Pro: Windows Server 2008, Server Administrator
Question No: 71 – (Topic 1)
Your company has 250 branch offices. Your network contains an Active Directory domain. The domain controllers run Windows Server 2008 R2. You plan to deploy Readonly Domain Controllers (RODCs) in the branch offices.
You need to plan the deployment of the RODCs to meet the following requirements:
->Build each RODC at the designated branch office.
->Ensure that the RODC installation source files do not contain cached secrets.
->Minimize the bandwidth used during the initial synchronization of Active Directory Domain Services (AD?DS).
What should you include in your plan?
Use Windows Server Backup to perform a full backup of an existing domain controller. Use the backup to build the new RODCs.
Use Windows Server Backup to perform a custom backup of the critical volumes of an existing domain controller. Use the backup to build the new RODCs.
Create a DFS namespace that contains the Active Directory database from one of the existing domain controllers. Build the RODCs by using an answer file.
Create an RODC installation media. Build the RODCs from the RODC installation media.
Answer: D Explanation:
Installing AD DS from Media
Applies To: Windows Server 2008, Windows Server 2008 R2
You can use the Ntdsutil.exe tool to create installation media for additional domain controllers that you are creating in a domain. By using the Install from Media (IFM) option, you can minimize the replication of directory data over the network. This helps you install additional domain controllers in remote sites more efficiently.
Ntdsutil.exe can create four types of installation media, as described in the following table. You must use read-only domain controller (RODC) installation media to install an RODC. For RODC installation media, the ntdsutil command removes any cached secrets, such as passwords. You can create RODC installation media either on an RODC or on a writeable domain controller. You must use writeable domain controller installation media to install a writeable domain controller. You can create writeable domain controller installation media only on a writeable domain controller.
If the source domain controller where you create the installation media and the destination server where you plan to install ActiveDirectory Domain Services (ADDS) both run Windows Server2008 with Service Pack2 or later or Windows Server2008R2, and if you are using Distributed File System (DFS) Replication for SYSVOL, you can run the ntdsutil ifm command with an option to include the SYSVOL shared folder in the installation media. If the installation media includes SYSVOL, you must use Robocopy.exe to copy the installation media from the source domain controller to the destination server. For more information, see Installing an Additional Domain Controller by Using IFM.
Question No: 72 HOTSPOT – (Topic 1)
Your company has recently implemented Windows Server Update Services (WSUS). All client computers run Windows 7 Enterprise Edition. Only some users have local
You are designing a Group Policy object (GPO) to configure the client computers. The GPO must Apply only the following settings:
->Updates must be downloaded from the WSUS server.
->Automatically download and install updates every Thursday at 12:00 P.M.
->Configure WSUS client-side targeting through Group Policy.
->Delay the installation of updates until 20 minutes after a client computer is started, if the client computer was shut down at the specified installation time.
You need to design the GPO to meet the requirements.
Which settings should you configure to meet the requirements? To answer, select the appropriate settings in the answer area.
Configure Automatic Updates
By enabling this setting you enable your computer to receive updates through Automatic Updates on a computer or computer group. To complete this setting, you must then select one of the following four options:
Notify before downloading any updates and notify again before installing them.
Download the updates automatically and notify when they are ready to be installed (default setting)
Automatically download updates and install them on the schedule specified below
Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates
Best preactices http://technet.microsoft.com/en-us/library/cc720525(v=ws.10).aspx deployment http://www.windows-noob.com/forums/index.php?/topic/588-how-can-i- configure-wsus-todeploy-updates/
Question No: 73 – (Topic 1)
A company has servers that run a Server Core installation of Windows Server 2008.
You are designing the migration of the servers to Windows Server 2008 R2. After the migration, you will install the Remote Desktop Services server role and the Print and Document Services server role on the servers.
You need to ensure that shared resources on the servers are available after the migration, and minimize administrative effort.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
Deploy new servers with a Server Core installation of Windows Server 2008 R2. Migrate the shared resources to the new servers.
Upgrade the existing servers to a Server Core installation of Windows Server 2008 R2, and then upgrade the servers to a full installation of Windows Server 2008 R2.
Move the shared resources off of the existing servers. Perform a clean installation of Windows Server 2008 R2 on the servers. Move the shared resources back onto the servers.
Deploy new servers with Windows Server 2008 R2 installed. Migrate the shared resources to the new servers.
Answer: D Explanation:
The key here is minimize effort amp; remote desktop services.
Server core wouldn#39;t allow remote desktop services as it has no GUI so that would rule out answer A you also cant upgrade from core to full see http://www.windowsitpro.com/article/tips/can-i-upgrade-fromserver-core-2008-to-the-full- windows-server-2008- or http://serverfault.com/questions/92523/upgrade-fromwindows-
2008-server-core-to-full-windows-2008-server upgrade considerations for server core installations of windows server 2008 so that rules our B
You can use the server core installation option only by performing a clean installation. You cannot upgrade from earlier versions of windows to server core installations of windows server 2008.
