70-646 Exam
Super to 70-646 windows server 2008
Cause all that matters here is passing the Microsoft 70-646 exam. Cause all that you need is a high score of 70-646 PRO: Windows Server 2008, Server Administrator exam. The only one thing you need to do is downloading Testking 70-646 exam study guides now. We will not let you down with our money-back guarantee.
2021 Sep 70-646 braindump:
Q31. - (Topic 1)
You need to design a Windows Server Update Services (WSUS) infrastructure that meets the following requirements:
•The updates must be distributed from a central location.
•All computers must continue to receive updates in the event that a server fails.
What should you include in your design?
A. Configure two WSUS servers in a Microsoft SQL Server 2008 failover cluster. Configure each WSUS server to use a local database.
B. Configure a single WSUS server to use multiple downstream servers. Configure each WSUS server to use a RAID 1 mirror and a local database.
C. Configure a single WSUS server to use multiple downstream servers. Configure each WSUS server to use a RAID 5 array and a local database.
D. Configure a Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/dd939812(v=WS.10).aspx
WSUS database
WSUS 3.0 SP2 requires a database for each WSUS server. WSUS supports the use of a database that resides on a different computer than the WSUS server, with some restrictions. For a list of supported databases and remote database limitations, see WSUS database requirements. The WSUS database stores the following information:
.
WSUS server configuration information
.
Metadata that describes each update
.
Information about client computers, updates, and interactions
If you install multiple WSUS servers, you must maintain a separate database for each WSUS server, whether it is an autonomous or a replica server. (For more information about WSUS server types, see Design the WSUS Server Layout.) You cannot store multiple WSUS databases on a single instance of SQL Server, except in Network Load Balancing (NLB) clusters that use SQL Server failover. For more about this configuration, see Configure WSUS for Network Load Balancing. SQL Server, SQL Server Express, and Windows Internal Database provide the same performance characteristics for a single server configuration, where the database and the WSUS service are located on the same computer. A single server configuration can support several thousand WSUS client computers. Windows Server 2008 Enterprise Edition Windows Server 2008 Enterprise Edition is the version of the operating system targeted at large businesses. Plan to deploy this version of Windows 2008 on servers that will run applications such as SQL Server 2008 Enterprise Edition and Exchange Server 2007. These products require the extra processing power and RAM that Enterprise Edition supports. When planning deployments, consider Windows Server 2008 Enterprise Edition in situations that require the following technologies unavailable in Windows Server 2008 Standard Edition: Failover ClusteringFailover clustering is a technology that allows another server to continue to service client requests in the event that the original server fails. Clustering is covered in more detail in Chapter 11, “Clustering and High Availability.” You deploy failover clustering on mission-critical servers to ensure that important resources are available even if a server hosting those resources fails.
Q32. - (Topic 18)
You need to configure the role services on all file servers that are necessary to meet the technical requirements. Which role services should you configure? (Choose all that Apply.)
A. File Server Resource Manager
B. BranchCache for network files
C. Windows Search Service
D. Distributed File System
E. Services for Network File System
Answer: B,D
Explanation:
Requirements: Minimize downtime for users accessing across a WAN = Branch Cache Files Always opened from the nearest Server =DFS Files at same path = DFS Department volumes have Quotas There is some debat if FSRM is needed. the original answer from Pass4Sure says that A FSRM is required.
However if you look at the exhibit it clearly says Departmental Volumes and not departmental shares so the question is do you need FSRM to apply quotas to a Volume? the answer is No you dont. NTFS Quota will apply quota by right clicking on the volume then selecting properties then selecting quotas. The differences between NTFS and FSRM quotas are basically NTFS is a disk quota, so the accounts cannot use more than the allowed space on the complete disk. With FSRM you can use folder quotas and differentiate it for your needs. so with NTFS if you set the quotas to 3 GB on one volume then all users that save data to that volume can only have up to 3GB of data on the whole volume, with FSRM quotas you can set it at the volume OR folder level.
A basic disk is a physical disk that contains primary partitions, extended partitions, or logical drives. Partitions and logical drives on basic disks are known as basic volumes. You can only create basic volumes on basic disks.
BranchCache
BranchCache is a wide area network (WAN) bandwidth optimization technology that is included in the Windows Server. 2008 R2 and Windows. 7 operating systems.
To optimize WAN bandwidth, BranchCache copies content from your main office content servers and caches the content at branch office locations, allowing client computers at branch offices to access the content locally rather than over the WAN.
At branch offices, content is cached either on servers that are running the BranchCache feature of Windows Server 2008 R2 or, when no server is available in the branch office, on computers running Windows 7. After a client computer requests and receives content from the main office and the content is cached at the branch office, other computers at the same branch office can obtain the content locally rather than contacting the main office over the WAN link.
BranchCache helps improve content query response times for clients and servers in branch offices, and can also help improve network performance by reducing traffic over WAN links. The BranchCache for network files role service is part of the File Services server role. BranchCache for network files is deeply integrated with file services and allows you to deploy a BranchCache-enabled file server.
When you deploy a BranchCache-enabled file server, BranchCache creates content information for every file in every shared folder where BranchCache is enabled. Distributed File System (DFS) Namespaces and DFS Replication offer simplified, highly-available access to files, load sharing, and WAN-friendly replication. In the Windows Server. 2003 R2 operating system, Microsoft revised and renamed DFS Namespaces (formerly called DFS), replaced the Distributed File System snap-in with the DFS Management snap-in, and introduced the new DFS Replication feature. In the Windows Server. 2008 operating system, Microsoft added the Windows Server 2008 mode of domain-based namespaces and added a number of usability and performance improvements. What does Distributed File System (DFS) do?
The Distributed File System (DFS) technologies offer wide area network (WAN)-friendly replication as well as simplified, highly-available access to geographically dispersed files. The two technologies in DFS are the following: DFS Namespaces. Enables you to group shared folders that are located on different servers into one or more logically structured namespaces. Each namespace appears to users as a single shared folder with a series of subfolders. This structure increases availability and automatically connects users to shared folders in the same Active Directory Domain Services site, when available, instead of routing them over WAN connections.
DFS Replication. DFS Replication is an efficient, multiple-master replication engine that you can use to keep folders synchronized between servers across limited bandwidth network connections. It replaces the File Replication Service (FRS) as the replication engine for DFS Namespaces, as well as for replicating the AD DS SYSVOL folder in domains that use the Windows Server 2008 domain functional level.
For completion I've included details on FSRM FSRM
With the increasing demand on storage resources, as organizations rely more heavily on
data than ever before, IT administrators face the challenge of overseeing a larger and more
complex storage infrastructure, while at the same time, tracking the kind of information
available in it. Managing storage resources not only includes data size and availability any
more but also the enforcement of company policies and a very good understanding of how
existing storage is utilized, allowing for sound strategic planning and proper response to
organizational changes.
File Server Resource Manager is a suite of tools that allows administrators to understand,
control, and manage the quantity and type of data stored on their servers. By using File
Server Resource Manager, administrators can place quotas on folders and volumes,
actively screen files, and generate comprehensive storage reports.
This set of advanced instruments not only helps the administrator to efficiently monitor
existing storage resources but it also aids in the planning and implementation of future
policy changes.
Q33. - (Topic 4)
You need to recommend a monitoring solution for App1 that meets the museum's technical requirements. What should you include in the recommendation?
A. event subscriptions
B. Microsoft SharePoint Foundation 2010 alerts
C. Microsoft System Center Operations Manager 2007 R2 and the SMTP service
D. Resource Monitor
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc749183.aspx Event Viewer enables you to view events on a single remote computer. However, troubleshooting an issue might require you to examine a set of events stored in multiple logs on multiple computers. Windows Vista includes the ability to collect copies of events from multiple remote computers and store them locally. To specify which events to collect, you create an event subscription. Among other details, the subscription specifies exactly which events will be collected and in which log they will be stored locally. Once a subscription is active and events are being collected, you can view and manipulate these forwarded events as you would any other locally stored events. Using the event collecting feature requires that you configure both the forwarding and the collecting computers. The functionality depends on the Windows Remote Management (WinRM) service and the Windows Event Collector (Wecsvc) service. Both of these services must be running on computers participating in the forwarding and collecting process. To learn about the steps required to configure event collecting and forwarding computers, see Configure Computers to Forward and Collect Events.
Q34. - (Topic 18)
You are testing a file replication strategy for the IT Budget folders on BODATA01, NEDATA01, and TADATA01. The IT Budget folder on TADATA01 is the primary member.
You need to force replication of files to the Boston campus as soon as possible.
Which command should you execute?
A. dfsrdiag.exe PollAO /Member:GD!\BODC01
B. dfsrdiag.exe PollAD /Member:GDI\TADC01
C. dfsrdiag.exe PollAD /Member:GDI\TADATA01
D. dfsrdiag.exe PollAD /Member:GDI\BODATA01
Answer: B
Explanation:
You are testing a file replication strategy on BODATA01. if you look at http://technet.microsoft.com/en-us/library/cc771488.aspx its says You can use DFS Replication to keep the contents of folder targets in sync so that users see the same files regardless of which folder target the client computer is referred to. if you look to the Note on the bottom of the page its says: To poll immediately for configuration changes, open a command prompt window and then type the following command once for each member of the replication group: dfsrdiag.exe PollAD /Member:DOMAINServer1. So the question is do you poll the server holding the files or the DC in the location where the primary member is located? I'm pretty sure DFS-Replication uses AD DS replication so to me anyway I'd poll the DC.
Q35. - (Topic 1)
As part of a Windows Server 2008 R2 Active Directory deployment, you are designing a
...
Group Policy object (GPO) hierarchy. Client computers run Windows 7 and Windows XP. All client computers are in an organizational unit (OU) named Client Computers.
Additional Windows 7 and Windows XP client computers will be joined to the domain over the next six months.
You have the following requirements:
Install the antivirus Application on all Windows XP computers.
Do not install the antivirus Application on the Windows 7 computers.
Do not make changes to the existing Active Directory logical structure.
You need to design a Group Policy strategy that meets the requirements.
Which GPO configuration should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A. Publish the antivirus application to client computers. Link the GPO to the domain. Use security filtering to prevent the Windows 7 client computers from receiving the GPO.
B. Assign the antivirus application to client computers. Link the GPO to the Client Computers OU. Create a WMI Filter that queries whether the client computer's Win32_OperatingSystem caption contains "Windows 7" . Associate the WMI filter with the GPO.
C. Assign the antivirus application to client computers. Link the GPO to the domain. Place all the Windows 7 computers in a security group. Use security filtering to prevent the Windows 7 client computers from receiving the GPO.
D. Assign the antivirus application to client computers. Link the GPO to the Client Computers OU. Create a WMI Filter that queries whether the client computer's Win32_OperatingSystem caption contains "Windows XP" . Associate the WMI Filter with the GPO.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc947846%28v=ws.10%29.aspx & http://technet.microsoft.com/enus/library/cc947846%28v=ws.10%29.aspx#bkmk_1 Depending on which OS you're asked to install the AV app on your answer could change. There are reports that you're now being asked to install the AV on the Win7 clients. if that is the case then you would select the Windows 7 option
Updated case studies 70-646:
Q36. - (Topic 15)
You need to recommend an update management strategy for the Chicago campus that meets the company's technical requirements.
What should you recommend?
A. Deploy a WSUS server in replica mode, and then configure the server's reporting rollup settings.
B. Deploy a WSUS server in replica mode, and then configure the server's email notification settings.
C. Deploy a WSUS server in autonomous mode, and then configure the server's reporting rollup settings.
D. Deploy a WSUS server in autonomous mode, and then configure the server's email notification settings.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/dd939820%28WS.10%29.aspx Autonomous mode (distributed administration) Distributed management by using autonomous mode is the default installation option for WSUS. In autonomous mode, an upstream WSUS server shares updates with downstream servers during synchronization. Downstream WSUS servers are administered separately and they do not receive update approval status or computer group information from the upstream server. By using the distributed management model, each WSUS server administrator selects update languages, creates computer groups, assigns computers to groups, tests and approves updates, and makes sure that the correct updates are installed to the appropriate computer groups.
The following image shows how you might deploy autonomous WSUS servers in a branch office environment:
Q37. - (Topic 1)
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2.
You need to implement a Certificate Services solution that meets the following requirements:
Automates the distribution of certificates for internal users Ensures that the network's certificate infrastructure is as secure as possible Gives external users access to resources that use certificate based authentication
...
What should you do?
A. Deploy an online standalone root certification authority (CA). Deploy an offline standalone root CA.
B. Deploy an offline enterprise root certification authority (CA). Deploy an offline enterprise subordinate CA.
C. Deploy an offline standalone root certification authority (CA). Deploy an online enterprise subordinate CA. Deploy an online standalone subordinate CA.
D. Deploy an online standalone root certification authority (CA). Deploy an online enterprise subordinate CA. Deploy an online standalone subordinate CA.
Answer: C
Explanation:
Certification authority hierarchies
The Microsoft public key infrastructure (PKI) supports a hierarchical certification authority (CA) model. A certification hierarchy provides scalability, ease of administration, and consistency with a growing number of commercial and other CA products.
In its simplest form, a certification hierarchy consists of a single CA. However, in general, a hierarchy will contain multiple CAs with clearly defined parent-child relationships. In this model, the child subordinate certification authorities are certified by their parent CA-issued certificates, which bind a certification authority's public key to its identity. The CA at the top of a hierarchy is referred to as the root authority, or root CA. The child CAs of the root CAs are called subordinate certification authorities (CAs).
A root certification authority (CA) is the top of a public key infrastructure (PKI) and generates a self-signed certificate. This means that the root CA is validating itself (self-validating). This root CA could then have subordinate CAs that effectively trust it. The subordinate CAs receive a certificate signed by the root CA, so the subordinate CAs can issue certificates that are validated by the root CA. This establishes a CA hierarchy and trust path. http://social.technet.microsoft.com/wiki/contents/articles/2900.offline-root-certification-authority-ca.aspx
Certification authority hierarchies
The Microsoft public key infrastructure (PKI) supports a hierarchical certification authority (CA) model. A certification hierarchy provides scalability, ease of administration, and consistency with a growing number of commercial and other CA products. In its simplest form, a certification hierarchy consists of a single CA. However, in general, a hierarchy will contain multiple CAs with clearly defined parent-child relationships. In this model, the child subordinate certification authorities are certified by their parent CA-issued certificates, which bind a certification authority's public key to its identity. The CA at the top of a hierarchy is referred to as the root authority, or root CA. The child CAs of the root CAs are called subordinate certification authorities (CAs).
Authentication and Authorization
Stand-alone CAs use local authentication for certificate requests, mainly through the Web enrollment interface. Stand-alone CAs provide an ideal service provider or commercial PKI provider platform for issuing certificates to users outside of an Active Directory environment where the user identity is separately verified and examined before the request is submitted to the CA.
Offline and Online CAs
Traditionally, the decision of whether to use either an online or offline CAs involves a compromise between availability and usability versus security. The more sensitive that the key material is and the higher the security requirements are, the less accessible the CA should be to users.
Specifying CA Roles
An ideal PKI hierarchy design divides the responsibility of the CAs. A topology that is designed with requirements that have been carefully considered provides the most flexible and scalable enterprise configuration. In general, CAs are organized in hierarchies. Single tier hierarchies might not provide adequate security compartmentalization, extensibility and flexibility. Hierarchies with more than three tiers might not provide additional value regarding security, extensibility and flexibility.
The most important consideration is protecting the highest instance of trust as much as possible. Single-tier hierarchies are based on the need to compartmentalize risk and reduce the attack surface that is available to users who have malicious intent. A larger hierarchy is much more difficult to administer, with little security benefit.
Depending on the organization's necessities, a PKI should consist of two or three logical levels that link several CAs in a hierarchy. Administrators who understand the design requirements for a three-level topology may also be able to build a two-level topology. A three-tier CA hierarchy consists of the following components:
A root CA that is configured as a stand-alone CA without a network connection One or more intermediate CAs that are configured as stand-alone CAs without a network connection One or more issuing CAs that are configured as enterprise CAs that are connected to the network Also worth a look though it refers to windows 2003 http://technet.microsoft.com/en-us/library/cc779714%28WS.10%29.aspx
Q38. - (Topic 6)
You need to recommend a management solution for Server1 that meets the company's security requirements. What should you include in the recommendation?
A. accessbased enumeration (ABE)
B. Authentication Mechanism Assurance
C. Authorization Manager
D. HyperV Manager
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc732290%28WS.10%29.aspx What does Authorization Manager do? Authorization Manager is a role-based security architecture for Windows that can be used in any application that needs role-based authorization, including ASP.NET Web applications, ASP.NET Web services, and client/server systems based on .NET Remoting. The role-based management model enables you to assign users to roles and gives you a central place to record permissions assigned to each role. This model is often called rolebased access control.
Q39. - (Topic 6)
You need to recommend a solution for the file servers that meets the company's technical requirements. What should you include in the recommendation?
A. Storage Manager for SANs
B. Network Load Balancing (NLB)
C. TCP/IP offload services
D. the Multipath I/O feature
Answer: D
Explanation: Multipath I/O
Multipath I/O (MPIO) is a feature of Windows Server 2008 that allows a server to use multiple data paths to a storage device. This increases the availability of storage resources because it provides alternate paths from a server or cluster to a storage subsystem in the event of path failure. MPIO uses redundant physical path components (adapters, switches, cabling) to create separate paths between the server or cluster and the storage device. If one of the devices in these separate paths fails, an alternate path to the SAN device will be used, ensuring that the server is still able to access critical data. You configure failover times through the Microsoft iSCSI Software initiator driver or by modifying the Fibre Channel HBA driver parameter settings, depending on the SAN technology deployed in your environment.
Q40. - (Topic 5)
You need to recommend a solution for managing the address information of the user accounts. The solution must meet the company's security requirements.
What should you include in the recommendation?
A. Active Directory delegation
B. Authorization Manager
C. built-in security groups
D. user rights assignments
Answer: A
Explanation:
Delegation of control means you can give fine grained rights to specific tasks to specific users or groups within AD. So a single user or group can be delegated permissions to create new user accounts within
a specific OU or Site within your AD forest or domain