70-647 Pro Windows Server 2008 Enterprise Administrator Exam Set 1

You work as an enterprise administrator at ABC.com. The company network consists of a single Active Directory Domain Services (AD DS) domain named ABC.com. All servers run Windows Server 2008 R2 and all client computers run Windows 7 Professional. Two Windows Server 2008 R2 servers named ABC-DC1 and ABC-DC2 are configured as domain controllers and DHCP servers for the domain. A Windows Server 2008 R2 server named ABC-RootCA runs the Active Directory Certificate Services (AD CS) role and is configured as a root certification authority for the domain. Other network servers include six Windows Server 2008 R2 servers running the File Services role, two Windows Server 2008 R2 servers running the Web Server (IIS) role and a Windows Server 2008 R2 server named ABC-RRAS1 which runs the Routing and Remote Access role. You want to configure a Network Access Protection (NAP) environment to secure the network. You install in the Network Policy Service (NPS) role with the Health Registration Authority feature on ABC-RRAS1. When client computers connect to the network, the network switches must allow the computers to connect to ABC-RRAS1 and a domain controller only. The computers must only be able to connect to other network resources after they have proved that they have the required security updates applied. Which one of the five NAP enforcement methods would achieve the desired results? A. NAP Enforcement for 802.1X. B. NAP Enforcement for DHCP. C. NAP Enforcement for IPsec Communications. D. NAP Enforcement for Remote Desktop Gateway. E. NAP Enforcement for VPN.


Options are :

  • D
  • E
  • A (Correct)
  • C
  • B

Answer : A

Microsoft 98-367 & 98-368 Certification Practical Exam Set 2

You work as a Network Administrator at ABC.com. The network consists of a single Active Directory domain named ABC.com. The company has a main office and a branch office. The two offices are connected by a slow but reliable WAN link. The company servers run either Windows Server 2003 R2 or Windows Server 2008 R2 and all client computers run Windows 7 Professional. All domain controllers are located in the main office. You have been asked to develop a plan to implement read-only domain controllers (RODCs) in the branch office. During the risk assessment phase of your plan, your attention is bought to a custom content management application used by company managers and users in the Sales department. The content management application stores passwords in the Active Directory. Your RODC implementation plan must cater for the content management application and include a way to prevent the passwords saved by the application from being replicated to the RODCs. Your plan includes steps to upgrade all domain controllers to Windows Server 2008 R2. What else should you include in your plan?


Options are :

  • The configuration of the forest and domain functional levels to Windows Server 2008.
  • The addition of the password attribute for the content management application marked as confidential to the RODC filtered attribute. (Correct)
  • . A fine grained password policy.
  • . A writeable Windows Server 2008 R2 domain controller in the branch office

Answer : The addition of the password attribute for the content management application marked as confidential to the RODC filtered attribute.

You work as an enterprise administrator at ABC.com. The ABC.com network has a forest that runs at the forest functional level of Windows Server 2008. All servers in the ABC.com network run Windows Server 2008 R2. ABC.com has a Sales division, a Marketing division and an Accounting division. Each division is organized as a separate domain in the forest. Each of the three divisions has a separate Helpdesk department. Each divisional domain contains an organizational unit (OU) named ABCDivOU that holds the user accounts of the users in that division. ABC.com wants to consolidate the Helpdesk departments in to a single Helpdesk department that can manage the users in all divisions. You need to ensure that the Helpdesk department users cannot administer anything except the user accounts. You create a global security group in each of the three domains and add the Helpdesk users to the group. Which two of the following actions will accomplish the desired goal and minimize administrative effort? (Choose two). A. Add the global groups to a single Universal Distribution group. B. Add the global groups to a single Universal Security group. C. Assign the Universal group to the Domain Admins group in each domain. D. Run the Delegation of Control Wizard on the ABCDivOU in each domain. E. Run the Delegation of Control Wizard on the Default Domain Controllers container in each domain. F. Assign the Universal group the Allow-Write permission on the ABCDivOU in each domain.


Options are :

  • E,F
  • B,D (Correct)
  • A,B
  • C,D

Answer : B,D

You work as an enterprise administrator at ABC.com. The company has three departments, Sales, Marketing, and Development. The corporate network of ABC consists of a single Windows Server 2008 Active Directory Domain Services (AD DS) domain. All servers run Windows Server 2008 R2. Some employees in the Development department are allowed to work from home. These employees need to access the applications installed on the internal network computers and the file servers on the corporate network. Company security policy states that all computers connected to the corporate network must have up to date Anti-Virus software installed and all external connections to the corporate network must be encrypted using SSL. You decide to provide access to the Developers by using Remote Desktop Connections. You configure servers running Remote Desktop Session Host (RDSH) role. How can you ensure that remote desktop connections comply with the company security policy? A. By configuring a VPN Server that accepts Secure Socket Tunneling Protocol (SSTP) connections. B. By configuring a Remote Desktop Gateway (RDGW) server with Network Access Protection configured. C. By configuring a Remote Desktop Web Access (RDWA) server with Network Access Protection configured. D. By configuring Terminal Services Resource Authorization Policies (TS RAPs) on the RDSH servers.


