Microsoft 70-647 Windows Enterprise Administrator Exam Set 10

You work as an enterprise administrator at YYY.com. The YYY.com network has a domain named YYY.com. All servers in the YYY.com network run Windows Server 2008. YYY.com has its headquarters in Chicago and sub-divisions in Boston, Atlanta, Miami and Dallas. All domain controllers are currently installed in the Chicago. You need to have new domain controllers installed in the Boston, Atlanta, Miami and Dallas sub-divisions. YYY.com issues a security policy for the new domain controllers that states the following: •Unauthorized user must not be able to access the Active Directory database. •Unauthorized user must not be able to boot a domain controller from an alternate boot disk. Which of the following options would you choose to implement the security policy?


Options are :

  • Configure EFS encryption on the new domain controllers.
  • Disable the Global Catalog role on the new domain controllers
  • Modify the permissions of the ntds.dat file
  • Disable replication of the Sysvol folder on the new domain controllers.
  • Configure a read-only domain controller (RODC) in the Boston, Atlanta, Miami and Dallas.
  • Configure Windows BitLocker Drive Encryption (BitLocker) on the new domain controllers.

Answer :Configure Windows BitLocker Drive Encryption (BitLocker) on the new domain controllers.

70-662 Microsoft Exchange Server 2010 Configuring Exam Set 3

You work as an enterprise administrator at YYY.com. The YYY.com network has a domain named YYY.com. All servers in the YYY.com network run Windows Server 2008. The YYY.com network has a domain controller named ABC-DC01 and a Web server named ABC-SR02. ABC-SR02 hosts YYY.com's internal Web site that hosts several documents with sensitive customer information. You want to secure the intranet Web site by implementing a policy that tracks access to the sensitive documents and sets a limit on the time during which the documents can be accessed. Which of the following would you install and configure on ABC-DC01 to accomplish this task?


Options are :

  • NTFS File Permissions
  • Active Directory Rights Management Services (AD RMS).
  • Encrypting File System (EFS)
  • IPSec
  • Microsoft Security Assessment Tool (MSAT)
  • Microsoft Baseline Security Analyzer (MBSA)

Answer :Active Directory Rights Management Services (AD RMS).

You work as a Network Administrator at YYY.com. The network consists of a single Active Directory Domain Services (AD DS) domain named YYY.com. All servers on the network run Windows Server 2008 R2 and all client computers run Windows 7 Enterprise. The company has started work on a project involving a partner company named Weyland Industries. The Weyland Industries network consists of a single Active Directory Domain Services (AD DS) domain named WeylandIndustries.com. There is no trust relationship between the domain networks of YYY.com and WeylandIndustries.com. Users in the Weyland Industries need to access files hosted on file servers and database servers in the YYY.com domain. You need to implement a solution that enables users from both companies to be able to search for and access the files using a Web browser. YYY.com security policy states that Project Managers in YYY.com must be able to restrict access to the files using NTFS permissions and that all file access is audited. How should you provide the required access?


Options are :

  • You should configure a domain trust where WeylandIndustries.com trusts YYY.com.
  • You should install a server running the FTP Server role.
  • You should install a server running Microsoft SharePoint Foundation.
  • You should install a server running Microsoft SharePoint Server 2010.
  • You should configure a domain trust where YYY.com trusts WeylandIndustries.com.

Answer :You should install a server running Microsoft SharePoint Server 2010.

You work as an enterprise administrator at YYY.com. The network consists of a large single Active Directory forest that contains many domains spanning multiple countries. The root domain in the forest is named YYY.com. Every domain in the forest is a child of the YYY.com root domain. All servers in the forest run Windows Server 2003 R2. The functional level of every domain is Windows Server 2003. The functional level of the forest is Windows Server 2003. Every domain controller in the forest runs Windows Server 2003 and hosts Active Directory-integrated DNS zones. You are in the process of installing an additional Windows Server 2003 domain controller in a child domain. During the domain controller installation process, you select the option to automatically install and configure DNS. You discover that the DNS installation process takes more than an hour to complete. You restart another domain controller in the same child domain and discover that it takes over an hour to restart. You restart a domain controller in a different child domain and see that it also takes over an hour to restart. How can you reduce the startup time for the domain controllers?


