Microsoft 70-647 Windows Enterprise Administrator Exam Set 1

You work as an enterprise administrator at YYY.com. The corporate network of ABC consists of a single Active Directory Domain Services (AD DS) forest. The ABC forest contains a root domain named YYY.com. All servers in the YYY.com domain run Windows Server 2008 R2. A Windows Server 2008 R2 server named ABC-DC1 is configured as a domain controller for the YYY.com domain and hosts all five FSMO roles. A partner company of ABC named Willow Bridge Ltd also consists of single Active Directory Domain Services (AD DS) forest. The Willow Bridge forest contains a root domain named WillowBridge.com. All servers in the WillowBridge.com domain run Windows Server 2008 R2. A Windows Server 2008 R2 server named WB-DC1 is configured as a domain controller for the WillowBridge.com domain and hosts all five FSMO roles. ABC and Willow Bridge have decided to merge companies. The WillowBridge.com domain resources will be migrated into the YYY.com domain. How can you migrate the WillowBridge.com domain resources into the YYY.com domain?


Options are :

  • By installing and running the movetree.exe tool on WB-DC1.
  • By installing and running the movetree.exe tool on ABC-DC1.
  • By installing and running the Microsoft Windows User State Migration Tool (USMT) on ABC-DC1.
  • By installing and running the Microsoft Windows User State Migration Tool (USMT) on WB-DC1.
  • By installing and running the Active Directory Migration Tool (ADMT) on ABC-DC1.
  • By installing and running the Active Directory Migration Tool (ADMT) on WB-DC1.

Answer :By installing and running the Active Directory Migration Tool (ADMT) on ABC-DC1.

Microsoft 70-642 Windows Server Network Infrastructure Exam Set 5

You work as an enterprise administrator at YYY.com. The corporate network of ABC consists of an Active Directory Domain Services (AD DS) domain. The company has a main office and 10 branch offices. Each branch office is connected to the main office by a WAN link. All servers in the main office run Windows Server 2008 R2. The branch offices do not currently contain any servers. You have been assigned the task of deploying domain controllers to the branch offices. To improve the security of the domain controllers, you want to ensure that the minimum number of services are running on the domain controllers. You need to ensure that any branch office user can be authenticated in their branch office in the event of a WAN link failure Which three of the following options should you perform to accomplish this task? (Choose three).


Options are :

  • Install Active Directory Federation Services (AD FS).
  • Install Active Directory Domain Services (AD DS).
  • Configure the server as a read-only domain controller (RODC).
  • Deploy a full installation of Windows Server 2008 R2 in each branch office.
  • Configure the server as a domain controller.
  • Deploy a Server Core installation of Windows Server 2008 R2 in each branch office.

Answer :Install Active Directory Domain Services (AD DS). Configure the server as a read-only domain controller (RODC). Deploy a Server Core installation of Windows Server 2008 R2 in each branch office.

You work as an enterprise administrator at YYY.com. The company has three departments, Sales, Marketing, and Development. The corporate network of ABC consists of a single Windows Server 2008 Active Directory Domain Services (AD DS) domain. All servers run Windows Server 2008 R2. Some employees in the Development department are allowed to work from home. These employees need to access the applications installed on the internal network computers and the file servers on the corporate network. Company security policy states that all computers connected to the corporate network must have up to date Anti-Virus software installed and all external connections to the corporate network must be encrypted using SSL. You decide to provide access to the Developers by using Remote Desktop Connections. You configure servers running Remote Desktop Session Host (RDSH) role. How can you ensure that remote desktop connections comply with the company security policy?


Options are :

  • By configuring Terminal Services Resource Authorization Policies (TS RAPs) on the RDSH servers.
  • By configuring a VPN Server that accepts Secure Socket Tunneling Protocol (SSTP) connections.
  • By configuring a Remote Desktop Web Access (RDWA) server with Network Access Protection configured.
  • By configuring a Remote Desktop Gateway (RDGW) server with Network Access Protection configured.

Answer :By configuring a Remote Desktop Gateway (RDGW) server with Network Access Protection configured.

You work as an enterprise administrator at YYY.com. The corporate network of ABC consists of a single Windows 2000 Native Mode Active Directory domain. All domain controllers run Windows Server 2003. The network contains four Windows Server 2003 servers named ABC-SR05, ABC-SR06, ABC-SR07, and ABC-SR08. ABC-SR05 is configured as a Terminal Services licensing server. The other three servers are configured as Terminal Servers. You install a Windows Server 2008 R2 server named ABC-SR09. You install the Remote Desktop Session Host role on ABC-SR09. You have been asked to perform regular software audits. You want to implement a reporting solution to ease the task of tracking the issuance of Terminal Services client access licenses (TS CALs). Which of the following options would you choose to accomplish this task?


Options are :

  • Raise the functional level of the domain to Windows Server 2003.
  • Install the Remote DesABCop Web Access role on the servers that have the Terminal Services server role installed.
  • Upgrade ABC-SR05 to Windows Server 2008 R2.
  • Install the TS Session Broker role on the servers that have Terminal Services server role installed.
  • Upgrade ABC-SR06, ABC-SR07, and ABC-SR08 to Windows Server 2008 R2.
  • Upgrade all domain controllers to Windows Server 2008.