Options are :

  • D
  • A
  • B (Correct)
  • C

Answer : B

PIC Microcontroller Test Your Skills and Get Certified Set 1

You work as an enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers in the ABC.com network run Windows Server 2008 R2 and all client computers run Windows 7 Enterprise. Your environment includes servers running Remote Desktop Session Host (RDSH), App-V and Med-V. The Graphics department at TesKing.com needs to run two versions of the same Graphics application on the client computers in the department. One is the current version of the Graphics application and one is an older version. The two versions of the Graphics application use different versions a dynamic-link library (DLL). The two versions of the dynamic-link library (DLL) cannot be used simultaneously on the same client computer. Which three of the following options could you choose to allow the two versions of the Graphics application to be used on the same client computer simultaneously? (Each answer presents a complete solution. Choose three.) A. Install both versions of the Graphics application on a Remote Desktop Session Host Server. Publish both versions as RemoteApps. B. Use the App-V sequencer to virtualize both versions of the Graphics application. Deploy the App-V packages to the client computers. C. Install one version of the Graphics application on a Remote Desktop Session Host Server and publish it as a RemoteApp. Install the other version on the client computers. D. Install one version of the Graphics application on the client computers. Create a Group Policy object (GPO) to assign the other version to the Graphics users. E. Deploy one version of the Graphics application in a MED-V virtual desktop and publish the virtual desktop to the users. Install the other version on the client computers. F. Deploy both versions of the Graphics application in a MED-V virtual desktop and publish the virtual desktop to the users.


Options are :

  • D,A,C
  • C,D,A
  • D,B,C
  • B,C,E (Correct)

Answer : B,C,E

You work as a Network Administrator at ABC.com. The corporate LAN consists of a single Active Directory Domain Services (AD DS) domain named ABC.com. All servers run Windows Server 2008 R2. You have been asked to implement a highly available SQL Server solution. The databases must remain online if a single server fails. You also need to minimize costs. You purchase and configure an iSCSI SAN. You also purchase two new servers that contain multiple network adapters. You install Windows Server 2008 R2 on the servers and configure the iSCSI initiator on each server to connect to a shared LUN (Logical Unit Number) on the SAN. Which three of the following steps should you perform to configure the servers? (Choose three). A. Install SQL Server 2005 Enterprise Edition on the two servers. B. Install SQL Server 2008 R2 Standard Edition on the two servers. C. Configure the two servers to use local disk storage. D. Configure the two servers to use shared disk storage. E. Configure Network Load Balancing on the two servers. F. Configure Failover Clustering on the two servers.


Options are :

  • E,A,D
  • A,B,C
  • B,D,F (Correct)
  • C,D,E

Answer : B,D,F

You work as a Network Administrator at ABC.com. The network consists of a single Active Directory Domain Services (AD DS) domain named ABC.com. The company has a main office and a branch office. The two offices are connected by a slow WAN link. All servers run Windows Server 2008 R2 and all client computers run Windows 7 Professional. All domain controllers are located in the main office. The number of users in the branch office has increased over the last year. The company has recently employed an IT Technician named Mia Hamm in the branch office to maintain the branch office computers and manage branch office user accounts. The branch office contains a Windows Server 2008 R2 named ABC-File1. ABC-File1 runs the File Services role and hosts shared folders for the branch office users. One day the WAN link between the two offices fails. Mia reports that she is unable to create a user account for a new branch office employee. How can you ensure that Mia can create and manage user accounts in the event of another WAN link failure?


Options are :

  • By installing a writeable domain controller in the branch office (Correct)
  • By installing a read-only domain controller (RODC) in the branch office.
  • . By enabling Universal Group Membership Caching in the branch office. .
  • By configuring a separate Active Directory Site for the branch office. .

Answer : By installing a writeable domain controller in the branch office

70-642 Windows Server 2008 Network Infrastructure Exam Set 7

You work as a Network Administrator at ABC.com. The corporate LAN consists of a single Active Directory Domain Services (AD DS) domain named ABC.com. All servers run Windows Server 2008 R2. Two Windows Server 2008 R2 servers named ABC-DC1 and ABC-DC2 are configured as domain controllers for the ABC.com domain. Company developers have created a custom content management application. The application will be used by all company users. You install a Windows Server 2008 R2 server named ABC-App1 to host the content management application. You discover that ABC-DC1 and ABC-DC2 are receiving a lot of queries from the content management application on ABC-App1 using Lightweight Directory Access Protocol (LDAP). You decide to implement a third domain controller named ABC-DC3 which will be dedicated to handling the LDAP queries from the content management application. How can you configure ABC-DC3 to handle the LDAP queries from the content management application on ABC-App1 and prevent the LDAP queries from being processed by ABC-DC1 and ABC-DC2?


Options are :

  • . By isolating ABC-App1 and ABC-DC3 in a separate Active Directory site in the ABC.com domain. (Correct)
  • . By isolating ABC-App1 and ABC-DC3 in a separate child domain in the ABC.com forest.
  • By isolating ABC-App1 and ABC-DC3 in a separate Organizational Unit (OU) within the ABC.com domain.
  • . By isolating ABC-App1 and ABC-DC3 in a separate subnet within the ABC.com LAN

Answer : . By isolating ABC-App1 and ABC-DC3 in a separate Active Directory site in the ABC.com domain.

You work as an enterprise administrator at ABC.com. The company network consists of a single Active Directory Domain Services (AD DS) domain named ABC.com. The company has a main office and two branch offices. The three offices are connected by fast WAN links. The network routers in each office support Simple Certificate Enrollment Protocol (SCEP). The company is in the process of implementing a PKI (Public Key Infrastructure). You have installed a Windows Server 2008 R2 Standard Edition server named ABC-RootCA which runs the Active Directory Certificate Services (AD CS) role and is configured as a root certification authority for the domain. You install a second Windows Server 2008 R2 Standard Edition server named ABC-CA1. ABCCA1 runs the Active Directory Certificate Services (AD CS) role and is configured as a subordinate CA to ABC-RootCA. A Windows Server 2008 R2 Standard Edition server named ABC-Web1 runs the Web Server (IIS) role. You want to enable the Network Device Enrollment service so that the network routers can be configured for device authentication. What changes do you need to make in the network to enable the Network Device Enrollment service?


Options are :

  • You need to enable the Web enrollment component on ABC-Web1.
  • . You need to upgrade ABC-RootCA and ABC-CA1 to Windows Server 2008 R2 Enterprise Edition. . (Correct)
  • You need to upgrade ABC-RootCA to Windows Server 2008 R2 Enterprise Edition.
  • You need to install Active Directory Domain Services (AD DS) on ABC-RootCA.

Answer : . You need to upgrade ABC-RootCA and ABC-CA1 to Windows Server 2008 R2 Enterprise Edition. .

You work as an enterprise administrator at ABC.com. The ABC.com network has a forest that runs at the forest functional level of Windows Server 2008. All servers in the ABC.com network run Windows Server 2008 R2. The domain runs at the Windows Server 2008 functional level. The company has two departments named Production and Sales. An organizational unit (OU) named ProductionUsers contains all Production department user accounts. An organizational unit (OU) named SalesUsers contains all Sales department user accounts. All Production department users are members of a global group named ProductionUsersGrp. All Sales department users are members of a global group named SalesUsersGrp. You need to configure password policies for the Production and Sales users. Production users must change their password every 60 days. Sales users must change their passwords every 45 days. How should you configure the password policies?


Options are :

  • . You should modify the Default Domain Policy.
  • You should create a single fine grained password policy linked to the domain.
  • You should create two fine grained password policies, one linked to the ProductionUsers OU and one linked to the SalesUsers OU.
  • . You should create two fine grained password policies, one linked to the ProductionUsersGrp group and one linked to the SalesUsersGrp group. (Correct)

Answer : . You should create two fine grained password policies, one linked to the ProductionUsersGrp group and one linked to the SalesUsersGrp group.

Microsoft Windows Server 2016 Certification: Exam 70-741 Set 2

You work as a Network Administrator at ABC.com. The network consists of a single Active Directory Domain Services (AD DS) domain named ABC.com. The company has a main office and a branch office. The two offices are connected by a slow WAN link. All servers run Windows Server 2008 R2 and all client computers run Windows 7 Professional. All domain controllers are located in the main office. The branch office contains a Windows Server 2008 R2 named ABC-File1. ABC-File1 runs the File Services role and hosts shared folders for the branch office users. The branch office does not have a physically secure location for the file server. You need to ensure that the files on ABC-File1 cannot be accessed if the server is removed from the network. How can you protect the data on ABC-File1?


Options are :

  • By configuring Windows BitLocker Drive Encryption (BitLocker) on ABC-File1 (Correct)
  • By configuring Syskey on ABC-File1.
  • . By installing Microsoft Security Assessment Tool (MSAT) on ABC-File1.
  • By configuring IPSec on ABC-File1. .

