QUESTION 1
Your network consists of one Active directory domain. The functional level of the domain is Windows Server 2008 R2. Your company has three departments named Sales, Marketing, and Engineering. All users in the domain are in an organizational unit (OU) named AllUsers. You have three custom applications. You deploy all custom applications by using a Group Policy object (GPO) named Applnstall. The Sales department purchases a new application that is only licensed for use by the Sales department. You need to recommend a solution to simplify the distribution of the new application. The solution must meet the following requirements:
– The application must only be distributed to licensed users.
– The amount of administrative effort required to manage the users must remain unaffected.
– The three custom applications must be distributed to all existing and new users on the network.
What should you recommend?
A. Create a new child domain for each department and link the AppInstall GPO to each child domain. Create a new GPO. Link the new GPO to the Sales domain.
B. Create a new child OU for each department. Link the AppInstall GPO to the Marketing OU and the Engineering OU. Create a new GPO. Link the new GPO to the Sales OU.
C. Create a new group for each department and filter the AppInstall GPO to each group. Create a new GPO. Link the new GPO to the domain. Filter the new GPO to the Sales group.
D. Create a new group for each department. Filter the AppInstall GPO to the Marketing group and the Engineering group. Create a new GPO. Link the new GPO to the domain. Filter the new GPO to the Sales group.
Answer: C
QUESTION 2
Your network contains servers that run Windows Server 2008 R2 and client computers that run Windows 7. All network routers support IPsec connections. Client computers and servers use IPsec to connect through network routers. You have two servers named Server1 and Server2. Server1 has Active Directory Certificate Services (AD CS) installed and is configured as a certification authority (CA). Server2 runs Internet Information Services (IIS). You need to recommend a certificate solution for the network routers. The solution must meet the following requirements:
– Use the Simple Certificate Enrollment Protocol (SCEP).
– Enable the routers to automatically request certificates.
What should you recommend implementing?
A. certification authority Web enrollment services on Server2
B. Network Device Enrollment Service on Server2
C. Online Responder service on Server1
D. subordinate CA on Server1
Answer: B
QUESTION 3
Your network consists of one Active Directory domain. Your company uses a firewall to connect to the Internet. Inbound TCP/IP port 443 is allowed on the firewall. You have terminal servers on the internal network. You have one server on the internal network that has Terminal Services Gateway (TS Gateway) deployed. All servers run Windows Server 2008. You need to recommend a solution that enables remote users to access network resources by using TS Gateway. What should you recommend?
A. Change the firewall rules to permit traffic through port 3389 from the Internet.
B. Install the Terminal Services server role with the Terminal Services Web Access (TS Web Access) services role.
C. Install the Terminal Services server role with the Terminal Services Session Broker (TS Session Broker) services role.
D. Create a Terminal Services connection authorization policy (TS CAP) and a Terminal Services resource authorization policy (TS RAP).
Answer: D
QUESTION 4
Your network consists of one Active Directory forest that contains one root domain and 22 child domains. All domain controllers run Windows Server 2003. All domain controllers run the DNS Server service and host Active Directory-integrated zones. Administrators report that it takes more than one hour to restart the DNS servers. You need to reduce the time it takes to restart the DNS servers. What should you do?
A. Upgrade all domain controllers to Windows Server 2008.
B. Upgrade all domain controllers in the root domain to Windows Server 2008, and then set the functional level for the root domain to Windows Server 2008.
C. Deploy new secondary zones on additional servers in each child domain.
D. Change the Active Directory-integrated DNS zones to standard primary zones.
Answer: A
QUESTION 5
Your network consists of one Active Directory domain. All domain controllers run Windows Server 2008. You have file servers that run Windows Server 2008. Client computers run Windows Vista and UNIX-based operating systems. All users have both Active Directory user accounts and UNIX realm user accounts. Both environments follow identical user naming conventions. You need to provide the UNIX-based client computers access to the file servers. The solution must meet the following requirements:
– Users must only log on once to access all resources.
– No additional client software must be installed on UNIX-based client computers.
What should you do?
A. Create a realm trust so that the Active Directory domain trusts the UNIX realm.
B. Install an Active Directory Federation Services (AD FS) server that runs Windows Server 2008 R2
C. Enable the subsystem for UNIX-based applications on the file servers. Enable a Network File System (NFS) component on the client computers.
D. Enable the User Name Mapping component and configure simple mapping. Enable a Network File System (NFS) component on the servers.
Answer: D
QUESTION 6
Your Company has a main office and 10 branch offices. The network consists of one Active Directory domain. All domain controllers run Windows Server 2008 R2 and are located in the main office. Each branch office contains one member server. Branch office administrators in each branch office are assigned the necessary rights to administer only their member servers. You deploy one read-only domain controller (RODC) in each branch office. You need to recommend a security solution for the branch office Windows Server 2008 R2 domain controllers. The solution must meet the following requirements:
– Branch office administrators must be granted rights on their local domain controller only.
– Branch office administrators must be able to administer the domain controller in their branch office. This includes changing device drivers and running Windows updates.
What should you recommend?
A. Add each branch office administrator to the Administrators group of the domain.
B. Add each branch office administrator to the local Administrators group of their respective domain controller.
C. Grant each branch office administrator Full Control permission on their domain controller computer object in Active Directory.
D. Move each branch office domain controller computer object to a new organizational unit (OU). Grant each local administrator Full Control permission on the new OU.
Answer: B
QUESTION 7
Your network consists of one Active Directory domain. The functional level of the forest is Windows Server 2003. All domain controllers run Windows Server 2003. The relevant portion of the network is configured as shown in the exhibit. (Click the Exhibit button.)
The Bridge all site links option is enabled.
You need to ensure that domain controllers in the spoke sites can replicate with domain controllers in only the hub sites. The solution must ensure that domain controllers can replicate if a server fails in one of the hub sites.
What should you do?
A. Lower the site link costs between the spoke sites and the hub sites.
B. Disable the Bridge all site links option. Create site link bridges that include the site links between each spoke site and the hub sites.
C. Disable the Bridge all site links option. Install a writable domain controller that runs Windows Server 2008 in each hub site.
D. Enable the global catalog server attribute for all domain controllers in the hub sites. Upgrade all domain controllers in the spoke sites to Windows Server 2008.
Answer: B
QUESTION 8
Your company has 5,000 users. The network contains servers that run Windows Server 2008. You need to recommend a collaboration solution for the users to meet the following requirements: Support tracking of document version history. Enable shared access to documents created in Microsoft Office. Enable shared access to documents created by using Web pages. The solution must be achieved without requiring any additional costs. What should you recommend?
A. Install servers that run the Web Server role.
B. Install servers that run the Application Server role.
C. Install servers that run Microsoft Windows SharePoint Services (WSS) 3.0.
D. Install servers that run Microsoft Office SharePoint Server (MOSS) 2007.
Answer: C
QUESTION 9
Your Company has 10 offices. Each office has 10 domain controllers that run Windows Server 2008. The network consists of one Active directory domain. Each office has a local administrator. You use domain-level Group Policy objects (GPO). Office administrators have the necessary permissions to create and link domain-level Group Policy objects. You create custom Administrative Template (.admx) files locally on a computer that runs Windows Vista. You need to implement a GPO management strategy to ensure that the administrators can access the .admx files and any future updates to the .admx files from each office. The solution must ensure that .admx files remain identical across the company. What should you do?
A. In the domain, create a central store. Copy the custom .admx files to the central store.
B. In each office, create a central store on a file server. Copy the custom .admx files to the central store.
C. Create a GPO and link it to the domain. Add the .admx files to the GPO.
D. Create a GPO and link it to the Domain Controllers organizational unit (OU). Add the custom .admx files to the GPO.
Answer: A
QUESTION 10
Your network consists of one Active Directory domain. The network contains one Active Directory site. All domain controllers run Windows Server 2008. You create a second Active Directory site and plan to install a domain controller that runs Windows Server 2008 in the new site. You also plan to deploy a new firewall to connect the two sites. You need to enable the domain controllers to replicate between the two sites. Which traffic should you permit through the firewall?
A. LDAP
B. NetBIOS
C. RPC
D. SMTP
Answer: C
QUESTION 11
Your network consists of one Active Directory domain. All domain controllers run Windows Server 2008. You need to prepare the environment to provide a high-availability solution for a back-end Microsoft SQL Server 2005 data store. What should you do?