Answer :Upgrade ABC-SR05 to Windows Server 2008 R2.

70-646 Pro Windows Server 2008 - Server Administrator Exam Set 7

You work as an enterprise administrator at YYY.com. The corporate network of ABC consists of a single Active Directory Domain Services (AD DS) forest. The ABC forest contains a root domain is named YYY.com. All servers in the YYY.com domain run Windows Server 2008 R2. A partner company of ABC named Willow Bridge Ltd also consists of single Active Directory Domain Services (AD DS) forest. The Willow Bridge forest contains a root domain named WillowBridge.com. All servers in the WillowBridge.com domain run Windows Server 2008 R2. The YYY.com domain contains a Windows Server 2008 R2 server named ABC-App1. Members of a global security group named ABCAppUsers in the WillowBridge.com domain need to access ABC-App1. A forest trust exists between the two forests to cater for this need. You discover that all WillowBridge.com users can access all network resources in the YYY.com domain. You need to restrict members of the ABCAppUsers group so that they can access ABC-App1 only. All other WillowBridge.com should not be able to access network resources in the YYY.com domain. You need to configure the required access. What should you do first?


Options are :

  • You should modify the authentication scope of the forest trust by selecting the "Allow authentication only for selected resources in the local domain" option.
  • You should configure the NTFS permissions on ABC-App1 to permit access to the ABCAppUsers group only.
  • You should remove the forest trust and configure a one-way external domain trust between the two domains.
  • You should remove the forest trust and configure an Active Directory Federation Services (AD FS) trust between the two domains.

Answer :You should modify the authentication scope of the forest trust by selecting the "Allow authentication only for selected resources in the local domain" option.

You work as a Network Administrator at YYY.com. The network consists of a single Active Directory Domain Services (AD DS) domain named YYY.com. The company has a main office and a branch office. The two offices are connected by a slow WAN link. All servers run Windows Server 2008 R2 and all client computers run Windows 7 Professional. All domain controllers are located in the main office. The main office contains a Windows Server 2008 R2 named ABC-File1. ABC-File1 runs the File Services role and hosts shared folders for the main office users and the branch office users. One day the WAN link between the two offices fails. Branch office users report that they cannot access shared folders on ABC-File1. The WAN link is repaired and the users are able to access shared folders on ABC-File1. How can you ensure that users in the branch office can access ABC-File1 in the event of another WAN link failure?


Options are :

  • By enabling Universal Group Membership Caching in the branch office.
  • By enabling BranchCache in host mode on ABC-File1.
  • By installing the DFS role on ABC-File1.
  • By enabling BranchCache in distributed mode on the branch office client computers.

Answer :By enabling BranchCache in distributed mode on the branch office client computers.

You work as an enterprise administrator at YYY.com. The company network consists of a single Active Directory Domain Services (AD DS) domain named YYY.com. The company has a main office and two branch offices. The three offices are connected by fast WAN links. The network routers in each office support Simple Certificate Enrollment Protocol (SCEP). The company is in the process of implementing a PKI (Public Key Infrastructure). You have installed a Windows Server 2008 R2 Standard Edition server named ABC-RootCA which runs the Active Directory Certificate Services (AD CS) role and is configured as a root certification authority for the domain. You install a second Windows Server 2008 R2 Standard Edition server named ABC-CA1. ABC-CA1 runs the Active Directory Certificate Services (AD CS) role and is configured as a subordinate CA to ABC-RootCA. A Windows Server 2008 R2 Standard Edition server named ABC-Web1 runs the Web Server (IIS) role. You want to enable the Network Device Enrollment service so that the network routers can be configured for device authentication. What changes do you need to make in the network to enable the Network Device Enrollment service?


Options are :

  • You need to install Active Directory Domain Services (AD DS) on ABC-RootCA.
  • You need to enable the Web enrollment component on ABC-Web1.
  • You need to upgrade ABC-RootCA and ABC-CA1 to Windows Server 2008 R2 Enterprise Edition.
  • You need to upgrade ABC-RootCA to Windows Server 2008 R2 Enterprise Edition.

Answer :You need to upgrade ABC-RootCA and ABC-CA1 to Windows Server 2008 R2 Enterprise Edition.

70-662 Microsoft Exchange Server 2010 Configuring Exam Set 1

You work as an enterprise administrator at YYY.com. The YYY.com network has a forest that runs at the forest functional level of Windows Server 2008. All servers in the YYY.com network run Windows Server 2008 R2. The domain runs at the Windows Server 2008 functional level. The company has two departments named Production and Sales. An organizational unit (OU) named ProductionUsers contains all Production department user accounts. An organizational unit (OU) named SalesUsers contains all Sales department user accounts. All Production department users are members of a global group named ProductionUsersGrp. All Sales department users are members of a global group named SalesUsersGrp. You need to configure password policies for the Production and Sales users. Production users must change their password every 60 days. Sales users must change their passwords every 45 days. How should you configure the password policies?