Answer : By configuring Windows BitLocker Drive Encryption (BitLocker) on ABC-File1

You work as an enterprise administrator at ABC.com. The corporate network of ABC consists of a single Active Directory forest named ABC.com. The ABC.com forest contains a forest root domain named ABC.com and six child domains. All the domain controllers on the ABC.com network run Windows Server 2008 R2. The functional level of the ABC.com forest is Windows Server 2003. ABC.com has entered into a partnership with a company named WillowBridge Inc. Their network consists of an Active Directory forest named WillowBridge.com. The WillowBridge.com forest contains a forest root domain named WillowBridge.com and four child domains. All the domain controllers on the WillowBridge.com network run Windows Server 2003. The functional level of the WillowBridge.com forest is Windows 2000 Server Mixed Mode. Users in all seven ABC.com domains need to access resources in all five WillowBridge.com domains. Users in all five WillowBridge.com domains need to access resources in all seven ABC.com domains. What is the easiest way to prepare the environment to enable you to provide the required access


Options are :

  • . Raise the functional level of the WillowBridge.com forest to Windows Server 2003. (Correct)
  • Install Active Directory Federation Services (AD FS) on at least one domain controller in each domain.
  • Upgrade all the domain controllers in the WillowBridge.com network to Windows Server 2008 R2.
  • . Raise the functional level of the WillowBridge.com forest to Windows 2000 Server Native Mode

Answer : . Raise the functional level of the WillowBridge.com forest to Windows Server 2003.

You work as an enterprise administrator at ABC.com. The company has a main office in New York and regional offices in Boston, Atlanta and Richmond. The Boston, Atlanta and Richmond offices have WAN links connecting them to the New York office. The Boston, Atlanta and Richmond each have a local branch office. The branch offices have WAN links that connect them to the regional offices. The branch offices do not currently contain domain controllers. You are in the process of deploying new domain controllers throughout the ABC.com network. You install two new Windows Server 2008 R2 writeable domain controllers in physically secure server rooms in the Boston, Atlanta and Richmond offices. You need to plan the deployment of domain controllers to the branch offices. You are concerned that the branch offices do not have physically secure server rooms. You need to ensure that the domain user account passwords stored on the domain controllers are protected if a branch office domain controller is physically removed from the office. Which two of the following options describe how you should configure the branch office domain controllers? (Choose two). A. Install a Server Core installation of Windows Server 2008. B. Install a full installation of Windows Server 2008. C. Configure the server as a read-only domain controller (RODC). D. Configure the server as a writable domain controller.


Options are :

  • A,C (Correct)
  • C,D
  • A,B
  • B,D

Answer : A,C

70-515 Web Applications Development with Microsoft .NET Exam Set 1

You work as a Network Administrator at ABC.com. The network consists of a single Active Directory Domain Services (AD DS) domain named ABC.com. The company has a main office and a branch office. The two offices are connected by a slow WAN link. All servers run Windows Server 2008 R2 and all client computers run Windows 7 Professional. All domain controllers are located in the main office. The main office contains a Windows Server 2008 R2 named ABC-File1. ABC-File1 runs the File Services role and hosts shared folders for the main office users and the branch office users. One day the WAN link between the two offices fails. Branch office users report that they cannot access shared folders on ABC-File1. The WAN link is repaired and the users are able to access shared folders on ABC-File1. How can you ensure that users in the branch office can access ABC-File1 in the event of another WAN link failure?


Options are :

  • . By installing the DFS role on ABC-File1.
  • . By enabling BranchCache in host mode on ABC-File1
  • By enabling BranchCache in distributed mode on the branch office client computers. (Correct)
  • By enabling Universal Group Membership Caching in the branch office.

Answer : By enabling BranchCache in distributed mode on the branch office client computers.

You work as an enterprise administrator at ABC.com. The network contains two Active Directory Domain Services (AD DS) domains named ABC.com and Research.ABC.com. All servers in both domains run Windows Server 2008 R2 and all client computers run Windows 7 Enterprise. A Windows Server 2008 R2 server named ABC-ResearchFiles is located in the Research.ABC.com domain. A shared folder named Secure on ABC-ResearchFiles contains confidential information. A domain local group named Secure-AccessGrp has access to the \\ABC-ResearchFiles\Secure shared folder. The ABC.com root domain contains a global group named ABCManagers. The Research.ABC.com domain contains a global group named ResearchManagers. The ABCManagers global group and the ResearchManagers global group are members of the Secure- AccessGrp domain local group. You need to manage the membership of the Secure-AccessGrp group. You need a system that will automate the removal of unauthorized users from the Secure-AccessGrp group. Which two of the following steps should you perform to accomplish this task? A. By configuring the Restricted Groups policy in a Group Policy Object (GPO) linked to the ABC.com domain. B. By configuring the Restricted Groups policy in a Group Policy Object (GPO) linked to the Research.ABC.com domain. C. By configuring the Restricted Groups policy in a Group Policy Object (GPO) linked to the ABC.com domain and the Research.ABC.com domain. D. Configure the ABCManagers global group and the ResearchManagers global group as Restricted Groups. E. Configure the Secure-AccessGrp domain local group as a Restricted Group.


Options are :

  • B,D
  • A,D
  • B,E (Correct)
  • A,C

Answer : B,E

You work as a Network Administrator at ABC.com. The network consists of a single Active Directory Domain Services (AD DS) domain named ABC.com. The network contains physical servers running Windows Server 2008 R2. The network also includes a virtual environment consisting of virtual machines (VMs) running on Windows Server 2008 R2 Hyper-V host servers. A Hyper-V host server named ABC-Host1 hosts 10 VMs running either Windows Server 2003 or Windows Server 2008 R2. You install a new physical server named ABC-SCOM1. ABC-SCOM1 runs Microsoft System Center Operations Manager (SCOM) 2007. ABC-SCOM1 will be used to manage the physical servers and the virtual machines running on the network. You need to be able to gather performance statistics and event log data from the VMs running on ABC-Host1. How can you gather the required information?


Options are :

  • By configuring Event Log subscriptions on the VMs
  • By installing Microsoft Baseline Security Analyzer on ABC-Host1.
  • By installing an SCOM agent on the VMs. (Correct)
  • By installing Microsoft Security Assessment Tool on the virtual machines.

Answer : By installing an SCOM agent on the VMs.

Microsoft 70-243 Administering Deploying System Manager Exam Set 3

You work as an enterprise administrator at ABC.com. The company network consists of a single Active Directory Domain Services (AD DS) domain named ABC.com. All servers run Windows Server 2008 R2 and all client computers run Windows 7 Professional. You have been asked to configure a Network Access Protection (NAP) environment to secure the network. You install in the Routing and Remote Access role and the Network Policy Service (NPS) role with the Health Registration Authority feature on a Windows Server 2008 R2 server named ABCRRAS1. You need to configure NAP enforcement methods on ABC-RRAS1. Which three of the following are valid NAP enforcement methods? (Choose three). A. NAP Enforcement for TCP/IP. B. NAP Enforcement for 802.1N. C. NAP Enforcement for IPsec Communications. D. NAP Enforcement for 802.1X. E. NAP Enforcement for VPN.


Options are :

  • C,D,E (Correct)
  • E,A,B
  • D,E,A
  • A,D,C

Answer : C,D,E

You work as an enterprise administrator at ABC.com. The company network consists of a single Active Directory Domain Services (AD DS) domain named ABC.com. The company has a main office and two branch offices. The three offices are connected by fast WAN links. You have installed network routers in each office that support Simple Certificate Enrollment Protocol (SCEP). The company is in the process of implementing a PKI (Public Key Infrastructure). You have installed a Windows Server 2008 R2 Enterprise Edition server named ABC-RootCA which runs the Active Directory Certificate Services (AD CS) role and is configured as a root certification authority for the domain. You install a second Windows Server 2008 R2 Enterprise Edition server named ABC-CA1. ABCCA1 runs the Active Directory Certificate Services (AD CS) role and is configured as a subordinate CA to ABC-RootCA. A Windows Server 2008 R2 Standard Edition server named ABC-Web1 runs the Web Server (IIS) role. You want the network routers to be configured for device authentication. What changes do you need to make in the network to enable the network routers to be configured for device authentication?


Options are :

  • You need to install Active Directory Domain Services (AD DS) on ABC-RootCA
  • You need to enable the Web enrollment component on ABC-Web1. .
  • You need to enable Network Device Enrollment Service (NDES) on the Certificate Services servers. . (Correct)
  • You need to enable Simple Certificate Enrollment Protocol (SCEP) on the Certificate Services servers. .

Answer : You need to enable Network Device Enrollment Service (NDES) on the Certificate Services servers. .

You work as a Network Administrator at ABC.com. The network consists of a single Active Directory Domain Services (AD DS) domain named ABC.com. The company has a main office and a branch office. The two offices are connected by a slow WAN link. All servers run Windows Server 2008 R2 and all client computers run Windows 7 Professional. All domain controllers are located in the main office. The number of users in the branch office has increased over the last year. The company has recently employed an IT Technician named Mia Hamm in the branch office to maintain the branch office computers and manage branch office user accounts. The branch office contains a Windows Server 2008 R2 named ABC-File1. ABC-File1 runs the File Services role and hosts shared folders for the branch office users. One day the WAN link between the two offices fails. Branch office users report that they cannot access shared folders on ABC-File1. The WAN link is repaired and the users are able to access shared folders on ABC-File1. How can you ensure that users in the branch office can access ABC-File1 in the event of another WAN link failure?


Options are :

  • . By installing the DNS role on ABC-File1 and configuring a secondary zone for the ABC.com domain. . (Correct)
  • By enabling BranchCache in distributed mode on the branch office client computers.
  • By configuring an entry in the Hosts file on ABC-File1
  • . By enabling Universal Group Membership Caching in the branch office.

Answer : . By installing the DNS role on ABC-File1 and configuring a secondary zone for the ABC.com domain. .

Microsoft 98-367 & 98-368 Certification Practical Exam Set 3

You work as a Network Administrator at ABC.com. The network consists of a single Active Directory Domain Services (AD DS) domain named ABC.com. The company has a main office and a branch office. The two offices are connected by a slow WAN link. All servers run Windows Server 2008 R2 and all client computers run Windows 7 Professional. All domain controllers are located in the main office. You plan to install a domain controller in the branch office. You need to configure the environment to ensure that the branch office domain controller receives the authentication requests when users log on in the branch office. You also want to minimize Active Directory replication traffic over the WAN link. Which two of the following actions should you perform? A. Create an organizational unit (OU) for each office. B. Create an Active Directory Site for each office. C. Configure a password replication policy for the branch office domain controller. D. Create Active Directory Subnet objects for each office. E. Install Active Directory Lightweight Directory Services (AD LDS) on the branch office domain controller. F. Disable the Global Catalog option on the branch office domain controller


Options are :

  • A,B
  • C,D
  • B,D (Correct)
  • E,F

Answer : B,D

You work as an enterprise administrator at ABC.com. The company network consists of a single Active Directory Domain Services (AD DS) domain named ABC.com. The network includes 110 servers running Windows Server 2008 R2. 20 of the servers are physical servers running Windows Server 2008 R2 Enterprise Edition. 40 of the servers are physical servers running Windows Server 2008 R2 Standard Edition. 40 servers are virtual machines (VMs) running on 10 Windows Server 2008 R2 Hyper-V hosts. You need to design a Windows Update strategy for the servers. You move the computer accounts of all the servers except the Hyper-V hosts to a new organization unit (OU) called Win2008R2. You now need to make sure that the servers are able to download and install approved updates automatically. You then create a Group Policy object (GPO) named ServerGPO and link it to the Win2008R2 OU. Which two of the following steps should you also perform to accomplish the task? (Choose two). A. You should configure ServerGPO with the enable Automatic Updates from a local server option. B. You should configure ServerGPO with the enable Automatic Updates from Microsoft Update option. C. You should configure a Windows Server Update Services (WSUS) 3.0 server. D. You should configure a Microsoft System Center Operations Manager (SCOM) 2007 server. E. You should configure a Microsoft System Center Virtual Machine Manager server.


Options are :

  • A,B
  • A,E
  • B,D
  • A,C (Correct)

Answer : A,C

You work as a Network Administrator at ABC.com. The network consists of a single Active Directory Domain Services (AD DS) domain named ABC.com. The company has a main office and a branch office. The two offices are connected by a reliable WAN link. The main office is represented by an Active Directory site named MainSite. The branch office is represented by an Active Directory site named BranchSite. All servers run Windows Server 2008 R2 and all client computers run Windows 7 Professional. The main office computer accounts are located in an organizational unit named MainComputers. The branch office computer accounts are located in an organizational unit named BranchComputers. The main office user accounts are located in an organizational unit named MainUsers. The branch office computer accounts are located in an organizational unit named BranchUsers. Each office has an IT Support team. The user objects and computer objects for the IT Support users are in a global security group named ITSupport. The main office IT Support users are currently working on an infrastructure upgrade in the branch office. The main office IT Support users are using their company portable computers. You need to deploy a technical application to all the IT Support users. You create a Group Policy Object named TechApp. You configure the TechApp GPO to assign the technical application to users and filter the GPO for the ITSupport group. You now need to link the TechApp GPO in Active Directory. Where could you link the TechApp GPO to ensure all the IT Support users receive the application? (Choose two possible complete answers). A. You could link the TechApp GPO to the Domain. B. You could link the TechApp GPO to the MainSite site. C. You could link the TechApp GPO to the BranchSite site. D. You could link the TechApp GPO to the MainUsers OU. E. You could link the TechApp GPO to the MainComputers and BranchComputers OUs.


Options are :

  • A,B
  • B,D
  • D,C
  • A,C (Correct)

Answer : A,C

Microsoft 98-367 & 98-368 Certification Practical Exam Set 1

You work as a Network Administrator at ABC.com. The network consists of a single Active Directory Domain Services (AD DS) domain named ABC.com. The company has a main office and a branch office. The two offices are connected by a slow WAN link. All servers run Windows Server 2008 R2 and all client computers run Windows 7 Professional. You install a server named ABC-App1 in the main office. You install the server component of an application on ABC-App1. You install a server running the Remote Desktop Session Host (RDSH) role in the main office. You install the client component of the application on the RDSH server and publish it as a RemoteApp for the branch office users. You want to make the client component of the application available to the branch office users in a Web browser. How can you accomplish this task?


Options are :

  • Install the Remote Desktop Connection Broker role on a server in the main office.
  • . Deploy the client application to the branch office computers as a virtual application (App-V) package
  • Install the RPC over HTTP Proxy role on a server in the branch office.
  • . Install the Remote Desktop Web Access (RDWA) role on a server in the main office. . (Correct)

Answer : . Install the Remote Desktop Web Access (RDWA) role on a server in the main office. .

You work as an enterprise administrator at ABC.com. The company network consists of a single Active Directory Domain Services (AD DS) domain named ABC.com. The company is in the process of implementing a PKI (Public Key Infrastructure). The company plans to use the PKI to encrypt email messages sent between the company client computers. Company users should be able to send secure emails to other company users. If a company user has an expired certificate, anyone attempting to send a secure email to them should receive a notification. You have installed a Windows Server 2008 R2 server named ABC-RootCA which runs the Active Directory Certificate Services (AD CS) role and is configured as a root certification authority for the domain. You install a second Windows Server 2008 R2 server named ABC-CA1. ABC-CA1 runs the Active Directory Certificate Services (AD CS) role and is configured as a subordinate CA to ABCRootCA. Both CA servers can only be accessed from the corporate LAN. A Windows Server 2008 R2 server named ABC-Web1 runs the Web Server role. ABC-Web1 is located in a perimeter network. Firewall rules permit only port 80 traffic to ABC-Web1. You want users to be able to request status information for single certificates using ABC-Web1. Which of the following options should you choose to comply with the email security requirements?


Options are :

  • You should install and configure the Online Responder service on ABC-Web1. . (Correct)
  • You should configure ABC-Web1 as a subordinate certification authority (CA) to ABC-RootCA
  • You should move ABC-CA1 to the perimeter network.
  • You should move ABC-Web1 to the same subnet as ABC-CA1. .

Answer : You should install and configure the Online Responder service on ABC-Web1. .

You work as an enterprise administrator at ABC.com. The company network consists of a single Active Directory Domain Services (AD DS) domain named ABC.com. All servers run Windows Server 2008 R2 and all client computers run Windows 7 Professional. The company is in the process of implementing a PKI (Public Key Infrastructure). You have installed a Windows Server 2008 R2 server named ABC-RootCA which runs the Active Directory Certificate Services (AD CS) role and is configured as a root certification authority for the domain. You install a second Windows Server 2008 R2 server named ABC-CA1. ABC-CA1 runs the Active Directory Certificate Services (AD CS) role and is configured as a subordinate CA to ABCRootCA. You need to configure the PKI to enable different users to perform different functions. For example, you need to assign departmental supervisors the ability to use their client computers to enroll smartcards for the employees in their departments. The IT Support team needs to be able to enroll user certificates. Which two of the following options would help you assign the required tasks? (Choose two) A. Certificate auto-enrollment. B. Group Policy. C. Restricted Enrollment Agents. D. Restricted Certificate Managers. E. Certificate Template Permissions.


Options are :

  • C,D
  • A,B
  • C,E (Correct)
  • D,B

Answer : C,E

70-513 WCF Development with Microsoft .NET Framework 4 Exam Set 3

You work as an enterprise administrator at ABC.com. The company network consists of a single Active Directory Domain Services (AD DS) domain named ABC.com. All servers run Windows Server 2008 R2 and all client computers run Windows 7 Professional. The company is in the process of implementing a PKI (Public Key Infrastructure). You have installed a Windows Server 2008 R2 server named ABC-RootCA which runs the Active Directory Certificate Services (AD CS) role and is configured as a root certification authority for the domain. You install a second Windows Server 2008 R2 server named ABC-CA1. ABC-CA1 runs the Active Directory Certificate Services (AD CS) role and is configured as a subordinate CA to ABCRootCA. A Windows Server 2008 R2 server named ABC-Web1 runs the Web Server role and is used to provide an interface to the certification authority. A company security policy requires all client computers to automatically obtain computer certificates. How can you accomplish this task?


Options are :

  • By configuring the Computer Configuration section of the Default Domain Policy to enable autoenrol (Correct)
  • By installing configure the AD CS Online Responder service on ABC-CA1. . lment.
  • By installing the Network Device Enrollment Service on ABC-Web1.
  • By installing Active Directory Domain Services (AD DS) on ABC-RootCA. .

Answer : By configuring the Computer Configuration section of the Default Domain Policy to enable autoenrol

70-647 Pro Windows Server 2008 Enterprise Administrator Exam Set 5

You work as an enterprise administrator at ABC.com. The company consists of a head office and five branch offices. The corporate network of the company consists of one Active Directory (AD) forest that runs at the functional level of Windows Server 2003. The AD forest contains six domains. Each company office is configured as a single domain. The Boston office contains the forest root domain. The New York, Miami, Atlanta, Dallas and Chicago offices contain child domains. All domain controllers in each domain run Windows Server 2003. The functional level of each domain is Windows Server 2003. You plan to deploy a Windows Server 2008 R2 read-only domain controller (RODC) in the New York office. Which of the following options would you choose to prepare the environment for the installation of the RODC in the New York domain?


Options are :

  • . Upgrade a single domain controller in the New York office to Windows Server 2008 R2 (Correct)
  • . Upgrade all domain controllers in the Boston office to Windows Server 2008 R2 and raise the domain functional level to Windows Server 2008.
  • Upgrade a single domain controller in the Boston office to Windows Server 2008 R2. .
  • . Upgrade all domain controllers in the New York office to Windows Server 2008 R2 and raise the domain functional level to Windows Server 2008

Answer : . Upgrade a single domain controller in the New York office to Windows Server 2008 R2

You work as an enterprise administrator at ABC.com. The corporate network of ABC consists of a single Active Directory Domain Services (AD DS) domain. The company has a main office and 20 branch offices, which are connected through unreliable WAN links to the main office. All servers in the domain run Windows Server 2008 R2 and all client computers run Windows 7 Professional. The branch offices of the company are managed by a local administrator in each branch office. You need to design a Windows Update management strategy for the company. Only Windows Updates that have been approved by the main office are allowed to be installed in the branch offices. You install a Windows Server 2008 R2 server running Windows Server Update Services (WSUS) 3.0 in each office. You need to configure the WSUS servers before configuring the client computers to download updates from the local WSUS servers. How should you configure the WSUS servers? (Choose three) A. Configure the main office WSUS server to download updates from Microsoft. B. Configure the main office WSUS server as a replica server. C. Configure the branch office WSUS servers as standalone servers. D. Configure the branch office WSUS servers as child servers. E. Configure the branch office WSUS servers as replica servers. F. Configure the branch office WSUS servers to download updates from Microsoft. G. Configure the branch office WSUS servers to download updates from the main office WSUS server.


Options are :

  • A,E,G (Correct)
  • D,E,A
  • B,C,D
  • E,F,G

Answer : A,E,G

You work as a Network Administrator at ABC.com. The network consists of a single Active Directory Domain Services (AD DS) domain. You are configuring a virtual environment for the company. You have an iSCSI storage disk array that will be used to store virtual machines (VMs). You install a server named ABC-Host1 that runs a Server Core Installation of Windows Server 2008 R2. You need to configure ABC-Host1 to store to VMs on the iSCSI disk array. Which two of the following tools could you use? A. You could use Disk Management. B. You could use Diskpart.exe. C. You could use iSCSICLI.exe. D. You could use iSCSICPL.exe.


Options are :

  • C,D (Correct)
  • A,C
  • A,B
  • B,E

Answer : C,D

Microsoft Windows Server 2016 Certification: Exam 70-741 Set 3

You work as a Network Administrator at ABC.com. The network consists of a single Active Directory Domain Services (AD DS) domain named ABC.com. You have installed a Server Core Installation of Windows Server 2008 R2 on a server named ABC-SRV1. You use a Windows 7 Professional client computer named ABC-Admin1. You want to be able to manage the storage on ABC-SRV1 using the Disk Management tool on ABC-Admin1. You need to configure the firewall on ABC-SRV1 by creating a rule group using the Netsh advfirewall command. Which rule group should you create to enable you to remotely manage the storage on ABCSRV1?


Options are :

  • You should create a “Remote Desktop” rule group.
  • . You should create a “Remote Volume Management” rule group. (Correct)
  • You should create a “Remote Administration” rule group. .
  • . You should create a “Remote Access” rule group.

Answer : . You should create a “Remote Volume Management” rule group.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions