70-646 Exam
Sep 2021 updated: microsoft server 2008 server administrator (exam 70-646) course
The Microsoft provider features loads of certification and also 70-646 recognition is one. Its the recognition for just as one Microsoft qualified builder. The Microsoft 70-646 recognition is really famed that numerous of the corporations have popped up to give guidance to the people ambitious to turn into Microsoft qualified experts. As soon as a person has cleaned this 70-646 recognition he will be supposed to enjoy a serious portion within the provider where he will be currently employed or perhaps to use.
2021 Sep testking 70-646 pdf download:
Q41. - (Topic 1)
You are planning to deploy new servers that will run Windows Server 2008 R2. Each server will have 32 GB of RAM.
The servers must support installation of the following role services:
. Routing and Remote Access
. Remote Desktop Services Gateway
You need to deploy the minimum edition of Windows Server 2008 R2 that meets the requirements.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A. Windows Server 2008 R2 Standard
B. Windows Server 2008 R2 Enterprise
C. Windows Server 2008 R2 Web
D. Windows Server 2008 R2 Datacenter
Answer: A
Explanation:
http://www.microsoft.com/en-us/server-cloud/windows-server/2008-r2-standard.aspx R2 Standard provides these services and is the minimum edition they are available on. 32 GB RAM is also supported if its a 64 bit version http://technet.microsoft.com/en-us/windowsserver/ bb414778.aspx
Q42. DRAG DROP - (Topic 1)
A company has its main office in New York and branch offices in Miami and Quebec. All sites are connected by reliable WAN links.
You are designing a Windows Server Update Services (WSUS) deployment strategy. The deployment strategy must meet the following requirements:
. Download updates from Windows Update only in the New York office. . Ensure that the update language can be specified for the Quebec office.
You need to design a deployment strategy that meets the requirements.
How should you configure the servers and hierarchy types?
To answer, drag the appropriate server types and hierarchy types from the list to the
correct location or locations in the answer area.
Answer:
Q43. - (Topic 1)
Your company has a main office and three branch offices. The network consists of a single Active Directory domain. Each office contains an Active Directory domain controller.
You need to create a DNS infrastructure for the network that meets the following requirements:
. The DNS infrastructure must allow the client computers in each office to register DNS names within their respective offices.
. The client computers must be able to resolve names for hosts in all offices.
What should you do?
A. Create an Active Directory-integrated zone at the main office site.
B. Create a standard primary zone at the main office site and at each branch office site.
C. Create a standard primary zone at the main office site. Create a secondary zone at each branch office site.
D. Create a standard primary zone at the main office site. Create an Active Directory-integrated stub zone at each branch office site.
Answer: A
Explanation:
http://searchwindowsserver.techtarget.com/tip/DNS-Primer-Tips-for-understanding-Active-Directory-integratedzone-design-and-configuration http://technet.microsoft.com/en-us/library/cc772101.aspx In an ADI primary zone, rather than keeping the old zone file on a disk, the DNS records are stored in the AD, and Active Directory replication is used rather than the old problematic zone transfer. If all DNS servers were to die or become inaccessible, you could simply install DNS on any domain controller (DC) in the domain. The records would be automatically populated and your DNS server would be up without the messy import/export tasks of standard DNS zone files. Windows 2000 and 2003 allow you to put a standard secondary zone (read only) on a member server and use one of the ADI primary servers as the master.
When you decide which replication scope to choose, consider that the broader the replication scope, the greater the network traffic caused by replication. For example, if you decide to have AD DS-integrated DNS zone data replicated to all DNS servers in the forest, this will produce greater network traffic than replicating the DNS zone data to all DNS servers in a single AD DS domain in that forest.
AD DS-integrated DNS zone data that is stored in an application directory partition is not replicated to the global catalog for the forest. The domain controller that contains the global catalog can also host application directory partitions, but it will not replicate this data to its global catalog.
AD DS-integrated DNS zone data that is stored in a domain partition is replicated to all domain controllers in its AD DS domain, and a portion of this data is stored in the global catalog. This setting is used to support Windows 2000.
If an application directory partition's replication scope replicates across AD DS sites, replication will occur with the same intersite replication schedule as is used for domain partition data.
By default, the Net Logon service registers domain controller locator (Locator) DNS resource records for the application directory partitions that are hosted on a domain controller in the same manner as it registers domain controller locator (Locator) DNS resource records for the domain partition that is hosted on a domain controller.
Q44. HOTSPOT - (Topic 1)
A company has servers that run Windows Server 2008 R2 and a storage area network (SAN) that supports the virtual Disk Service (VDS).
You are designing a storage solution for the servers. The storage solution must meet the following requirements: . Allow the creation of Fibre Channel (FC) and Internet SCSI (iSCSI) logical unit numbers (LUNs). . Allow the management of FC and iSCSI LUNs. You need to ensure that the storage solution meets the requirements.
Which feature should you install?
To answer, select the appropriate feature in the answer area.
Answer:
Q45. - (Topic 1)
Your company has a main office and two branch offices. The main office is located in London. The branch offices are located in New York and Paris.
Your network consists of an Active Directory forest that contains three domains named contoso.com, paris.contoso.com, and newyork.contoso.com. All domain controllers run Windows Server 2008 R2 and have the DNS Server server role installed.
The domain controllers for contoso.com are located in the London office. The domain controllers for paris.contoso.com are located in the Paris office. The domain controllers for newyork.contoso.com are located in the New York office.
A domain controller in the contoso.com domain has a standard primary DNS zone for contoso.com. A domain controller in the paris.contoso.com domain has a standard primary DNS zone for paris.contoso.com. A domain controller in the newyork.contoso.com domain has a standard primary DNS zone for newyork.contoso.com.
You need to plan a name resolution strategy for the Paris office that meets the following requirements:
. If a WAN link fails, clients must be able to resolve hostnames for contoso.com. . If a WAN link fails, clients must be able to resolve hostnames for newyork.contoso.com. . The DNS servers in Paris must be updated when new authoritative DNS servers are added to newyork.contoso.com.
What should you include in your plan?
A. Configure conditional forwarding for contoso.com. Configure conditional forwarding for newyork.contoso.com.
B. Create a standard secondary zone for contoso.com. Create a standard secondary zone for newyork.contoso.com.
C. Convert the standard zone into an Active Directoryintegrated zone. Add all DNS servers in the forest to the root hints list.
D. Create an Active Directoryintegrated stub zone for contoso.com. Create an Active Directoryintegrated stub zone for newyork.contoso.com.
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc771640.aspx http://technet.microsoft.com/en-us/library/cc771898.aspx
Understanding Zone Delegation
Applies To: Windows Server 2008, Windows Server 2008 R2 Domain Name System (DNS) provides the option of dividing up the namespace into one or more zones, which can then be stored, distributed, and replicated to other DNS servers. When you are deciding whether to divide your DNS namespace to make additional zones, consider the following reasons to use additional zones:
.
You want to delegate management of part of your DNS namespace to another location or department in your organization.
.
You want to divide one large zone into smaller zones to distribute traffic loads among multiple servers, improve DNS name resolution performance, or create a more-fault-tolerant DNS environment.
.
You want to extend the namespace by adding numerous subdomains at once, for example, to accommodate the opening of a new branch or site.
Secondary zone
When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary source for information about this zone. The zone at this server must be obtained from another remote DNS server computer that also hosts the zone. This DNS server must have network access to the remote DNS server that supplies this server with updated information about the zone. Because a secondary zone is merely a copy of a primary zone that is hosted on another server, it cannot be stored in AD DS.
Replace cbt nuggets for 70-646:
Q46. - (Topic 1)
Your network consists of a single Active Directory domain. The network contains a file server that runs Windows Server 2008 R2. All servers use internal storage only. You plan to deploy a client/server Application.
You need to deploy the Application so that it is available if a single server fails. You must achieve this goal while minimizing costs.
What should you do?
A. Deploy RemoteApp.
B. Deploy a failover cluster that uses No Majority: Disk Only.
C. Deploy a failover cluster that uses Node and File Share Disk Majority.
D. Deploy Distributed File System (DFS) and configure replication.
Answer: C
Explanation:
Understanding Cluster Quorum Models
Quorums are used to determine the number of failures that can be tolerated within a cluster before the cluster itself has to stop running. This is done to protect data integrity and prevent problems that could occur because of failed or failing communication between nodes. Quorums describe the configuration of the cluster and contain information about the cluster components such as network adapters, storage, and the servers themselves. The quorum exists as a database in the registry and is maintained on the witness disk or witness share. The witness disk or share keeps a copy of this configuration data so that servers can join the cluster at any time, obtaining a copy of this data to become part of the cluster. One server manages the quorum resource data at any given time, but all participating servers also have a copy.
You can use the following four quorum models with Windows Server 2008 Failover Clusters: Node Majority Microsoft recommends using this quorum model in Failover Cluster deployments that contain an odd number of cluster nodes. A cluster that uses the Node Majority quorum model is called a Node Majority cluster and remains up and running if the number of available nodes exceeds the number of failed nodes—that is, half plus one of its nodes is available. For example, for a seven-node cluster to remain online, four nodes must be available. If four nodes fail in a seven-node Node Majority cluster, the entire cluster shuts down. You should use Node Majority clusters in geographically or network-dispersed cluster nodes. To operate successfully this model requires an extremely reliable network, high-quality hardware, and a third-party mechanism to replicate back-end data. Node and Disk Majority Microsoft recommends using this quorum model in clusters that contain even numbers of cluster nodes. Provided that the witness disk remains available, a Node and Disk Majority cluster remains up and running when one-half or more of its nodes are available. A six-node cluster will not shut down if three or more nodes plus its witness disk are available. In this model, the cluster quorum is stored on a cluster disk that is accessible to all cluster nodes through a shared storage device using Serial Attached SCSI (SAS), Fibre Channel, or iSCSI connections. The model consists of two or more server nodes connected to a shared storage device and a single copy of the quorum data is maintained on the witness disk. You should use the Node and Disk Majority quorum model in Failover Clusters with shared storage, all connected on the same network and with an even number of nodes. In the case of a witness disk failure, a majority of the nodes need to remain up and running. For example, a six-node cluster will run if (at a minimum) three nodes and the witness disk are available. If the witness disk is offline, the same six-node cluster requires that four nodes are available. Exam Tip If the 70-646 examination asks which quorum model is the closest to the traditional single-quorum device cluster configuration model, the answer is the Node and Disk Majority quorum model. Node and File Share Majority This configuration is similar to the Node and Disk Majority model, but the quorum is stored on a network share rather than on a witness disk. A Node and File Share Majority cluster can be deployed in a similar fashion to a Node Majority cluster, but as long as the witness file share is available the cluster can tolerate the failure of half its nodes. You should use the Node and File Share Majority quorum model in clusters with an even number of nodes that do not utilize shared storage. No Majority: Disk Only Microsoft recommends that you do not use this model in a production environment because the disk containing the quorum is a single point of failure. No Majority: Disk Only clusters are best suited for testing the deployment of built-in or custom services and applications on a Windows Server 2008 Failover Cluster. In this model, provided that the disk containing the quorum remains available, the cluster can sustain the failover of all nodes except one.
MORE INFO Quorum models webcast Four quorum models are available with Windows Server 2008. For more information on the models, view the TechNet webcast at http://msevents.microsoft.com/CUI/WebCastEventDetails .aspx? EventID=1032364841&EventCategory=4&culture=en-US&CountryCode=US
Q47. - (Topic 1)
...
You are planning to deploy new servers that will run Windows Server 2008 R2. Each server will have 32 GB of RAM.
The servers must support installation of the following role services:
Routing and Remote Access
Remote Desktop Services Gateway
Minimize CPU and RAM usage
You need to deploy the minimum edition of Windows Server 2008 R2 that meets the requirements.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A. A Server Core installation of Windows Server 2008 R2 Datacenter.
B. A Full Installation of Windows Server 2008 R2 Enterprise.
C. A Full Installation of Windows Server 2008 R2 Standard.
D. A Server Core installation Windows Server 2008 R2 Web.
Answer: C
27. HOTSPOT - (Topic 1)
A company runs a third-party DHCP Application on a windows Server 2008 R2 server. The Application runs as a service that launches a background process upon startup.
The company plans to migrate the DHCP Application to a Windows Server 2008 R2 failover cluster.
You need to provide high availability for the DHCP Application.
Which service or Application should you configure?
To answer, select the appropriate service or Application in the answer area.
Answer:
Q48. - (Topic 19)
You need to remove Marc's delegated rights.
What would you recommend?
A. Use the Delegation of Control Wizard.
B. Run the Resultant Set of Policy (RSoP) tool.
C. Run the dsacls command-line utility.
D. Run the xcalcs command-line utility.
Answer: C
Explanation:
http://support.microsoft.com/kb/281146
DSACLS is used to View or Edit ACLs (access control entries) for objects in Active
Directory.
Overview of Dsacls.exe
DsAcls uses the following syntax:
dsacls object [/a] [/d {user | group}:permissions [...]] [/g {user | group}:permissions [...]] [/i:{p
| s | t}] [/n] [/p:{y | n}]
[/r {user | group} [...]] [/s [/t]]
You can use the following parameters with Dsacls.exe:
object: This is the path to the directory services object on which to display or change the
ACLs. This path must be a distinguished name (also known as RFC 1779 or x.500 format).
For example:
CN=Someone,OU=Software,OU=Engineering,DC=Microsoft,DC=Com
To specify a server, add \\Servername\ before the object. For example:
\\MyServer\CN=Someone,OU=Software,OU=Engineering,DC=Microsoft,DC=Com
When you run the dsacls command with only the object parameter (dsacls object), the
security information about the object is displayed.
/a : Use this parameter to display the ownership and auditing information with the
permissions. /d {user | group}:permissions: Use this parameter to deny specified
permissions to a user or group. User must use either user@domain or domain\user format,
and group must use either group@domain or domain\group format. You can specify more
than one user or group in a command. For more information about the correct syntax to
use for permissions, see the <Permissions> Syntax section later in this article.
/g {user | group}:permissions: Use this parameter to grant specified permissions to a user
or group. User must use either user@domain or domain\user format, and group must use either group@domain or domain \group format. You can specify more than one user or group in a command. For more information about the correct syntax to use for permissions, see the <Permissions> Syntax section later in this article.
/i:{p | s | t} : Use this parameter to specify one of the following inheritance flags:
p: Use this option to propagate inheritable permissions one level only.
s: Use this option to propagate inheritable permissions to subobjects only.
t: Use this option to propagate inheritable permissions to this object and subobjects. /n : Use this parameter to replace the current access on the object, instead of editing it. /p:{y | n}: This parameter determines whether the object can inherit permissions from its parent objects. If you omit this parameter, the inheritance properties of the object are not changed. Use this parameter to mark the object as protected (y = yes) or not protected (n = no).
Note This parameter changes a property of the object, not of an Access Control Entry (ACE). To determine whether an ACE is inheritable, use the /I parameter. /r {user | group}: Use this parameter to remove all permissions for the specified user or group. You can specify more than one user or group in a command. User must use either user@domain or domain\user format, and group must use either group@domain or domain\group format. /s: Use this parameter to restore the security on the object to the default security for that object class, as defined in the Active Directory schema. /t : Use this parameter to restore the security on the tree of objects to the default for each object class. This switch is valid only when you also use the /s parameter.
Q49. - (Topic 3)
You need to recommend a solution that enables User1 to perform the required actions on the HyperV server. What should you include in the recommendation?
A. Active Directory delegation
B. Authorization Manager role assignment
C. local security groups on the Hyper-V server
D. local security groups on the VMs
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/dd283030%28v=ws.10%29.aspx You use Authorization Manager to provide role-based access control for Hyper-V. For instructions on implementing role-based access control.
Authorization Manager is comprised of the following: Authorization Manager snap-in (AzMan.msc). You can use the Microsoft Management Console (MMC) snapin to select operations, group them into tasks, and then authorize roles to perform specific tasks. You also use it to manage tasks, operations, user roles, and permissions. To use the snap-in, you must first create an authorization store or open an existing store. For more information, see http://go.microsoft.com/fwlink/? LinkId=134086.
Authorization Manager API. The API provides a simplified development model in which to manage flexible groups and business rules and store authorization policies. For more information, see Role-based Access Control (http://go.microsoft.com/fwlink/?LinkId=134079). Authorization Manager requires a data store for the policy that correlates roles, users, and access rights. This is called an authorization store. In Hyper-V, this data store can be maintained in an Active Directory database or in an XML file on the local server running the Hyper-V role. You can edit the store through the Authorization Manager snap-in or through the Authorization Manager API, which are available to scripting languages such as VBScript. If an Active Directory database is used for the authorization store, Active Directory Domain Services (AD DS) must be at the Windows Server 2003 functional level.
The XML store does not support delegation of applications, stores, or scopes because access to the XML file is controlled by the discretionary access control list (DACL) on the file, which grants or restricts access to the entire contents of the file. (For more information about Authorization Manager delegation, see http://go.microsoft.com/fwlink/?LinkId=134075). Because of this, if an XML file is used for the authorization store, it is important that it is backed up regularly. The NTFS file system does not support applications issuing a sequence of separate write operations as a single logical write to a file when multiple applications write to the same file.
This means an Authorization Manager policy file (XML file) could be edited simultaneously by two administrative applications and could become corrupted. The Hyper-V VSS writer will back up the authorization store with the server running the Hyper-V role. http://technet.microsoft.com/en-us/library/cc725995%28WS.10%29.aspx A role assignment is a virtual container for application groups whose members are authorized for the role. A role assignment is based on a single role definition, and a single role definition can be the basis of many role assignments.
The most common procedure that administrators carry out is the assignment of application groups, or Windows users and groups, to a role. For step-by-step instructions, see Assign a Windows User or Group to a Role or Assign an Application Group to a Role.
Q50. - (Topic 5)
You need to recommend a solution for deploying App1. The solution must support the company's planned changes. What should you include in the recommendation?
A. Group Policy Software Installation
B. Microsoft Application Virtualization (App-V)
C. Microsoft Enterprise Desktop Virtualization (MED-V)
D. Microsoft System Center Configuration Manager
Answer: A
Explanation: Requirements include minimize costs when possible Using a GPO to install software is freely available in AD
Assigning Software
You can assign a program distribution to users or computers. If you assign the program to a user, it is installed when the user logs on to the computer. When the user first runs the program, the installation is finalized. If you assign the program to a computer, it is installed when the computer starts, and it is available to all users who log on to the computer. When a user first runs the program, the installation is finalized.
Publishing Software
You can publish a program distribution to users. When the user logs on to the computer, the published program is displayed in the Add or Remove Programs dialog box, and it can be installed from there.
Create a Distribution Point
To publish or assign a computer program, you must create a distribution point on the
publishing server:
Log on to the server computer as an administrator.
Create a shared network folder where you will put the Microsoft Windows Installer package
(.msi file) that you want to distribute.
Set permissions on the share to allow access to the distribution package.
Copy or install the package to the distribution point. For example, to distribute Microsoft
Office XP, run the administrative installation (setup.exe /a) to copy the files to the
distribution point.
Create a Group Policy Object
To create a Group Policy object (GPO) to use to distribute the software package:
Start the Active Directory Users and Computers snap-in. To do this, click Start, point to
Administrative Tools, and then click Active Directory Users and Computers.
In the console tree, right-click your domain, and then click Properties.
Click the Group Policy tab, and then click New.
Type a name for this new policy (for example, Office XP distribution), and then press
ENTER.
Click Properties, and then click the Security tab.
Click to clear the Apply Group Policy check box for the security groups that you want to
prevent from having this policy applied.
Click to select the Apply Group Policy check box for the groups that you want this policy to
apply to.
When you are finished, click OK.
Assign a Package
To assign a program to computers that are running Windows Server 2003, Windows 2000,
or Microsoft Windows XP Professional, or to users who are logging on to one of these
workstations:
Start the Active Directory Users and Computers snap-in. To do this, click Start, point to
Administrative Tools, and then click Active Directory Users and Computers.
In the console tree, right-click your domain, and then click Properties.
Click the Group Policy tab, select the group policy object that you want, and then click Edit.
Under Computer Configuration, expand Software Settings.
Right-click Software installation, point to New, and then click Package.
In the Open dialog box, type the full Universal Naming Convention (UNC) path of the
shared installer package that you want. For example, \\file server\share\file name.msi.
Important Do not use the Browse button to access the location. Make sure that you use the
UNC path to the shared installer package.
Click Open.
Click Assigned, and then click OK. The package is listed in the right pane of the Group
Policy window.
Close the Group Policy snap-in, click OK, and then quit the Active Directory Users and
Computers snap-in.
When the client computer starts, the managed software package is automatically installed.
Publish a Package
To publish a package to computer users and make it available for installation from the Add
or Remove Programs tool in Control Panel:
Start the Active Directory Users and Computers snap-in. To do this, click Start, point to
Administrative Tools, and then click Active Directory Users and Computers.
In the console tree, right-click your domain, and then click Properties.
Click the Group Policy tab, click the group policy object that you want, and then click Edit.
Under User Configuration, expand Software Settings.
Right-click Software installation, point to New, and then click Package.
In the Open dialog box, type the full UNC path of the shared installer package that you
want. For example, \\file server\share\file name.msi.
Important Do not use the Browse button to access the location. Make sure that you use the
UNC path to the shared installer package.
Click Open.
Click Publish, and then click OK.
The package is listed in the right pane of the Group Policy window.
Close the Group Policy snap-in, click OK, and then quit the Active Directory Users and
Computers snap-in.
Test the package:
Note Because there are several versions of Microsoft Windows, the following steps may be
different on your computer. If they are, see your product documentation to complete these
steps.
Log on to a workstation that is running Windows 2000 Professional or Windows XP
Professional by using an account that you published the package to.
In Windows XP, click Start, and then click Control Panel.
Double-click Add or Remove Programs, and then click Add New Programs.
In the Add programs from your network list, click the program that you published, and then
click Add. The program is installed.
Click OK, and then click Close.
Redeploy a Package
In some cases you may want to redeploy a software package. For example, if you upgrade
or modify the package. To redeploy a package:
Start the Active Directory Users and Computers snap-in. To do this, click Start, point to
Administrative Tools, and then click Active Directory Users and Computers.
In the console tree, right-click your domain, and then click Properties.
Click the Group Policy tab, click the Group Policy object that you used to deploy the
package, and then click Edit.
Expand the Software Settings container that contains the software installation item that you
used to deploy the package.
Click the software installation container that contains the package.
In the right pane of the Group Policy window, right-click the program, point to All Tasks,
and then click
Redeploy application. You will receive the following message:
Redeploying this application will reinstall the application everywhere it is already installed.
Do you want to continue?
Click Yes.
Quit the Group Policy snap-in, click OK, and then quit the Active Directory Users and
Computers snap-in.
Remove a Package
To remove a published or assigned package:
Start the Active Directory Users and Computers snap-in. To do this, click Start, point to
Administrative Tools, and then click Active Directory Users and Computers.
In the console tree, right-click your domain, and then click Properties.
Click the Group Policy tab, click the Group Policy object that you used to deploy the
package, and then click
Edit.
Expand the Software Settings container that contains the software installation item that you
used to deploy the package.
Click the software installation container that contains the package.
In the right pane of the Group Policy window, right-click the program, point to All Tasks,
and then click
Remove.
Do one of the following:
Click Immediately uninstall the software from users and computers, and then click OK.
Click Allow users to continue to use the software but prevent new installations, and then
click OK.
Quit the Group Policy snap-in, click OK, and then quit the Active Directory Users and Computers snap-in.