70-646 Exam
Examples of microsoft server 2008 server administrator (exam 70-646) course
Proper study guides for Renovate Microsoft PRO: Windows Server 2008, Server Administrator certified begins with Microsoft 70-646 preparation products which designed to deliver the Highest Quality 70-646 questions by making you pass the 70-646 test at your first time. Try the free 70-646 demo right now.
2021 Sep examcollection 70-646:
Q91. - (Topic 4)
You need to recommend an administrative solution for the help desk technicians that meets the museum's technical requirements.
What should you recommend?
A. Add the help desk technicians to the Domain Admins group.
B. Add the help desk technicians to the Accounts Operators group.
C. Assign permissions for the Groups OU and the Branch1 OU to the help desk technicians.
D. Assign permissions for the domain object and the Users container to the help desk technicians.
Answer: C
Explanation:
You can delegate administrative control to any level of a domain tree by creating organizational units within a domain and delegating administrative control for specific organizational units to particular users or groups. By giving permissions on the Groups OU they can modify group membership and create groups within that OU, by giving them permissions on the Branch1 OU they will be able to reset passwords within that OU. http://www.windowsecurity.com/articles/Implementing-Active-Directory-Delegation-Administration.html How to delegate password reset permissions for your IT staff One of the most common tasks to delegate, usually to a service desk or Help desk, is the capacity to reset users’ passwords when they forget them and unlock their accounts. To accomplish this, you’ll need to perform a few delegations: You’ll need to delegate the Reset Password Extended Right permission and the Write Property permission for the pwdLastSet and lockoutTime attributes. http://community.spiceworks.com/how_to/show/1464 well worth a look To delegate group membership http://www.scribd.com/doc/42818731/AD-Delegating-Control-of-Group-Membership
Q92. - (Topic 7)
You need to recommend a solution for the USB storage devices on the client computers. The solution must meet the company's security requirements.
What should you include in the recommendation?
A. Encrypted File System (EFS)
B. the App1ocker Group Policy settings
C. the Enhanced Storage Access settings
D. Windows BitLocker Drive Encryption (BitLocker)
Answer: C
Explanation:
What is Enhanced Storage?
http://windows.microsoft.com/en-us/windows7/What-is-Enhanced-Storage There are different types of storage devices, such as USB flash drives or external hard drives. Some have no particular security enhancements, while others have built-in safety features. Enhanced Storage devices have built-in safety features that let you control who can access the data on the device by using a password or a certificate (if the device is being used in a workplace). Once someone has access to the device, they have access to the data because the data on the device is not encrypted. Some device manufacturers might offer encryption on Enhanced Storage devices. Check the device packaging or documentation to see if the device includes encryption. An Enhanced Storage device can be an external USB hard drive or a USB flash drive. When you purchase a USB hard drive or flash drive, the packaging might indicate that it's an Enhanced Storage device. The first time that you plug the device into your computer, you'll be prompted to create a password or use a certificate with the device. Once the password is entered or the certificate is retrieved, the data on the device is accessible. It's important to use a strong password to help keep your data secure. n addition to the device access password, you can set a recovery password, which you can use to reset the device access password. You can create the recovery password when you create the device access password or by right-clicking the device in the Computer folder, and then selecting Set password. You can also use the recovery password as an administrator password. Administrators can choose to set a device password for the user of the device, and then use the recovery password as an administrator password. This way, the administrator can unlock the storage device if the person using it forgets their password.
Enhanced Storage Access settings
http://technet.microsoft.com/en-us/library/dd560657%28WS.10%29.aspx Enhanced Storage devices are devices that support the IEEE 1667 protocol to provide functions such as authentication at the hardware level of the storage device. These devices can be very small, such as USB flash drives, to provide a convenient way to store and carry data. At the same time, the small size makes it very easy for the device to be lost, stolen, or misplaced.
Q93. - (Topic 4)
You are planning to upgrade the client computers of the users in the sales department to Windows 7.
You need to recommend an upgrade solution to ensure that the client computers can run App2.
What should you include in the recommendation?
A. Internet Explorer Administration Kit (IEAK)
B. Microsoft Application Compatibility Toolkit (ACT)
C. Microsoft Application Virtualization (AppV)
D. Microsoft Enterprise Desktop Virtualization (MED-V)
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/ff433573.aspx MED-V uses Microsoft Virtual PC to provide an enterprise solution for desktop virtualization. With MED-V, you can easily create, deliver, and manage corporate Virtual PC images on any Windows.-based desktop. MED-V is an integral component of the Microsoft Desktop Optimization Pack, a dynamic solution available to Software Assurance customers, which helps reduce application deployment costs, enables delivery of applications as services, and helps to better manage and control enterprise desktop environments.