Options are :

  • You should create a single fine grained password policy linked to the domain.
  • You should create two fine grained password policies, one linked to the ProductionUsers OU and one linked to the SalesUsers OU.
  • You should create two fine grained password policies, one linked to the ProductionUsersGrp group and one linked to the SalesUsersGrp group.
  • You should modify the Default Domain Policy.

Answer :You should create two fine grained password policies, one linked to the ProductionUsersGrp group and one linked to the SalesUsersGrp group.

You work as a Network Administrator at YYY.com. The corporate LAN consists of a single Active Directory Domain Services (AD DS) domain named YYY.com. All servers run Windows Server 2008 R2. You have been asked to implement a highly available SQL Server solution. The databases must remain online if a single server fails. You also need to minimize costs. You purchase and configure an iSCSI SAN. You also purchase two new servers that contain multiple network adapters. You install Windows Server 2008 R2 on the servers and configure the iSCSI initiator on each server to connect to a shared LUN (Logical Unit Number) on the SAN. Which three of the following steps should you perform to configure the servers? (Choose three).


Options are :

  • Configure Failover Clustering on the two servers.
  • Install SQL Server 2005 Enterprise Edition on the two servers.
  • Configure Network Load Balancing on the two servers.
  • Configure the two servers to use local disk storage.
  • Install SQL Server 2008 R2 Standard Edition on the two servers.
  • Configure the two servers to use shared disk storage.

Answer :Configure Failover Clustering on the two servers. Install SQL Server 2008 R2 Standard Edition on the two servers. Configure the two servers to use shared disk storage.

You work as a Network Administrator at YYY.com. The network consists of a single Active Directory Domain Services (AD DS) domain named YYY.com. The company has a main office and a branch office. The two offices are connected by a slow WAN link. All servers run Windows Server 2008 R2 and all client computers run Windows 7 Professional. You install a server named ABC-App1 in the main office. You install the server component of an application on ABC-App1. You install a server running the Remote Desktop Session Host (RDSH) role in the main office. You install the client component of the application on the RDSH server and publish it as a RemoteApp for the branch office users. You want to make the client component of the application available to the branch office users in a Web browser. How can you accomplish this task?


Options are :

  • Install the RPC over HTTP Proxy role on a server in the branch office.
  • Install the Remote Desktop Web Access (RDWA) role on a server in the main office.
  • Deploy the client application to the branch office computers as a virtual application (App-V) package.
  • Install the Remote Desktop Connection Broker role on a server in the main office.

Answer :Install the Remote Desktop Web Access (RDWA) role on a server in the main office.

Microsoft Windows Server 2016 Certification: Exam 70-741 Set 1

You work as an enterprise administrator at YYY.com. The YYY.com network has a domain named YYY.com. All servers in the YYY.com network run Windows Server 2008 R2. You are configuring a virtual environment for the company. You have installed two Windows Server 2008 R2 servers named ABC-SR07 and ABC-SR08. Both servers run the Hyper-V role. You want to configure host clustering on ABC-SR07 and ABC-SR08. You want ABC-SR07 and ABC-SR08 to support up to eight virtual machines each with Pass-Through Disk Access. How should you configure ABC-SR07 and ABC-SR08 to support the planned virtual machines?


Options are :

  • You should connect both host servers to the same eight LUNs (logical unit numbers) on an iSCSI SAN.
  • You should configure four physical disks as direct attached storage (DAS) on each host server.
  • You should configure eight physical disks as direct attached storage (DAS) on each host server.
  • You should connect each host server to four separate LUNs (logical unit numbers) on an iSCSI SAN.
  • You should connect each host server to eight separate LUNs (logical unit numbers) on an iSCSI SAN.

Answer :You should connect both host servers to the same eight LUNs (logical unit numbers) on an iSCSI SAN.

You work as a Network Administrator at YYY.com. The network consists of a single Active Directory domain named YYY.com. The company has a main office and a branch office. The two offices are connected by a slow WAN link. All servers run Windows Server 2003. All domain controllers are located in the main office. The functional level of the domain is Windows 2000 Server Mixed mode. The number of users in the branch office has increased over the last year. The company has recently employed an IT Technician named Mia Hamm in the branch office to maintain the branch office computers. Users in the branch office complain that it takes a long time to log on to their computers. You decide to install a Windows Server 2008 R2 Read-Only Domain Controller (RODC) in the branch office to improve log on times. You install a writeable Windows Server 2008 R2 domain controller in the main office. You need to configure the domain to support a Windows Server 2008 R2 Read-Only Domain Controller (RODC). What is the minimum domain and forest functional level required to support a Windows Server 2008 R2 Read-Only Domain Controller (RODC)? (Choose two).


Options are :

  • Windows 2008 R2 domain functional level.
  • Windows 2003 domain functional level.
  • Windows 2000 forest functional level.
  • Windows 2008 domain functional level.
  • Windows 2000 Native domain functional level.
  • Windows 2003 forest functional level.

Answer :Windows 2003 domain functional level. Windows 2003 forest functional level.

You work as an enterprise administrator at YYY.com. The YYY.com network has a forest that runs at the forest functional level of Windows Server 2008. All servers in the YYY.com network run Windows Server 2008 R2. The domain runs at the Windows Server 2008 functional level. The computer accounts for all client computers in the domain are in an organizational unit (OU) named ABCClients. The user accounts for all users in the domain are in an organizational unit (OU) named ABCUsers. The company has two departments named Production and Sales. A global group named ProductionUsers contains all Production department user accounts. A global group named SalesUsers contains all Sales department user accounts. You need to provide the Production manager the ability to manage the user accounts for all users in the Production department. You also need to provide the Sales manager the ability to manage the user accounts for all users in the Sales department. You create an organizational unit (OU) named Production and delegate the required administrative permissions to the Production manager. You then create an organizational unit (OU) named Sales and delegate the required administrative permissions to the Sales manager. What should you do next?


Options are :

  • You should move the Production OU and the Sales OU into the ABCUsers OU then run the Delegation of Control Wizard on the ABCUsers OU.
  • You should move the ProductionUsers group to the Production OU and move the SalesUsers group to the Sales OU.
  • You should move the Production computer accounts to the Production OU and move the Sales computer accounts to the Sales OU.
  • You should move the Production user accounts to the Production OU and move the Sales user accounts to the Sales OU.

Answer :You should move the Production user accounts to the Production OU and move the Sales user accounts to the Sales OU.

70-646 Pro Windows Server 2008 - Server Administrator Exam Set 6

You work as an enterprise administrator at YYY.com. The corporate network of ABC consists of a single Active Directory Domain Services forest. The ABC forest contains a root domain is named YYY.com and a child domain named corp.YYY.com. A partner company of ABC called Willow Bridge Ltd also consists of a single Active Directory Domain Services forest. The Willow Bridge forest contains a root domain named WillowBridge.com and a child domain named corp.willowbridge.com. The corp.YYY.com domain contains a Windows Server 2008 R2 server named ABC-App1. The corp.willowbridge.com domain contains a Windows Server 2008 R2 server named WBApp1. Users in the corp.YYY.com domain need to access WB-App1. Users in the corp.willowbridge.com domain need to access ABC-App1. Company security states that access to ABC-App1 or WB-App1 must be secured using Kerberos authentication. How can you configure the required access to ABC-App1 and WB-App1 using the required security?


Options are :

  • By configuring two one-way external trusts between the corp.YYY.com domain and the corp.willowbridge.com domain.
  • By implementing Active Directory Rights Management Services (AD RMS) in each domain.
  • By configuring a forest trust with selective authentication between the two forests.
  • By implementing Active Directory Federation Services (AD FS) in each domain and configuring an AD FS trust between the two domains.
  • By configuring two one-way external trusts between the YYY.com root domain and the willowbridge.com root domain.

Answer :By configuring a forest trust with selective authentication between the two forests.

You work as a Network Administrator at YYY.com. The corporate LAN consists of a single Active Directory Domain Services (AD DS) domain named YYY.com. All servers run Windows Server 2008 R2. The functional level of the YYY.com forest is Windows Server 2008. The company works with a partner company named WillowBridge Ltd. They have an Active Directory domain named Willowbridge.com. All WillowBridge servers run Windows Server 2003. The functional level of the WillowBridge.com forest is Windows Server 2003. The YYY.com network contains four servers named ABC-Web1, ABC-Web2, ABC-Web3 and ABC-Web4. You need to provide WillowBridge users access to Web applications running on the network Web servers. You need to implement a system that provides a single sign-on (SSO) authentication and authorization scheme that enables WillowBridge users to access the Web applications using WillowBridge user accounts. Which two of the following options would you deploy to accomplish this task? (Choose two).


Options are :

  • An Active Directory External Forest Trust.
  • A Federation Trust.
  • Active Directory Lightweight Directory Services (AD LDS).
  • Active Directory Federation Services (AD FS).
  • An Active Directory External Domain Trust.
  • Active Directory Rights Management Services (AD RMS).

Answer :A Federation Trust. Active Directory Federation Services (AD FS).

You work as an enterprise administrator at YYY.com. The company consists of a head office and five branch offices. The corporate network of the company consists of one Active Directory (AD) forest that runs at the functional level of Windows Server 2003. The AD forest contains six domains. Each company office is configured as a single domain. The Boston office contains the forest root domain. The New York, Miami, Atlanta, Dallas and Chicago offices contain child domains. All domain controllers in each domain run Windows Server 2003. The functional level of each domain is Windows Server 2003. You plan to deploy a Windows Server 2008 R2 read-only domain controller (RODC) in the New York office. Which of the following options would you choose to prepare the environment for the installation of the RODC in the New York domain?