Options are :

  • By configuring new DNS servers hosting DNS stub zones in each domain.
  • By upgrading the domain controllers to Windows Server 2008 R2.
  • By enabling incremental DNS zone transfers (IXFR) on the domain controllers.
  • By installing Windows Server 2008 R2 Read Only Domain Controllers running the DNS service in each domain.

Answer :By upgrading the domain controllers to Windows Server 2008 R2.

70-680 Windows 7 Configuring Certification Practice Exam Set 4

You work as a Network Administrator at YYY.com. The network consists of a single Active Directory Domain Services (AD DS) domain named YYY.com. The internal network is separated from the internet by a corporate firewall. The network includes virtual machines (VMs) running on Windows Server 2008 R2 Hyper-V host servers. Four virtual machines (VMs) named ABC-RDS1, ABC-RDS2, ABC-RDS3 and ABC-RDS4 all run Windows Server 2008 R2 with the Remote Desktop Session Host (RDSH) role. You have been asked to enable remote users to connect to the four RDSH servers. From the RDSH servers, users must be able to access internal network resources. You install a new Windows Server 2008 R2 server named ABC-RDGW1. You install the Remote Desktop Gateway role on ABC-RDGW1 and configure a TS CAP (Terminal Services connection authorization policy) to specify which users are allowed to connect. Which two of the following steps should you perform to give remote users the required access using ABC-RDGW1?


Options are :

  • Configure the corporate firewall to allow inbound TCP port 3389.
  • Configure a TS RAP (Terminal Services resource authorization policy).
  • Configure the corporate firewall to allow inbound TCP port 443.
  • Install and configure the Remote Desktop Web Access role on ABC-RDGW1.
  • Install and configure the Remote Desktop Virtualization Host role on ABC-RDGW1.

Answer :Configure a TS RAP (Terminal Services resource authorization policy). Configure the corporate firewall to allow inbound TCP port 443.

You work as an enterprise administrator at YYY.com. The YYY.com network has a domain named YYY.com. All servers in the YYY.com network run Windows Server 2003. You want to install a read-only domain controller (RODC) without upgrading the existing domain controllers Windows Server 2008. What action should you take? (Each correct option will form a part of the answer. Select TWO.)


Options are :

  • Raise the domain functional level to Windows Server 2008
  • Raise the domain functional level to Windows Server 2000
  • Raise the forest functional level to Windows 2008.
  • Raise the forest functional level to Windows 2003.
  • Raise the forest functional level to Windows 2000.
  • Raise the domain functional level to Windows Server 2003

Answer :Raise the forest functional level to Windows 2003. Raise the domain functional level to Windows Server 2003

You work as an enterprise administrator at YYY.com. The company network consists of a single Active Directory Domain Services (AD DS) domain named YYY.com. The company has a PKI (Public Key Infrastructure) that consists of a Windows Server 2008 R2 server named ABC-CA1 which runs the Active Directory Certificate Services (AD CS) role and is configured as a root certification authority for the domain. A Windows Server 2008 R2 server named ABC-Web1 runs the Web Server role. ABC-Web1 hosts a secure company intranet web site. The intranet site is accessible over HTTPS using a certificate from ABC-CA1. The intranet site can be accessed from within the corporate LAN or from the public Internet. Some company users have portable computers running Windows 7 Professional. The portable computers are members of the YYY.com domain. When users connect to the intranet site from home using their company portable computers, they are able to connect without error. However, when they connect using computers that are not members of the YYY.com domain, they receive a certificate error. How can you enable external users to connect to the intranet site from computers are not members of the domain without receiving certificate errors?


Options are :

  • By installing a server certificate issued by a public CA such as Verisign on ABC-Web1.
  • By installing a server certificate issued by a public CA such as Verisign on ABC-CA1 D. By configuring the corporate firewall to allow inbound port 443.
  • By implementing Active Directory Federation Services (AD FS).
  • By uninstalling the server certificate issued by ABC-CA1 from ABC-Web1.

Answer :By installing a server certificate issued by a public CA such as Verisign on ABC-Web1.

Microsoft 70-642 Windows Server Network Infrastructure Exam Set 2

You work as an enterprise administrator at YYY.com. The YYY.com network has a domain named YYY.com. All servers in the YYY.com network run Windows Server 2008. YYY.com has its headquarters in Chicago and a branch office in Boston. The Boston office is connected to the Chicago by a WAN link. You work at the Chicago office. YYY.com acquires a new server named ABC-SR07 that is shipped to the Boston office. YYY.com wants ABC-SR07 to be configured as a read-only domain controller (RODC). A TGesABCing.com user named Rory Allen works at the Boston office. You need to provide Rory Allen with the required permissions to configure ABC-SR07 as a RODC without making him a member of the Domain Administrators group. Which of the following options would you do first to accomplish this task?


Options are :

  • Assign Rory Allen full control of the Domain Controllers OU.
  • Install the RODC role on an existing member server in the Boston office.
  • Create a read-only domain controller (RODC) account for ABC-SR07.
  • Install ABC-SR07 as a domain controller.
  • Enable the RODC roll on an existing domain controller.

Answer :Create a read-only domain controller (RODC) account for ABC-SR07.

You work as an enterprise administrator at YYY.com. The YYY.com network has a domain named YYY.com. All servers in the YYY.com network run Windows Server 2008. YYY.com runs a critical application that accesses data that is stored in a Microsoft SQL Server 2005 database server named ABC-DB02. Which of the following options would you choose to ensure that the database is always available?


Options are :

  • Two Windows Server 2008 servers running MS SQL Server 2005 Standard Edition in a failover cluster.
  • Two Windows Server 2008 servers running MS SQL Server 2005 Standard Edition in a Network Load Balancing (NLB) cluster.
  • Two Windows Server 2008 servers running MS SQL Server 2005 Enterprise Edition in a failover cluster.
  • Two Windows Server 2008 servers running MS SQL Server 2005 Enterprise Edition in a Network Load Balancing (NLB) cluster

Answer :Two Windows Server 2008 servers running MS SQL Server 2005 Enterprise Edition in a failover cluster.

You work as an enterprise administrator at YYY.com. The YYY.com network has a domain that runs at the domain functional level of Windows Server 2008. All servers in the YYY.com network run Windows Server 2008. The YYY.com network has Research, Development and Marketing divisions that are organized into separate organizational units (OUs). You need to enable the use of removable storage devices on all computers. You also need to allow users in the Marketing division to copy files to any removable storage device. However, users in the Development division should only copy files to company issued devices. Which of the following options would you choose to accomplish the desired goal? (Each correct option will form a part of the answer. Select TWO.)


Options are :

  • Alter the Default Domain Policy.
  • Alter the Default Domain Controllers Policy.
  • Create a single GPO and link it to the Marketing OU and the Development OU.
  • Create a new OU for all client computers.
  • Create two new GPOs with one linked to the Marketing OU and the other linked to the Development OU.
  • Create a GPO and link it to the new OU.

Answer :Alter the Default Domain Policy. Create two new GPOs with one linked to the Marketing OU and the other linked to the Development OU.

70-646 Pro Windows Server 2008,Server Administrator Test Set 5

You work as an enterprise administrator at YYY.com. The YYY.com network has a domain named YYY.com. All servers in the YYY.com network run Windows Server 2008. The YYY.com network has a file server named ABC-SR08 that is used by employees to store their documents. You want the documents on ABC-SR08 to be stored in centrally and to be protected automaticall and that documents cannot be printed remotely. Which of the following options would you use to accomplish this task? (Each correct option will form a part of the answer. Select TWO.)


Options are :

  • Microsoft Windows SharePoint Services (WSS) 3.0
  • Microsoft Baseline Security Analyzer (MBSA)
  • Active Directory Rights Management Services (AD RMS)
  • Encrypting File System (EFS)
  • Microsoft Office SharePoint Server (MOSS) 2007
  • Windows BitLocker Drive Encryption (BitLocker)

Answer :Active Directory Rights Management Services (AD RMS) Microsoft Office SharePoint Server (MOSS) 2007

You work as an enterprise administrator at YYY.com. The YYY.com network has a domain named YYY.com. All servers in the YYY.com network run Windows Server 2008. The YYY.com network has two web servers named ABC-SR07 and ABC-SR08. YYY.com wants to hosts the company's e-commerce Web site named sales.YYY.com on the two web servers. You receive instructions from the CEO to ensure that the Web site is available even when one of the Web servers is offline. The CEO also wants the session state of the web site to be available should one of the web servers be offline. Additionally, you must be able to support the Web site on up to six Web servers with each Web server having a dedicated IP address. What action should you take?


Options are :

  • Configure the sales.YYY.com web site on each server with the site content on a network share.
  • Configure multiple ports for the sales.YYY.com web site.
  • Configure multiple host headers for the sales.YYY.com website.
  • Configure Network Load Balancing on ABC-SR07 and ABC-SR08.
  • Configure multiple IP addresses for the sales.YYY.com website.
  • Configure a two-failover cluster on ABC-SR07 and ABC-SR08.

Answer :Configure Network Load Balancing on ABC-SR07 and ABC-SR08.

You work as an enterprise administrator at YYY.com. The company has a main office in Chicago and a branch office in Atlanta. The network consists of a single Active Directory forest containing three domains. The two offices are connected by a reliable WAN link. The main office contains the forest root domain named YYY.com and a child domain named chicago.YYY.com. The branch office contains a child domain named atlanta.YYY.com. All three domains have domain controllers running Windows Server 2003. The functional level of the forest is Windows Server 2003. The functional level of each domain is Windows Server 2003. Three Windows Server 2003 R2 servers in the chicago.YYY.com domain are configured as file servers. Shared folders are replicated between the file servers using DFS replication. You upgrade all the domain controllers in the chicago.YYY.com domain to Windows Server 2008 R2. You want to configure the environment to support SYSVOL folder replication using DFS-R (DFS Replication). Your solution must not affect the domain controller operating system requirements in the forest root or atlanta.YYY.com domains. How should you configure the environment?


Options are :

  • You should upgrade the file servers in the chicago.YYY.com domain to Windows Server 2008 R2.
  • You should raise the functional level of the chicago.YYY.com domain to Windows Server 2008 R2.
  • You should raise the functional level of the YYY.com domain to Windows Server 2008 R2.
  • You should raise the functional level of the forest to Windows Server 2008 R2.

Answer :You should raise the functional level of the chicago.YYY.com domain to Windows Server 2008 R2.

70-647 Pro Windows Server 2008 Enterprise Administrator Exam Set 2

You work as an enterprise administrator at YYY.com. The YYY.com network has a UNIX domain named YYY.com. YYY.com has its headquarters in Chicago and branch offices in Boston, Atlanta, Miami and Dallas. The offices are configured as separate sites that are connected by WAN links. YYY.com wants to migrate to a Windows Server 2008 Active Directory environment that consists of a forest with five domains, one for each office. You begin the migration by decommissioning the UNIX servers and having the first Windows Server 2008 domain controller in the forest deployed in the Chicago office. You must now have Windows Server 2008 domain controllers deployed to the Boston, Atlanta, Miami and Dallas offices. To reduce traffic over the WAN links, you want YYY.com users to use the domain controller in their respective offices when they authenticate to the domain, unless the domain controller in their office is offline. How would you accomplish this task? (Each correct option will form a part of the answer. Select TWO.)


Options are :

  • By creating a site object for each office in Active Directory Sites and Services.
  • By selecting Universal Group Membership Caching checkbox in the NTDS Site Settings properties window.
  • By clearing the Bridge all site links checkbox in Active Directory Sites and Services.
  • By creating a subnet object for each office in Active Directory Sites and Services.
  • By creating an OU for each office in Active Directory Users and Computers.
  • By creating an OU for each office in Active Directory Users and Computers.

Answer :By creating a site object for each office in Active Directory Sites and Services. By creating a subnet object for each office in Active Directory Sites and Services.

You work as a Network Administrator at YYY.com. The network consists of a single Active Directory domain named YYY.com. The company has a main office and a branch office. The two offices are connected by a fast reliable WAN link. All servers on the network run Windows Server 2003 R2. The functional level of the domain is Windows Server 2003. The main office contains six Windows Server 2003 R2 domain controllers. You upgrade one domain controller to Windows Server 2008 R2. You want to deploy a Read-Only Domain Controller (RODC) to the branch office. How can you prepare the Active Directory for the installation of an RODC in the branch office?


Options are :

  • By upgrading the remaining domain controllers to Windows Server 2008 R2 and raising the domain functional level to Windows Server 2008.
  • By running the adprep /rodcprep on a domain controller.
  • By installing a writeable Windows Server 2008 domain controller in the branch office.
  • By running the adprep /domainprep /gpprep on the domain controller that holds the infrastructure operations master role.

Answer :By running the adprep /rodcprep on a domain controller.

You work as a Network Administrator at YYY.com. The network consists of a single Active Directory domain named YYY.com. All servers on the network run Windows Server 2003 R2. The functional level of the domain is Windows 2000 Native. The company contains a research department. You have been asked to implement a stricter password policy for the research department users than for the rest of the company users. Which two of the following actions should you perform to support multiple password policies in the YYY.com domain? (Choose two).


Options are :

  • Upgrade the domain controllers to Windows Server 2008 R2.
  • Deploy a Windows Server 2008 R2 read-only domain controller (RODC) in the domain.
  • Raise the domain functional level to Windows Server 2003.
  • Raise the domain functional level to Windows Server 2008 R2.
  • Install Active Directory Rights Management Services (AD RMS) on a domain controller.

Answer :Upgrade the domain controllers to Windows Server 2008 R2. Raise the domain functional level to Windows Server 2008 R2.

70-646 Pro Windows Server 2008 - Server Administrator Exam Set 1

You work as an enterprise administrator at YYY.com. The network consists of a single Active Directory Domain Services (AD DS) domain named YYY.com. All servers on the network run Windows Server 2008 R2. The forest runs at the forest functional level of Windows Server 2008. YYY.com has its headquarters in Chicago and branch offices in Boston, Atlanta, Miami and Dallas. The branch offices are connected to the headquarters by slow WAN links. Each office has a Windows Server 2008 R2 domain controller and is configured as an Active Directory site. You need to reduce the bandwidth used by Active Directory replication. You also need to ensure that users can log on to the domain if a WAN link fails. What should you do?


Options are :

  • You should install an additional domain controller in each branch office.
  • You should configure the branch office domain controllers as Global Catalog servers.
  • You should enable BranchCache in Host mode on the domain controllers in the branch offices.
  • You should reinstall the branch office domain controllers as Read Only Domain Controllers (RODCs).
  • You should enable Universal Group Membership Caching on the domain controllers in the branch offices.

Answer :You should enable Universal Group Membership Caching on the domain controllers in the branch offices.

You work as a Network Administrator at YYY.com. The network consists of a single Active Directory Domain Services (AD DS) domain named YYY.com. The internal network is separated from the internet by a corporate firewall. The network includes virtual machines (VMs) running on Windows Server 2008 R2 Hyper-V host servers. Four virtual machines (VMs) named ABC-RDS1, ABC-RDS2, ABC-RDS3 and ABC-RDS4 all run Windows Server 2008 R2 with the Remote Desktop Session Host (RDSH) role. You have been asked to enable remote users to connect to the four RDSH servers. From the RDSH servers, users must be able to access internal network resources. You install a new Windows Server 2008 R2 server named ABC-RDGW1. You install the Remote Desktop Gateway role on ABC-RDGW1 and configure a TS CAP (Terminal Services connection authorization policy) and a TS RAP (Terminal Services resource authorization policy) You now need to configure the corporate firewall to allow external connections to ABC-RDGW1. You must open the minimum number of required ports. Which port or ports should you open on the firewall?


Options are :

  • TCP ports 3389 and 443
  • TCP port 80
  • TCP port 443
  • TCP port 3389
  • TCP ports 80 and 443

Answer :TCP port 443

You work as an enterprise administrator at YYY.com. The YYY.com network has a domain named YYY.com. All servers in the YYY.com network run Windows Server 2008. YYY.com has its headquarters in Chicago and branch offices in Boston. The Boston office is connected to the Chicago by a WAN link. The Chicago office has a DNS Sever named ABC-SR04 that is configured as a single DNS zone. The Boston office has two servers named ABC-SR07 and ABC-SR08. ABC-SR08 hosts shared folders that are only accessed by YYY.com users in the Boston office. You work in the Chicago office while a network administrator named Rory Allen works in the Boston office. YYY.com wants you to ensure that users at the Boston office can log on to the YYY.com domain and can connect to the shared folders on ABC-SR08 even when the WAN link is down. You must allow Rory Allen to configure the servers in the Boston office without allowing him to modify the Active Directory configuration. Which actions should you take to accomplish this task? (Each correct option will form a part of the answer. Choose THREE.)


Options are :

  • By assigning administrative rights to Rory Allen.
  • By installing DNS role on ABC-SR07.
  • By promoting ABC-SR07 to a read-only domain controller (RODC).
  • By installing ADMT role on ABC-SR07.
  • By installing USMT role on ABC-SR07.
  • By promoting ABC-SR07 to a domain controller

Answer :By assigning administrative rights to Rory Allen. By installing DNS role on ABC-SR07. By promoting ABC-SR07 to a read-only domain controller (RODC).

Microsoft 70-642 Windows Server Network Infrastructure Exam Set 7

You work as an enterprise administrator at YYY.com. The YYY.com network has a domain named YYY.com. All servers in the YYY.com network run Windows Server 2008. YYY.com has its headquarters in Miami and a branch office in and Dallas. The Dallas office is connected to the Miami office by a WAN link. The two offices are structured as separate sites named Miami and Dallas. The YYY.com network has several Microsoft SQL Server 2005 database servers. You receive instruction from YYY.com to implement failover clustering using the least number of database servers on the network. What action should you take to make sure that the cluster services are available in the event of a cluster node failure?


Options are :

  • Install two Network Load Balancing clusters with one cluster node each in the Miami site and two Network Load Balancing clusters with one cluster node each in the Dallas site.
  • Install a single cluster with one cluster node in the Miami site and a single cluster with one cluster node in the Dallas site.
  • Install a single cluster with two cluster nodes in the Miami site and a single cluster with two cluster nodes in the Dallas site.
  • Install a Network Load Balancing cluster with two cluster nodes in the Miami site and a Network Load Balancing cluster with two cluster nodes in the Dallas site.

Answer :Install a single cluster with one cluster node in the Miami site and a single cluster with one cluster node in the Dallas site.

You work as a Network Administrator at YYY.com. The network consists of a single Active Directory Domain Services (AD DS) domain named YYY.com. The internal network is separated from the internet by a corporate firewall. The network includes virtual machines (VMs) running on Windows Server 2008 R2 Hyper-V host servers.Four virtual machines (VMs) named ABC-RDS1, ABC-RDS2, ABC-RDS3 and ABC-RDS4 all run Windows Server 2008 R2 with the Remote Desktop Session Host (RDSH) role.You have been asked to enable sales users to connect to the four RDSH servers when they are working away from the office. The sales users are members of a global security group named ABC-SalesUsers. You install a new Windows Server 2008 R2 server named ABC-RDGW1. You enable the corporate firewall to allow inbound connections on TCP port 443. You now need to assign the sales users permission to connect to the network using Remote Desktop Connections. How can you enable only the ABC-SalesUsers group to connect to the network using Remote Desktop Connections?


Options are :

  • By installing the Remote Desktop Web Access role on ABC-RDGW1.
  • By installing and configuring the Remote Desktop Virtualization Host role on ABCRDGW1.
  • By configuring a TS CAP (Terminal Services connection authorization policy).
  • By adding the ABC-SalesUsers group to the Remote Desktop Users group on ABCRDGW1.

Answer :By configuring a TS CAP (Terminal Services connection authorization policy).

You work as an enterprise administrator at YYY.com. The YYY.com network has a domain named YYY.com. All servers in the YYY.com network run Windows Server 2008 and all client computers run Windows XP. YYY.com wants to migrate to Windows Vista by decommissioning all Windows XP client computers. However, users in the Marketing division use a custom application named ABCApp1.exe that is not compatible with Windows Vista. How can you ensure that users in the Marketing department can still use ABCApp1.exe when the network is migrated to Windows Vista?


Options are :

  • By configuring Windows Vista computers to have a virtual machine running Windows XP and ABCApp1.exe.
  • By using Hyper-V to configure a virtual machine running Windows 95 and ABCApp1.exe. Tell the marketing users to connect to the virtual machine.
  • By configuring a new partition on the client computers using the FAT file system and installing ABCApp1.exe on the new partition.
  • By installing the application on the client computers. Instruct the users to run ABCApp1.exe in Windows XP compatibility mode.

Answer :By configuring Windows Vista computers to have a virtual machine running Windows XP and ABCApp1.exe.

Microsoft 70-642 Windows Server Network Infrastructure Exam Set 5

You work as an enterprise administrator at YYY.com. The YYY.com network has a domain named YYY.com. All servers in the YYY.com network run Windows Server 2008. YYY.com has its headquarters in Miami and branch offices in Atlanta and Dallas. Each office is configured as a separate site that is connected to the Miami office by WAN links. Each office has two file servers. YYY.com users in the Dallas office must access files on a file server named ABC-SR07 that is located in the Miami office. You need to ensure that Dallas users can still access the files even when the WAN link is down.However, you must ensure that any increased in traffic over the WAN link is scheduled to occur after business hours. How can you accomplish the above goals?


Options are :

  • You should replicate data from the Miami office to the Dallas office by using File Replication Service (FRS).
  • You should replicated data from the Miami office to the Dallas office by using Distributed File Services (DFS) Replication.
  • You should install a Bridgehead server in the Dallas office.
  • You should create a stile link bridge between the Miami and Dallas offices.

Answer :You should replicated data from the Miami office to the Dallas office by using Distributed File Services (DFS) Replication.

You work as an enterprise administrator at YYY.com. The YYY.com network has a domain named YYY.com. All servers in the YYY.com network run Windows Server 2008 while the client computers run different client operating systems. The YYY.com network has a firewall that separates the internal network from the perimeter network, and another firewall that separates the perimeter network from the Internet. A server named ABC-SR07 that has the Routing and Remote Access Service (RRAS) installed is installed in the perimeter network. ABC-SR07 is used by remote users to connect to the esABCing.com network. YYY.com issues a new remote access policy that states that only Windows Vista client computers that have the latest Windows updates and virus definitions installed and have the Windows Firewall enabled may be allowed to connect to ABC-SR07. How would you implement this policy?


Options are :

  • By installing a Microsoft Internet Security and Acceleration Server (ISA) 2006 on the network.
  • By creating a Group Policy object (GPO) that enable Windows Firewall and linking the GPO to the domain.
  • By creating an OU for the client computers with the latest Windows updates and virus definitions installed and the Windows Firewall enabled, and granting the OU dialin permissions on ABC-SR07.
  • By configuring Network Access Protection (NAP) on the perimeter network.
  • By implementing Authorization Manager on ABC-SR07.

Answer :By configuring Network Access Protection (NAP) on the perimeter network.

You work as an enterprise administrator at YYY.com. The YYY.com network has a domain named YYY.com. The servers in the YYY.com network run either Windows Server 2003 or Windows Server 2008 R2. All client computers run Windows 7 Professional. The physical network consists of 6 subnets. A Windows Server 2008 R2 application server hosts an application named App1. Client computers in all 6 subnets access App1 using it’s NetBIOS name. A Windows Server 2003 server runs the Windows Internet Naming Service (WINS) service. Client computers use the WINS service to resolve the IP address of the application server. You are in the process of upgrading the Windows Server 2003 servers to Windows Server 2008 R2. You want to decommission the WINS server during the upgrade. You need to ensure that all client computers can still access App1 using a single name after the WINS server is decommissioned. Which of the following options would you choose to accomplish this task?


Options are :

  • You should configure a DNS Suffix on the application server.
  • You should configure an Active Directory-integrated (ADI) DNS zone.
  • You should configure a GlobalNames DNS zone.
  • You should configure a Service Locator (SRV) records for the application server

Answer :You should configure a GlobalNames DNS zone.

70-680 Windows 7 Configuring Certification Practice Exam Set 4

You work as a Network Administrator at YYY.com. The network consists of a single Active Directory Domain Services (AD DS) domain named YYY.com. The company has a main office and a branch office. The two offices are connected by a slow WAN link. All servers run Windows Server 2008 R2 and all client computers run Windows 7 Professional. All domain controllers are located in the main office. The number of users in the branch office has increased over the last year. The company has recently employed an IT Technician named Mia Hamm in the branch office to maintain the branch office computers. Users in the branch office complain that it takes a long time to log on to their computers. You decide to install a Windows Server 2008 R2 Read-Only Domain Controller in the branch office to improve log on times. You need to provide Mia the ability to manage the RODC. Mia needs to be able to install Windows Updates and update device drivers on the RODC. How can you assign Mia the necessary permissions to manage the RODC?


Options are :

  • By adding Mia’s domain user account to the Power Users group on the RODC.
  • By adding Mia’s domain user account to the local administrators group on the RODC.
  • By granting Mia’s domain user account Full Control permission on an Organizational Unit (OU) containing the computer account for the RODC.
  • By adding Mia’s domain user account to the Domain Admins group.

Answer :By adding Mia’s domain user account to the local administrators group on the RODC.

You work as an enterprise administrator at YYY.com. The YYY.com network has a domain named YYY.com with a single site named SiteA. All servers in the YYY.com network run Windows Server 2008. You reorganize the Active Directory infrastructure to include a second site named SiteB with its own domain controller. How would you configured the firewall to allow replication between SiteA and SiteB?


Options are :

  • Enable RPC traffic to pass through the firewall.
  • Enable FTP traffic to pass through the firewall.
  • Enable IPSec traffic to pass through the firewall.
  • Enable NNTP traffic to pass through the firewall.
  • Enable SMTP traffic to pass through the firewall.

Answer :Enable RPC traffic to pass through the firewall.

You work as a Network Administrator at YYY.com. The network consists of a single Active Directory Domain Services (AD DS) domain named YYY.com. All servers on the network run Windows Server 2008 R2. A Windows Server 2008 R2 server named ABC-FW1 runs Microsoft Internet Security and Acceleration (ISA) Server 2006. ABC-FW1 is configured as a firewall that separates the corporate LAN from the Internet. ABC-FW1 is configured to allow only HTTP and HTTPS inbound connections from the Internet. You install a server named ABC-WSS1. You install SharePoint Foundation on ABC-WSS1 and configure SharePoint sites for document collaboration. The SharePoint sites are accessible only from within the corporate LAN. Mobile Sales workers have been issued with PDAs running Windows Mobile 6.0. You have been asked to provide the Sales users with secure access to SharePoint sites from their PDAs. All external connections to the SharePoint sites must be encrypted. How can you provide access to the SharePoint sites from PDAs running Windows Mobile 6.0?


Options are :

  • By publishing the SharePoint site with an HTTPS web publishing rule on ABC-FW1.
  • By configuring the IPSec Require Security policy on ABC-WSS
  • By disabling port 80 access to the SharePoint sites.
  • By publishing ABC-WSS1 with an SSTP server publishing rule on ABC-FW1

Answer :By publishing the SharePoint site with an HTTPS web publishing rule on ABC-FW1.

Microsoft 70-647 Windows Enterprise Administrator Exam Set 3

You work as a Network Administrator at YYY.com. The network consists of a single Active Directory Domain Services (AD DS) domain named YYY.com. All servers on the network run Windows Server 2008 R2 and all client computers run Windows 7 Enterprise. The company has started work on a project involving a partner company named Weyland Industries. The Weyland Industries network consists of a single Active Directory Domain Services (AD DS) domain named WeylandIndustries.com. There is no trust relationship between the domain networks of YYY.com and WeylandIndustries.com. Users from the Weyland Industries Research department need to access files hosted on file servers in the YYY.com Research department. YYY.com management is worried about the security of sensitive research data. You have been asked to implement a solution that enables YYY.com Research users to share files with Weyland Industries Research users. You need to ensure that any files that have been copied to Weyland Industries Research computers cannot be printed or opened by unauthorized users. Which two of the following actions should you perform? (Choose two)


Options are :

  • You should configure the YYY.com domain to trust the WeylandIndustries.com domain.
  • You should encrypt the files using Encrypting File System (EFS) and distribute the encryption keys to the WeylandIndustries.com Research users.
  • You should configure NTFS permissions to Deny-Print to everyone and Allow-Read to only the appropriate users.
  • You should implement Active Directory Federation Services (AD FS).
  • You should implement Active Directory Rights Management Services (AD RMS) on the YYY.com network.

Answer :You should implement Active Directory Federation Services (AD FS). You should implement Active Directory Rights Management Services (AD RMS) on the YYY.com network.

You work as an enterprise administrator at YYY.com. The YYY.com network has a domain named YYY.com and a workgroup named ABCGROUP. All servers in the YYY.com network run Windows Server 2008 and all the client computers run Windows Vista. The YYY.com network has unmanaged network switches and has two servers named ABC-SR07 and ABC-SR08. ABC-SR07 is configured with the Active Directory Domain Services (AD DS), the Active Directory Certificate Services (AD CS) and the Dynamic Host Configuration Protocol (DHCP) service while ABC-SR08 is configured with the Routing and Remote Access Service (RRAS), the Network Policy Service (NPS) and Health Registration Authority (HRA). You notice that the latest Microsoft updates have not been applied to all client computers that are part of the ABCGROUP workgroup. You are concerned that YYY.com users are accessing the local area network (LAN) from these client computers. You want to implement Network Access Protection (NAP) to secure the network by preventing client computers that are not members of the YYY.com network or do not have the latest Microsoft updates from accessing any network servers that are members of the YYY.com domain. Which of the following option would you choose?


Options are :

  • TCP/IP
  • IPsec
  • DHCP
  • L2TP
  • PPTP
  • 802.1z

Answer :IPsec

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions