70-646 Exam
Super to 70-646 exam questions
Realistic of 70-646 dumps materials and prep for Microsoft certification for IT professionals, Real Success Guaranteed with Updated 70-646 pdf dumps vce Materials. 100% PASS PRO: Windows Server 2008, Server Administrator exam Today!
2021 Sep exam 70-646 windows server 2008 server administrator:
Q21. - (Topic 11)
You need to recommend a file access solution for the Templates share.
Which two actions should you recommend? (Each correct answer presents part of the solution. Choose two.)
A. Add File2 as a namespace server for \\fabrikam.com\dfs.
B. Add \\File2\templates as a folder target for \\fabrikam.com\dfs\templates.
C. In the Group Policy preferences of GPO2 and GPO3, add new mapped drives.
D. Create a DFS Replication group that contains \\File1\templates and \\File2\templates.
Answer: B,D
Explanation:
http://technet.microsoft.com/en-us/library/cc753479%28WS.10%29.aspx Distributed File System (DFS) Namespaces and DFS Replication offer simplified, highly-available access to files, load sharing, and WAN-friendly replication. In the Windows Server. 2003 R2 operating system, Microsoft revised and renamed DFS Namespaces (formerly called DFS), replaced the Distributed File System snap-in with the DFS Management snap-in, and introduced the new DFS Replication feature. In the Windows Server. 2008 operating system, Microsoft added the Windows Server 2008 mode of domain-based namespaces and added a number of usability and performance improvements. What does Distributed File System (DFS) do?
The Distributed File System (DFS) technologies offer wide area network (WAN)-friendly replication as well as simplified, highly-available access to geographically dispersed files.
The two technologies in DFS are the following: DFS Namespaces. Enables you to group shared folders that are located on different servers into one or more logically structured namespaces. Each namespace appears to users as a single shared folder with a series of subfolders. This structure increases availability and automatically connects users to shared folders in the same Active Directory Domain Services site, when available, instead of routing them over WAN connections. DFS Replication. DFS Replication is an efficient, multiple-master replication engine that you can use to keep folders synchronized between servers across limited bandwidth network connections. It replaces the File Replication Service (FRS) as the replication engine for DFS Namespaces, as well as for replicating the AD DS SYSVOL folder in domains that use the Windows Server 2008 domain functional level.
Q22. - (Topic 1)
Your company has a single Active Directory domain. You have 30 database servers that run Windows Server 2008 R2.
The computer accounts for the database servers are stored in an organizational unit (OU) named Data. The user accounts for the database administrators are stored in an OU named Admin. The database administrators are members of a global group named D_Admins.
You must allow the database administrators to perform administrative tasks on the database servers. You must prevent the database administrators from performing administrative tasks on other servers.
What should you do?
A. Deploy a Group Policy to the Data OU.
B. Deploy a Group Policy to the Admin OU.
C. Add D_Admins to the Domain Admins global group.
D. Add D_Admins to the Server Operators built-in local group.
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc754948%28WS.10%29.aspx Group Policy Planning and Deployment Guide You can use Windows Server 2008 Group Policy to manage configurations for groups of computers and users, including options for registry-based policy settings, security settings, software deployment, scripts, folder redirection, and preferences. Group Policy preferences, new in Windows Server 2008, are more than 20 Group Policy extensions that expand the range of configurable policy settings within a Group Policy object (GPO). In contrast to Group Policy settings, preferences are not enforced. Users can change preferences after initial deployment. For information about Group Policy Preferences, see Group Policy Preferences Overview. Using Group Policy, you can significantly reduce an organization’s total cost of ownership. Various factors, such as the large number of policy settings available, the interaction between multiple policies, and inheritance options, can make Group Policy design complex. By carefully planning, designing, testing, and deploying a solution based on your organization’s business requirements, you can provide the standardized functionality, security, and management control that your organization needs.
Overview of Group Policy Group Policy enables Active Directory–based change and configuration management of user and computer settings on computers running Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP. In addition to using Group Policy to define configurations for groups of users and computers, you can also use Group Policy to help manage server computers, by configuring many server-specific operational and security settings. By using a structure in which OUs contain homogeneous objects, such as either user or computer objects but not both, you can easily disable those sections of a GPO that do not apply to a particular type of object. This approach to OU design, illustrated in Figure 1, reduces complexity and improves the speed at which Group Policy is applied. Keep in mind that GPOs linked to the higher layers of the OU structure are inherited by default, which reduces the need to duplicate GPOs or to link a GPO to multiple containers. When designing your Active Directory structure, the most important considerations are ease of administration and delegation.
Q23. - (Topic 1)
Your network contains two servers that run the Server Core installation of Windows Server 2008 R2. The two servers are part of a Network Load Balancing cluster.
The cluster hosts a Web site. Administrators use client computers that run Windows 7. You need to recommend a strategy that allows the administrators to remotely manage the Network Load Balancing cluster. Your strategy must support automation.
What should you recommend?
A. On the servers, enable Windows Remote Management (WinRM).
B. On the servers, add the administrators to the Remote Desktop Users group.
C. On the Windows 7 client computers, enable Windows Remote Management (WinRM).
D. On the Windows 7 client computers, add the administrators to the Remote Desktop Users group.
Answer: A
Explanation:
http://support.microsoft.com/kb/968929 http://msdn.microsoft.com/en-us/library/aa384291%28VS.85%29.aspx
WinRM 2.0
WinRM is the Microsoft implementation of WS-Management Protocol, a standard Simple Object Access Protocol (SOAP)-based, firewall-friendly protocol that allows for hardware and operating systems from different vendors to interoperate. The WS-Management Protocol specification provides a common way for systems to access and exchange management information across an IT infrastructure.
WinRM 2.0 includes the following new features:
.
The WinRM Client Shell API provides functionality to create and manage shells and shell operations, commands, and data streams on remote computers.
.
The WinRM Plug-in API provides functionality that enables a user to write plug-ins by implementing certain APIs for supported resources and operations.
.
WinRM 2.0 introduces a hosting framework. Two hosting models are supported. One is Internet Information Services (HS)-based and the other is WinRM service-based.
.
Association traversal lets a user retrieve instances of Association classes by using a standard filtering mechanism.
.
WinRM 2.0 supports delegating user credentials across multiple remote computers.
.
Users of WinRM 2.0 can use Windows PowerShell cmdlets for system management.
.
WinRM has added a specific set of quotas that provide a better quality of service and allocate server resources to concurrent users. The WinRM quota set is based on the quota infrastructure that is implemented for the IIS service.
USAGE
=====
(ALL UPPER-CASE = value that must be supplied by user.)
winrs [-/SWITCH[:VALUE]] COMMAND
COMMAND - Any string that can be executed as a command in the cmd.exe shell.
SWITCHES
========
(All switches accept both short form or long form. For example both -r and
-remote are valid.)
-r[emote]:ENDPOINT - The target endpoint using a NetBIOS name or the standard connect
ion URL: [TRANSPORT://]TARGET[:PORT]. If not specified
-r:localhost is used.
-un[encrypted] - Specify that the messages to the remote shell will not be encrypted. This is useful for troubleshooting, or when the network traffic is already encrypted using ipsec, or when physical security is enforced. By default the messages are encrypted using Kerberos or NTLM keys. This switch is ignored when HTTPS transport is selected. -u[sername]:USERNAME - Specify username on command line. If not specified the tool will use Negotiate authentication or prompt for the name. If -username is specified, -password must be as well. -p[assword]:PASSWORD - Specify password on command line. If -password is not specified but -username is the tool will prompt for the password. If -password is specified, -user must be specified as well. -t[imeout]:SECONDS - This option is deprecated. -d[irectory]:PATH - Specifies starting directory for remote shell. If not specified the remote shell will start in the user's home directory defined by the environment variable %USERPROFILE%. -env[ironment]:STRING=VALUE - Specifies a single environment variable to be set when shell starts, which allows changing default environment for shell. Multiple occurrences of this switch must be used to specify multiple environment variables. -noe[cho] - Specifies that echo should be disabled. This may be necessary to ensure that user's answers to remote prompts are not displayed locally. By default echo is "on". -nop[rofile] - Specifies that the user's profile should not be loaded. By default the server will attempt to load the user profile. If the remote user is not a local administrator on the target system then this option will be required (the default will result in error). -a[llow]d[elegate] - Specifies that the user's credentials can be used to access a remote share, for example, found on a different machine than the target endpoint. -comp[ression] - Turn on compression. Older installations on remote machines may not support compression so it is off by default. -[use]ssl - Use an SSL connection when using a remote endpoint. Specifying this instead of the transport "https:" will use the default WinRM default port. -? - Help To terminate the remote command the user can type Ctrl-C or Ctrl-Break, which will be sent to the remote shell. The second Ctrl-C will force termination of winrs.exe. To manage active remote shells or WinRS configuration, use the WinRM tool. The URI alias to manage active shells is shell/cmd. The URI alias for WinRS configuration is winrm/conf ig/winrs. Example usage can be found in the WinRM tool by typing "WinRM -?".
Examples: winrs -r:https://myserver.com command winrs -r:myserver.com -usessl command winrs -r:myserver command winrs -r:http://127.0.0.1 command winrs -r:http://169.51.2.101:80 -unencrypted command winrs -r:https://[::FFFF:129.144.52.38] command winrs -r:http://[1080:0:0:0:8:800:200C:417A]:80 command winrs -r:https://myserver.com -t:600 -u:administrator -p:$%fgh7 ipconfig winrs -r:myserver -en"white-space: nowrap;">
66. - (Topic 1)
...
Your company has 250 branch offices. Your network contains an Active Directory domain. The domain controllers run Windows Server 2008 R2. You plan to deploy Readonly Domain Controllers (RODCs) in the branch offices.
You need to plan the deployment of the RODCs to meet the following requirements:
Build each RODC at the designated branch office.
Ensure that the RODC installation source files do not contain cached secrets.
Minimize the bandwidth used during the initial synchronization of Active Directory
Domain Services (AD?DS).
What should you include in your plan?
A. Use Windows Server Backup to perform a full backup of an existing domain controller. Use the backup to build the new RODCs.
B. Use Windows Server Backup to perform a custom backup of the critical volumes of an existing domain controller. Use the backup to build the new RODCs.
C. Create a DFS namespace that contains the Active Directory database from one of the existing domain controllers. Build the RODCs by using an answer file.
D. Create an RODC installation media. Build the RODCs from the RODC installation media.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc770654%28WS.10%29.aspx
Installing AD DS from Media Applies To: Windows Server 2008, Windows Server 2008 R2 You can use the Ntdsutil.exe tool to create installation media for additional domain controllers that you are creating in a domain. By using the Install from Media (IFM) option, you can minimize the replication of directory data over the network. This helps you install additional domain controllers in remote sites more efficiently.
Ntdsutil.exe can create four types of installation media, as described in the following table. You must use read-only domain controller (RODC) installation media to install an RODC. For RODC installation media, the ntdsutil command removes any cached secrets, such as passwords. You can create RODC installation media either on an RODC or on a writeable domain controller. You must use writeable domain controller installation media to install a writeable domain controller. You can create writeable domain controller installation media only on a writeable domain controller.
If the source domain controller where you create the installation media and the destination server where you plan to install ActiveDirectory Domain Services (ADDS) both run Windows Server2008 with Service Pack2 or later or Windows Server2008R2, and if you are using Distributed File System (DFS) Replication for SYSVOL, you can run the ntdsutil ifm command with an option to include the SYSVOL shared folder in the installation media. If the installation media includes SYSVOL, you must use Robocopy.exe to copy the installation media from the source domain controller to the destination server. For more information, see Installing an Additional Domain Controller by Using IFM.
Q24. - (Topic 1)
Your network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2008 R2.
All domain controllers run Windows Server 2008 R2. A corporate policy requires that the users from the research department have higher levels of account and password security than other users in the domain.
You need to recommend a solution that meets the requirements of the corporate policy. Your solution must minimize hardware and software costs.
What should you recommend?
A. Create a new Active Directory site. Deploy a Group Policy object (GPO) to the site.
B. Create a new Password Settings Object (PSO) for the research department's users.
C. Create a new organizational unit (OU) named Research in the existing domain. Deploy a Group Policy object (GPO) to the Research OU.
D. Create a new domain in the forest. Add the research department's user accounts to the new domain. Configure a new security policy in the new domain.
Answer: B Explanation:
http://technet.microsoft.com/en-us/library/cc770842%28WS.10%29.aspx http://technet.microsoft.com/en-us/library/cc754461%28WS.10%29.aspx
Q25. - (Topic 1)
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2.
Your company and an external partner plan to collaborate on a project. The external partner has an Active Directory domain that contains Windows Server 2008 R2 domain controllers.
You need to design a collaboration solution that meets the following requirements:
. Allows users to prevent sensitive documents from being forwarded to untrusted recipients or from being printed. . Allows users in the external partner organization to access the protected content to
which they have been granted rights. . Sends all interorganizational traffic over port 443. . Minimizes the administrative effort required to manage the external users.
What should you include in your design?
A. Establish a federated trust between your company and the external partner. Deploy a Windows Server 2008 R2 server that has Microsoft SharePoint Foundation 2010 installed.
B. Establish a federated trust between your company and the external partner. Deploy a Windows Server 2008 R2 server that runs Microsoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD RMS) role installed.
C. Establish an external forest trust between your company and the external partner.
Deploy a Windows Server 2008 R2 server that has the Active Directory Certificate Services server role installed. Implement Encrypting File System (EFS).
D. Establish an external forest trust between your company and the external partner. Deploy a Windows Server 2008 R2 server that has the Active Directory Rights Management Service (AD RMS) role installed and Microsoft SharePoint Foundation 2010 installed.
Answer: B
Explanation:
MCITP Self-Paced Training Kit Exam 70-646 Windows Server Administration: Active Directory Federation Services You can create forest trusts between two or more Windows Server 2008 forests (or Windows Server 2008 and Windows Server 2003 forests). This provides cross-forest access to resources that are located in disparate business units or organizations. However, forest trusts are sometimes not the best option, such as when access across organizations needs to be limited to a small subset of individuals. Active Directory Federation Services (AD FS) enables organizations to allow limited access to their infrastructure to trusted partners. AD FS acts like a cross-forest trust that operates over the Internet and extends the trust relationship to Web applications (a federated trust). It provides Web single-sign-on (SSO) technologies that can authenticate a user over the life of a single online session. AD FS securely shares digital identity and entitlement rights (known asclaims) across security and enterprise boundaries. Windows Server 2003 R2 introduced AD FS and Windows Server 2008 expands it. New AD FS features introduced in Windows Server 2008 include the following: Improved application supportWindows Server 2008 integrates AD FS with Microsoft Office SharePoint Server 2007 and Active Directory Rights Management Services (AD RMS). Improved installationAD FS is implemented in Windows Server 2008 as a server role. The installation wizard includes new server validation checks. Improved trust policyImprovements to the trust policy import and export functionality help to minimize configuration issues that are commonly associated with establishing federated trusts.
AD FS extends SSO functionality to Internet-facing applications. Partners experience the same streamlined SSO user experience when they access the organization’s Web-based applications as they would when accessing resources through a forest trust. Federation servers can be deployed to facilitate businesstobusiness (B2B) federated transactions.
AD FS provides a federated identity management solution that interoperates with other security products by conforming to the Web Services Federation(WS-Federation) specification. This specification makes it possible for environments that do not use Windows to federate with Windows environments. It also provides an extensible architecture that supports the Security Assertion Markup Language (SAML) 1.1 token type and Kerberos authentication. AD FS can perform claim mapping—for example, modifying claims using business logic variables in an access request. Organizations can modify AD FS to coexist with their current security infrastructure and business policies.
Finally, AD FS supports distributed authentication and authorization over the Internet. You can integrate it into an organization’s existing access management solution to translate the claims that are used in the organization into claims that are agreed on as part of a federation. AD FS can create, secure, and verify claims that move between organizations. It can also audit and monitor the communication activity between organizations and departments to help ensure secure transactions.
Rebirth microsoft ms 70-646 exam:
Q26. - (Topic 6)
You need to deploy a WSUS server in the branch office that meets the company's technical requirements. What should you deploy?
A. an autonomous WSUS server that is configured to download updates from Microsoft Update
B. an autonomous WSUS server that is configured to download updates from the WSUS server in the main office
C. a WSUS server running in replica mode that is configured to download updates from Microsoft Update
D. a WSUS server running in replica mode that is configured to download updates from the WSUS server in the main office
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/dd939820%28WS.10%29.aspx All clients computers on the network connect to the main office via a highly saturated link, they don’t have an independant link so updates must come from HQ Replica mode (centralized administration) In replica mode, an upstream WSUS server shares updates, approval status, and computer groups with downstream servers. Downstream replica servers inherit update approvals and are not administered separately from the upstream WSUS server. The following image shows how you might deploy replica WSUS servers in a branch office environment.
It says that all branch PCs on the network connect to the internet by using a single internet connection at the main office. To me that implies that all traffic to the branch travels thorugh the main office so if the branch updated from MS it has to come through the main office so you'd be downloading the same patches twice, that is wasting bandwidth and one requirement is to minimize bandwidth usage
Q27. - (Topic 15)
You need to recommend changes to the existing environment that meet the company's
security requirements for the file server on the main campus.
What should you recommend?
A. Deploy Network Policy Server (NPS) and create a network policy.
B. Deploy Print and Document Services and create a custom printer filter.
C. Deploy File Server Resource Manager (FSRM) and create a file classification rule.
D. Deploy Active Directory Rights Management Services (AD RMS) and create an AD RMS rights policy template.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/dd996658%28WS.10%29.aspx Rights policy templates are used to control the rights that a user or group has on a particular piece of rightsprotected content. Active Directory Rights Management Services (AD RMS) stores rights policy templates in the configuration database. Optionally, it may maintain a copy of all rights policy templates in a shared folder that you specify.
Q28. DRAG DROP - (Topic 1)
A company currently has a Remote Desktop Services (RDS) farm consisting of three Remote Desktop Session Hosts (RD Session Hosts) and one Remote Desktop Session Broker (RD Session Broker). The RD Session Hosts are configured to use Windows Network Load Balancing.
The RDS servers run slowly every Monday morning between 9:00 A.M. and 11:00 A.M.
You establish that your third-party backup solution is running on the RDS servers at these times and is causing the poor performance. Company policy mandates that the backup must occur at this time.
You have the following requirements:
. Implement Windows System Resource Manager (WSRM) on each of the RDS servers to minimize the system resources utilized by the backup Application. . Ensure that WSRM runs only when required.
You need to configure WSRM.
Which actions should you perform in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. (Use only actions that Apply.)
Answer:
Q29. - (Topic 6)
You need to recommend a document management solution that supports the company's planned changes. What should you include in the recommendation?
A. Active Directory Rights Management Services (AD RMS) and File Server Resource Manager (FSRM)
B. Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
C. Authorization Manager and Microsoft SharePoint Foundation 2010
D. File Server Resource Manager (FSRM) and Share and Storage Management
Answer: B
Explanation:
AD RMS meets the requirement for Role Based Access Control, Sharepoint meets the requirements for multiple versions Active Directory Rights Management Services (AD RMS) is an information protection technology that works with AD RMS-enabled applications to help safeguard digital information from unauthorized use. Content owners can define who can open, modify, print, forward, or take other actions with the information. http://www.plusconsulting.com/WhitePapers/SharePoint%202110%20Business%20Value% 20WhitePaper.pdf
Q30. - (Topic 13)
You need to recommend a monitoring solution for the new printer. What should you include in the recommendation?
A. Data Collector Sets (DCSs)
B. event subscriptions
C. object access auditing
D. Print Management filters
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc766468%28WS.10%29.aspx Establishing audit policy is an important facet of security. Monitoring the creation or modification of objects gives you a way to track potential security problems, helps to ensure user accountability, and provides evidence in the event of a security breach. There are nine different kinds of events you can audit. If you audit any of these kinds of events, Windows. records the events in the Security log, which you can find in Event Viewer. Account logon events. Audit this to see each instance of a user logging on to or logging off from another computer in which this computer is used to validate the account. Account logon events are generated in the domain controller's Security log when a domain user account is authenticated on a domain controller. These events are separate from Logon events, which are generated in the local Security log when a local user is authenticated on a local computer. Account logoff events are not tracked on the domain controller. Account management. Audit this to see when someone has changed an account name, enabled or disabled an account, created or deleted an account, changed a password, or changed a user group. Directory service access. Audit this to see when someone accesses an Active Directory. directory service object that has its own system access control list (SACL). Logon events. Audit this to see when someone has logged on or off your computer (either while physically at your computer or by trying to log on over a network). Object access. Audit this to see when someone has used a file, folder, printer, or other object. While you can also audit registry keys, we don't recommend that unless you have advanced computer knowledge and know how to use the registry. Policy change. Audit this to see attempts to change local security policies and to see if someone has changed user rights assignments, auditing policies, or trust policies. Privilege use. Audit this to see when someone performs a user right. Process tracking. Audit this to see when events such as program activation or a process exiting occur. System events. Audit this to see when someone has shut down or restarted the computer, or when a process or program tries to do something that it does not have permission to do. For example, if malicious software tried to change a setting on your computer without your permission, system event auditing would record it.