Options are :

  • Upgrade all domain controllers in the Boston office and all domain controllers in the New York to Windows Server 2008 R2 and raise the domain functional level of both domains to Windows Server 2008.
  • Upgrade a single domain controller in the Boston office to Windows Server 2008 R2.
  • Upgrade a single domain controller in the New York office to Windows Server 2008 R2
  • Upgrade a single domain controller in the Boston office and a single domain controller in the New York to Windows Server 2008 R2.
  • Upgrade all domain controllers in the New York office to Windows Server 2008 R2 and raise the domain functional level to Windows Server 2008.
  • Upgrade all domain controllers in the Boston office to Windows Server 2008 R2 and raise the domain functional level to Windows Server 2008.

Answer :Upgrade a single domain controller in the New York office to Windows Server 2008 R2

70-646 Pro Windows Server 2008 - Server Administrator Exam Set 3

You work as an enterprise administrator at YYY.com. The company has offices in multiple cities throughout North America. Each office is represented by an Active Directory site in a single Active Directory Domain Services (AD DS) domain named YYY.com. All servers run Windows Server 2008 R2 and all client computers run Windows 7 Enterprise. Several group policy objects (GPOs) are applied at the domain level. The domain GPOs apply settings to all client computers in the domain. You need to install various software packages to the client computers based on their location. You plan to use GPOs to assign the software to the client computers. The GPOs must not modify settings applied by the existing GPOs. How should you configure the GPOs?


Options are :

  • Create a single GPO linked to the domain with a lower priority than the existing GPOs.
  • Create a single GPO linked to the domain with a higher priority than the existing GPOs.
  • Create a single GPO linked to the domain and configure the existing GPOs with the No Override option.
  • Create a single GPO linked to the domain with the No Override option selected.
  • Create a separate GPO linked to the site for each office.

Answer :Create a separate GPO linked to the site for each office.

You work as an enterprise administrator at YYY.com. The YYY.com network has a forest with five domains. All servers in the YYY.com network run Windows Server 2008 R2. All client computers run Windows 7 Professional. Network applications hosted on Windows Server 2008 R2 application servers in all five domains are accessed by NetBIOS names. You are planning to migrate the entire network from IPv4 addressing to IPv6 addressing. You need to implement a solution that will enable client computers to resolve NetBIOS names after the transition to IPv6. Which of the following options would you choose to accomplish this task?


Options are :

  • You should select the "Use WINS forward lookup" option on the DNS forward lookup zones.
  • You should configure a GlobalNames DNS zone in each domain.
  • You should configure Active Directory-integrated (ADI) DNS zones for each domain.
  • You should install the Windows Internet Naming Service (WINS) service in each domain.
  • You should configure Service Locator (SRV) records for the application servers in the DNS forward lookup zones in each domain.

Answer :You should configure a GlobalNames DNS zone in each domain.

You work as a Network Administrator at YYY.com. The network consists of a single Active Directory Domain Services (AD DS) domain named YYY.com. All servers run Windows Server 2008 R2 and all client computers run Windows 7 Professional. The internal network is separated from the internet by a corporate firewall. The network includes virtual machines (VMs) running on Windows Server 2008 R2 Hyper-V host servers.Four virtual machines (VMs) named ABC-RDS1, ABC-RDS2, ABC-RDS3 and ABC-RDS4 all run Windows Server 2008 R2 with the Remote Desktop Session Host (RDSH) role. A server named ABC-Web1 runs Windows Server 2008 R2 with the Web Server (IIS) role. ABC-Web1 hosts a corporate Intranet Web site. The four RDSH servers host applications published as RemoteApps. The RemoteApps are made available to the users through the corporate Intranet Web site. You need to ensure that the resources used by the RemoteApps are shared evenly between the company users.Which two of the following actions should you take to ensure that each user has access to the same amount of CPU resources on the RDSH servers? (Choose two).


Options are :

  • You should install Windows Network Load Balancing on the four Remote Desktop Session Host servers.
  • You should configure a resource-allocation policy.
  • You should install Windows Rights Management Services (WRMS) on the four Remote Desktop Session Host servers.
  • You should install Windows System Resource Manager (WSRM) on the ABC-WEB1.
  • You should install Windows System Resource Manager (WSRM) on the four Remote Desktop Session Host servers.
  • You should configure a Terminal Services resource authorization policy (TS RAP).

Answer :You should configure a resource-allocation policy. You should install Windows System Resource Manager (WSRM) on the four Remote Desktop Session Host servers.

70-646 Pro Windows Server 2008,Server Administrator Test Set 2

You work as an enterprise administrator at YYY.com. The YYY.com network has a domain named YYY.com. All servers in the YYY.com network run Windows Server 2008 R2. YYY.com has its headquarters in Chicago. The company also has large Sales and Production divisions in separate locations in the Chicago. Each division has its own computer technician that manages the local area network (LAN) for that location. Only the headquarters has domain controllers. You want to have domain controllers installed in the Sales and Production divisions. You want the technician at each location to log on and manage device drivers on the domain controller in their respective location only. How would you accomplish this task? (Each correct option will form a part of the answer. Select TWO.)


Options are :

  • By adding the local technician to the Server Operators domain local group.
  • By adding the local technician to the Read-only Domain Controllers group.
  • By adding a Server Core Installation to the domain controller in the Sales and Production divisions.
  • By adding the local technician to the Administrators role for the RODC in their respective location.
  • By adding a read-only domain controller (RODC) in the Sales and Production divisions.
  • By adding the local technician to the Domain Admins role for the RODC in their respective office.

Answer :By adding the local technician to the Administrators role for the RODC in their respective location. By adding a read-only domain controller (RODC) in the Sales and Production divisions.

You work as a Network Administrator at YYY.com. The network consists of a single Active Directory Domain Services (AD DS) domain named YYY.com. All servers run Windows Server 2008 R2 and all client computers run Windows 7 Professional. The computer accounts for the client computers are located in an organizational unit (OU) named ABC-Clients. The computer accounts for the servers are located in an OU named ABC-Servers. The user accounts for all YYY.com managers are located in an OU named ABC-Managers. The user accounts for all other employees are located in an OU named ABC-Users. You need to design an application deployment strategy to deploy two new applications. The installation time for each application is more than one hour. Your application deployment strategy must meet the following goals: An application named ManagersApp must be deployed to YYY.com managers only. An application named AllUsersApp must be deployed to all company users including the managers. Both applications must be uninstalled every month and an updated version installed. All users must be able to access the applications using file invocation or using Start menu shortcuts. Disruption to the users must be minimized during the applications updating. How should you deploy the applications?


Options are :

  • In the Computer section of a GPO linked to the ABC-Users OU, assign AllUsersApp. In the Computer section of a GPO linked to the ABC-Managers OU, assign ManagersApp.
  • Install the Remote Desktop Session Host role on a Windows Server 2008 R2 server and publish both applications as RemoteApps.
  • In the Users section of a GPO linked to the ABC-Users OU, assign AllUsersApp. In the Users section of a GPO linked to the ABC-Managers OU, assign ManagersApp.
  • In the Users section of a GPO linked to the ABC-Users OU, publish AllUsersApp. In the Users section of a GPO linked to the ABC-Managers OU, publish ManagersApp.

Answer :Install the Remote Desktop Session Host role on a Windows Server 2008 R2 server and publish both applications as RemoteApps.

You work as an enterprise administrator at YYY.com. The company network consists of a single Active Directory Domain Services (AD DS) domain named YYY.com. All servers run Windows Server 2008 R2 and all client computers run Windows 7 Professional. Two Windows Server 2008 R2 servers named ABC-DC1 and ABC-DC2 are configured as domain controllers and DHCP servers for the domain. A Windows Server 2008 R2 server named ABC-RootCA runs the Active Directory Certificate Services (AD CS) role and is configured as a root certification authority for the domain. Other network servers include six Windows Server 2008 R2 servers running the File Services role, two Windows Server 2008 R2 servers running the Web Server (IIS) role and a Windows Server 2008 R2 server named ABC-RRAS1 which runs the Routing and Remote Access role. You want to configure a Network Access Protection (NAP) environment to secure the network. You install in the Network Policy Service (NPS) role with the Health Registration Authority feature on ABC-RRAS1. When client computers connect to the network, the network switches must allow the computers to connect to ABC-RRAS1 and a domain controller only. The computers must only be able to connect to other network resources after they have proved that they have the required security updates applied. Which one of the five NAP enforcement methods would achieve the desired results?


Options are :

  • NAP Enforcement for VPN.
  • NAP Enforcement for 802.1X.
  • NAP Enforcement for Remote Desktop Gateway.
  • NAP Enforcement for IPsec Communications.
  • NAP Enforcement for DHCP.

Answer :NAP Enforcement for 802.1X.

70-646 Pro Windows Server 2008,Server Administrator Test Set 4

You work as a Network Administrator at YYY.com. The network consists of a single Active Directory Domain Services (AD DS) domain named YYY.com. The company has a main office and a branch office. The two offices are connected by a WAN link. The network servers run either Windows Server 2003 or Windows Server 2008 R2. The domain functional level is Windows Server 2000. The main office contains two domain controllers that run Windows Server 2008 R2. The branch office contains two domain controllers that run Windows Server 2003. Due to the lack of physical security of the branch office domain controllers, you have been asked to encrypt the drives using Windows BitLocker Drive Encryption (BitLocker). What do you need to do before you can enable BitLocker on the branch office domain controllers?


Options are :

  • You need to upgrade the domain controllers to Windows Server 2003 Service Pack 2.
  • You need to raise the functional level of the domain to Windows Server 2003.
  • You need to upgrade the domain controllers to Windows Server 2008 R2
  • You need to upgrade the domain controllers to Windows Server 2003 R2.

Answer :You need to upgrade the domain controllers to Windows Server 2008 R2

You work as a Network Administrator at YYY.com. The network consists of a single Active Directory Domain Services (AD DS) domain named YYY.com. The company has a main office and a branch office. The two offices are connected by a reliable WAN link. The main office is represented by an Active Directory site named MainSite. The branch office is represented by an Active Directory site named BranchSite. All servers run Windows Server 2008 R2 and all client computers run Windows 7 Professional. The main office computer accounts are located in an organizational unit named MainComputers. The branch office computer accounts are located in an organizational unit named BranchComputers. The main office user accounts are located in an organizational unit named MainUsers. The branch office computer accounts are located in an organizational unit named BranchUsers. Each office has an IT Support team. The user objects and computer objects for the IT Support users are in a global security group named ITSupport. The main office IT Support users are currently working on an infrastructure upgrade in the branch office. The main office IT Support users are using their company portable computers. You need to deploy a technical application to all the IT Support users. You create a Group Policy Object named TechApp. You configure the TechApp GPO to assign the technical application to users and filter the GPO for the ITSupport group. You now need to link the TechApp GPO in Active Directory. Where could you link the TechApp GPO to ensure all the IT Support users receive the application? (Choose two possible complete answers).


Options are :

  • You could link the TechApp GPO to the MainUsers OU.
  • You could link the TechApp GPO to the Domain.
  • You could link the TechApp GPO to the MainSite site.
  • You could link the TechApp GPO to the BranchSite site.
  • You could link the TechApp GPO to the MainComputers and BranchComputers OUs.

Answer :You could link the TechApp GPO to the Domain. You could link the TechApp GPO to the BranchSite site.

You work as an enterprise administrator at YYY.com. The corporate network of ABC consists of a single Active Directory Domain Services (AD DS) domain. The company has a main office and 20 branch offices, which are connected through unreliable WAN links to the main office. All servers in the domain run Windows Server 2008 R2 and all client computers run Windows 7 Professional. The branch offices of the company are managed by the local administrator of the branch office. You need to design a Windows Update management strategy for the company. Only Windows Updates that have been approved by the main office are allowed to be installed in the branch offices. From the updates approved by the main office, the branch office administrators must be able to decide which updates are installed. You install a Windows Server 2008 R2 server running Windows Server Update Services (WSUS) 3.0 in each office. You need to configure the WSUS servers before configuring the client computers to download updates from the local WSUS servers. How should you configure the WSUS servers? (Choose three)


Options are :

  • Configure the branch office WSUS servers as child servers.
  • Configure the branch office WSUS servers as standalone servers.
  • Configure the branch office WSUS servers as replica servers.
  • Configure the main office WSUS server as a replica server.
  • Configure the main office WSUS server to download updates from Microsoft.
  • Configure the branch office WSUS servers to download updates from the main office WSUS server.

Answer :Configure the branch office WSUS servers as child servers. Configure the main office WSUS server to download updates from Microsoft. Configure the branch office WSUS servers to download updates from the main office WSUS server.

Microsoft 70-642 Windows Server Network Infrastructure Exam Set 5

You work as an enterprise administrator at YYY.com. The YYY.com network has a forest with a root domain named YYY.com and five child domains. All domain controllers in the YYY.com network run Windows Server 2003. The security policy in each of the five child domains specifies a different password policy for each domain. The company wants to restructure the infrastructure to consolidate the domains into as few domains as possible while maintaining the current domain user account attributes and security policies. Which two of the following options should you perform before consolidating the domains? (Choose two).


Options are :

  • Upgrade the child domains to Windows Server 2008 R2 Active Directory Domain Services (AD DS).
  • Upgrade all domains in the forest to Windows Server 2008 R2 Active Directory Domain Services (AD DS).
  • Migrate user accounts from the child domains to the root domain using the movetree.exe tool.
  • Migrate user accounts from the child domains to the root domain using the Active Directory Migration Tool (ADMT).
  • Migrate user accounts from the child domains to the root domain using the User State Migration Tool (USMT).
  • Upgrade the YYY.com root domain to Windows Server 2008 R2 Active Directory Domain Services (AD DS).

Answer :Migrate user accounts from the child domains to the root domain using the Active Directory Migration Tool (ADMT). Upgrade the YYY.com root domain to Windows Server 2008 R2 Active Directory Domain Services (AD DS).

You work as an enterprise administrator at YYY.com. The company network consists of a single Active Directory Domain Services (AD DS) domain named YYY.com. The network includes 110 servers running Windows Server 2008 R2. 20 of the servers are physical servers running Windows Server 2008 R2 Enterprise Edition. 40 of the servers are physical servers running Windows Server 2008 R2 Standard Edition. 40 servers are virtual machines (VMs) running on 10 Windows Server 2008 R2 Hyper-V hosts. You need to design a Windows Update strategy for the servers. You move the computer accounts of all the servers except the Hyper-V hosts to a new organization unit (OU) called Win2008R2. You now need to make sure that the servers are able to download and install approved updates automatically. You then create a Group Policy object (GPO) named ServerGPO and link it to the Win2008R2 OU. Which two of the following steps should you also perform to accomplish the task? (Choose two)


Options are :

  • You should configure ServerGPO with the enable Automatic Updates from Microsoft Update option.
  • You should configure ServerGPO with the enable Automatic Updates from a local server option.
  • You should configure a Microsoft System Center Virtual Machine Manager server.
  • You should configure a Windows Server Update Services (WSUS) 3.0 server.
  • You should configure a Microsoft System Center Operations Manager (SCOM) 2007 server.

