerShell session.
Enable-WindowsOptionalFeature -Online -FeatureName containers -All 
Step 2 (B): Docker is required in order to work with Windows containers.
Note: First install the OneGet PowerShell module.
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force Next you use OneGet to install the latest version of Docker.
Install-Package -Name docker -ProviderName DockerMsftProvider 
Step 3 (C): Install Base Container Images
Windows containers are deployed from templates or images. Before a container can be deployed, a container base OS image needs to be downloaded. The following commands will download the Nano Server base image.
Pull the Nano Server base image.
docker pull microsoft/nanoserver
QUESTION 77
Your network contains an Active Directory domain. The domain contains two Hyper-V hosts.
You plan to perform live migrations between the hosts.
You need to ensure that the live migration traffic is authenticated by using Kerberos.
What should you do first?
A.    From Server Manager, install the Host Guardian Service server role on a domain controller.
B.    From Active Directory Users and Computers, add the computer accounts for both servers to the Cryptographic Operators group.
C.    From Active Directory Users and Computers, modify the Delegation properties of the computer accounts for both servers.
D.    From Server Manager, install the Host Guardian Service server role on both servers.
Answer: C
Explanation:
If you have decided to use Kerberos to authenticate live migration traffic, configure constrained delegation before you proceed to the rest of the steps.
To configure constrained delegation
Open the Active Directory Users and Computers snap-in.
From the navigation pane, select the domain and double-click the Computers folder.
From the Computers folder, right-click the computer account of the source server and then click 
Properties.
In the Properties dialog box, click the Delegation tab.
On the delegation tab, select Trust this computer for delegation to the specified services only. 
Under that option, select Use Kerberos only.
QUESTION 78
Hotspot Question
You have a four-node Hyper-V cluster named Cluster1.
A virtual machine named VM1 runs on Cluster1.
VM1 has a network adapter that connects to a virtual switch named Network1.
You need to prevent a network disconnection on VM1 from causing VM1 to move to another cluster node.
What command should you run? To answer, select the appropriate options in the answer area.
 
Answer: 
QUESTION 79
You have an Active Directory domain named Contoso.com. The domain contains servers named Server1, Server2 and Server3 that run Windows Server 2016.
Server1 and Server2 are nodes in a Hyper-V cluster named Cluster1. 
You add a Hyper-V Replica Broker role named Broker1 to Cluster1.
Server3 is a Hyper-V server. A virtual machine named VM1 runs on Server3. Live Migration is enabled on all three servers and it is configured to use Kerberos authentication only. 
You need to ensure that you can perform the migration of VM1 to Server2.
What should you do?
A.    Add the Server computer account to the Replicator group on Server1 and Server2.
B.    Modify the Delegation settings on the Server3 computer account.
C.    Modify the Storage Migration settings on Server3.
D.    Modify the Cluster permissions for Cluster1.
Answer: B
Explanation:
If you have decided to use Kerberos to authenticate live migration traffic, configure constrained delegation before you proceed to the rest of the steps.
To configure constrained delegation
Open the Active Directory Users and Computers snap-in. For example, to do this from Server 
Manager, select the server if it not already selected. After the server is selected, click Tools, and 
then click Active Directory Users and Computers. This opens the Active Directory Users and 
Computers snap-in.
From the navigation pane, select the domain and double-click the Computers folder.
From the Computers folder, right-click the computer account of the source server and then click 
Properties.
In the Properties dialog box, click the Delegation tab.
On the delegation tab, select Trust this computer for delegation to the specified services only. 
Under that option, select Use Kerberos only.
Click Add.
Etc.
References: https://technet.microsoft.com/en-us/library/jj134199(v=ws.11).aspx
QUESTION 80
Hotspot Question
You have a Windows Server 2016 failover cluster that has a cluster network named ClusterNetwork1. 
You need to ensure that ClusterNetwork1 is enabled for cluster communication only. 
What command should you run? To answer, select the appropriate options in the answer area.
 
Answer: 
 
Explanation:
Box 1: Get-ClusterNetwork
Cluster network roles can be changed using PowerShell command, Get-ClusterNetwork.
For example:
(Get-ClusterNetwork “Cluster Network 1”). Role =1
Box 2: Role
Cluster Network Roles:
Cluster networks are automatically created for all logical subnets connected to all nodes in the Cluster. Each network adapter card connected to a common subnet will be listed in Failover Cluster Manager.
Cluster networks can be configured for different uses.
Three roles:
* Disabled for Cluster Communication (value 0)
* Enabled for Cluster Communication only (value 1)
* Enabled for client and cluster communication (value 3)
References: https://blogs.technet.microsoft.com/askcore/2014/02/19/configuring-windows-failover-cluster- networks/
All the 70-743 braindumps are updated. Get a complete hold of 70-743 PDF dumps and 70-743 practice test with free VCE player through Lead2pass and boost up your skills.
Microsoft 70-743 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDWGpUeXZ3ZE9ZX3c
2017 Microsoft 70-743 exam dumps (All 97 Q&As) from Lead2pass:
http://www.lead2pass.com/70-743.html [100% Exam Pass Guaranteed]