Topic 5, Woodgrove Bank
Scenario:
COMPANY OVERVIEW
Overview
Woodgrove Bank is an international financial organization.
Physical Location
The company has a main office and multiple branch offices.
EXISTING ENVIRONMENT
Active Directory Environment
The network contains one Active Directory forest. A separate domain exists for each office.
Network Infrastructure
All offices have domain controllers that are configured as DNS servers. All client computers are configured to connect to the DNS servers in their respective office only.
The main office has the following servers and client computers:
... .
One Windows Server Update Services (WSUS) server.
Client computers that run either Windows XP Service Pack 3 (SP3) or Windows 7.
Ten file servers that host multiple shared folders. The file servers run either
Windows Server 2003 or Windows Server 2008 R2.
One domain-based Distributed File System (DFS) namespace that has two
replicas. The DFS servers run Windows Server 2008 R2. The DFS namespace is
configured to use Windows 2000 Server mode.
Each branch office has a WAN link to the main office. The WAN links are highly saturated. Each office has a dedicated high-speed Internet connection.
All of the client computers in the branch offices run Windows 7.
User Problems
Users report that it is difficult to find the shared folders on the network.
REQUIREMENTS
Planned Changes
Woodgrove Bank plans to implement the following changes:
. ...
Deploy a new Application named App1 on each client computer. App1 has a
Windows Installer package and is compatible with Windows XP, Windows Vista,
and Windows 7.
Designate a user in each office to manage the address information of the user
accounts in that office.
Deploy a new branch office named Branch22 that has the following servers:
uk.co.certification.simulator.questionpool.PList@7e25ed0
Technical Requirements
Woodgrove Bank must meet the following technical requirements:
...
Minimize hardware and software costs, whenever possible.
Encrypt all DNS replication traffic between the DNS servers.
Ensure that users in the branch offices can access the DFS targets if a WAN link
Guaranteed success with TestInsides practice guides fails.
. Ensure that users can only view the list of DFS targets to which they are assigned permissions.
. Minimize the amount of network traffic between the main office and the branch offices, whenever possible.
. Minimize the amount of name resolution traffic from the branch offices to the DNS servers in the main office.
. Ensure that the administrators in the main office manage all Windows update approvals and all computer groups.
. Manage all of the share permissions and the folder permissions for the file servers from a single management console.
. Ensure that if a file on a file server is deleted accidentally, users can revert to a previous version of the file without administrator intervention.
. Ensure that administrators are notified by e-mail each time a user successfully copies a file that has an .avi extension to one of the file servers.
Security Requirements
Woodgrove Bank must meet the following security requirements: . Access rights and user rights must be minimized. . The Guest account mustoe disabled on all servers. . Internet Information Services (IIS) must only be installed on authorized servers.
Q94. - (Topic 19)
Your network contains an Active Directory domain. You have a server that runs Windows Server 2008 R2 and has the Remote Desktop Services server role enabled. All client computers run Windows 7.
You need to plan the deployment of a new line of business application to all client computers.
The deployment must meet the following requirements:
-
Users must access the application from an icon on their desktops.
-
Users must have access to the application when they are not connected to the network.
What should you do?
A. Publish the application as a RemoteApp.
B. Publish the application by using Remote Desktop Web Access (RD Web Access).
C. Assign the application to the Remote Desktop Services server by using a Group Policy object (GPO).
D. Assign the application to all client computers by using a Group Policy object (GPO).
Answer: D
Explanation:
http://support.microsoft.com/kb/816102
Assign a Package
To assign a program to computers that are running Windows Server 2003, Windows 2000, or Microsoft Windows XP Professional, or to users who are logging on to one of these workstations:
1.
Start the Active Directory Users and Computers snap-in. To do this, click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
2.
In the console tree, right-click your domain, and then click Properties.
3.
Click the Group Policy tab, select the group policy object that you want, and then click Edit.
4.
Under Computer Configuration, expand Software Settings.
5.
Right-click Software installation, point to New, and then click Package.
6.
In the Open dialog box, type the full Universal Naming Convention (UNC) path of the shared installer package that you want. For example, \\file server\share\file name.msi. Important Do not use the Browse button to access the location. Make sure that you use the UNC path to the shared installer package.
7.
Click Open.
8.
Click Assigned, and then click OK. The package is listed in the right pane of the Group Policy window.
9.
Close the Group Policy snap-in, click OK, and then quit the Active Directory Users and Computers snap-in.
10.
When the client computer starts, the managed software package is automatically installed.
Q95. - (Topic 17)
You need to recommend changes to the intranet site that meet the company's technical requirements. What should you include in the recommendation?
A. additional Application pools
B. additional worker processes
C. Failover Clustering
D. Network Load Balancing (NLB)
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc725691.aspx The Network Load Balancing (NLB) feature in Windows Server 2008 R2 enhances the availability and scalability of Internet server applications such as those used on Web, FTP, firewall, proxy, virtual private network (VPN), and other mission-critical servers. A single computer running Windows Server 2008 R2 provides a limited level of server reliability and scalable performance. However, by combining the resources of two or more computers running one of the products in Windows Server 2008 R2 into a single virtual cluster, NLB can deliver the reliability and performance that Web servers and other mission-critical servers need.
Topic 18, Graphic Design Institute, Case B
General Background
You are the systems administrator for the Graphic Design Institute (GDI). GDI is a private liberal arts and technical college with campuses in multiple cities.
Technical Background
The campus locations, users, client computers, and servers are described in the following table.
The campuses are connected by a fully meshed WAN.
The corporate network includes Active Directory Domain Services (AD DS). Domain controllers are located on each campus.
GDI uses Microsoft Windows Deployment Server (WDS) to distribute images by using Preboot Execution Environment (PXE). GDI builds images by using the Windows Automated Installation Kit (WAIK).
GDI uses Microsoft Windows Server Update Services (WSUS) to distribute and manage Windows security updates and software updates. All private client computers and portable computers used by faculty and staff are members of the WSUS computer group named Staff. All shared client computers are members of the WSUS computer group named LabComputers. All faculty and staff users are members of the global security group named GDI_Staff. All students are members of the global security group named GDI_Students.
Specific servers are configured as shown in the following table.
The main data center is located on the Boston campus. ADMX and ADML files are centrally stored on BODC01.
All Charlotte servers reside in the CH_Servers organizational unit (OU). CHDATA01, CHDATA02, CHDATA03, and CHDATA04 reside in the CH_FileServers OU. CH_FileServers is a child OU of CH_Servers.
A Group Policy object (GPO) named ServerSettings App1ies Windows Internet Explorer settings to all servers.
Business Requirements
After successful migrations to Windows Server 2008 R2 in Boston, New Haven, and Tacoma, GDI plans to migrate its other campuses to Windows Server 2008 R2 in advance of a full Windows 7 client computer deployment.
Server deployment on the Austin campus must be performed on weekends by using scheduled deployments.
The post-migration environment must meet the following business requirements:
....
Maximize security Maximize data protection Maximize existing resources Minimize downtime
Technical Requirements
The post-migration environment must meet the following security requirements:
...
All updates must be distributed by using WSUS.
All critical updates must be installed as soon as possible.
All drives on the Minneapolis campus servers must have Windows BitLocker Drive
Encryption enabled.
The post-migration environment must meet the following data protection requirements:
.. .... . .
All servers must have automated backup routines.
All backups must be replicated to the Boston data center at the end of each
business week.
The post-migration environment must meet the following resource requirements:
Installations and recovery must be performed remotely.
All department volumes on file servers must have NTFS quotas.
Minimize download time for users who open Microsoft Office documents over the
WAN.
Ensure that users' files are always opened from the closest file server when
available.
Users' files must be accessible by the same path from all campuses.
Avant-garde windows server 2008 administrator exam 70-646 answers:
Q96. - (Topic 2)
You need to recommend a solution to minimize the amount of time it takes for the legal department users to locate files in the Legal share.
What should you include in the recommendation?
A. File Server Resource Manager (FSRM)
B. Print and Document Services
C. Services for Network File System (NFS)
D. Windows Search Service
Answer: D
Explanation: windows search is an optional component in server 2008. You have to enable the file server role to get it. The Windows Search Service is a file server role service that provides indexing of common files on Windows computers. By installing the Windows Search Service, clients can search more quickly for files, using an index that is stored on the file server to enable it follow these steps http://www.win2008workstation.com/win2008/enable-windows-search-service
1. Start the Server Manager by clicking the Server Manager icon in the systray, or the Server Manager shortcut in directly the Start menu or in the menu Administrative Tools.
2. In the Server Manager click below the category Roles Summary on Add Roles.
3. Click Next in the Before You Begin screen. 4. In the Select Server Roles screen check File Services, then click Next.
5.
You can eventually read the Introduction to File Services, and click Next.
6.
Select the Windows Search Service in the Role Services list. You can optionally uncheck the File Server role.
7.
Select your setting for the volumes you want to index.
8.
At the Confirm Installation Selections page click Install to start the installation of the Windows Search Service role.
9.
After the installation has finished click Close. The Windows Search service has now automatically be started and will be indexing your system during idle time!
Q97. - (Topic 8)
You need to recommend changes to Web1 to ensure that server backups can be performed remotely from Backup1.
Which two changes should you include in the recommendation? (Each correct answer presents part of the solution. Choose two.)
A. Install Windows PowerShell.
B. Install Windows Server Backup.
C. Modify the Windows Firewall settings.
D. Enable the IIS Management Service feature.
Answer: B,C
Q98. - (Topic 1)
...
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. There are five servers that run Windows Server 2003 SP2. The Windows Server 2003 SP2 servers have the Terminal Server component installed. A firewall server runs Microsoft Internet Security and Acceleration (ISA) Server 2006. All client computers run Windows 7.
You plan to give remote users access to the Remote Desktop Services servers.
You need to create a remote access strategy for the Remote Desktop Services servers that meets the following requirements:
Minimizes the number of open ports on the firewall server Encrypts all remote connections to the Remote Desktop Services servers Prevents network access to client computers that have Windows Firewall disabled
What should you do?
A. Implement port forwarding on the ISA Server. Implement Network Access Quarantine Control on the ISA Server.
B. Upgrade a Windows Server 2003 SP2 server to Windows Server 2008 R2. On the Windows Server 2008 R2 server, implement the Remote Desktop Gateway (RD Gateway) role service, and implement Network Access Protection (NAP).
C. Upgrade a Windows Server 2003 SP2 server to Windows Server 2008 R2. On the Windows Server 2008 R2 server, implement the Remote Desktop Gateway (RD Gateway) role service, and configure a Remote Desktop connection authorization policy (RD?CAP).
D. Upgrade a Windows Server 2003 SP2 server to Windows Server 2008 R2. On the Windows Server 2008 R2 server, implement the Remote Desktop Gateway (RD Gateway) role service, and configure a Remote Desktop resource authorization policy (RD RAP).
Answer: B
Explanation:
Terminal Services Gateway
TS Gateway allows Internet clients secure, encrypted access to Terminal Servers behind your organization’s firewall without having to deploy a Virtual Private Network (VPN) solution. This means that you can have users interacting with their corporate desktop or applications from the comfort of their homes without the problems that occur when VPNs are configured to run over multiple Network Address Translation (NAT) gateways and the firewalls of multiple vendors. TS Gateway works using RDP over Secure Hypertext Transfer Protocol (HTTPS), which is the same protocol used by Microsoft Office Outlook 2007 to access corporate Exchange Server 2007 Client Access Servers over the Internet. TS Gateway Servers can be configured with connection authorization policies and resource authorization policies as a way of differentiating access to Terminal Servers and network resources. Connection authorization policies allow access based on a set of conditions specified by the administrator; resource authorization policies grant access to specific Terminal Server resources based on user account properties.
Network Access Protection
You deploy Network Access Protection on your network as a method of ensuring that computers accessing important resources meet certain client health benchmarks. These benchmarks include (but are not limited to) having the most recent updates applied, having antivirus and anti-spyware software up to date, and having important security technologies such as Windows Firewall configured and functional. In this lesson, you will learn how to plan and deploy an appropriate network access protection infrastructure and enforcement method for your organization.
Q99. - (Topic 7)
You need to recommend a solution for managing Group Policy that meets the company's technical requirements. What should you recommend?
A. Implement a central store.
B. Upgrade DC3 to Windows Server 2008 R2.
C. Create starter Group Policy objects (GPOs).
D. Deploy Advanced Group Policy Management (AGPM).
Answer: A
Explanation:
http://msdn.microsoft.com/en-us/library/bb530196.aspx Create a Central Store The central store is a folder structure created in the sysvol directory on the domain controllers in each domain in your organization. You will need to create the central store only once on a single domain controller for each domain in your organization. The File Replication service then replicates the central store to all domain controllers. It is recommended that you create the central store on the primary domain controller because the Group Policy Management Console and Group Policy Object Editor connect to the primary domain controller by default. The central store consists of a root-level folder containing all language-neutral ADMX files and subfolders containing the language-specific ADMX resource files.
Q100. - (Topic 19)
You want to deploy web site with less attack surface, high available solution with minimal cost. Which one would you recommend? There are more than one correct answers but chose the best option.
A. Windows server 2008 R2 Enterprise full installation
B. Windows server 2008 R2 standard full installation.
C. Windows web server 2008 R2 with IIS 7.5 Server core.
D. Windows web server 2008 R2 with IIS 7.5 full installation.
Answer: C