Pro: Windows Server 2008, Server Administrator
Question No: 21 DRAG DROP – (Topic 1)
You are designing a highly available virtual environment running on Windows Server 2008 R2. The design must meet the following requirements:
->Provide high availability within the Production site to ensure that a failure of a node in the Production site does not stop the cluster from running.
->Provide the ability to withstand a failure of the Disaster Recovery (DR) site.
->Minimize the number of nodes and votes in the cluster.
You need to design the virtual environment to meet the requirements.
What should you do?
To answer, drag the appropriate nodes and quorum configuration to the correct location or locations in the answer area.
Having two nodes in the Production site provides high availability in that site.
Node Majority (recommended for clusters with an odd number of nodes)
Can sustain failures of half the nodes (rounding up) minus one. For example, a seven node cluster can sustain three node failures.
Question No: 22 – (Topic 1)
You are designing a monitoring solution to log performance on member servers that run Windows Server 2008 R2.
The monitoring solution must meet the following requirements for members of the Operations team:
->Create and modify Data Collector Sets.
->Display log file data and real-time performance data in Performance Monitor.
You need to design a monitoring solution that meets the requirements.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
Add members of the Operations team to the Performance Monitor Users group. Assign the Act as part of the operating system user right to the Performance Monitor Users group
Add members of the Operations team to the Performance Log Users group
Add members of the Operations team to the Administrators group
Add members of the Operations team to the Power Users group. Assign the Act as part of the operating system user right to the Power Users group
Answer: B Explanation:
A Data Collector Set is the building block of performance monitoring and reporting in Windows Performance Monitor. It organizes multiple data collection points into a single component that can be used to review or log performance. A Data Collector Set can be created and then recorded individually, grouped with other Data Collector Set and incorporated into logs, viewed in Performance Monitor, configured to generate alerts when thresholds are reached, or used by other non-Microsoft applications. It can be associated with rules of scheduling for data collection at specific times. Windows Management Interface (WMI) tasks can be configured to run upon the completion of Data Collector Set collection.
Data Collector Sets can contain the following types of data collectors:
Performance counters Event trace data
System configuration information (registry key values)
You can create a Data Collector Set from a template, from an existing set of Data Collectors in a Performance
Monitor view, or by selecting individual Data Collectors and setting each individual option in the Data Collector
You can create a Data Collector Set from counters in the current Performance Monitor display. Membership in the local Performance Log Users or Administrators group, or equivalent, is the minimum required to complete this procedure.
Question No: 23 – (Topic 1)
Your company plans to deploy eight file servers that run Windows Server 2008 R2. All file servers will connect to Ethernet switches.
You need to plan a data storage solution that meets the following requirements:
->Allocates storage to the servers as needed
->Utilizes the existing network infrastructure
->Maximizes fault tolerance
Which actions should you include in your plan?
Install Windows Server 2008 R2 Datacenter on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN).
Install Windows Server 2008 R2 Standard on each server. Deploy the servers in a Network Load Balancing (NLB) cluster. Implement RAID?5 on each server.
Install Windows Server 2008 R2 Enterprise on each server. Deploy the servers in a failover cluster. Deploy a Fibre Channel (FC) storage area network (SAN).
Install Windows Server 2008 R2 Enterprise on each server. Deploy the servers in a Network Load Balancing (NLB) cluster. Map a network drive on each server to an external storage array.
DataCenter has Failover Cluster and of course a SAN with ISCSI will utilize the existing network topology.
Question No: 24 – (Topic 1)
Your network consists of an Active Directory domain. The domain controllers run Windows Server 2008 R2. Client computers run Windows 7.
You need to implement Encrypting File System (EFS) for all client computers. You want to achieve this goal while meeting the following requirements:
->You must minimize the amount of data that is transferred across the network when a user logs on to or off from a client computer.
->Users must be able to access their EFS certificates on any client computers.
->If a client computer#39;s disk fails, EFS certificates must be accessible.
What should you do?
Enable credential roaming.
Enable roaming user profiles.
Enable a Data Recovery Agent.
Issue smart cards to all users.
Answer: A Explanation:
Configuring Credential Roaming
Credential roaming allows for the storage of certificates and private keys within Active Directory. For example, a user’s encrypting file system certificate can be stored in Active Directory and provided to the user when she logs on to different computers within the domain. The same EFS certificate will always be used to encrypt files.
This means that the user can encrypt files on an NTFS-formatted USB storage device on one computer and then decrypt them on another, because the EFS certificate will be transferred to the second computer’s certificate store during the logon process.Credential roaming also allows for all of a user’s certificates and keys to be removed when he logs off of the computer.
Credential roaming is enabled through the Certificate Services Client policy, located under User Configuration\Policies\Windows Settings\Security Settings\Public Key Policies and shown in Figure 10-4.
Figure 10-4Credential Roaming Policy
Credential roaming works in the following manner. When a user logs on to a client computer in a domain where the Credential Roaming Policy has been enabled, the certificates in the user’s store on the client computer are compared to certificates stored for the user within Active Directory.
If the certificates in the user’s certificate store are up to date, no further action is taken.
If more recent certificates for the user are stored in Active Directory, these credentials are copied to the client computer.
If more recent certificates are located in the user’s store, the certificates stored in Active Directory are updated.
Credential roaming synchronizes and resolves any conflicts between certificates and private keys from any number of client computers that a user logs on to, as well as
certificates and private keys stored within Active Directory. Credential roaming is triggered whenever a private key or certificate in the local certificate store changes, whenever the user locks or unlocks a computer, and whenever Group Policy refreshes. Credential roaming is supported on Windows Vista, Windows Server 2008, Windows XP SP2, and Windows Server 2003
MORE INFO More on credential roaming
For more information on configuring credential roaming, consult the following TechNet link:http://technet2.microsoft.com/windowsserver2008/en/library/fabc1c44-f2a2-43e1-b52e- 9b12a1f19a331 033.mspx?mfr=true
Question No: 25 – (Topic 1)
Your network consists of a single Active Directory domain. All servers run Windows Server 2008 R2. You need to recommend a Group Policy deployment strategy.
Your strategy must support the following requirements:
->Domainlevel Group Policy objects (GPOs) must not be overwritten by organizational unit (OU) level GPOs.
->OUlevel GPOs must not Apply to members of the Server Operators group.
What should you recommend?
Enable Block Inheritance for the domain, and then modify the permissions of all GPOs linked to OUs.
Enable Block Inheritance for the domain, and then enable Loopback Processing policy mode. Add the Server Operators group to the Restricted Groups list.
Set all domain level GPOs to Enforced, and then modify the permissions of the GPOs that are linked to OUs.
Set all domain level GPOs to Enforced, and then enable Loopback Processing policy mode. Add the Server Operators group to the Restricted Groups list.
Answer: C Explanation:
Linking a GPO to Multiple Sites, Domains, and OUs
This section demonstrates how you can link a GPO to more than one container (site, domain, or OU) in the Active Directory. Depending on the exact OU configuration, you can use other methods to achieve similar Group Policy effects; for example, you can use security group filtering or you can block inheritance. In some cases, however, those methods do not have the desired affects. Whenever you need to explicitly state which sites, domains, or OUs need the same set of policies, use the method outlined below:
To link a GPO to multiple sites, domains, and OUs
Open the saved MMC console GPWalkthrough, and then double-click the Active Directory User and Computers node.
Double-click the reskit.com domain, and double-click the Accounts OU.
Right-click the Headquarters OU, select Properties from the context menu, and then click the Group Policy tab.
In the Headquarters Properties dialog box, on the Group Policy tab, click New to create a new GPO named Linked Policies.
Select the Linked Policies GPO, and click the Edit button.
In the Group Policy snap-in, in the User Configuration node, under Administrative Templates node, click
Control Panel, and then click Display.
On the details pane, click the Disable Changing Wallpaper policy, and then click Enabled
in the Disable Changing Wallpaper dialog box and click OK.
Click Close to exit the Group Policy snap-in.
In the Headquarters Properties page, click Close.
Next you will link the Linked Policies GPO to another OU.
In the GPWalkthrough console, double-click the Active Directory User and Computers node, double-click the reskit.com domain, and then double-click the Accounts OU.
Right-click the Production OU, click Properties on the context menu, and then click the Group Policy tab on the Production Properties dialog box.
Click the Add button, or right-click the blank area of the Group Policy objects links list, and select Add on the context menu.
In the Add a Group Policy Object Link dialog box, click the down arrow on the Look in box, and select the Accounts.reskit.com OU.
Double-click the Headquarters.Accounts.reskit.com OU from the Domains, OUs, and linked Group Policy objects list.
Click the Linked Policies GPO, and then click OK.
You have now linked a single GPO to two OUs. Changes made to the GPO in either location result in a change for both OUs. You can test this by changing some policies in the Linked Policies GPO, and then logging onto a client in each of the affected OUs, Headquarters and Production.
Question No: 26 – (Topic 1)
You need to design a Windows Server Update Services (WSUS) infrastructure that meets the following requirements:
路The updates must be distributed from a central location.
路All computers must continue to receive updates in the event that a server fails. What should you include in your design?
Configure two WSUS servers in a Microsoft SQL Server 2008 failover cluster. Configure each WSUS server to use a local database.
Configure a single WSUS server to use multiple downstream servers. Configure each WSUS server to use a RAID 1 mirror and a local database.
Configure a single WSUS server to use multiple downstream servers. Configure each WSUS server to use a RAID 5 array and a local database.
Configure a Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Answer: D Explanation:
WSUS 3.0 SP2 requires a database for each WSUS server. WSUS supports the use of a database that resides on a different computer than the WSUS server, with some restrictions. For a list of supported databases and remote database limitations, see WSUS database requirements.
The WSUS database stores the following information:
WSUS server configuration information
Metadata that describes each update
Information about client computers, updates, and interactions
If you install multiple WSUS servers, you must maintain a separate database for each WSUS server, whether it is an autonomous or a replica server. (For more information about WSUS server types, see Design the WSUS Server Layout.) You cannot store multiple WSUS databases on a single instance of SQL Server, except in Network Load Balancing (NLB) clusters that use SQL Server failover. For more about this configuration, see Configure WSUS for Network Load Balancing.
SQL Server, SQL Server Express, and Windows Internal Database provide the same performance characteristics for a single server configuration, where the database and the WSUS service are located on the same computer. A single server configuration can support several thousand WSUS client computers.
Windows Server 2008 Enterprise Edition
Windows Server 2008 Enterprise Edition is the version of the operating system targeted at large businesses.
Plan to deploy this version of Windows 2008 on servers that will run applications such as SQL Server 2008 Enterprise Edition and Exchange Server 2007. These products require the extra processing power and RAM that Enterprise Edition supports. When planning deployments, consider Windows Server 2008 Enterprise Edition in situations that require the following technologies unavailable in Windows Server 2008 Standard
Failover ClusteringFailover clustering is a technology that allows another server to continue to service client requests in the event that the original server fails. Clustering is covered in more detail in Chapter 11, “Clustering and High Availability.” You deploy failover clustering on mission-critical servers to ensure that important resources are available even if a server
hosting those resources fails.
Question No: 27 – (Topic 1)
A company has file servers that run a Server Core installation of Windows Server 2008.
You are designing the migration of the file servers to Windows Server 2008 R2. After the migration, you will install the Remote Desktop Services server role on the file servers.
You need to ensure that shared resources on the file servers are available after the migration, and minimize administrative effort.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
Move the shared resources off of the existing file servers. Perform a clean installation of Windows Server 2008 R2 on the file servers. Move the shared resources back onto the file servers.
Upgrade the existing file servers to a Server Core installation of Windows Server 2008 R2, and then upgrade the file servers to a full installation of Windows Server 2008 R2.
Deploy new file servers with Windows Server 2008 R2 installed. Migrate the shared resources to the new file servers.
Deploy new file servers with a Server Core installation of Windows Server 2008 R2. Migrate the shared resources to the new file servers.
Answer: C Explanation:
The key here is minimize effort amp; Remote Desktop Services.
Server Core wouldn#39;t allow remote desktop services as it has no GUI so that would rule out answer A you also cant upgrade from Core to Full see http://www.windowsitpro.com/article/tips/can-i-upgrade-fromserver-core-2008-to-the-full- windows-server-2008- or http://serverfault.com/questions/92523/upgrade-fromwindows- 2008-server-core-to-full-windows-2008-server upgrade considerations for Server Core installations of Windows Server 2008
You can use the Server Core installation option only by performing a clean installation. You cannot upgrade from earlier versions of Windows to Server Core installations of Windows Server 2008.
You cannot upgrade from non-Server Core installations of Windows Server 2008 to Server Core installations of Windows Server 2008.
You cannot convert Server Core installations of Windows Server 2008 to non-Server Core installations of Windows Server 2008.
You can upgrade Server Core installations of Windows Server 2008 only to Windows Server Core R2 when it is released.
Answer C is possible but again you#39;re asked to minimize effort so D would be 1 step less thus reducing your effort and possible down time.
Question No: 28 – (Topic 1)
Your network consists of a single Active Directory domain. The network is located on the 172.16.0.0/23 subnet.
The company hires temporary employees. You provide user accounts and computers to the temporary employees. The temporary employees receive computers that are outside the Active Directory domain. The temporary employees use their computers to connect to the network by using wired connections and wireless connections.
The company#39;s security policy specifies that the computers connected to the network must have the latest updates for the operating system.
You need to plan the network#39;s security so that it complies with the company#39;s security policy.
What should you include in your plan?
Implement a Network Access Protection (NAP) strategy for the 172.16.0.0/23 subnet.
Create an extranet domain within the same forest. Migrate the temporary employees#39; user accounts to the extranet domain. Install the necessary domain resources on the 172.16.0.0/23 subnet.
Move the temporary employees#39; user accounts to a new organizational unit (OU). Create a new Group Policy object (GPO) that uses an intranet Microsoft Update server. Link the new GPO to the new OU.
Create a new subnet in a perimeter network. Relocate the wireless access point to the perimeter network. Require authentication through a VPN server before allowing access to the internal resources.
Answer: A Explanation:
http://technet.microsoft.com/en-us/library/dd125338(WS.10).aspx Network Access Protection Design Guide
Updated: October 6, 2008
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista
Network Access Protection (NAP) is one of the most anticipated features of the WindowsServer庐2008 operating system. NAP is a new platform that allows network administrators to define specific levels of network access based on a client’s identity, the groups to which the client belongs, and the degree to which the client complies with corporate governance policy. If a client is not compliant, NAP provides a mechanism for automatically bringing the client into compliance (a process known as remediation) and then dynamically increasing its level of network access. NAP is supported by Windows Server2008R2, Windows Server2008, Windows7, WindowsVista庐, and Windows庐 XP with Service Pack 3 (SP3). NAP includes an application programming interface that developers and vendors can use to integrate their products and leverage this health state validation, access enforcement, and ongoing compliance evaluation. For more information about the NAP API, see Network Access Protection (http://go.microsoft.com/fwlink/?LinkId=128423).
The following are key NAP concepts: NAP Agent.
A service included with Windows Server2008, WindowsVista, and Windows XP with SP3 that collects and manages health information for NAP client computers.
NAP client computer.
A computer that has the NAP Agent service installed and running, and is providing its health status to NAP server computers.
A computer that has the NAP Agent service installed and running and is capable of providing its health status to NAP server computers. NAP-capable computers include computers running Windows Server2008, WindowsVista, and Windows XP with SP3. Non-NAP-capable computer. A computer that cannot provide its health status to NAP server
components. A computer that has NAP agent installed but not running is also considered non-NAP-capable.
A computer that meets the NAP health requirements that you have defined for your network. Only NAP client computers can be compliant.
A computer that does not meet the NAP health requirements that you have defined for your network. Only NAP client computers can be noncompliant.
Information about a NAP client computer that NAP uses to allow or restrict access to a network. Health is defined by a client computer#39;s configuration state. Some common measurements of health include the operational status of Windows Firewall, the update status of antivirus signatures, and the installation status of security updates. A NAP client computer provides health status by sending a message called a statement of health (SoH). NAP health policy server.
A NAP health policy server is a computer running Windows Server2008 with the Network Policy Server (NPS) role service installed and configured for NAP. The NAP health policy server uses NPS policies and settings to evaluate the health of NAP client computers when they request access to the network, or when their health state changes. Based on the results of this evaluation, the NAP health policy server instructs whether NAP client computers will be granted full or restricted access to the network.
Question No: 29 HOTSPOT – (Topic 1)
A company has servers that run Windows Server 2008 R2 and a storage area network (SAN) that supports the virtual Disk Service (VDS).
You are designing a storage solution for the servers.
The storage solution must meet the following requirements:
->Allow the creation of Fibre Channel (FC) and Internet SCSI (iSCSI) logical unit numbers (LUNs).
->Allow the management of FC and iSCSI LUNs.
You need to ensure that the storage solution meets the requirements. Which feature should you install?
To answer, select the appropriate feature in the answer area.
Storage Manager for SANs helps you create and manage logical unit numbers (LUNs) on Fibre Channel and iSCSI disk drive subsystems that support Virtual Disk Service (VDS) in your storage area network (SAN).
A LUN is a logical reference to a portion of a storage subsystem. A LUN can comprise a disk, a section of a disk, a whole disk array, or a section of a disk array in the subsystem. Using LUNs simplifies the management of storage resources in your SAN because they serve as logical identifiers through which you can assign access and control privileges.
You can use Storage Manager for SANs to create and manage logical unit numbers (LUNs) on both Fibre Channel and iSCSI disk storage subsystems that support Virtual Disk Service (VDS).
Because of hardware, protocol, and security differences, LUN configuration and management on Fibre Channel and iSCSI environments is different. This section explains those differences, lists the types of LUNs that can be created, and defines LUNs in the context of partitions and volumes.
Managing LUNs in a Fibre Channel environment
In a Fibre Channel environment, LUNs created on a disk storage subsystem are assigned directly to a server or cluster, which accesses the LUN through one or more Fibre Channel host bus adapter (HBA) ports. You only need to identify the server or cluster that will access the LUN, and then select which HBA ports on that server or cluster will be used for LUN traffic.
When a server or cluster is identified, Storage Manager for SANs automatically discovers the available Fibre Channel HBA ports on that server or cluster. You can also add ports manually by typing their World Wide Name (WWN).
Managing LUNs in an iSCSI environment
Unlike in a Fibre Channel environment, LUNs created on an iSCSI disk storage subsystem are not only assigned to a server or cluster. For iSCSI, LUNs are first assigned to logical entities called targets.
Targets are created in order to manage the connections between an iSCSI device and the servers that need to access it. A target defines the portals (IP addresses) that can be used to connect to the iSCSI device, as well as the security settings (if any) that the iSCSI device requires in order to authenticate the servers that are requesting access to its resources.
To connect to a target, a server in the storage area network (SAN) uses an iSCSI initiator. An iSCSI initiator is a logical entity that enables the server to communicate with the target. The iSCSI initiator first logs on to the target, and only after access is granted by the target, the server can start reading and writing to LUNs assigned to that target. Each iSCSI initiator can have one or more network adapters through which communication is established.
As with Fibre Channel environments, you only need to identify the server or cluster that will access the LUN, and Storage Manager for SANs automatically discovers the iSCSI initiators on that server or cluster, and lists all the available adapters for those initiators.
After the iSCSI initiator adapters have been discovered, you can select which adapters will be used for LUN traffic.
Types of LUNs
Storage Manager for SANs supports the following types of LUNs.
LUNs, partitions and volumes
A LUN is a logical reference to a portion of a storage subsystem. A LUN can comprise a disk, a section of a disk, a whole disk array, or a section of a disk array in the subsystem. This logical reference, when it is assigned to a server in your SAN, acts as a physical disk drive that the server can read and write to. Using LUNs simplifies the management of storage resources in your SAN, because they serve as logical identifiers through which you can assign access and control privileges.
After a LUN has been assigned to a server, you can create one or more partitions on that LUN. Partitions define how much physical space is allocated for storage. For the operating system to start writing and reading data on partitions, you need to create volumes by formatting the partitions using a file system. Volumes define how much logical space is allocated for storage. They can expand over more than one partition.
Question No: 30 – (Topic 1)
Your network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2008 R2.
All domain controllers run Windows Server 2008 R2. A corporate policy requires that the users from the research department have higher levels of account and password security than other users in the domain.
You need to recommend a solution that meets the requirements of the corporate policy. Your solution must minimize hardware and software costs.
What should you recommend?
Create a new Active Directory site. Deploy a Group Policy object (GPO) to the site.
Create a new Password Settings Object (PSO) for the research department#39;s users.
Create a new organizational unit (OU) named Research in the existing domain. Deploy a Group Policy object (GPO) to the Research OU.
Create a new domain in the forest. Add the research department#39;s user accounts to the new domain. Configure a new security policy in the new domain.
Answer: B Explanation:
100% Ensurepass Free Download!
–Download Free Demo:70-646 Demo PDF
100% Ensurepass Free Guaranteed!
–Download 2018 EnsurePass 70-646 Full Exam PDF and VCE
EnsurePass ExamCollection Testking Lowest Price Guarantee Yes No No Up-to-Dated Yes No No Real Questions Yes No No Explanation Yes No No PDF VCE Yes No No Free VCE Simulator Yes No No Instant Download Yes No No