A. Install a Windows Server 2003 Network Load Balancing cluster.
B. Install a Windows Server 2008 Network Load Balancing cluster.
C. Install a Windows Server 2008 failover cluster that has shared storage.
D. Install a Windows Server 2008 failover cluster that has direct attached storage.
Answer: C
QUESTION 12
Your company has one main office and 10 branch offices. The network consists of one Active Directory domain. All domain controllers run Windows Server 2008 and are located in the main office. You plan to deploy one Windows Server 2008 domain controller in each branch office. You need to recommend a security solution for the branch office domain controllers. The solution must prevent unauthorized users from copying the Active Directory database from a branch office domain controller by starting the server from an alternate startup disk. What should you recommend on each branch office domain controller?
A. Enable the secure server IPsec policy.
B. Enable the read-only domain controller (RODC) option.
C. Enable Windows BitLocker Drive Encryption (BitLocker).
D. Enable an Encrypting File System (EFS) encryption on the %Systemroot%\NTDS folder.
Answer: C
QUESTION 13
Your network contains servers that run Windows Server 2008. Microsoft Windows SharePoint Services (WSS) are available on the network. WSS is only accessible from the internal network. Several users use devices that run Windows Mobile 6.0. The users can establish only HTTP and HTTPS sessions from the Internet. You need to enable users to access WSS from the Internet by using their Windows Mobile devices. The solution must ensure that all connections from the Internet to WSS are encrypted. What should you do?
A. Install Microsoft Internet Security and Acceleration (ISA) Server 2006 and create a HTTPS publishing rule.
B. Install Microsoft Internet Security and Acceleration (ISA) Server 2006 and create a Secure RPC publishing rule.
C. Install the Network Policy and Access Services (NPAS) role and enable Secure Socket Tunneling (SSTP) connections. Configure WSS to require Kerberos authentication.
D. Install the Network Policy and Access Services (NPAS) role and enable Secure Socket Tunneling (SSTP) connections. Configure WSS to require IPsec encryption.
Answer: A
QUESTION 14
Your company has one main office and 20 branch offices. Each office is configured as an Active Directory site. The network consists of one Active Directory domain. All servers run Windows Server 2008 R2 and all client computers run Windows 7. The main office contains three domain controllers. You need to deploy one domain controller in each branch office to meet the following requirements:
– Authentication to a main office domain controller must only occur if a local domain controller fails.
– Client computers in the main office must not authenticate to a domain controller office.
– Client computers in a branch office must not authenticate to a domain controller in another branch office.
– Client computers in each branch office must attempt to authenticate to the domain controller at their local site first.
What should you do first?
A. Associate the IP subnet of each branch office to the Active Directory site of the main office.
B. Select the read-only domain controller (RODC) option and the Global Catalog option when deploying the branch office domain controllers.
C. Create a Group Policy object (GPO) that applies to all branch office domain controllers and controls the registration of DNS service location (SRV) records.
D. Configure only the main office domain controllers as global catalog servers. Enable Universal Group Membership Caching in the Active Directory site for each branch office.
Answer: C
QUESTION 15
Your network consists of one Active Directory domain that contains only domain controllers that run Windows Server 2003. Your company acquires another company. You need to provide user accounts for the employees of the newly acquired company. The solution must support multiple account lockout policies. What should you do?
A. Implement Authorization Manager.
B. Implement Active Directory Federation Services (AD FS).
C. Upgrade one domain controller to Windows Server 2008. Raise the functional level of the domain to Windows Server 2003.
D. Upgrade all domain controllers to Windows Server 2008. Raise the functional level of the domain to Windows Server 2008.
Answer: D
QUESTION 16
Your network consists of one Active Directory forest that contains four Active Directory domains named Sales, Marketing, Finance, and IT. The Finance domain contains a domain controller that runs Windows Server 2008. The Sales, Marketing, and IT domains contain only domain controllers that run Windows Server 2003. You need to prepare the environment for the deployment of a read-only domain controller (RODC) in the Finance domain and in the IT domain. You must ensure that the RODC can advertise itself as a global catalog server. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Upgrade all DNS servers to Windows Server 2008.
B. Run adprep /domainprep on the Sales, Marketing, and IT domains.
C. Install a Windows Server 2008 writable domain controller in the IT domain.
D. Configure the Windows Server 2008 domain controller in the finance domain as a global catalog server.
Answer: BC
QUESTION 17
Your network consists of one Active Directory domain. The domain contains servers that run Windows Server 2008. The relevant servers are configured as shown in the following table. (Click the Exhibit)
All client computers run Windows Vista. You plan to deploy two Java-based applications on all client computers. The two applications each require a different version of the Java Runtime Environment (JRE). After testing, you notice that the two JREs prevent the applications from running on the same computer. You need to recommend a solution that enables the two Java-based applications to run on all client computers. What should you recommend?
A. Create two Windows Installer (MSI) packages that each contains one version of the JRE and one compatible application. On Server2, advertise both packages to all client computers.
B. Create two Windows Installer (MSI) packages that each contains one version of the JRE and one compatible application. On Server1, create a Group Policy object (GPO) that assigns both packages to all client computers.
C. Use the SoftGrid Sequencer to create two application packages that each contains one version of JRE and one compatible application. On Server3, stream both application packages to all client computers.
D. Install the two JRE versions and the two Java-based applications on Server4. Configure all client computers to connect to the Java-based applications by using Terminal Services RemoteApp (TS RemoteApp).
Answer: C
QUESTION 18
Your network consists of one Active Directory forest that contains two domains. All domain controllers run Windows Server 2003. The network contains file servers that run Windows Server 2003 R2. The files servers run DFS Replication. The forest root domain is named contoso.com and the child domain is named corp.contoso.com. You prepare the forest schema for the installation of domain controllers that run Windows Server 2008. You prepare the corp.contoso.com domain. You install a new domain controller that runs Windows Server 2008 on corp.contoso.com. You need to plan an Active Directory implementation to meet the following requirements:
– Enable DFS Replication support for SYSVOL on corp.contoso.com.
– Allow the installation of new domain controllers that run Windows Server 2003 in the forest root domain.
What should you include in your plan?
A. Upgrade all file servers to Windows Server 2008.
B. Run adprep /domainprep /gpprep on the corp.contoso.com domain and run adprep /domainprep on the contoso.com domain.
C. Upgrade all Windows Server 2003 domain controllers to Windows Server 2008. Raise the functional level of the forest to Windows Server 2008.
D. Upgrade the Windows Server 2003 domain controllers in corp.contoso.com to Windows Server 2008. Raise the corp.contoso.com domain functional level to Windows Server 2008.
Answer: D
QUESTION 19
Your Company has one main office and 50 branch offices. You have a wide area network (WAN) link that connects all branch offices to the main office. The network consists of 10 Active Directory domains. Users from all domains are located in the branch offices. You plan to configure each branch office as an Active Directory site. The domain is configured as shown in the exhibit. (Click the Exhibit button.)
You need to plan the deployment of domain controllers in the branch offices to meet the following requirements:
– Users must be able to log on if a WAN link fails.
– Minimize replication traffic between offices.
What should you include in your plan?
A. Implement a domain controller in each branch office. Enable Universal Group Membership Caching.
B. Implement a domain controller in each branch office. Configure DNS to use a single Active Directory-integrated zone.
C. Implement a domain controller in each branch office. Configure the domain controller as a global catalog server.
D. Implement a read-only domain controller (RODC) in each branch office. Configure the domain controller as a global catalog server.
Answer: A
QUESTION 20
Your Company has one main office and four branch offices. Each branch office has a read-only domain controller (RODC). The network consists of one Active Directory domain. All domain controllers run Windows Server 2008 R2. Some branch office users work in a department named Sales. Sales department users must be able to log on to all computers in their respective branch offices, even if a wide area network (WAN) link fails. The company security policy has the following requirements:
– User account passwords must be replicated to the minimum number of locations.
– A minimum number of passwords must be replicated to the branch office domain controllers. You need to configure a password replication policy that supports the company security policy.
What should you do?
A. Install a writable domain controller in all branch offices.
Create one global group that contains all Sales department users.
Create a fine-grained password policy and apply the policy to the group.
B. Install a writable domain controller in all branch offices.
Create one global group that contains the computers of all Sales department users.
Add the group to the Allowed RODC Password Replication Group in the domain.
C. Create one global group for each branch office that contains the Sales department users and computers in the corresponding branch office.
Add all groups to Windows Authorization Access Group in the domain.
D. Create one global group for each branch office that contains the Sales department users and computers in the corresponding office.
Add each group to the Password Replication Policy in the corresponding branch office.
Answer: D
Pass 70-647 Exam With Passleader 70-647 Exam Free Study Materials