You cannot upgrade from non-server core installations of windows server 2008 to server core installations of windows server 2008.
You cannot convert server core installations of windows server 2008 to non-server core installations of windows server 2008.
You can upgrade server core installations of windows server 2008 only to windows server core r2 when it is released.
Answer C is possible but again you#39;re asked to minimize effort so D would be 1 step less thus reducing your effort and possible down time.
Question No: 74 – (Topic 1)
Your network contains a single Active Directory domain. You have 100 servers that run Windows Server 2008 R2 and 5,000 client computers that run Windows 7. You plan to deploy Applications to the client computers.
You need to recommend an Application deployment strategy that meets the following requirements:
路Applications must be deployed only to client computers that meet the minimum hardware requirements.
路Deployments must be scheduled to occur outside business hours.
路Detailed reports on the success or failure of the Application deployments must be provided.
What should you recommend?
Deploy Applications by using Group Policy.
Implement Windows Server Update Services (WSUS).
Implement Microsoft System Center Operations Manager (SCOM) 2007 R2.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Answer: D Explanation:
Welcome to Microsoft System Center Configuration Manager 2007. Configuration Manager 2007 contributes to a more effective Information Technology (IT) department by enabling secure and scalable operating system and application deployment and desired configuration management, enhancing system security, and providing comprehensive asset management of servers, desktops, and mobile devices.
Post-Setup Configuration Tasks
After Setup has run, there are still a few tasks you must perform to have a functioning Configuration Manager 2007 site. For example, you might need to assign new site system roles and install clients. For more information, see Checklist for Required Post Setup Configuration Tasks.
Common Configuration Manager Tasks
For more information about how to do common Configuration Manager 2007 tasks, see the following topics.
->Planning and Deploying the Server Infrastructure for Configuration Manager 2007
->Planning and Deploying Clients for Configuration Manager 2007
->Collect hardware and software asset information
->Deploy software updates
->Deploy operating systems
->Manage desired configurations
->Remotely administer a computer
->Restrict non-compliant computers from accessing the network
->Manage mobile devices like Smartphones and Pocket PCs
Question No: 75 – (Topic 1)
Your network contains several branch offices. All servers run Windows Server 2008 R2. Each branch office contains a domain controller and a file server.
The DHCP Server server role is installed on the branch office domain controllers. Each office has a branch office administrator.
You need to delegate the administration of DHCP to meet the following requirements:
->Allow branch office administrators to manage DHCP scopes for their own office
->Prevent the branch office administrators from managing DHCP scopes in other offices
->Minimize administrative effort
What should you do?
In the Active Directory domain, add the branch office administrators to the Server Operators builtin local group.
In the Active Directory domain, add the branch office administrators to the Network Configuration Operators builtin local group.
In each branch office, migrate the DHCP Server server role to the file server. On each file server, add the branch office administrator to the DHCP Administrators local group.
In each branch office, migrate the DHCP Server server role to the file server. In the Active Directory domain, add the branch office administrators to the DHCP Administrators domain local group.
Answer: C Explanation:
http://technet.microsoft.com/en-us/library/dd379494(WS.10).aspx http://technet.microsoft.com/en-us/library/dd379483(WS.10).aspx http://technet.microsoft.com/en-us/library/dd379535(WS.10).aspx http://technet.microsoft.com/en-us/library/cc737716(WS.10).aspx
Members of the DHCP Administrators group can view and modify any data at the DHCP server. DHCP Administrators can create and delete scopes, add reservations, change option values, create superscopes, or perform any other activity needed to administer the DHCP server, including export or import of the DHCP server configuration and database. DHCP Administrators perform these tasks using the Netsh commands for DHCP or the DHCP console. For more information, see DHCP tools.
Members of the DHCP Administrators group do not have unlimited administrative rights. For example, if a DHCP server is also configured as a DNS server, a member of the DHCP Administrators group can view and modify the DHCP configuration but cannot modify DNS server configuration on the same computer.
Because members of the DHCP Administrators group have rights on the local computer only, DHCP Administrators cannot authorize or unauthorize DHCP servers in Active Directory. Only members of the Domain Admins group can perform this task. If you want to authorize or unauthorize a DHCP server in a child domain, you must have enterprise administrator credentials for the parent domain. For more information about authorizing DHCP servers in Active Directory, see Authorizing DHCP servers and Authorize a DHCP
server in Active Directory.
Using groups to administer DHCP servers in a domain
When you add a user or group to a DHCP Users or DHCP Administrators group on a DHCP server, the rights of the DHCP group member do not apply to all of the DHCP servers in the domain. The rights apply only to the DHCP service on the local computer.
Question No: 76 – (Topic 1)
A company has a single Active Directory Domain Services (AD DS) domain. Each department within the company has its own organizational unit (OU). All client computers run Windows 7 Enterprise Edition and Microsoft Office 2010.
The company wants to restrict access to some Office 2010 features. They develop a standard list of corporate restrictions.
You have the following requirements:
->Apply the corporate restrictions to all existing and future departments.
->Ensure that specific restrictions can be added or removed for individual departments.
->Ensure that the corporate restrictions are not App1ied to users and computers in the built-in Active Directory containers.
->Minimize administrative effort for Applying restrictions to future departments.
You need to recommend a Group Policy object (GPO) deployment that meets the requirements.
Create a GPO that contains the corporate restrictions and link it to the domain. Install the Office 2010 Group Policy Administrative Template settings. Create a separate GPO for each department that deploys and configures Office 2010.
Install the Office 2010 Group Policy Administrative Template settings. Create a Starter GPO that contains the corporate restrictions. Create a separate GPO based on the Starter GPO for each department that deploys and configures Office 2010.
Install the Office 2010 Resource Kit and create a custom transform (.mst) file for each department. Create a Starter GPO that contains the corporate restrictions. Create a separate GPO based on the Starter GPO for each department that deploys Office 2010 by
using the transform file.
Install the Office 2010 Resource Kit and create custom installer files for each department. Create a GPO that contains the corporate restrictions and link it to the domain. Create a separate GPO for each department that deploys the installer files,
Answer: B Explanation:
Starter GPOs are used as a base template to build other GPOs from. admin templates (ADMX amp; ADML files) need to be applied so that the settings specific to Office 2010 can be applied
Question No: 77 – (Topic 1)
Your network consists of a single Active Directory forest. The forest functional level is Windows Server 2008 R2. The forest contains two domains named contoso.com and na.contoso.com. Contoso.com contains a user named User1. Na.contoso.com contains an organizational unit (OU) named Security.
You need to give User1 administrative rights so that he can manage Group Policies for the Security OU.
You want to achieve this goal while meeting the following requirements:
->User1 must be able to create and configure Group Policies in na.contoso.com.
->User1 must be able to link Group Policies to the Security OU.
->User1 must be granted the least administrative rights necessary to achieve the goal.
What should you do?
Add User1 to the Administrators group for na.contoso.com.
Add User1 to the Group Policy Creator Owners group in contoso.com. Modify the permissions on the Security OU.
Run the Delegation of Control Wizard on the Security OU. In the Group Policy Management Console, modify the permissions of the Group Policy Objects container in the na.contoso.com domain.
Run the Delegation of Control Wizard on na.contoso.com. In the Group Policy Management Console, modify the permissions of the Group Policy Objects container in the contoso.com domain.
Question No: 78 – (Topic 1)
Your network is configured as shown in the following diagram.
You deploy an enterprise certification authority (CA) on the internal network. You also deploy a Microsoft Online Responder on the internal network. You need to recommend a secure method for Internet users to verify the validity of individual certificates.
The solution must minimize network bandwidth. What should you recommend?
Deploy a subordinate CA on the perimeter network.
Install a standalone CA and the Network Device Enrollment Service (NDES) on a server on the perimeter network.
Install a Network Policy Server (NPS) on a server on the perimeter network. Redirect authentication requests to a server on the internal network.
Install Microsoft Internet Information Services (IIS) on a server on the perimeter network. Configure IIS to redirect requests to the Online Responder on the internal network.
Answer: D Explanation:
Question No: 79 – (Topic 1)
Your company has a branch office that contains a Windows Server 2008 R2 computer. The Windows Server 2008 R2 computer runs Windows Server Update Services (WSUS). The WSUS server is configured to store updates locally.
The company opens four new satellite offices. Each satellite office connects to the branch office by using a dedicated WAN link. Internet access is provided through the branch office.
You need to design a strategy for patch management that meets the following requirements:
->WSUS updates are approved independently for each satellite office.
->Internet traffic is minimized.
What should you include in your design?
In each satellite office, install a WSUS server. Configure each satellite office WSUS server as an autonomous server.
In each satellite office, install a WSUS server. Configure each satellite office WSUS server as a replica of the branch office WSUS server.
In each satellite office, install a WSUS server. Configure each satellite office WSUS server to use the branch office WSUS server as an upstream server.
For each satellite office, create organizational units (OUs). Create and link the Group Policy objects (GPOs) to the OUs. Configure different schedules to download updates from the branch office WSUS server to the client computers in each satellite office.
