70-646 Exam
exam 70-646? Tips for success
70-646 is definitely the best ask Exambible of being successful. You will find a bunch of their discovering and knowledge, guaranteeing 100% being successful. These 70-646 answers and questions every one of the Microsoft accreditation test plans 70-646 and get to measure its exactness, therefore, to be sure your making success in your 70-646 accreditation test. These clear to understand answers and questions inside 70-646 Pdf file and 70-646 for it to be easy for you that will obtain and make use of.
2021 Oct 70-646 test bank:
Q151. - (Topic 10)
You need to recommend a tool to manage the SANs. The tool must support the company's planned changes and technical requirements.
Which tool should you recommend?
A. Disk Management
B. Share and Storage Management
C. Storage Explorer
D. Storage Manager for SANs
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc754551%28WS.10%29.aspx Storage Manager for SANs is a Microsoft Management Console (MMC) snap-in that helps you create and manage logical unit numbers (LUNs) on Fibre Channel and Internet SCSI (iSCSI) disk drive subsystems that support Virtual Disk Service (VDS) in your storage area network (SAN).
Q152. DRAG DROP - (Topic 1)
A company's file servers are running out of disk space. The company uses folder redirection policies to redirect user profile folders to 50 dedicated file servers.
The files stored on the file servers include the following types of files that should not be stored in user profile folders:
..
Audio and video files Files created by a computer-aided drafting (CAD) Application
You decide to implement File Server Resource Manager (FSRM) on the dedicated file servers. You have the following requirements:
...
Prevent users from saving audio and video files to their user profile folders.
Prevent users from saving CAD files to their user profile folders.
Notify users by e-mail if they attempt to save files of a blocked file type.
You need to configure FSRM with the least amount of administrative effort. Which actions should you perform in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. (Use only actions that Apply.)
Answer:
Topic 2, Humongous Insurance
Scenario:
COMPANY OVERVIEW
Humongous Insurance has a main office and 20 branch offices. The main office is located in New York. The branch offices are located throughout North America. The main office has 8,000 users. Each branch office has 2 to 250 users.
PLANNED CHANGES
Humongous Insurance plans to implement Windows BitLocker Drive Encryption (BitLocker) on all servers.
EXISTING ENVIRONMENT
The network contains servers that run either Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2. All client computers run either Windows 7 Enterprise or Windows Vista Enterprise.
Business Goals
Humongous Insurance wants to minimize costs whenever possible.
Existing Active Directory/Directory Services
The network contains a single Active Directory forest named humongousinsurance.com. The forest contains two child domains named north.humongousinsurance.com and south.humongousinsurance.com. The functional level of the forest is Windows Server 2008 R2.
Existing Network Infrastructure
Each child domain contains a Web server that has Internet Information Services (IIS) installed. The forest root domain contains three Web servers that have IIS installed. The Web servers in the forest root domain are configured in a Network Load Balancing (NLB) cluster.
Currently, all of the Web servers use a single domain user account as a service account.
Windows Server Update Services (WSUS) is used for company-wide patch management. The WSUS servers do not store updates locally.
The network contains Remote Desktop servers that run Windows Server 2008 R2. Users in the sales department access a line-of-business Application by using Remote Desktop.
Managers in the sales department use the Application to generate reports. Generating the reports is CPU intensive.
The sales managers report that when many users are connected to the servers, the reports take a long time to process.
Humongous Insurance has the following standard server builds: . Class 1 - Dual x64 CPUs, 4-GB RAM, Windows Web Server 2008 R2
...
Class 2 - Dual x64 CPUs, 4-GB RAM, Windows Server 2008 R2 Standard Class 3 - Quad x64 CPUs, 8-GB RAM, Windows Server 2008 R2 Standard Class 4 - Quad x64 CPUs, 8-GB RAM, Windows Server 2008 R2 Enterprise
Current Administration Model
Humongous Insurance currently uses the following technologies to manage the network:
....
Microsoft Desktop Optimization Pack Microsoft Forefront EndPoint Protection Microsoft System Center Operations Manager Microsoft System Center Configuration Manager
TECHNICAL REQUIREMENTS
Humongous Insurance must meet the following technical requirements:
.... . . .
A certificate must be required to recover BitLocker-protected drives.
Newly implemented technologies must minimize the impact on LAN traffic.
Newly implemented technologies must minimize the storage requirements.
The management of disk volumes and shared folders must be performed remotely
whenever possible.
Newly implemented technologies must minimize the amount of bandwidth used on
Internet connections.
All patches and updates must be tested in a non-production environment before
they are App1ied to production servers.
Multiple versions of a Group Policy object (GPO) must be maintained in a central
archive to facilitate a rol required.
The management of passwords and service principal names (SPNs) for all service accounts must be automated whenever possible.
Q153. - (Topic 6)
You need to recommend a solution for managing the GPOs that supports the company's planned changes. What should you include in the recommendation?
A. Group Policy Management Console (GPMC) and Authorization Manager
B. Group Policy Management Console (GPMC) and Microsoft SharePoint Foundation 2010
C. Microsoft Desktop Optimization Pack (MDOP)
D. Microsoft System Center Configuration Manager
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/ee532079.aspx Imagine a tool that could help you take control of Group Policy. What would this tool do? It could help you delegate who can review, edit, approve, and deploy Group Policy objects (GPOs). It might help prevent widespread failures that can result from editing GPOs in production environments. You could use it to track each version of each GPO, just as developers use version control to track source code. Any tool that provided these capabilities, cost little, and was easy to deploy would certainly be worth a closer look.
Such a tool indeed exists, and it is an integral part of the Microsoft. Desktop Optimization Pack (MDOP) for Software Assurance. MDOP can help organizations reduce the cost of deploying applications, deliver applications as services, and better manage desktop configurations. Together, the MDOP applications shown in Figure 1 can give Software Assurance customers a highly cost-effective and flexible solution for managing desktop computers.
Q154. - (Topic 16)
You need to recommend a solution to provision new Applications on the VMs for the planned virtual desktop pool deployment.
What should you recommend?
A. Deploy the Applications to the VMs by using AppV streaming.
B. Deploy the Applications to the VMs by using Group Policy Software Installation.
C. Deploy a MEDV workspace to each VM. Deploy the Applications to the workspace.
D. Deploy the Applications by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Answer: D
Explanation:
The client PCs are using Windows XP which are x86 architecture and the app is x64
Topic 17, Trey Research
Scenario COMPANY OVERVIEW
Trey Research is a pharmaceutical company that has a main office and two branch offices. The main office is located in Denver. The branch offices are located in New York and Seattle. The main office has 10,000 users. Each branch office has approximately 200 users.
PLANNED CHANGES
You plan to deploy a new Application named App1. App1 is developed in-house. The binary executables and support files for App1 contain sensitive intellectual property.
Users must access App1 through document invocation. The users must be prevented from directly copying or accessing the App1 program files.
EXISTING ENVIRONMENT
The network contains a single Active Directory domain named treyresearch.com.
All servers run Windows Server 2008 R2. All client computers run Windows 7 Enterprise.
The network contains a Web server named Web1 that hosts an intranet site. All users use
Web1.
Users report that access to the content on Web1 is slow. You discover that the CPU
utilization of Web1 is approximately 90 percent during peak hours.
Microsoft System Center Configuration Manager is used to deploy updates to all of the
client computers.
Existing Network Infrastructure
Each office has several file servers. The file servers have a limited amount of storage space. Users access the data on all of the file servers.
Each branch office has a WAN link to the main office. Users in the branch office frequently access the file server in the main office.
Current Administration Model
All servers are currently administered remotely by using Remote Desktop. Help desk users perform the following administrative tasks in the domain:
....
Manage printers.
Create shared folders.
Manage Active Directory users.
Modify file permissions and share permissions.
All of the help desk users are members of a global group named HelpDesk. Business Goals Trey Research has the following business goals:
..
Minimize the cost of making changes to the environment.
Minimize the cost of managing the network infrastructure and the servers
REQUIREMENTS Technical Requirements
Trey Research plans to Virtualize all of the servers during the next three years. Trey Research must meet the following technical requirements for virtualization:
....
Simplify the management of all hardware.
Allocate CPU resources between virtual machines (VMs).
Ensure that the VMs can connect to multiple virtual local area networks (VLANs).
Minimize the amount of administrative effort required to convert physical servers to
VMs.
Trey Research must ensure that users can access content in the shared folders if a single server fails. The solution must also reduce the amount of bandwidth used to access the shared folders from the branch offices.
Trey Research must meet the following technical requirements for the intranet site:
. Improve response time for users.
. Provide redundancy if a single server fails.
Security Requirements
A new corporate security policy states that only Enterprise Administrators are allowed to interactively log on to servers.
User Requirements
Users report that it is difficult to locate files in the shared folders across the network. The users want a single point of access for all of the shared folders in the company.
Q155. - (Topic 1)
Your network consists of a single Active Directory domain. The network contains 20 file servers that run Windows Server 2008 R2. Each file server contains two volumes. One
....
volume contains the operating system.
The other volume contains all data files.
You need to plan a recovery strategy that meets the following requirements:
Allows the operating system to be restored
Allows the data files to be restored
Ensures business continuity
Minimizes the amount of time to restore the server
What should you include in your plan?
A. Windows Deployment Services (WDS)
B. Windows Automated Installation Kit (Windows AIK) and folder redirection
C. the Multipath I/O feature and Volume Shadow Copies
D. the Windows Server Backup feature and System Image Recovery
Answer: D
Explanation:
MCITP Self-Paced Training Kit Exam 70-646 Windows Server Administration: Windows Server Backup Windows Server Backup provides a reliable method of backing up and recovering the operating system, certain applications, and files and folders stored on your server. This feature replaces the previous backup feature that was available with earlier versions of Windows.
Windows Server Backup
The Windows Server Backup tool is significantly different from ntbackup.exe, the tool
included in Windows Server 2000 and Windows Server 2003. Administrators familiar with
the previous tool should study the capabilities and limitations of the new Windows Server
Backup utility because many aspects of the tool’s functionality have changed.
Exam Tip: What the tool does
The Windows Server 2008 exams are likely to focus on the differences between
NTBACKUP and Windows Server Backup.
The key points to remember about backup in Windows Server 2008 are:
Windows Server Backup cannot write to tape drives.
You cannot write to network locations or optical media during a scheduled backup.
The smallest object that you can back up using Windows Server Backup is a volume.
Only local NTFS-formatted volumes can be backed up.
Windows Server Backup files write their output as VHD (Virtual Hard Disk) files. VHD files
can be mounted with the appropriate software and read, either directly or through virtual
machine software such as Hyper-V.
MORE INFO Recovering NTbackup backups You cannot recover backups written using ntbackup.exe. A special read-only version of ntbackup.exe that is compatible with Windows Server 2008 can be downloaded from http://go.microsoft.com/fwlink/?LinkId=82917.
Windows Server Backup is not installed by default on Windows Server 2008 and must be installed as a feature using the Add Features item under the Features node of the Server Manager console. When installed, the Windows Server Backup node becomes available under the Storage node of the Server Manager Console. You can also open the Windows Server Backup console from the Administrative Tools menu. The wbadmin.exe command-line utility, also installed during this process, is covered in “The wbadmin Command-Line Tool” later in this lesson. To use Windows Server Backup or wbadmin to schedule backups, the computer requires an extra internal or external disk. External disks will need to be either USB 2.0 or IEEE 1394 compatible. When planning the deployment of disks to host scheduled backup data, you should ensure that the volume is capable of holding at least 2.5 times the amount of data that you want to back up. When planning deployment of disks for scheduled backup, you should monitor how well this size works and what sort of data retention it allows in a trial before deciding on a disk size for wider deployment throughout your organization.
When you configure your first scheduled backup, the disk that will host backup data will be hidden from Windows Explorer. If the disk currently hosts volumes and data, these will be removed to store scheduled backup data. Note that this only applies to scheduled backups and not to manual backups. You can use a network location or external disk for a manual backup without worrying that data already stored on the device will be lost. The format and repartition only happens when a device is first used to host scheduled backup data. It does not happen when subsequent backup data is written to the same location.
It is also important to remember that a volume can only store a maximum of 512 backups. If you need to store a greater number of backups, you will need to write these backups to a different volume. Of course given the amount of data on most servers, you are unlikely to find a disk that has the capacity to store so many backups.
So that scheduled backups can always be executed, Windows Server Backup will automatically remove the oldest backup data on a volume that is the target of scheduled backups. You do not need to manually clean up or remove old backup data.
Performing a Scheduled Backup
Scheduled backups allow you to automate the backup process. After you set the schedule, Windows Server Backup takes care of everything else. By default, scheduled backups are set to occur at 9:00 P.M. If your organization still has people regularly working on documents at that time, you should reset this. When planning a backup schedule you should ensure that the backup occurs at a time when the most recent day’s changes to data are always captured. Only members of the local Administrators group can configure and manage scheduled backups. To configure a scheduled backup, perform the following steps:
1.
Open Windows Server Backup. Click Backup Schedule in the Actions pane ofWindows Server Backup. This will start the Backup Schedule Wizard. Click Next.
2.
The next page of the wizard asks whether you want to perform a full server backup or a custom backup. Select Custom and click Next. As you can see in Figure 12-3, volumes that contain operating system components are always included in custom backups. Volume E is excluded in this case, because this is the location where backup data will be written.
Figure 12-3Selecting backup items 3.The default backup schedule is once a day at 9:00 P.M. You can configure multiple backups to be taken during the day. You are most likely to do this in the event that data on the server that you are backing up changes rapidly. On servers where data changes a lot less often, such as on a Web server where pages are only updated once a week, you would configure a more infrequent schedule. 4.On the Select Destination Disk page, shown in Figure 12-4, you select the disk that backups are written to. If multiple disks are selected, multiple copies of the backup data are written. You should note that the entire disk will be used. All existing volumes and data will be removed and the backup utility will format and hide the disks prior to writing the first backup data. 5.On the Label Destination Disk page, note the label given to the disk you have selected to store backups. When you finish the wizard, the target destination is formatted and then the first backup will occur at the scheduled time. An important limitation of Windows Server Backup is that you can only schedule one backup job. In other words, you cannot use Windows Server Backup to schedule jobs that you might be used to scheduling in earlier versions of Windows, such as a full backup on Monday night with a series of incremental backups every other day of the week. You can configure Windows Server Backup to perform incremental backups, but this process is different from what you might be used to with other backup applications.
Figure 12-4Selecting a destination disk
Performing an Unscheduled Single Backup
Unscheduled single backups, also known as manual backups, can be written to network
locations, local and external volumes, and local DVD media. If a backup encompasses more than the space available on a single DVD media, you can span the backup across multiple DVDs. Otherwise, if the calculated size of a backup exceeds the amount of free space available on the destination location, the backup will fail. You will perform a manual backup in a practice exercise at the end of this lesson. When performing a manual backup, you must choose between using one of the following two types of Volume
Shadow Copy Service backup: VSS Copy BackupUse this backup option when another backup product is also used to back up applications on volumes in the current backup. Application log files are retained when you perform this type of manual backup. This is the default when taking a backup. VSS Full BackupUse this backup option when no other backup products are used to back up the host computer. This option will update each file’s backup attribute and clears application log files. When performing a single backup, you can also back up a single volume without having to back up the system or boot volumes. This is done by clearing the Enable System Recovery option when selecting backup items. You might use this option to back up a specific volume’s data when you are going to perform maintenance on the volume or suspect that the disk hosting the volume might fail, but do not want to wait for a full server backup to complete.
Full Server and Operating System Recovery
Also known as Bare Metal Recovery, full server recovery allows you to completely restore the server by booting from the Windows Server 2008 installation media or Windows Recovery Environment. See the note on building a recovery solution for more information on how to set up a local Windows Recovery Environment on a Windows Server 2008 computer. Full server recovery goes further than the Automated System Recovery (ASR) feature that was available in Windows Server 2003 because full server recovery will restore all operating system, application, and other data stored on the server. ASR did not provide such a complete recovery and it was necessary to further restore data from backup after the ASR process was complete.
An operating system recovery is similar to a full server recovery except that you only recover critical volumes and do not recover volumes that do not contain critical data. For example, if you have a file server where the disks that host critical operating system volumes are separate from the disks that host shared folder volumes and the disks that host the critical operating system volumes fail, you should perform an operating system recovery.
Figure 12-13Select Windows Complete PC Restore
Up to date examcollection 70-646:
Q156. - (Topic 17)
You need to identify each help desk user who bypasses the new corporate security policy.
What should you do?
A. Configure Audit Special Logon and define Special Groups.
B. Configure Audit Other Privilege Use Events and define Special Groups.
C. Configure Audit Sensitive Privilege Use and configure auditing for the HelpDesk group.
D. Configure Audit Object Access and modify the auditing settings for the HelpDesk group.
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/dd772635%28WS.10%29.aspx This security policy setting determines whether the operating system generates audit events when:
A special logon is used. A special logon is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. http://support.microsoft.com/kb/947223 Special Groups is a new feature in Windows Vista and in Windows Server 2008. The Special Groups feature lets the administrator find out when a member of a certain group logs on to the computer. The Special Groups feature lets an administrator set a list of group security identifiers (SIDs) in the registry. An audit event is logged in the Security log if the following conditions are true: Any of the group SIDs is added to an access token when a group member logs on. Note An access token contains the security information for a logon session. Also, the token identifies the user, the user's groups, and the user's rights. In the audit policy settings, the Special Logon feature is enabled.
Q157. DRAG DROP - (Topic 1)
You are designing a highly available virtual environment running on Windows Server 2008 R2. The design must meet the following requirements:
. Provide high availability within the Production site to ensure that a failure of a node
in the Production site does not stop the cluster from running. . Provide the ability to withstand a failure of the Disaster Recovery (DR) site. . Minimize the number of nodes and votes in the cluster.
You need to design the virtual environment to meet the requirements.
What should you do?
To answer, drag the appropriate nodes and quorum configuration to the correct location or locations in the answer area.
Answer:
Q158. - (Topic 1)
Your network consists of a single Active Directory domain. The network includes a branch office named Branch1. Branch1 contains 50 member servers that run Windows Server 2008 R2. An organizational unit (OU) named Branch1Servers contains the computer objects for the servers in Branch1. A global group named Branch1admins contains the user accounts for the administrators. Administrators maintain all member servers in Branch1. You need to recommend a solution that allows the members of Branch1admins group to perform the following tasks on the Branch1 member servers.
. Stop and start services
. Change registry settings
What should you recommend?
A. Add the Branch1admins group to the Power Users local group on each server in Branch1.
B. Add the Branch1admins group to the Administrators local group on each server in Branch1.
C. Assign the Branch1admins group change permissions to the Branch1Servers OU and to all child objects.
D. Assign the Branch1admins group Full Control permissions on the Branch1Servers OU and to all child objects.
Answer: B
Explanation:
Local admins have these rights. Power Users do not By default, members of the power users group have no more user rights or permissions than a standard user account. The Power Users group in previous versions of Windows was designed to give users specific administrator rights and permissions to perform common system tasks. In this version of Windows, standard user accounts inherently have the ability to perform most common configuration tasks, such as changing time zones. For legacy applications that require the same Power User rights and permissions that were present in previous versions of Windows, administrators can apply a security template that enables the Power Users group to assume the same rights and permissions that were present in previous versions of Windows.
Q159. - (Topic 1)
A company has servers that run Windows Server 2008 R2. Administrators use a graphic-intensive Application to remotely manage the network. You are designing a remote network administration solution.
You need to ensure that authorized administrators can connect to internal servers over the Internet from computers that run Windows 7 or Windows Vista. Device redirection enforcement must be enabled for these connections.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A. Deploy and configure a server with the Remote Desktop Web Access server role. Enable Forms-based authentication. Ensure that administrators use RDC 6.1 when accessing internal servers remotely.
B. Deploy and configure a server with the Remote Desktop Web Access server role. Enable Forms-based authentication. Ensure that administrators use RDC 7.0 when accessing internal servers remotely,
C. Deploy and configure a server with the Remote Desktop Gateway server role. Ensure that administrators use RDC 7.0 when accessing internal servers remotely.
D. Deploy and configure a server with the Remote Desktop Gateway server role. Ensure that administrators use RDC 6.1 when accessing internal servers remotely.
Answer: C
Explanation:
http://windows.microsoft.com/en-us/windows7/What-is-a-Remote-Desktop-Gateway-server A Remote Desktop Gateway (RD Gateway) server is a type of gateway that enables authorized users to connect to remote computers on a corporate network from any computer with an Internet connection. RD Gateway uses the Remote Desktop Protocol (RDP) along with the HTTPS protocol to help create a more secure, encrypted connection. http://technet.microsoft.com/en-us/library/dd560672%28v=ws.10%29.aspx
Device redirection enforcement
An RD Gateway server running Windows Server 2008 R2 includes the option to allow remote desktop clients to only connect to RD Session Host servers that enforce device redirection. RDC 7.0 is required for device redirection to be enforced by the RD Session Host server running Windows Server 2008 R2. Device redirection enforcement is configured on the Device Redirection tab of the RD CAP by using Remote Desktop Gateway Manager.
Q160. - (Topic 1)
Your network consists of an Active Directory domain. The domain controllers run Windows Server 2008 R2. Client computers run Windows 7.
You need to implement Encrypting File System (EFS) for all client computers.
You want to achieve this goal while meeting the following requirements:
. You must minimize the amount of data that is transferred across the network when
a user logs on to or off from a client computer. . Users must be able to access their EFS certificates on any client computers. . If a client computer's disk fails, EFS certificates must be accessible.
What should you do?
A. Enable credential roaming.
B. Enable roaming user profiles.
C. Enable a Data Recovery Agent.
D. Issue smart cards to all users.
Answer: A
Explanation:
Configuring Credential Roaming
Credential roaming allows for the storage of certificates and private keys within Active Directory. For example, a user’s encrypting file system certificate can be stored in Active Directory and provided to the user when she logs on to different computers within the domain. The same EFS certificate will always be used to encrypt files.
This means that the user can encrypt files on an NTFS-formatted USB storage device on one computer and then decrypt them on another, because the EFS certificate will be transferred to the second computer’s certificate store during the logon process.Credential roaming also allows for all of a user’s certificates and keys to be removed when he logs off of the computer.
Credential roaming is enabled through the Certificate Services Client policy, located under User Configuration\Policies\Windows Settings\Security Settings\Public Key Policies and shown in Figure 10-4.
Figure 10-4Credential Roaming Policy
Credential roaming works in the following manner. When a user logs on to a client
computer in a domain where the Credential Roaming Policy has been enabled, the
certificates in the user’s store on the client computer are compared to certificates stored for
the user within Active Directory.
If the certificates in the user’s certificate store are up to date, no further action is taken.
If more recent certificates for the user are stored in Active Directory, these credentials are
copied to the client computer.
If more recent certificates are located in the user’s store, the certificates stored in Active
Directory are updated.
Credential roaming synchronizes and resolves any conflicts between certificates and
private keys from any number of client computers that a user logs on to, as well as
certificates and private keys stored within Active Directory. Credential roaming is triggered
whenever a private key or certificate in the local certificate store changes, whenever the
user locks or unlocks a computer, and whenever Group Policy refreshes. Credential
roaming is supported on Windows Vista, Windows Server 2008, Windows XP SP2, and
Windows Server 2003
SP1.
MORE INFO More on credential roaming
For more information on configuring credential roaming, consult the following TechNet
link:http://technet2.microsoft.com/windowsserver2008/en/library/fabc1c44-f2a2-43e1-b52e-9b12a1f19a331 033.mspx?mfr=true