Issuu on Google+

Microsoft 70-646

Pro: Windows Server 2008, Server Administrator Version: Demo 65.2


Microsoft 70-646 Exam Topic 1, Mixed Questions

QUESTION NO: 1 Your network consists of a single Active Directory domain. The domain controllers run Windows Server 2008 R2. Your company's enterprise security policy states that the domain controllers cannot contain optical drives. You need to recommend a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. What should you recommend?

A. Use Windows Server Backup to back up each domain controller to a local disk. Create a Windows Recovery Environment (Windows RE) partition on each domain controller. B. Use Windows Server Backup to back up each domain controller to a local disk. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE). C. Use Windows Server Backup to back up each domain controller to a remote network share. Create a Windows Recovery Environment (Windows RE) partition on each domain controller. D. Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE). Answer: D Explanation:

Topic 2, Graphic Design Institute, Case A Scenario COMPANY OVERVIEW Graphic Design Institute is a training company that has a main office and 10 branch offices. The main office is located in Bangalore. PLANNED CHANGES Graphic Design Institute plans to implement the following changes: - Deploy a new two-node failover cluster that runs the Hyper-V server role on each node. - Ensure that intra-cluster network traffic is isolated from all other network traffic. - Implement Network Access Protection (NAP) for all of the client computers on the internal network and for all of the client computers that connect remotely.

"A Composite Solution With Just One Click" - Certification Guaranteed

2


Microsoft 70-646 Exam EXISTING ENVIRONMENT The relevant servers in the main office are configured as shown in the following table.

The server has the following configurations: - NPAS1 contains a static IP address pool, - Web1, Web2, and Web3host a copy of the corporate Web site. - Web1, Web2, and Web3 are located in the perimeter network and belong to a workgroup. All client computers run Windows XP Professional, Windows Vista Enterprise, or Windows 7 Enterprise, All client computers are members of the domain. Some users work remotely. To access the company's internal resources, the remote users use a VPN connection to NPAS1. Existing Active Directors/Directory Services The network contains a single-domain Active Directory forest named graphicdesigninstitute.com. The Active Directory Recycle Bin is enabled. Existing Network Infrastructure Graphic Design Institute has an internal network and a perimeter network. The network contains network switches and wireless access points (WAPs) from multiple vendors. Some of the network devices are more than 10 years old and do not support port-based authentication. TECHNICAL REQUIREMENTS All of the accounts used for administration must be assigned the minimum amount of permissions. Web1, Web2, and Web3 must have the identical configurations for the corporate Web site. The Web servers must contain a local copy of all the Web pages in the Web site. When a Web page is modified on any of the Web servers, the modifications must be copied automatically to all of the "A Composite Solution With Just One Click" - Certification Guaranteed

3


Microsoft 70-646 Exam Web servers. A user named Admin1 must be responsible for performing the following tasks: - Restarting all of the Web servers. - Backing up and restoring the files on all of the Web servers. A user named Admin2 must be responsible for performing the following tasks: - Backing up the Active Directory database. - Recovering deleted objects from the Active Directory Recycle Bin.

QUESTION NO: 2 You need to ensure that Web1, Web2, and Web3 download updates from WSUS1. What should you do?

A. Modify the Default Domain Policy Group Policy object (GPO). B. Modify the local computer policy on Web1, Web2, and Web3. C. Import a security policy template toWeb1, Web2, and Web3. D. Create a service location (SRV) record in the _msdcs.graphicsdesigninstitute.com DNS zone. Answer: B Explanation:

Topic 3, Baldwin Museum of Science Scenario: COMPANY OVERVIEW The Baldwin Museum of Science is an internationally renowned museum of science history. Physical Location The museum has a main office and a branch office named Branchl. The main office has 5,000 users. Branchl has 1,000 users. The main office connects to Branchl by using a WAN link. The WAN link is highly saturated.

"A Composite Solution With Just One Click" - Certification Guaranteed

4


Microsoft 70-646 Exam The museum has a sales department. All of the users in the sales department have client computers that run Windows XP Service Pack 3 (SP3). EXISTING ENVIRONMENT Active Directory Environment The network contains one Active Directory forest. The forest contains two domains named baldwinmuseumofscience.com and ad.baldwinmuseumofscience.com. All user accounts and computer accounts for all employees are in the ad.baldwinmuseumofscience.com domain. The organizational unit (OU) structure for ad.baldwinmuseumofscience.com is shown in the exhibit. (Click the Case Study Exhibits button.)

Network Infrastructure The network contains the following servers and applications: • Application servers that run either Windows Server 2003 Service Pack 2 (SP2), Windows Server 2008 SP2, or Windows Server 2008 R2.

"A Composite Solution With Just One Click" - Certification Guaranteed

5


Microsoft 70-646 Exam • A custom application named Appl that runs on all of the application servers. Appl writes events to the application log. • A line-of-business application named App2 that requires Internet Explorer 6. All of the users in the sales department run App2. • File servers that run Windows Server 2008 R2. The main office has the following: • A two-node failover cluster that runs Windows Server 2008 R2 and has the Hyper-V role installed and a Clustered Shared Volume. The failover cluster hosts four virtual machines (VM) that run Windows Server 2008 R2. The VMs are stored on the Clustered Shared Volume. Each VM runs Microsoft SQL Server 2008. • A server named Serverl that hosts two shared folders named Sharel and Share2. Sharel hosts 50,000 research documents that are shared by multiple users. Share2 hosts documents that are created by users in the sales department. Administration Model All users in Branch 1 are members of global groups and universal groups. The groups are located in an OU named Groups in the ad.baldwinmuseumofscience.com domain. REQUIREMENTS Planned Changes The Baldwin Museum of Science plans to implement a new branch office named Branch2. Branch2 wi and will be configured as a separate Active Directory site. Branch2 will be configured to meet the following requirements: • Minimize the cost of deploying new servers. • Contain only client computers that run Windows 7. • Connect to the main office by using a saturated WAN link. • Contain only servers that run Windows Server 2008 R2. The servers will be configured as either file servers or Web servers. The file shares on the file servers must be available if a single file server fails. In Branch2, if a single domain controller or a WAN link fails, users in the branch must be able to: • Change their passwords. "A Composite Solution With Just One Click" - Certification Guaranteed

6


Microsoft 70-646 Exam • Log on to their client computers. Technical Requirements The Baldwin Museum of Science must meet the following technical requirements: • Hardware and software costs must be minimized whenever possible. • All VMs must be backed up twice a day. • All VM backups must include the VM configuration information. • Events generated by Appl must be stored in a central location. • An administrator must be notified by e-mail when Appl generates an error. • The number of permissions assigned to help desk technicians must be minimized. • The help desk technicians must be able to reset the passwords and modify the membership of all users in Branchl. • If a user overwrites another user' s research document, the user must be able to recover a previous version of the document. • When users in the sales department work remotely, they must be able to access the files in Sharel in the minimum amount of time.

Security The Baldwin Museum of Science must meet the following security requirements: -

All scripts that run on production servers must be signed. Managers in Branchl must be allowed to access the Internet at all times. Web site administrators must not be required to log on interactively to Web servers. Users in Branchl must only be allowed to access the Internet between 12:00 and 13:00. Users and managers must be prevented from downloading executable files from the Internet. Administration of the corporate Web sites must support all bulk changes and scheduled content updates.

QUESTION NO: 3 You need to recommend a solution for controlling access to the Internet. The solution must meet the museum's security policy. What should you include in the recommendation?

"A Composite Solution With Just One Click" - Certification Guaranteed

7


Microsoft 70-646 Exam A. File Server Resource Manager (FSRM) file screens and Group Policy objects (GPOs) B. Microsoft Forefront Threat Management Gateway (TMG) 2010 C. Microsoft Forefront Unified Access Gateway (UAG) 2010 D. Windows Firewall with Advanced Security and Group Policy objects (GPOs) Answer: B Explanation:

Topic 4, Nothwind Traders Scenario COMPANY OVERVIEW Northwind Traders is an import/export company that has a main office and two branch offices. The main office is located in Toronto. The branch offices are located in Vancouver and Seattle. The main office has 2,000 users. Each branch office has 500 users. EXISTING ENVIRONMENT All client computers run Windows 7 Enterprise. All servers run Windows Server 2008 R2. All new servers are deployed by using Windows Deployment Services (WDS). Northwind Traders has multiple Hyper-V servers. The Hyper-V servers are managed by using Microsoft System Center Virtual Machine Manager (VMM). The perimeter network contains a standalone server. The server has the Active Directory Lightweight Directory Service (AD LDS) service role installed. AD LDS is administered on the server by using the Active Directory module for Windows PowerShell. All virtual machines (VMs) access iSCSI-based storage by using a Microsoft iSCSI Initiator installed on the VM. Existing Active Directory/Directory Services The network contains a single Active Directory forest named northwindtraders.com. The forest contains five Remote Desktop servers. All Remote Desktop servers are in an organizational unit (OU) named RD Servers. TECHNICAL REQUIREMENTS

"A Composite Solution With Just One Click" - Certification Guaranteed

8


Microsoft 70-646 Exam Northwind Traders must meet the following technical requirements: -

Minimize server downtime. Ensure that you can recover all of the data hosted on the VMs. Ensure that you can perform bare metal restores of the Hyper-V servers. Minimize the number of times a server restarts when it is deployed. Monitor the CPU utilization, memory utilization, and disk utilization of all the servers to analyze performance trends. - Ensure that a specific set of Group Policy settings are applied to users who use Remote Desktop to connect to the Remote Desktop servers. The settings must differ from those applied when the users log on locally to their own computers. - Copy a custom Microsoft Office Word dictionary to the computers in the legal department. Update the custom dictionary on a regular basis. Copy the updated version of the dictionary as soon as possible to the legal department computers.

QUESTION NO: 4 You need to recommend a strategy to ensure that the administration of AD LDS is encrypted. What should you include in the recommendation?

A. a server authentication certificate B. client authentication certificates C. Digest authentication D. Windows Integrated authentication Answer: A Explanation:

Topic 5, Trey Research

Scenario

COMPANY OVERVIEW Trey Research is a pharmaceutical company that has a main office and two branch offices. The main office is located in Denver. The branch offices are located in New York and Seattle. The main office has 10,000 users. Each branch office has approximately 200 users. PLANNED CHANGES "A Composite Solution With Just One Click" - Certification Guaranteed

9


Microsoft 70-646 Exam You plan to deploy a new application named Appl. App1 is developed in-house. The binary executables and support files for App1 contain sensitive intellectual property. Users must access App1 through document invocation. The users must be prevented from directly copying or accessing the App1 program files. EXISTING ENVIRONMENT The network contains a single Active Directory domain named treyresearch.com. All servers run Windows Server 2008 R2. All client computers run Windows 7 Enterprise. The network contains a Web server named Web1 that hosts an intranet site. All users use Web1. Users report that access to the content on Web1 is slow. You discover that the CPU utilization of Web1 is approximately 90 percent during peak hours. Microsoft System Center Configuration Manager is used to deploy updates to all of the client computers. Existing Network Infrastructure Each office has several file servers. The file servers have a limited amount of storage space. Users access the data on all of the file servers. Each branch office has a WAN link to the main office. Users in the branch office frequently access the file server in the main office. Current Administration Model All servers are currently administered remotely by using Remote Desktop. Help desk users perform the following administrative tasks in the domain: • Manage printers. • Create shared folders. • Manage Active Directory users. • Modify file permissions and share permissions. All of the help desk users are members of a global group named HelpDesk. Business Goals Trey Research has the following business goals:

"A Composite Solution With Just One Click" - Certification Guaranteed

10


Microsoft 70-646 Exam • Minimize the cost of making changes to the environment. • Minimize the cost of managing the network infrastructure and the servers REQUIREMENTS Technical Requirements Trey Research plans to Virtualize all of the servers during the next three years. Trey Research must meet the following technical requirements for virtualization: • Simplify the management of all hardware. • Allocate CPU resources between virtual machines (VMs). • Ensure that the VMs can connect to multiple virtual local area networks (VLANs). • Minimize the amount of administrative effort required to convert physical servers to VMs. Trey Research must ensure that users can access content in the shared folders if a single server fails. The solution must also reduce the amount of bandwidth used to access the shared folders from the branch offices. Trey Research must meet the following technical requirements for the intranet site: • Improve response time for users. • Provide redundancy if a single server fails. Security Requirements A new corporate security policy states that only Enterprise Administrators are allowed to interactively log on to servers. User Requirements Users report that it is difficult to locate files in the shared folders across the network. The users want a single point of access for all of the shared folders in the company.

QUESTION NO: 5 You need to identify each help desk user who bypasses the new corporate security policy. "A Composite Solution With Just One Click" - Certification Guaranteed

11


Microsoft 70-646 Exam What should you do?

A. Configure Audit Special Logon and define Special Groups. B. Configure Audit Other Privilege Use Events and define Special Groups. C. Configure Audit Sensitive Privilege Use and configure auditing for the HelpDesk group. D. Configure Audit Object Access and modify the auditing settings for the HelpDesk group. Answer: A Explanation:

Topic 1, Mixed Questions

QUESTION NO: 6 Your network contains two servers that run the Server Core installation of Windows Server 2008 R2. The two servers are part of a Network Load Balancing cluster. The cluster hosts a Web site. Administrators use client computers that run Windows 7. You need to recommend a strategy that allows the administrators to remotely manage the Network Load Balancing cluster. Your strategy must support automation. What should you recommend?

A. On the servers, enable Windows Remote Management (WinRM). B. On the servers, add the administrators to the Remote Desktop Users group. C. On the Windows 7 client computers, enable Windows Remote Management (WinRM). D. On the Windows 7 client computers, add the administrators to the Remote Desktop Users group. Answer: A Explanation:

QUESTION NO: 7

"A Composite Solution With Just One Click" - Certification Guaranteed

12


Microsoft 70-646 Exam A company has a single Active Directory Domain Services (AD DS) domain. Each department within the company has its own organizational unit (OU). All client computers run Windows 7 Enterprise Edition and Microsoft Office 2010. The company wants to restrict access to some Office 2010 features. They develop a standard list of corporate restrictions. You have the following requirements: - Apply the corporate restrictions to all existing and future departments. - Ensure that specific restrictions can be added or removed for individual departments. - Ensure that the corporate restrictions are not applied to users and computers in the built-in Active Directory containers. - Minimize administrative effort for applying restrictions to future departments. You need to recommend a Group Policy object (GPO) deployment that meets the requirements. What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.) A. Create a GPO that contains the corporate restrictions and link it to the domain. Install the Office 2010 Group Policy Administrative Template settings. Create a separate GPO for each department that deploys and configures Office 2010. B. Install the Office 2010 Group Policy Administrative Template settings. Create a Starter GPO that contains the corporate restrictions. Create a separate GPO based on the Starter GPO for each department that deploys and configures Office 2010. C. Install the Office 2010 Resource Kit and create a custom transform (.mst) file for each department. Create a Starter GPO that contains the corporate restrictions. Create a separate GPO based on the Starter GPO for each department that deploys Office 2010 by using the transform file. D. Install the Office 2010 Resource Kit and create custom installer files for each department. Create a GPO that contains the corporate restrictions and link it to the domain. Create a separate GPO for each department that deploys the installer files, Answer: B Explanation:

QUESTION NO: 8 Your company has a main office and a branch office. Your network contains a single Active Directory domain. An Active Directory site exists for each office. All domain controllers run Windows Server 2008 R2. "A Composite Solution With Just One Click" - Certification Guaranteed

13


Microsoft 70-646 Exam You plan to modify the DNS infrastructure. You need to plan the new DNS infrastructure to meet the following requirements:

路Ensure that the DNS service is available even if a single server fails 路Encrypt the synchronization data that is sent between DNS servers 路Support dynamic updates to all DNS servers What should you include in your plan?

A. Install the DNS Server server role on two servers. Create a primary zone on the DNS server in the main office. Create a secondary zone on the DNS server in the branch office. B. Install the DNS Server server role on a domain controller in the main office and on a domain controller in the branch office. Configure DNS to use Active Directory integrated zones. C. Install the DNS Server server role on a domain controller in the main office and on a Readonly Domain Controller (RODC) in the branch office. Configure DNS to use Active Directory integrated zones. D. Install the DNS Server server role on two servers. Create a primary zone and a GlobalNames zone on the DNS server in the main office. Create a GlobalNames zone on the DNS server in the branch office. Answer: B Explanation:

QUESTION NO: 9 Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. There are five servers that run Windows Server 2003 SP2. The Windows Server 2003 SP2 servers have the Terminal Server component installed. A firewall server runs Microsoft Internet Security and Acceleration (ISA) Server 2006. All client computers run Windows 7. You plan to give remote users access to the Remote Desktop Services servers. You need to create a remote access strategy for the Remote Desktop Services servers that meets the following requirements: - Minimizes the number of open ports on the firewall server - Encrypts all remote connections to the Remote Desktop Services servers - Prevents network access to client computers that have Windows Firewall disabled What should you do? "A Composite Solution With Just One Click" - Certification Guaranteed

14


Microsoft 70-646 Exam

A. Implement port forwarding on the ISA Server. Implement Network Access Quarantine Control on the ISA Server. B. Upgrade a Windows Server 2003 SP2 server to Windows Server 2008 R2. On the Windows Server 2008 R2 server, implement the Remote Desktop Gateway (RD Gateway) role service, and implement Network Access Protection (NAP). C. Upgrade a Windows Server 2003 SP2 server to Windows Server 2008 R2. On the Windows Server 2008 R2 server, implement the Remote Desktop Gateway (RD Gateway) role service, and configure a Remote Desktop connection authorization policy (RD?CAP). D. Upgrade a Windows Server 2003 SP2 server to Windows Server 2008 R2. On the Windows Server 2008 R2 server, implement the Remote Desktop Gateway (RD Gateway) role service, and configure a Remote Desktop resource authorization policy (RD RAP). Answer: B Explanation:

QUESTION NO: 10 Your network contains a single Active Directory domain. All domain controllers run Windows Server 2008 R2. There are 1,000 client computers that run Windows 7 and that are connected to managed switches. You need to recommend a strategy for network access that meets the following requirements:

路Users are unable to bypass network access restrictions. 路Only client computers that have uptodate service packs installed can access the network. 路Only client computers that have uptodate antimalware software installed can access the network. What should you recommend?

A. Implement Network Access Protection (NAP) that uses DHCP enforcement. B. Implement Network Access Protection (NAP) that uses 802.1x enforcement. C. Implement a Network Policy Server (NPS), and enable IPsec on the domain controllers. D. Implement a Network Policy Server (NPS), and enable Remote Authentication DialIn User Service (RADIUS) authentication on the managed switches. Answer: B Explanation:

"A Composite Solution With Just One Click" - Certification Guaranteed

15


Microsoft 70-646 Exam

"A Composite Solution With Just One Click" - Certification Guaranteed

16


Microsoft 70-646 Mock Exams