Answer: C Explanation:
In addition, a Windows Server 2008 server running WSUS server can act as an upstream server-an update source for other WSUS servers within your organization. At least one WSUS server in your network must connect to the Microsoft Update Web site to get available update information. How many other servers connect directly to Microsoft Update is something you need to determine as part of your planning process, and depends upon network configuration and security requirements.
In this deployment model, the WSUS server that receives updates from the Microsoft
Update server is designated as the upstream server. A WSUS server that retrieves updates from another WSUS server is designated as a downstream server.
Autonomous mode: The Autonomous mode, also called distributed administration, is the default installation option for WSUS. In Autonomous mode, an upstream WSUS server shares updates with downstream servers during synchronization. Downstream WSUS servers are administered separately, and they do not receive update approval status or computer group information from the upstream server. By using the distributed management model, each WSUS server administrator selects update languages, creates computer groups, assigns computers to groups, tests and approves updates, and makes sure that the correct updates are installed to the appropriate computer groups. The following image shows how you might deploy autonomous WSUS servers in a branch office environment:
Replica mode: The Replica mode, also called centralized administration, works by having an upstream WSUS server that shares updates, approval status, and computer groups with downstream servers. Replica servers inherit update approvals and are not administered separately from the upstream WSUS server. The following image shows how you might deploy replica WSUS servers in a branch office environment.
You can leverage the Branch Office feature in Windows to optimize WSUS deployment. This type of deployment offers the following advantages:
Helps reduce WAN link utilization and improves application responsiveness. To enable BranchCache acceleration of content that is served by the WSUS server, install the BranchCache feature on the server and the clients, and ensure that the BranchCache service has started. No other steps are necessary.
In branch offices that have low-bandwidth connections to the central office but high- bandwidth connections to the Internet, the Branch Office feature can also be used. In this case you may want to configure downstream WSUS servers to get information about which updates to install from the central WSUS server, but download the updates from Microsoft Update.
Question No: 80 – (Topic 1)
Your network contains a Webbased Application that runs on Windows Server 2003. You plan to migrate the Webbased Application to Windows Server 2008 R2. You need to
recommend a server configuration to support the Webbased Application.
The server configuration must meet the following requirements:
->Ensure that the Application is available to all users if a single server fails
->Support the installation of .NET Applications
->Minimize software costs
What should you recommend?
Install the Server Core installation of Windows Server 2008 R2 Standard on two servers. Configure the servers in a Network Load Balancing cluster.
Install the full installation of Windows Server 2008 R2 Web on two servers. Configure the servers in a Network Load Balancing cluster.
Install the full installation of Windows Server 2008 R2 Enterprise on two servers. Configure the servers in a failover cluster.
Install the full installation of Windows Server 2008 R2 Datacenter on two servers. Configure the servers in a failover cluster.
Answer: B Explanation:
Web Edition meets the requirements
Windows Web Server 2008 R2
Windows Web Server 2008 R2 is designed to function specifically as a Web application server.
Other roles, such as Windows Deployment Server and Active Directory Domain Services (AD DS), are not supported on Windows Web Server 2008 R2. You deploy this server role either on a screened subnet to support a website viewable to external hosts or as an intranet server. As appropriate given its stripped-down role, Windows Web Server 2008 R2 does not support the high-powered hardware configurations that other editions of Windows Server 2008 R2 do. Windows Web Server 2008 R2 has the following properties:
Supports a maximum of 32 GB of RAM and 4 sockets in symmetric multiprocessing (SMP) configuration
You should plan to deploy Windows Web Server 2008 R2 in the Server Core configuration, which minimizes its attack surface, something that is very important on a server that interacts with hosts external to your network environment. You should plan to deploy the full version of Windows Web Server 2008 R2 only if your organization’s web applications rely on features that are not available in the Server Core version of Windows Web Server 2008 R2. Unlike the Server Core version of Windows Web Server 2008, Windows Web
Server 2008 R2 supports a greater amount of Internet Information Services (IIS) functionality.
Configuring Windows Network Load Balancing
While DNS Round Robin is a simple way of distributing requests, Windows Server 2008 NLB is a much more robust form of providing high availability to applications. Using NLB, an administrator can configure multiple servers to operate as a single cluster and control the usage ot the cluster in near real-time.
Why Failover Cluster will not work.
Contrast DNS Round Robin and NLB with Failover Clustering, another availability technology in Windows Server 2008. Formerly known as server clustering, Failover Clustering creates a group of computers that all have access lo the same data store or disk resource or network share. The applicationsjunning on aJailoverCluster must be cluster- aware. Failover Clustering has had some changes since Windows Server 2003. Lesson 2 will cover these changes.
100% Ensurepass Free Download!
–Download Free Demo:70-646 Demo PDF
100% Ensurepass Free Guaranteed!
–Download 2018 EnsurePass 70-646 Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|