70-646 Exam
The Only Tip You Need: windows server 2008 exam 70-646
Our Microsoft Microsoft exam questions along with answers are updated regularly in line with the Microsoft genuine exam. They are regarding great benefit for the Microsoft 70-646 exam preparation. Pass4sure gives the most precise along with authentic 70-646 practice questions along with verified answers. They are offered in 2 formats. A single is Pdf (printable files) and also the other is actually free Examination Engine (downloadable). Microsoft 70-646 includes comprehensive and logical topics in the Microsoft actual check. They are extremely helpful along with valuable to suit your needs to preview along with review for your Microsoft 70-646 exam. Taking steps right currently and getting our Microsoft 70-646 products, you will become on the strategy to Microsoft Microsoft certification soon. Our Microsoft Pdf study guides are offered chapter by chapter along with printable. If you will need the printed version, many of us will mail them to you. With the convenient portable Microsoft 70-646 training materials, you will get a large score which assure your wonderful achievement.
2021 Sep windows server 70-646:
Q131. - (Topic 2)
You need to recommend a BitLocker recovery method that meets the company's technical requirements.
Which recovery method should you recommend?
A. a data recovery agent
B. a recovery key
C. a recovery password printed and stored in a secure location
D. a recovery password stored in Active Directory
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/dd875560%28WS.10%29.aspx Data recovery agents are accounts that are able to decrypt BitLocker-protected drives by using their smart card certificates and public keys. Recovery of a BitLocker-protected drive can be accomplished by a data recovery agent that has been configured with the proper certificate. Before a data recovery agent can be configured for a drive, you must add the data recovery agent to Public Key Policies\BitLocker Drive Encryption in either the Group Policy Management Console (GPMC) or the Local Group Policy Editor. You must also enable and configure the Provide the unique identifiers for your organization policy setting to associate a unique identifier to a new drive that is enabled with BitLocker. An identification field is a string that is used to uniquely identify a business unit or organization. Identification fields are required for management of data recovery agents on BitLocker-protected drives. BitLocker will only manage and update data recovery agents when an identification field is present on a drive and is identical to the value configured on the computer.
Q132. - (Topic 1)
A company has a single Active Directory Domain Services (AD DS) domain. Each department within the company has its own organizational unit (OU). All client computers run Windows 7 Enterprise Edition and Microsoft Office 2010.
The company wants to restrict access to some Office 2010 features. They develop a standard list of corporate restrictions.
You have the following requirements:
. Apply the corporate restrictions to all existing and future departments. . Ensure that specific restrictions can be added or removed for individual departments. . Ensure that the corporate restrictions are not App1ied to users and computers in the built-in Active Directory containers. . Minimize administrative effort for Applying restrictions to future departments.
You need to recommend a Group Policy object (GPO) deployment that meets the requirements.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A. Create a GPO that contains the corporate restrictions and link it to the domain. Install the Office 2010 Group Policy Administrative Template settings. Create a separate GPO for each department that deploys and configures Office 2010.
B. Install the Office 2010 Group Policy Administrative Template settings. Create a Starter GPO that contains the corporate restrictions. Create a separate GPO based on the Starter GPO for each department that deploys and configures Office 2010.
C. Install the Office 2010 Resource Kit and create a custom transform (.mst) file for each department. Create a Starter GPO that contains the corporate restrictions. Create a separate GPO based on the Starter GPO for each department that deploys Office 2010 by using the transform file.
D. Install the Office 2010 Resource Kit and create custom installer files for each department. Create a GPO that contains the corporate restrictions and link it to the domain. Create a separate GPO for each department that deploys the installer files,
Answer: B
Explanation:
Starter GPOs are used as a base template to build other GPOs from. admin templates (ADMX & ADML files) need to be applied so that the settings specific to Office 2010 can be applied
Q133. HOTSPOT - (Topic 19)
New security events are not being written to the current Security event log in the
tailspintoys.com domain. However, old security events are still being maintained in the log.
You need to meet the security event log requirements for the tailspintoys.com domain.
Which Group Policy setting or settings should you select?
To answer, select the appropriate setting or settings in the Group Policy Management
Editor.
Answer:
Q134. - (Topic 1)
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. The network contains 100 servers and 5,000 client computers. The client computers run either Windows XP Service Pack 1 or Windows 7.
You need to plan a VPN solution that meets the following requirements:
•Stores VPN passwords as encrypted text
•Supports Suite B cryptographic algorithms
•Supports automatic enrollment of certificates
•Supports client computers that are configured as members of a workgroup
What should you include in your plan?
A. Upgrade the client computers to Windows XP Service Pack 3. Implement a standalone certification authority (CA). Implement an IPsec VPN that uses certificate based authentication.
B. Upgrade the client computers to Windows XP Service Pack 3. Implement an enterprise certification authority (CA) that is based on Windows Server?2008 R2. Implement an IPsec VPN that uses Kerberos authentication.
C. Upgrade the client computers to Windows 7. Implement an enterprise certification authority (CA) that is based on Windows Server 2008 R2. Implement an IPsec VPN that uses preshared keys.
D. Upgrade the client computers to Windows 7. Implement an enterprise certification authority (CA) that is based on Windows Server 2008 R2. Implement an IPsec VPN that uses certificate based authentication.
Answer: D
Explanation:
This is as close as I could get to an answer to this. In essence, Enterprise CAs are fully integrated into a Windows Server 2008 environment. This type of CA makes the issuing and management of certificates for Active Directory clients as simple as possible. Standalone CAs do not require Active Directory. When certificate requests are submitted to Standalone CAs, the requestor must provide all relevant identifying information and manually specify the type of certificate needed. This process occurs automatically with an Enterprise CA. By default, Standalone CA requests require administrator approval. Administrator intervention is necessary because there is no automated method of verifying a requestor’s credentials. Standalone CAs do not use certificate templates, limiting the ability for administrators to customize certificates for specific organizational needs. L2TP/IPsecL2TP connections use encryption provided by IPsec. L2TP/IPsec is the protocol that you need to deploy if you are supporting Windows XP remote access clients, because these clients cannot use SSTP. L2TP/IPsec provides per-packet data origin authentication, data integrity, replay protection, and data confidentiality.
L2TP/IPsec connections use two levels of authentication. Computer-level authentication occurs either using digital certificates issued by a CA trusted by the client and VPN server or through the deployment of pre-shared keys. PPP authentication protocols are then used for user-level authentication. L2TP/IPsec supports all of the VPN authentication protocols available on Windows Server 2008.
Supports Suite B cryptographic algorithms When using the Certificate Templates console, note that you cannot configure the autoenrollment permission for a level 1 certificate template. Level 1 certificates have Windows 2000 as their minimum supported CA. Level 2 certificate templates have Windows Server 2003 as a minimum supported CA. Level 2 certificate templates are also the minimum level of certificate template that supports autoenrollment. Level 3 certificates templates are supported only by client computers running Windows Server 2008 or Windows Vista. Level 3 certificate templates allow administrators to configure advanced Suite B cryptographic settings. These settings are not required to allow certificate autoenrollment and most administrators find level 2 certificate templates are adequate for their organizational needs.
Q135. - (Topic 6)
You need to recommend a backup solution for the file servers that supports the company's planned changes.
What should you include in the recommendation?
A. File Server Resource Manager (FSRM)
B. Microsoft System Center Data Protection Manager
C. Windows Server Backup
D. Windows Storage Server 2008
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/ff399260.aspx What is Data Protection Manager? Microsoft System Center Data Protection Manager (DPM) 2010 is a member of the Microsoft System Center family of management products, designed to help IT professionals manage their Windows environment. DPM provides Windows backup and recovery—delivering seamless data protection for Microsoft application and file servers by using integrated disk and tape media. DPM performs replication, synchronization, and recovery point creation to provide reliable protection and rapid recovery of data for both system administrators and endusers.
Avant-garde exam 70-646 windows server 2008 administrator pdf:
Q136. DRAG DROP - (Topic 1)
A company has client computers that run Windows 7 and Windows Vista. The company has a single domain Active Directory Domain Services (AD DS) forest with domain controllers that run Windows Server 2008 R2.
An Application must be installed on the windows 7 client computers when users log on to the computers.
You need to design an Application deployment solution.
Which actions should you perform in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and
arrange them in the correct order. (Use only actions that Apply.)
Answer:
Q137. - (Topic 1)
Your network consists of a single Active Directory domain. The domain controllers run Windows Server 2008 R2. Your company's enterprise security policy states that the domain controllers cannot contain optical drives.
You need to recommend a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure.
What should you recommend?
A. Use Windows Server Backup to back up each domain controller to a local disk. Create a Windows Recovery Environment (Windows RE) partition on each domain controller.
B. Use Windows Server Backup to back up each domain controller to a local disk. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE).
C. Use Windows Server Backup to back up each domain controller to a remote network share. Create a Windows Recovery Environment (Windows RE) partition on each domain controller.
D. Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE).
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc766048(WS.10).aspx http://technet.microsoft.com/en-us/library/cc765966(v=WS.10).aspx (Must Read) http://technet.microsoft.com/en-us/magazine/2008.10.desktopfiles.aspx
Special considerations
You must be a member of the Administrators group or Backup Operators group to use
Windows Server Backup.
In Windows Server 2008, the firewall has been enabled by default. If you are managing the
backups of another computer using the Windows Server Backup snap-in, your connectivity
to the remote computer may be affected and can be resolved by changes in the firewall
rules.
While working on the local computer, you are not affected.
Also, if you are a current user of the previous backup feature (Ntbackup.exe) that shipped
in earlier versions of Windows, and plan to switch to the new Windows Server Backup, you
might be affected by the following issues and changes:
Settings for creating backups will not be upgraded when you upgrade to Windows Server
2008. You will need to reconfigure settings.
You will need a separate, dedicated disk for running scheduled backups.
Only NTFS-formatted volumes on a locally attached disk can be backed up.
You can no longer back up to tape. (However, support of tape storage drivers is still
included in Windows Server 2008.) Windows Server Backup supports backing up to
external and internal disks, DVDs, and shared folders.
You cannot recover backups that you created with Ntbackup.exe by using Windows Server
Backup. However, a version of Ntbackup.exe is available as a download to Windows
Server
2008 for users who want to recover data from backups created using Ntbackup.exe. The
downloadable version of Ntbackup.exe is only for recovering backups for older versions of
Windows and cannot be used to create new backups in Windows Server 2008.
Windows Server 2008 R2 including:
The ability to backup System State as a separate job as well as the ability to do
incremental System State backups.
The ability to exclude specific file types, file folders, and specific files instead of having to
backup an entire volume.
The ability to backup to a volume or a network share instead of requiring a dedicated disk for backups.
Windows Recovery Technical Reference
Windows Recovery Environment (Windows RE) is an extensible recovery platform based on Windows Preinstallation Environment (Windows PE). When the computer fails to start, Windows automatically fails over into this environment, and the Startup Repair tool in Windows RE automates the diagnosis and repair of an unbootable Windows Vista installation. Furthermore, Windows RE is a starting point for various tools for manual system recovery. The primary audience of this technology includes original equipment manufacturers (OEMs), original device manufacturers (ODMs), and corporate IT professionals.
Image-based Recovery from Windows RE
In the event that the Windows installation cannot be repaired with Startup Repair or other manual repair steps, Windows RE can be used to launch an image-based recovery tool.
User-created Recovery Image
Windows Vista provides end users with the ability to create a backup image of their entire operating system. End users can do this by using the Backup tool. The system image can be stored on an external hard disk, on a hard disk partition other than those imaged, or on a DVD. To restore the computer by using this system image, users must launch the restore interface from the list of Windows RE manual tools.
Factory-created Recovery Image
To facilitate restoring a computer to its factory state, a recovery image can be placed on the Windows RE partition. This eliminates the need for a separate recovery media in most cases. If the Windows image format is used in the manufacturing process, the same operating system image can be used for recovery as well. A computer manufacturer can develop an application by using the Imaging APIs for Windows and the Windows image to restore the operating system volume. This application can be launched from the Windows RE user interface (UI) by using customizations provided by the ODM.
Q138. - (Topic 1)
A company wants to prevent employees who access the company's Remote Desktop Session Hosts (RD Session Hosts) from introducing malware onto the corporate network.
You have the following requirements:
. Ensure that only client computers that have an up-to-date antivirus program installed can connect to the RD Session Hosts.
. Display a notification when a client computer that does not meet the antivirus requirements attempts to connect to an RD Session Host. Provide information about how to resolve the connection problem.
. Ensure that client computers can access only the RD Session Hosts.
You need to recommend a Remote Desktop Services (RDS) management strategy that meets the requirements.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A. Deploy a Remote Desktop Gateway in a perimeter network. Install and configure a Network Policy and Access Services server. Configure the System Health Validator. Enable the Remote Desktop Gateway Network Access Protection Enforcement Client. Configure Remote Desktop Connection Authorization Policies and Remote Desktop Resource Authorization Polices.
B. Deploy the Routing and Remote Access Service in a perimeter network to support VPN connections. Install and configure a Network Policy and Access Services server. Enable the Network Access Protection VPN Enforcement Client. Configure the System Health Validator. Configure static routes on the VPN server to allow access only to the RD Session Hosts.
C. Deploy a Remote Desktop Gateway in a perimeter network. Configure Remote Desktop Connection Authorization Policies and Remote Desktop Resource Authorization Polices. Configure a logon message.
D. Deploy the Routing and Remote Access Service in a perimeter network to support VPN connections. Configure Connection Request Policies to specify which computers can connect to the corporate network. Configure static routes on the VPN server to allow access only to the RD Session Hosts.
Answer: A
Explanation:
NAP with SHVs configured will ensure that the AV is installed and up to date. if they ar not you can direct them to a quarantine/remediation server to update http://www.techrepublic.com/article/solutionbase-configuring-network-access-protection-for-windows-server-2008/178022
RD RAP Remote Desktop resource authorization policies (RD RAPs) allow you to specify the internal network resources (computers) that remote users can connect to through an RD Gateway server. http://technet.microsoft.com/en-us/library/cc730630
RD CAP Remote Desktop connection authorization policies (RD CAPs) allow you to specify who can connect to an RD Gateway server http://technet.microsoft.com/en-us/library/cc731544
Q139. - (Topic 9)
You need to recommend a solution for the Web server content that meets the company's technical requirements. What should you include in the recommendation?
A. Distributed File System (DFS) Replication
B. folder redirection
C. HTTP redirection
D. IIS Shared Configuration
Answer: D
Explanation:
AD is a prerequisite for DFS and we have workgroup in the perimeter network By using Shared Configuration, you can share your IIS configuration across multiple servers. Please note that this article is focused on the back end configuration of the web servers and not the front end task of load balancing the servers. Shared Configuration allows you to set up Internet Information Services (IIS) quickly and easily on multiple servers so that the sites, application pools and IIS server settings are consistent across two or more servers. You only have to configure a server one time and then you can replicate the IIS settings. Shared Configuration is not for individual sites on a server but for the entire IIS configuration on a server.
Q140. - (Topic 3)
You need to identify which operating system must be installed on the HyperV server in the new branch office. Which operating system should you identify?
A. a Server Core installation of Windows Server 2008 R2 Enterprise
B. a Server Core installation of Windows Server 2008 R2 Standard
C. Windows Server 2008 R2 Enterprise
D. Windows Server 2008 R2 Standard
Answer: A
Explanation:
Hyper-V has specific requirements. Hyper-V requires an x64-based processor, hardware-assisted virtualization, and hardware data execution prevention (DEP). Hyper-V is available in x64-based versions of Windows Server 2008—specifically, the x64-based versions of Windows Server 2008 Standard, Windows Server 2008 Enterprise, and Windows Server 2008 Datacenter technical requirements include minimizing attach surface, Server Core achieves this. so should you use Enterprise or Standard as Hyper V can be implemented on both x64 versions? http://www.directionsonmicrosoft.com/sample/DOMIS/update/2008/02feb/0208ws2plp_ch.h tm 1 Windows Server 2008 Standard, Enterprise, and Datacenter are also offered in "without Hyper-V" editions that do not include the hypervisor technology. 2 When customers exercise the maximum number of OS instances permitted by the server license, the physical OS instance may not be used to run any workload beyond hosting the virtual machines. 3 A single package contains both 32-bit and 64-bit versions. The server license grants the customer the option to use either the 32-bit version or the 64-bit version of the software. 4 Supports hot addition of memory, but not hot replacement of memory, nor hot add or replacement of processors. 5 Use of Windows Server 2008's new Terminal Services Gateway capability is limited to 250 connections. 6 Includes restrictions limiting scalability. 7 Volume licensing customers typically receive additional discounts of 10% to 30%. 8 Client Access Licenses (CALs) retail for US$40 apiece but are offered to volume customers for as much as 50% off. External Connectors are available only via volume licensing programs. Pricing for an External Connector starts at approximately US$1,800 in the least-discounted programs
Under the planned changes it states that each branch will have one DC, a DirectAccess Server a File Server and a Web Server and that all branches will be virtualised. therefore you will be running 4 VMs Windows server 2008 Enterprise allows the running of 4 VMS on one license
So the answer is A becase Server core reduces the surface attack area and virtualization on Enterprise server will meet the VM and licensing requirements