Answer :You should configure ServerGPO with the enable Automatic Updates from a local server option. You should configure a Windows Server Update Services (WSUS) 3.0 server.

You work as an enterprise administrator at YYY.com. The YYY.com network has a domain named YYY.com. All servers in the YYY.com network run Windows Server 2008 R2 and all client computers run Windows 7 Enterprise. Your environment includes servers running Remote Desktop Session Host (RDSH). The Accounts department at TesKing.com needs to run two versions of the same Accounting application on the client computers in the department. One is the current version of the Accounting application and one is an older version. However, the two versions of the Accounting applications cannot be used simultaneously on the same client computer. Which two of the following options could you choose to allow the Accounts department users to use both versions of the Accounting application simultaneously? (Choose two. Each answer represents a complete solution).


Options are :

  • Use a Group Policy Object (GPO) to assign one version of the Accounting application to the client computers. Use another Group Policy Object (GPO) to publish the other version of the Accounting application to the Accounting department users
  • Install one version of the Accounting application on the Accounting client computers. Install the other version on an RDSH server and publish it as a RemoteApp.
  • Use a Group Policy Object (GPO) to assign one version of the Accounting application to the client computers. Use another Group Policy Object (GPO) to assign the other version of the Accounting application to the Accounting department users.
  • Install one version of the Accounting application on one RDSH server and publish it as a RemoteApp. Install the other version of the Accounting application on another RDSH server and publish it as a RemoteApp.
  • Install both versions of the Accounting application on an RDSH server and publish both versions as RemoteApps.

Answer :Install one version of the Accounting application on the Accounting client computers. Install the other version on an RDSH server and publish it as a RemoteApp. Install one version of the Accounting application on one RDSH server and publish it as a RemoteApp. Install the other version of the Accounting application on another RDSH server and publish it as a RemoteApp.

Microsoft 70-647 Windows Enterprise Administrator Exam Set 7

You work as an enterprise administrator at YYY.com. The company network consists of a single Active Directory Domain Services (AD DS) domain named YYY.com. All servers run Windows Server 2008 R2. The client computers run a mix of Windows 7 Professional, Windows XP Professional and Windows 2000 Professional. Two Windows Server 2008 R2 servers named ABC-DC1 and ABC-DC2 are configured as domain controllers and DHCP servers for the domain. A Windows Server 2008 R2 server named ABC-RootCA runs the Active Directory Certificate Services (AD CS) role and is configured as a root certification authority for the domain. Other network servers include six Windows Server 2008 R2 servers running the File Services role, two Windows Server 2008 R2 servers running the Web Server (IIS) role and a Windows Server 2008 R2 server named ABC-RRAS1 which runs the Routing and Remote Access role. You want to configure a Network Access Protection (NAP) environment to improve the security of the network. You install in the Network Policy Service (NPS) role with the Health Registration Authority feature on ABC-RRAS1. You configure the DHCP and IPSec enforcement methods on ABC-RRAS1. After testing your security configuration, you discover that non-domain member client computers are still able to access shared folders on the file servers. How can you prevent non-domain member computers accessing network resources in the domain?


Options are :

  • By configuring NAP Enforcement for VPN on ABC-RRAS1.
  • By installing computer certificates from ABC-RootCA on all network servers.
  • By configuring NAP Enforcement for 802.1x on ABC-RRAS1 and configuring the Network Device Enrollment Service (NDES) on ABC-RootCA.
  • By configuring the secure server IPsec policy on all network servers.

Answer :By configuring the secure server IPsec policy on all network servers.

You work as a Network Administrator at YYY.com. The network consists of a single Active Directory domain named YYY.com. The company has a main office and a branch office. The two offices are connected by a slow but reliable WAN link. The company servers run either Windows Server 2003 R2 or Windows Server 2008 R2 and all client computers run Windows 7 Professional. All domain controllers are located in the main office. You have been asked to develop a plan to implement read-only domain controllers (RODCs) in the branch office. During the risk assessment phase of your plan, your attention is bought to a custom content management application used by company managers and users in the Sales department. The content management application stores passwords in the Active Directory. Your RODC implementation plan must cater for the content management application and include a way to prevent the passwords saved by the application from being replicated to the RODCs. Your plan includes steps to upgrade all domain controllers to Windows Server 2008 R2. What else should you include in your plan?


Options are :

  • The addition of the password attribute for the content management application marked as confidential to the RODC filtered attribute.
  • A fine grained password policy.
  • A writeable Windows Server 2008 R2 domain controller in the branch office.
  • The configuration of the forest and domain functional levels to Windows Server 2008.

Answer :The addition of the password attribute for the content management application marked as confidential to the RODC filtered attribute.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions